]> git.proxmox.com Git - mirror_frr.git/blob - isisd/isis_pfpacket.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
doc: Add `show ipv6 rpf X:X::X:X` command to docs
[mirror_frr.git] / isisd / isis_pfpacket.c
1 /*
2 * IS-IS Rout(e)ing protocol - isis_pfpacket.c
3 *
4 * Copyright (C) 2001,2002 Sampo Saaristo
5 * Tampere University of Technology
6 * Institute of Communications Engineering
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public Licenseas published by the Free
10 * Software Foundation; either version 2 of the License, or (at your option)
11 * any later version.
12 *
13 * This program is distributed in the hope that it will be useful,but WITHOUT
14 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
15 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
16 * more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; see the file COPYING; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21 */
22
23 #include <zebra.h>
24 #if ISIS_METHOD == ISIS_METHOD_PFPACKET
25 #include <net/ethernet.h> /* the L2 protocols */
26 #include <netpacket/packet.h>
27
28 #include <linux/filter.h>
29
30 #include "log.h"
31 #include "network.h"
32 #include "stream.h"
33 #include "if.h"
34 #include "lib_errors.h"
35 #include "vrf.h"
36
37 #include "isisd/isis_constants.h"
38 #include "isisd/isis_common.h"
39 #include "isisd/isis_circuit.h"
40 #include "isisd/isis_flags.h"
41 #include "isisd/isisd.h"
42 #include "isisd/isis_constants.h"
43 #include "isisd/isis_circuit.h"
44 #include "isisd/isis_network.h"
45
46 #include "privs.h"
47
48 /* tcpdump -i eth0 'isis' -dd */
49 static const struct sock_filter isisfilter[] = {
50 /* NB: we're in SOCK_DGRAM, so src/dst mac + length are stripped
51 * off!
52 * (OTOH it's a bit more lower-layer agnostic and might work
53 * over GRE?) */
54 /* { 0x28, 0, 0, 0x0000000c - 14 }, */
55 /* { 0x25, 5, 0, 0x000005dc }, */
56 {0x28, 0, 0, 0x0000000e - 14}, {0x15, 0, 3, 0x0000fefe},
57 {0x30, 0, 0, 0x00000011 - 14}, {0x15, 0, 1, 0x00000083},
58 {0x6, 0, 0, 0x00040000}, {0x6, 0, 0, 0x00000000},
59 };
60
61 static const struct sock_fprog bpf = {
62 .len = array_size(isisfilter),
63 .filter = (struct sock_filter *)isisfilter,
64 };
65
66 /*
67 * Table 9 - Architectural constants for use with ISO 8802 subnetworks
68 * ISO 10589 - 8.4.8
69 */
70
71 static const uint8_t ALL_L1_ISS[6] = {0x01, 0x80, 0xC2, 0x00, 0x00, 0x14};
72 static const uint8_t ALL_L2_ISS[6] = {0x01, 0x80, 0xC2, 0x00, 0x00, 0x15};
73 static const uint8_t ALL_ISS[6] = {0x09, 0x00, 0x2B, 0x00, 0x00, 0x05};
74 static const uint8_t ALL_ESS[6] = {0x09, 0x00, 0x2B, 0x00, 0x00, 0x04};
75
76 static uint8_t discard_buff[8192];
77
78 /*
79 * if level is 0 we are joining p2p multicast
80 * FIXME: and the p2p multicast being ???
