Add support for B.A.T.M.A.N. Advanced #980
Conversation
|
One remark: pcap/batadv_packet.h and pcap/batadv_legacy_packet.h are basically copies from the Linux kernel and are therefore GPLv2 licensed. Let me know if that's okay for you or if I should ask the other maintainers and contributors for a BSD-3-Clause (compatible) dual-license for these two header files. |
|
Thank you for preparing this feature. Neither macOS nor FreeBSD like the new Linux-specific headers. As you mentioned, these are GPL, also the amount of filter-specific code seems to be much smaller than the amount of declarations. So it might be worth to consider if the new code could have just the declarations it needs, then it would be simpler to make these portable and have the same licence as the rest of libpcap. Other opinions are welcome. |
My opinion can be summarized as "+1". :-) I.e., no GPLed code, please. |
pcap/batadv_packet.h
Outdated
| #ifndef _UAPI_LINUX_BATADV_PACKET_H_ | ||
| #define _UAPI_LINUX_BATADV_PACKET_H_ | ||
|
|
||
| #include <asm/byteorder.h> |
There was a problem hiding this comment.
None of those three headers are available on all the operating systems on which libpcap operates. (Note that one of those operating systems is Windows.)
Find a way not to use them.
pcap/batadv_packet.h
Outdated
| @@ -0,0 +1,631 @@ | |||
| /* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) */ | |||
|
Here's a tarball containing a patch, pcap/batadv_legacy_packet.h, and pcap/batadv_packet.h. The patch is a variant of your change that compiles on macOS Catalina and Xcode 11.7, so it rips out enough Linuxisms to get it to compile there, at least. It also gets rid of all #pragma pack stuff (not all compilers necessarily support it), instead declaring 2-byte and 4-byte integral values as arrays of Do those headers need to be part of the libpcap distribution, rather than being internal to the libpcap source? |
a26e995 to
cf95dad
Compare
|
Thanks for the great feedback! Changelog v2:
|
cf95dad to
53f2460
Compare
|
Changelog v3:
|
|
Passed FreeBSD build this time, that's better. One other thing that would complement this feature is some tcpdump test(s) to flex the new keywords. Do you have enough batman packets with the right protocol fields? |
ed25b1c to
5a89e57
Compare
|
Changelog v4:
|
|
@infrastation sure, generating some test packets is no issue, can do that next weekend. According tests need to be added to the tcpdump repository in a separate commit over there, right? |
|
Yes, that's correct, and the tests will not pass until this feature has been merged, but eventually it would be consistent. |
|
Some simple tests for tcpdump for the batman-adv version 15 packet types and their decoding offsets can be found here: the-tcpdump-group/tcpdump#891 |
|
Thank you. For what it's worth, I have just looked through the proposed changes one more time and could not find any immediate issues to fix (which does not automatically mean everything is good, but still). Other reviewers are welcome. |
|
I'm a bit hesitant to ask, as I can see with all the frequent commits that everyone is very eagerly working on libpcap/tcpdump. But any chance to get this merged? Would help me adding it to the collaborative projects I would want to use this in. Which are usually reluctant in adding changes that are not upstream yet. |
|
Hi, @fenner , you've been down the pcap compiler space more than I, do you have any final comments before I merge this? |
| type = pcap_nametobatadvtype_v15($2); | ||
| break; | ||
| default: | ||
| YYABORT; |
There was a problem hiding this comment.
This should probably call bpf_set_error() to report that $1 is an unsupported batman-adv version.
There was a problem hiding this comment.
Thanks! I've added an according error message with bpf_set_error().
5a89e57 to
3dcde32
Compare
a576d46 to
555ee39
Compare
|
Rebased. "All checks have failed" => There are some errors fo fix. |
555ee39 to
e3698e7
Compare
|
The current types/sub-types in libpcap filter syntax use "-" and not "_". Examples: Thus for batman-adv packet types, it should be better to replace "_" by "-". |
5f47568 to
512ae9f
Compare
512ae9f to
f8cbaf1
Compare
|
Changelog v6:
|
|
Changelog v7:
|
|
I would also like to add the correct offset to the batadv_mcast_packet type, which has a variable payload offset. I would need to add the contents of the two bytes tvlv_len field to the offset: My tries so far were not successful with this, I might need some help/guidance for that. |
|
Changelog v8:
|
|
Changelog v9:
|
|
I would love to see this in tcpdump, too! @mcr @fenner @infrastation @guyharris any chance you could help getting it merged? It sounded like @mcr was ready to merge it in 2021 already, but it's been stalled since then. Some embedded distributions already took the code as patch in to support their users, but having actually it merged would be great ... |
This adds support for the layer 2 mesh routing protocol B.A.T.M.A.N. Advanced. "batadv" can be used to filter on batman-adv packets. It also allows later filters to look at frames inside the tunnel when both "version" and "type" are specified. Documentation for the batman-adv protocol can be found at the following locations: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/networking/batman-adv.rst https://www.open-mesh.org/ Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
The batman-adv multicast packet type has a variable offset for its encapsulated payload frames. The offset depends not only on the batman-adv mcast packet header length but also the length of a potential, variable length TVLV between the batman-adv mcast packet header and the payload. This adds according BPF instructions to take the TVLV length into account for a batman-adv mcast packet and adjusts the payload offset accordingly. Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
da42b5b to
e688c38
Compare
|
Thank you for waiting. Rebased on the current master branch. I have looked through the changes one more time, there are minor places for improvement, but the most demanding parts are in |
|
@infrastation thanks once more for the feedback and a happy new year!
