* "wrong" ifindex on received VLAN tagged packet?
@ 2018-03-06 22:02 Lawrence Kreeger
2018-03-07 0:43 ` David Ahern
0 siblings, 1 reply; 4+ messages in thread
From: Lawrence Kreeger @ 2018-03-06 22:02 UTC (permalink / raw)
To: netdev, dsahern
Hello,
I'm trying to run mstpd on a per VLAN basis using one traditional
linux bridge per VLAN. I'm running it on kernel version 4.12.4. It
works fine for untagged frames, but I'm having a problem with VLAN
tagged BPDUs arriving on the socket with the ifindex of the bridge
itself, and not the VLAN tagged interface. For example, I have a
tagged interface eth0.100 connected to the bridge "vlan100". When
packets arrive, they have the ifindex of vlan100, which mstpd doesn't
recognize as a valid spanning tree interface, so it drops them. Is
there something needed to be set in the kernel to get the ifindex of
eth0.100 instead? This is how mstpd opens the raw socket:
/* Berkeley Packet filter code to filter out spanning tree packets.
from tcpdump -s 1152 -dd stp
*/
static struct sock_filter stp_filter[] = {
{ 0x28, 0, 0, 0x0000000c },
{ 0x25, 3, 0, 0x000005dc },
{ 0x30, 0, 0, 0x0000000e },
{ 0x15, 0, 1, 0x00000042 },
{ 0x6, 0, 0, 0x00000480 },
{ 0x6, 0, 0, 0x00000000 },
};
/*
* Open up a raw packet socket to catch all 802.2 packets.
* and install a packet filter to only see STP (SAP 42)
*
* Since any bridged devices are already in promiscious mode
* no need to add multicast address.
*/
int packet_sock_init(void)
{
int s;
struct sock_fprog prog =
{
.len = sizeof(stp_filter) / sizeof(stp_filter[0]),
.filter = stp_filter,
};
s = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_802_2));
if(s < 0)
{
ERROR("socket failed: %m");
return -1;
}
if(setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &prog, sizeof(prog)) < 0)
ERROR("setsockopt packet filter failed: %m");
else if(fcntl(s, F_SETFL, O_NONBLOCK) < 0)
ERROR("fcntl set nonblock failed: %m");
else
{
packet_event.fd = s;
packet_event.handler = packet_rcv;
if(0 == add_epoll(&packet_event))
return 0;
}
close(s);
return -1;
}
Thanks, Larry
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: "wrong" ifindex on received VLAN tagged packet? 2018-03-06 22:02 "wrong" ifindex on received VLAN tagged packet? Lawrence Kreeger @ 2018-03-07 0:43 ` David Ahern 2018-03-07 1:27 ` Lawrence Kreeger 0 siblings, 1 reply; 4+ messages in thread From: David Ahern @ 2018-03-07 0:43 UTC (permalink / raw) To: Lawrence Kreeger, netdev On 3/6/18 3:02 PM, Lawrence Kreeger wrote: > Hello, > > I'm trying to run mstpd on a per VLAN basis using one traditional > linux bridge per VLAN. I'm running it on kernel version 4.12.4. It > works fine for untagged frames, but I'm having a problem with VLAN > tagged BPDUs arriving on the socket with the ifindex of the bridge > itself, and not the VLAN tagged interface. For example, I have a > tagged interface eth0.100 connected to the bridge "vlan100". When > packets arrive, they have the ifindex of vlan100, which mstpd doesn't > recognize as a valid spanning tree interface, so it drops them. Is > there something needed to be set in the kernel to get the ifindex of > eth0.100 instead? This is how mstpd opens the raw socket: > > > /* Berkeley Packet filter code to filter out spanning tree packets. > from tcpdump -s 1152 -dd stp > */ > static struct sock_filter stp_filter[] = { > { 0x28, 0, 0, 0x0000000c }, > { 0x25, 3, 0, 0x000005dc }, > { 0x30, 0, 0, 0x0000000e }, > { 0x15, 0, 1, 0x00000042 }, > { 0x6, 0, 0, 0x00000480 }, > { 0x6, 0, 0, 0x00000000 }, > }; > > /* > * Open up a raw packet socket to catch all 802.2 packets. > * and install a packet filter to only see STP (SAP 42) > * > * Since any bridged devices are already in promiscious mode > * no