81 */
82 static int isis_multicast_join(int fd, int registerto, int if_num)
83 {
84 struct packet_mreq mreq;
85
86 memset(&mreq, 0, sizeof(mreq));
87 mreq.mr_ifindex = if_num;
88 if (registerto) {
89 mreq.mr_type = PACKET_MR_MULTICAST;
90 mreq.mr_alen = ETH_ALEN;
91 if (registerto == 1)
92 memcpy(&mreq.mr_address, ALL_L1_ISS, ETH_ALEN);
93 else if (registerto == 2)
94 memcpy(&mreq.mr_address, ALL_L2_ISS, ETH_ALEN);
95 else if (registerto == 3)
96 memcpy(&mreq.mr_address, ALL_ISS, ETH_ALEN);
97 else
98 memcpy(&mreq.mr_address, ALL_ESS, ETH_ALEN);
99
100 } else {
101 mreq.mr_type = PACKET_MR_ALLMULTI;
102 }
103 #ifdef EXTREME_DEBUG
104 if (IS_DEBUG_EVENTS)
105 zlog_debug(
106 "%s: fd=%d, reg_to=%d, if_num=%d, address = %02x:%02x:%02x:%02x:%02x:%02x",
107 __func__, fd, registerto, if_num, mreq.mr_address[0],
108 mreq.mr_address[1], mreq.mr_address[2],
109 mreq.mr_address[3], mreq.mr_address[4],
110 mreq.mr_address[5]);
111 #endif /* EXTREME_DEBUG */
112 if (setsockopt(fd, SOL_PACKET, PACKET_ADD_MEMBERSHIP, &mreq,
113 sizeof(struct packet_mreq))) {
114 zlog_warn("%s: setsockopt(): %s", __func__,
115 safe_strerror(errno));
116 return ISIS_WARNING;
117 }
118
119 return ISIS_OK;
120 }
121
122 static int open_packet_socket(struct isis_circuit *circuit)
123 {
124 struct sockaddr_ll s_addr;
125 int fd, retval = ISIS_OK;
126 struct vrf *vrf = NULL;
127
128 vrf = circuit->interface->vrf;
129
130 fd = vrf_socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL), vrf->vrf_id,
131 vrf->name);
132
133 if (fd < 0) {
134 zlog_warn("%s: socket() failed %s", __func__,
135 safe_strerror(errno));
136 return ISIS_WARNING;
137 }
138
139 if (setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, &bpf, sizeof(bpf))) {
140 zlog_warn("%s: SO_ATTACH_FILTER failed: %s", __func__,
141 safe_strerror(errno));
142 }
143
144 /*
145 * Bind to the physical interface
146 */
147 memset(&s_addr, 0, sizeof(s_addr));
148 s_addr.sll_family = AF_PACKET;
149 s_addr.sll_protocol = htons(ETH_P_ALL);
150 s_addr.sll_ifindex = circuit->interface->ifindex;
151
152 if (bind(fd, (struct sockaddr *)(&s_addr), sizeof(struct sockaddr_ll))
153 < 0) {
154 zlog_warn("%s: bind() failed: %s", __func__,
155 safe_strerror(errno));
156 close(fd);
157 return ISIS_WARNING;
158 }
159
160 circuit->fd = fd;
161
162 if (if_is_broadcast(circuit->interface)) {
163 /*
164 * Join to multicast groups
165 * according to
166 * 8.4.2 - Broadcast subnetwork IIH PDUs
167 * FIXME: is there a case only one will fail??
168 */
169 /* joining ALL_L1_ISS */
170 retval |= isis_multicast_join(circuit->fd, 1,
171 circuit->interface->ifindex);
172 /* joining ALL_L2_ISS */
173 retval |= isis_multicast_join(circuit->fd, 2,
174 circuit->interface->ifindex);
175 /* joining ALL_ISS (used in RFC 5309 p2p-over-lan as well) */
176 retval |= isis_multicast_join(circuit->fd, 3,
177 circuit->interface->ifindex);
178 } else {
179 retval = isis_multicast_join(circuit->fd, 0,
180 circuit->interface->ifindex);
181 }
182
183 return retval;
184 }
185
186 /*
187 * Create the socket and set the tx/rx funcs
188 */
189 int isis_sock_init(struct isis_circuit *circuit)
190 {
191 int retval = ISIS_OK;
192
193 frr_with_privs(&isisd_privs) {
194
195 retval = open_packet_socket(circuit);
196
197 if (retval != ISIS_OK) {
198 zlog_warn("%s: could not initialize the socket",
199 __func__);
200 break;
201 }
202
203 /* Assign Rx and Tx callbacks are based on real if type */
