]> git.proxmox.com Git - mirror_frr.git/blob - isisd/isis_pfpacket.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #12830 from anlancs/fix/doc-ripd-rst
[mirror_frr.git] / isisd / isis_pfpacket.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * IS-IS Rout(e)ing protocol - isis_pfpacket.c
4 *
5 * Copyright (C) 2001,2002 Sampo Saaristo
6 * Tampere University of Technology
7 * Institute of Communications Engineering
8 */
9
10 #include <zebra.h>
11 #if ISIS_METHOD == ISIS_METHOD_PFPACKET
12 #include <net/ethernet.h> /* the L2 protocols */
13 #include <netpacket/packet.h>
14
15 #include <linux/filter.h>
16
17 #include "log.h"
18 #include "network.h"
19 #include "stream.h"
20 #include "if.h"
21 #include "lib_errors.h"
22 #include "vrf.h"
23
24 #include "isisd/isis_constants.h"
25 #include "isisd/isis_common.h"
26 #include "isisd/isis_circuit.h"
27 #include "isisd/isis_flags.h"
28 #include "isisd/isisd.h"
29 #include "isisd/isis_constants.h"
30 #include "isisd/isis_circuit.h"
31 #include "isisd/isis_network.h"
32
33 #include "privs.h"
34
35 /* tcpdump -i eth0 'isis' -dd */
36 static const struct sock_filter isisfilter[] = {
37 /* NB: we're in SOCK_DGRAM, so src/dst mac + length are stripped
38 * off!
39 * (OTOH it's a bit more lower-layer agnostic and might work
40 * over GRE?) */
41 /* { 0x28, 0, 0, 0x0000000c - 14 }, */
42 /* { 0x25, 5, 0, 0x000005dc }, */
43 {0x28, 0, 0, 0x0000000e - 14}, {0x15, 0, 3, 0x0000fefe},
44 {0x30, 0, 0, 0x00000011 - 14}, {0x15, 0, 1, 0x00000083},
45 {0x6, 0, 0, 0x00040000}, {0x6, 0, 0, 0x00000000},
46 };
47
48 static const struct sock_fprog bpf = {
49 .len = array_size(isisfilter),
50 .filter = (struct sock_filter *)isisfilter,
51 };
52
53 /*
54 * Table 9 - Architectural constants for use with ISO 8802 subnetworks
55 * ISO 10589 - 8.4.8
56 */
57
58 static const uint8_t ALL_L1_ISS[6] = {0x01, 0x80, 0xC2, 0x00, 0x00, 0x14};
59 static const uint8_t ALL_L2_ISS[6] = {0x01, 0x80, 0xC2, 0x00, 0x00, 0x15};
60 static const uint8_t ALL_ISS[6] = {0x09, 0x00, 0x2B, 0x00, 0x00, 0x05};
61 static const uint8_t ALL_ESS[6] = {0x09, 0x00, 0x2B, 0x00, 0x00, 0x04};
62
63 static uint8_t discard_buff[8192];
64
65 /*
66 * if level is 0 we are joining p2p multicast
67 * FIXME: and the p2p multicast being ???