But it seemed to me that this is a limitation of how these offsets work in libpcap right now in general, right? Once the keyword matches then the offset is applied immediately and globally and not within a specific scope? Which in the first three examples above would result in matching batman-adv packets within batman-adv packets, even when using brackets? |
|
T-X ***@***.***> wrote:
But it seemed to me that this is a limitation of how these offsets work
in libpcap right now in general, right? Once the keyword matches then
the offset is applied immediately and globally and not within a
specific scope? Which in the first three examples above would result in
matching batman-adv packets within batman-adv packets, even when using
brackets?
Correct.
And vlan is even more complex/annoying, because it can get taken out of the
packet into meta-data.
Fixing all of this requires some deep BPF knowledge, and some significant
reorganization to the pcap filter language. And at least 3 weeks of
bikeshedding what are probably gonna have to be new keywords.
|
|
Three weeks of bikeshedding is not as bad as setting in stone something that causes pain by design, e.g. the |
|
Thank you for waiting. I had another brief look at the proposed changes and would like to make a few comments, hopefully this will not take long. |
| { "roam-adv", BATADV_LEGACY_ROAM_ADV }, | ||
| { "unicast-4addr", BATADV_LEGACY_UNICAST_4ADDR }, | ||
| { "coded", BATADV_LEGACY_CODED }, | ||
| { (char *)0, 0 } |
| { "unicast-4addr", BATADV_UNICAST_4ADDR }, | ||
| { "icmp", BATADV_ICMP }, | ||
| { "unicast-tvlv", BATADV_UNICAST_TVLV }, | ||
| { (char *)0, 0 } |
| PCAP_API int pcap_nametobatadvtype_v14(const char *); | ||
|
|
||
| PCAP_AVAILABLE_1_11 | ||
| PCAP_API int pcap_nametobatadvtype_v15(const char *); |
There was a problem hiding this comment.
The two new functions look out of place in the public API and should not exist even in the private API. The translation of a packet type string to a packet type number should be done in grammar.y.in using the existing str2tok() function the same way it is done for ieee80211_types[].
| if (has_type) { | ||
| b0 = gen_batadv_check_type(cstate, b0, version, type); | ||
| b0 = gen_batadv_offsets(cstate, b0, version, type); | ||
| } |
There was a problem hiding this comment.
This block uses version, is it supposed to be within the block just above then?
| size_t offset; | ||
|
|
||
| switch (type) { | ||
| case BATADV_LEGACY_UNICAST: /* 0x03 */ |
There was a problem hiding this comment.
Here and elsewhere: if there is no reason to know the exact value of a named constant, it is better not to provide it.
| switch (version) { | ||
| case 14: | ||
| case 15: | ||
| if (type > UINT8_MAX) |
There was a problem hiding this comment.
BATMAN packet types seem to be 8-bit (I could find a few TVLV diagrams, but not a packet diagram with a Type field in it, which does not look right, please see if you could fix that as well). Anyway, the point here is that the valid range check should be done as early in gencode.c as possible (see the call to assert_maxval() in gen_pppoes() and similar examples), then the functions that actually process the packet type should use an uint8_t for the validated value.
| @@ -119,6 +119,8 @@ PUBHDR = \ | |||
| pcap/vlan.h | |||
|
|
|||
| HDR = $(PUBHDR) \ | |||
| batadv_legacy_packet.h \ | |||
| batadv_packet.h \ | |||
There was a problem hiding this comment.
The contents of these two new header files that is used only in gencode.c should go directly into gencode.c, and the remaining part (message types only, as far as I can see) should be in one header file used by both grammar.y.in and gencode.c (much like ieee80211.h). Also for clarity it may be better to use BATADV14_ and BATADV15_ for the packet types and batadv14_ and batadv15_ for the structures, in case there is yet another version in future.
|
This is one of several proposed non-trivial changes that I did not originally understand, so I took a rather long detour earlier to develop additional tooling and tests and to learn the BPF compiler better. In addition to the comments left on the patch, please note:
Other things I do not understand yet are:
|
This adds support for the layer 2 mesh routing protocol
B.A.T.M.A.N. Advanced. "batadv" can be used to filter on batman-adv
packets. It also allows later filters to look at frames inside the
tunnel when both "version" and "type" are specified.
Documentation for the batman-adv protocol can be found at the following
locations:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/networking/batman-adv.rst
https://www.open-mesh.org/
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>