204 if (if_is_broadcast(circuit->interface)) {
205 circuit->tx = isis_send_pdu_bcast;
206 circuit->rx = isis_recv_pdu_bcast;
207 } else if (if_is_pointopoint(circuit->interface)) {
208 circuit->tx = isis_send_pdu_p2p;
209 circuit->rx = isis_recv_pdu_p2p;
210 } else {
211 zlog_warn("%s: unknown circuit type", __func__);
212 retval = ISIS_WARNING;
213 break;
214 }
215 }
216
217 return retval;
218 }
219
220 static inline int llc_check(uint8_t *llc)
221 {
222 if (*llc != ISO_SAP || *(llc + 1) != ISO_SAP || *(llc + 2) != 3)
223 return 0;
224
225 return 1;
226 }
227
228 int isis_recv_pdu_bcast(struct isis_circuit *circuit, uint8_t *ssnpa)
229 {
230 int bytesread, addr_len;
231 struct sockaddr_ll s_addr;
232 uint8_t llc[LLC_LEN];
233
234 addr_len = sizeof(s_addr);
235
236 memset(&s_addr, 0, sizeof(s_addr));
237
238 bytesread =
239 recvfrom(circuit->fd, (void *)&llc, LLC_LEN, MSG_PEEK,
240 (struct sockaddr *)&s_addr, (socklen_t *)&addr_len);
241
242 if ((bytesread < 0)
243 || (s_addr.sll_ifindex != (int)circuit->interface->ifindex)) {
244 if (bytesread < 0) {
245 zlog_warn(
246 "%s: ifname %s, fd %d, bytesread %d, recvfrom(): %s",
247 __func__, circuit->interface->name, circuit->fd,
248 bytesread, safe_strerror(errno));
249 }
250 if (s_addr.sll_ifindex != (int)circuit->interface->ifindex) {
251 zlog_warn(
252 "packet is received on multiple interfaces: socket interface %d, circuit interface %d, packet type %u",
253 s_addr.sll_ifindex, circuit->interface->ifindex,
254 s_addr.sll_pkttype);
255 }
256
257 /* get rid of the packet */
258 bytesread = recvfrom(circuit->fd, discard_buff,
259 sizeof(discard_buff), MSG_DONTWAIT,
260 (struct sockaddr *)&s_addr,
261 (socklen_t *)&addr_len);
262
263 if (bytesread < 0)
264 zlog_warn("%s: recvfrom() failed", __func__);
265
266 return ISIS_WARNING;
267 }
268 /*
269 * Filtering by llc field, discard packets sent by this host (other
270 * circuit)
271 */
272 if (!llc_check(llc) || s_addr.sll_pkttype == PACKET_OUTGOING) {
273 /* Read the packet into discard buff */
274 bytesread = recvfrom(circuit->fd, discard_buff,
275 sizeof(discard_buff), MSG_DONTWAIT,
276 (struct sockaddr *)&s_addr,
277 (socklen_t *)&addr_len);
278 if (bytesread < 0)
279 zlog_warn("%s: recvfrom() failed", __func__);
280 return ISIS_WARNING;
281 }
282
283 /* Ensure that we have enough space for a pdu padded to fill the mtu */
284 unsigned int max_size =
285 circuit->interface->mtu > circuit->interface->mtu6
286 ? circuit->interface->mtu
287 : circuit->interface->mtu6;
288 uint8_t temp_buff[max_size];
289 bytesread =
290 recvfrom(circuit->fd, temp_buff, max_size, MSG_DONTWAIT,
291 (struct sockaddr *)&s_addr, (socklen_t *)&addr_len);
292 if (bytesread < 0) {
293 zlog_warn("%s: recvfrom() failed", __func__);
294 return ISIS_WARNING;
295 }
296 /* then we lose the LLC */
297 stream_write(circuit->rcv_stream, temp_buff + LLC_LEN,
298 bytesread - LLC_LEN);
299 memcpy(ssnpa, &s_addr.sll_addr, s_addr.sll_halen);
300
301 return ISIS_OK;
302 }
303
304 int isis_recv_pdu_p2p(struct isis_circuit *circuit, uint8_t *ssnpa)
305 {
306 int bytesread, addr_len;
307 struct sockaddr_ll s_addr;
308
309 memset(&s_addr, 0, sizeof(s_addr));
310 addr_len = sizeof(s_addr);
311
312 /* we can read directly to the stream */
313 (void)stream_recvfrom(
314 circuit->rcv_stream, circuit->fd, circuit->interface->mtu, 0,