68 */
69 static int isis_multicast_join(int fd, int registerto, int if_num)
70 {
71 struct packet_mreq mreq;
72
73 memset(&mreq, 0, sizeof(mreq));
74 mreq.mr_ifindex = if_num;
75 if (registerto) {
76 mreq.mr_type = PACKET_MR_MULTICAST;
77 mreq.mr_alen = ETH_ALEN;
78 if (registerto == 1)
79 memcpy(&mreq.mr_address, ALL_L1_ISS, ETH_ALEN);
80 else if (registerto == 2)
81 memcpy(&mreq.mr_address, ALL_L2_ISS, ETH_ALEN);
82 else if (registerto == 3)
83 memcpy(&mreq.mr_address, ALL_ISS, ETH_ALEN);
84 else
85 memcpy(&mreq.mr_address, ALL_ESS, ETH_ALEN);
86
87 } else {
88 mreq.mr_type = PACKET_MR_ALLMULTI;
89 }
90 #ifdef EXTREME_DEBUG
91 if (IS_DEBUG_EVENTS)
92 zlog_debug(
93 "%s: fd=%d, reg_to=%d, if_num=%d, address = %02x:%02x:%02x:%02x:%02x:%02x",
94 __func__, fd, registerto, if_num, mreq.mr_address[0],
95 mreq.mr_address[1], mreq.mr_address[2],
96 mreq.mr_address[3], mreq.mr_address[4],
97 mreq.mr_address[5]);
98 #endif /* EXTREME_DEBUG */
99 if (setsockopt(fd, SOL_PACKET, PACKET_ADD_MEMBERSHIP, &mreq,
100 sizeof(struct packet_mreq))) {
101 zlog_warn("%s: setsockopt(): %s", __func__,
102 safe_strerror(errno));
103 return ISIS_WARNING;
104 }
105
106 return ISIS_OK;
107 }
108
109 static int open_packet_socket(struct isis_circuit *circuit)
110 {
111 struct sockaddr_ll s_addr;
112 int fd, retval = ISIS_OK;
113 struct vrf *vrf = NULL;
114
115 vrf = circuit->interface->vrf;
116
117 fd = vrf_socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL), vrf->vrf_id,
118 vrf->name);
119
120 if (fd < 0) {
121 zlog_warn("%s: socket() failed %s", __func__,
122 safe_strerror(errno));
123 return ISIS_WARNING;
124 }
125
126 if (setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, &bpf, sizeof(bpf))) {
127 zlog_warn("%s: SO_ATTACH_FILTER failed: %s", __func__,
128 safe_strerror(errno));
129 }
130
131 /*
132 * Bind to the physical interface
133 */
134 memset(&s_addr, 0, sizeof(s_addr));
135 s_addr.sll_family = AF_PACKET;
136 s_addr.sll_protocol = htons(ETH_P_ALL);
137 s_addr.sll_ifindex = circuit->interface->ifindex;
138
139 if (bind(fd, (struct sockaddr *)(&s_addr), sizeof(struct sockaddr_ll))
140 < 0) {
141 zlog_warn("%s: bind() failed: %s", __func__,
142 safe_strerror(errno));
143 close(fd);
144 return ISIS_WARNING;
145 }
146
147 circuit->fd = fd;
148
149 if (if_is_broadcast(circuit->interface)) {
150 /*
151 * Join to multicast groups
152 * according to
153 * 8.4.2 - Broadcast subnetwork IIH PDUs
154 * FIXME: is there a case only one will fail??
155 */
156 /* joining ALL_L1_ISS */
157 retval |= isis_multicast_join(circuit->fd, 1,
158 circuit->interface->ifindex);
159 /* joining ALL_L2_ISS */
160 retval |= isis_multicast_join(circuit->fd, 2,
161 circuit->interface->ifindex);
162 /* joining ALL_ISS (used in RFC 5309 p2p-over-lan as well) */
163 retval |= isis_multicast_join(circuit->fd, 3,
164 circuit->interface->ifindex);
165 } else {
166 retval = isis_multicast_join(circuit->fd, 0,
167 circuit->interface->ifindex);
168 }
169
170 return retval;
171 }
172
173 /*
174 * Create the socket and set the tx/rx funcs
175 */
176 int isis_sock_init(struct isis_circuit *circuit)
177 {
178 int retval = ISIS_OK;
179
180 frr_with_privs(&isisd_privs) {
181
182 retval = open_packet_socket(circuit);
183
184 if (retval != ISIS_OK) {
185 zlog_warn("%s: could not initialize the socket",
186 __func__);
187 break;
188 }
189
190 /* Assign Rx and Tx callbacks are based on real if type */
191 if (if_is_broadcast(circuit->interface)) {
192 circuit->tx = isis_send_pdu_bcast;
193 circuit->rx = isis_recv_pdu_bcast;
194 } else if (if_is_pointopoint(circuit->interface)) {
195 circuit->tx = isis_send_pdu_p2p;
196 circuit->rx = isis_recv_pdu_p2p;
197 } else {
198 zlog_warn("%s: unknown circuit type", __func__);
199 retval = ISIS_WARNING;
200 break;
201 }
202 }
203
204 return retval;
205 }
206
207 static inline int llc_check(uint8_t *llc)
208 {
209 if (*llc != ISO_SAP || *(llc + 1) != ISO_SAP || *(llc + 2) != 3)
210 return 0;
211
212 return 1;
213 }
214
215 int isis_recv_pdu_bcast(struct isis_circuit *circuit, uint8_t *ssnpa)
216 {
217 int bytesread, addr_len;
218 struct sockaddr_ll s_addr;
219 uint8_t llc[LLC_LEN];
220
221 addr_len = sizeof(s_addr);
222
223 memset(&s_addr, 0, sizeof(s_addr));
224
225 bytesread =
226 recvfrom(circuit->fd, (void *)&llc, LLC_LEN, MSG_PEEK,
227 (struct sockaddr *)&s_addr, (socklen_t *)&addr_len);
228
229 if ((bytesread < 0)
230 || (s_addr.sll_ifindex != (int)circuit->interface->ifindex)) {
231 if (bytesread < 0) {
232 zlog_warn(
233 "%s: ifname %s, fd %d, bytesread %d, recvfrom(): %s",
234 __func__, circuit->interface->name, circuit->fd,
235 bytesread, safe_strerror(errno));
236 }
237 if (s_addr.sll_ifindex != (int)circuit->interface->ifindex) {
238 zlog_warn(
239 "packet is received on multiple interfaces: socket interface %d, circuit interface %d, packet type %u",
240 s_addr.sll_ifindex, circuit->interface->ifindex,
241 s_addr.sll_pkttype);
242 }
243
244 /* get rid of the packet */
245 bytesread = recvfrom(circuit->fd, discard_buff,
246 sizeof(discard_buff), MSG_DONTWAIT,
247 (struct sockaddr *)&s_addr,
248 (socklen_t *)&addr_len);
249
250 if (bytesread < 0)
251 zlog_warn("%s: recvfrom() failed", __func__);
252
253 return ISIS_WARNING;
254 }
255 /*
256 * Filtering by llc field, discard packets sent by this host (other
257 * circuit)
258 */
259 if (!llc_check(llc) || s_addr.sll_pkttype == PACKET_OUTGOING) {
260 /* Read the packet into discard buff */
261 bytesread = recvfrom(circuit->fd, discard_buff,
262 sizeof(discard_buff), MSG_DONTWAIT,
263 (struct sockaddr *)&s_addr,
264 (socklen_t *)&addr_len);
265 if (bytesread < 0)
266 zlog_warn("%s: recvfrom() failed", __func__);
267 return ISIS_WARNING;
268 }
269
270 /* Ensure that we have enough space for a pdu padded to fill the mtu */
271 unsigned int max_size =
272 circuit->interface->mtu > circuit->interface->mtu6
273 ? circuit->interface->mtu
274 : circuit->interface->mtu6;
275 uint8_t temp_buff[max_size];
276 bytesread =
277 recvfrom(circuit->fd, temp_buff, max_size, MSG_DONTWAIT,
278 (struct sockaddr *)&s_addr, (socklen_t *)&addr_len);
279 if (bytesread < 0) {
280 zlog_warn("%s: recvfrom() failed", __func__);
281 return ISIS_WARNING;
282 }
283 /* then we lose the LLC */
284 stream_write(circuit->rcv_stream, temp_buff + LLC_LEN,
285 bytesread - LLC_LEN);
286 memcpy(ssnpa, &s_addr.sll_addr, s_addr.sll_halen);
287
288 return ISIS_OK;
289 }
290
291 int isis_recv_pdu_p2p(struct isis_circuit *circuit, uint8_t *ssnpa)
292 {
293 int bytesread, addr_len;
294 struct sockaddr_ll s_addr;
295
296 memset(&s_addr, 0, sizeof(s_addr));
297 addr_len = sizeof(s_addr);
298
299 /* we can read directly to the stream */
300 (void)stream_recvfrom(
301 circuit->rcv_stream, circuit->fd, circuit->interface->mtu, 0,