315 (struct sockaddr *)&s_addr, (socklen_t *)&addr_len);
316
317 if (s_addr.sll_pkttype == PACKET_OUTGOING) {
318 /* Read the packet into discard buff */
319 bytesread = recvfrom(circuit->fd, discard_buff,
320 sizeof(discard_buff), MSG_DONTWAIT,
321 (struct sockaddr *)&s_addr,
322 (socklen_t *)&addr_len);
323 if (bytesread < 0)
324 zlog_warn("%s: recvfrom() failed", __func__);
325 return ISIS_WARNING;
326 }
327
328 /* If we don't have protocol type 0x00FE which is
329 * ISO over GRE we exit with pain :)
330 */
331 if (ntohs(s_addr.sll_protocol) != 0x00FE) {
332 zlog_warn("%s: protocol mismatch(): %X", __func__,
333 ntohs(s_addr.sll_protocol));
334 return ISIS_WARNING;
335 }
336
337 memcpy(ssnpa, &s_addr.sll_addr, s_addr.sll_halen);
338
339 return ISIS_OK;
340 }
341
342 int isis_send_pdu_bcast(struct isis_circuit *circuit, int level)
343 {
344 struct msghdr msg;
345 struct iovec iov[2];
346 char temp_buff[LLC_LEN];
347
348 /* we need to do the LLC in here because of P2P circuits, which will
349 * not need it
350 */
351 struct sockaddr_ll sa;
352
353 stream_set_getp(circuit->snd_stream, 0);
354 memset(&sa, 0, sizeof(sa));
355 sa.sll_family = AF_PACKET;
356
357 size_t frame_size = stream_get_endp(circuit->snd_stream) + LLC_LEN;
358 sa.sll_protocol = htons(isis_ethertype(frame_size));
359 sa.sll_ifindex = circuit->interface->ifindex;
360 sa.sll_halen = ETH_ALEN;
361 /* RFC5309 section 4.1 recommends ALL_ISS */
362 if (circuit->circ_type == CIRCUIT_T_P2P)
363 memcpy(&sa.sll_addr, ALL_ISS, ETH_ALEN);
364 else if (level == 1)
365 memcpy(&sa.sll_addr, ALL_L1_ISS, ETH_ALEN);
366 else
367 memcpy(&sa.sll_addr, ALL_L2_ISS, ETH_ALEN);
368
369 /* on a broadcast circuit */
370 /* first we put the LLC in */
371 temp_buff[0] = 0xFE;
372 temp_buff[1] = 0xFE;
373 temp_buff[2] = 0x03;
374
375 memset(&msg, 0, sizeof(msg));
376 msg.msg_name = &sa;
377 msg.msg_namelen = sizeof(struct sockaddr_ll);
378 msg.msg_iov = iov;
379 msg.msg_iovlen = 2;
380 iov[0].iov_base = temp_buff;
381 iov[0].iov_len = LLC_LEN;
382 iov[1].iov_base = circuit->snd_stream->data;
383 iov[1].iov_len = stream_get_endp(circuit->snd_stream);
384
385 if (sendmsg(circuit->fd, &msg, 0) < 0) {
386 zlog_warn("IS-IS pfpacket: could not transmit packet on %s: %s",
387 circuit->interface->name, safe_strerror(errno));
388 if (ERRNO_IO_RETRY(errno))
389 return ISIS_WARNING;
390 return ISIS_ERROR;
391 }
392 return ISIS_OK;
393 }
394
395 int isis_send_pdu_p2p(struct isis_circuit *circuit, int level)
396 {
397 struct sockaddr_ll sa;
398 ssize_t rv;
399
400 stream_set_getp(circuit->snd_stream, 0);
401 memset(&sa, 0, sizeof(sa));
402 sa.sll_family = AF_PACKET;
403 sa.sll_ifindex = circuit->interface->ifindex;
404 sa.sll_halen = ETH_ALEN;
405 if (level == 1)
406 memcpy(&sa.sll_addr, ALL_L1_ISS, ETH_ALEN);
407 else
408 memcpy(&sa.sll_addr, ALL_L2_ISS, ETH_ALEN);
409
410
411 /* lets try correcting the protocol */
412 sa.sll_protocol = htons(0x00FE);
413 rv = sendto(circuit->fd, circuit->snd_stream->data,
414 stream_get_endp(circuit->snd_stream), 0,
415 (struct sockaddr *)&sa, sizeof(struct sockaddr_ll));
416 if (rv < 0) {
417 zlog_warn("IS-IS pfpacket: could not transmit packet on %s: %s",
418 circuit->interface->name, safe_strerror(errno));
419 if (ERRNO_IO_RETRY(errno))
420 return ISIS_WARNING;
421 return ISIS_ERROR;
422 }
423 return ISIS_OK;
424 }
425
426 #endif /* ISIS_METHOD == ISIS_METHOD_PFPACKET */
FRRouting mirror