302 (struct sockaddr *)&s_addr, (socklen_t *)&addr_len);
303
304 if (s_addr.sll_pkttype == PACKET_OUTGOING) {
305 /* Read the packet into discard buff */
306 bytesread = recvfrom(circuit->fd, discard_buff,
307 sizeof(discard_buff), MSG_DONTWAIT,
308 (struct sockaddr *)&s_addr,
309 (socklen_t *)&addr_len);
310 if (bytesread < 0)
311 zlog_warn("%s: recvfrom() failed", __func__);
312 return ISIS_WARNING;
313 }
314
315 /* If we don't have protocol type 0x00FE which is
316 * ISO over GRE we exit with pain :)
317 */
318 if (ntohs(s_addr.sll_protocol) != 0x00FE) {
319 zlog_warn("%s: protocol mismatch(): %X", __func__,
320 ntohs(s_addr.sll_protocol));
321 return ISIS_WARNING;
322 }
323
324 memcpy(ssnpa, &s_addr.sll_addr, s_addr.sll_halen);
325
326 return ISIS_OK;
327 }
328
329 int isis_send_pdu_bcast(struct isis_circuit *circuit, int level)
330 {
331 struct msghdr msg;
332 struct iovec iov[2];
333 char temp_buff[LLC_LEN];
334
335 /* we need to do the LLC in here because of P2P circuits, which will
336 * not need it
337 */
338 struct sockaddr_ll sa;
339
340 stream_set_getp(circuit->snd_stream, 0);
341 memset(&sa, 0, sizeof(sa));
342 sa.sll_family = AF_PACKET;
343
344 size_t frame_size = stream_get_endp(circuit->snd_stream) + LLC_LEN;
345 sa.sll_protocol = htons(isis_ethertype(frame_size));
346 sa.sll_ifindex = circuit->interface->ifindex;
347 sa.sll_halen = ETH_ALEN;
348 /* RFC5309 section 4.1 recommends ALL_ISS */
349 if (circuit->circ_type == CIRCUIT_T_P2P)
350 memcpy(&sa.sll_addr, ALL_ISS, ETH_ALEN);
351 else if (level == 1)
352 memcpy(&sa.sll_addr, ALL_L1_ISS, ETH_ALEN);
353 else
354 memcpy(&sa.sll_addr, ALL_L2_ISS, ETH_ALEN);
355
356 /* on a broadcast circuit */
357 /* first we put the LLC in */
358 temp_buff[0] = 0xFE;
359 temp_buff[1] = 0xFE;
360 temp_buff[2] = 0x03;
361
362 memset(&msg, 0, sizeof(msg));
363 msg.msg_name = &sa;
364 msg.msg_namelen = sizeof(struct sockaddr_ll);
365 msg.msg_iov = iov;
366 msg.msg_iovlen = 2;
367 iov[0].iov_base = temp_buff;
368 iov[0].iov_len = LLC_LEN;
369 iov[1].iov_base = circuit->snd_stream->data;
370 iov[1].iov_len = stream_get_endp(circuit->snd_stream);
371
372 if (sendmsg(circuit->fd, &msg, 0) < 0) {
373 zlog_warn("IS-IS pfpacket: could not transmit packet on %s: %s",
374 circuit->interface->name, safe_strerror(errno));
375 if (ERRNO_IO_RETRY(errno))
376 return ISIS_WARNING;
377 return ISIS_ERROR;
378 }
379 return ISIS_OK;
380 }
381
382 int isis_send_pdu_p2p(struct isis_circuit *circuit, int level)
383 {
384 struct sockaddr_ll sa;
385 ssize_t rv;
386
387 stream_set_getp(circuit->snd_stream, 0);
388 memset(&sa, 0, sizeof(sa));
389 sa.sll_family = AF_PACKET;
390 sa.sll_ifindex = circuit->interface->ifindex;
391 sa.sll_halen = ETH_ALEN;
392 if (level == 1)
393 memcpy(&sa.sll_addr, ALL_L1_ISS, ETH_ALEN);
394 else
395 memcpy(&sa.sll_addr, ALL_L2_ISS, ETH_ALEN);
396
397
398 /* lets try correcting the protocol */
399 sa.sll_protocol = htons(0x00FE);
400 rv = sendto(circuit->fd, circuit->snd_stream->data,
401 stream_get_endp(circuit->snd_stream), 0,
402 (struct sockaddr *)&sa, sizeof(struct sockaddr_ll));
403 if (rv < 0) {
404 zlog_warn("IS-IS pfpacket: could not transmit packet on %s: %s",
405 circuit->interface->name, safe_strerror(errno));
406 if (ERRNO_IO_RETRY(errno))
407 return ISIS_WARNING;
408 return ISIS_ERROR;
409 }
410 return ISIS_OK;
411 }
412
413 #endif /* ISIS_METHOD == ISIS_METHOD_PFPACKET */
FRRouting mirror