need to add multicast address. > */ > int packet_sock_init(void) > { > int s; > struct sock_fprog prog = > { > .len = sizeof(stp_filter) / sizeof(stp_filter[0]), > .filter = stp_filter, > }; > > s = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_802_2)); try ETH_P_ALL > if(s < 0) > { > ERROR("socket failed: %m"); > return -1; > } > > if(setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &prog, sizeof(prog)) < 0) > ERROR("setsockopt packet filter failed: %m"); > else if(fcntl(s, F_SETFL, O_NONBLOCK) < 0) > ERROR("fcntl set nonblock failed: %m"); > else > { > packet_event.fd = s; > packet_event.handler = packet_rcv; And then packet_rcv using recvfrom: struct sockaddr_ll sll; char buf[4096]; socklen_t alen; int len; alen = sizeof(sll); len = recvfrom(sd, buf, sizeof(buf), 0, (struct sockaddr *)&sll, &alen); And sll.sll_ifindex will show vlan device indices. > > if(0 == add_epoll(&packet_event)) > return 0; > } > > close(s); > return -1; > } > > Thanks, Larry > ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: "wrong" ifindex on received VLAN tagged packet? 2018-03-07 0:43 ` David Ahern @ 2018-03-07 1:27 ` Lawrence Kreeger 2018-03-12 20:26 ` David Ahern 0 siblings, 1 reply; 4+ messages in thread From: Lawrence Kreeger @ 2018-03-07 1:27 UTC (permalink / raw) To: David Ahern; +Cc: netdev Using ETH_P_ALL instead of ETH_P_802_2, is causing mstpd to get 3 copies of the same BPDU. One from eth0, one from eth0.100, and another from vlan100 (the bridge). mstpd will drop the one from vlan100, but since there is also an instance of spanning tree running on the native VLAN, there is now no way to differentiate BPDUs coming in tagged vs untagged because they all show up with eth0. So, there isn't some kernel knob to get the BPDUs to only come from eth0.100? On Tue, Mar 6, 2018 at 4:43 PM, David Ahern <dsahern@gmail.com> wrote: > On 3/6/18 3:02 PM, Lawrence Kreeger wrote: >> Hello, >> >> I'm trying to run mstpd on a per VLAN basis using one traditional >> linux bridge per VLAN. I'm running it on kernel version 4.12.4. It >> works fine for untagged frames, but I'm having a problem with VLAN >> tagged BPDUs arriving on the socket with the ifindex of the bridge >> itself, and not the VLAN tagged interface. For example, I have a >> tagged interface eth0.100 connected to the bridge "vlan100". When >> packets arrive, they have the ifindex of vlan100, which mstpd doesn't >> recognize as a valid spanning tree interface, so it drops them. Is >> there something needed to be set in the kernel to get the ifindex of >> eth0.100 instead? This is how mstpd opens the raw socket: >> >> >> /* Berkeley Packet filter code to filter out spanning tree packets. >> from tcpdump -s 1152 -dd stp >> */ >> static struct sock_filter stp_filter[] = { >> { 0x28, 0, 0, 0x0000000c }, >> { 0x25, 3, 0, 0x000005dc }, >> { 0x30, 0, 0, 0x0000000e }, >> { 0x15, 0, 1, 0x00000042 }, >> { 0x6, 0, 0, 0x00000480 }, >> { 0x6, 0, 0, 0x00000000 }, >> }; >> >> /* >> * Open up a raw packet socket to catch all 802.2 packets. >> * and install a packet filter to only see STP (SAP 42) >> * >> * Since any bridged devices are already in promiscious mode >> * no need to add multicast address. >> */ >> int packet_sock_init(void) >> { >> int s; >> struct sock_fprog prog = >> { >> .len = sizeof(stp_filter) / sizeof(stp_filter[0]), >> .filter = stp_filter, >> }; >> >> s = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_802_2)); > > try ETH_P_ALL > >> if(s < 0) >> { >> ERROR("socket failed: %m"); >> return -1; >> } >> >> if(setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &prog, sizeof(prog)) < 0) >> ERROR("setsockopt packet filter failed: %m"); >> else if(fcntl(s, F_SETFL, O_NONBLOCK) < 0) >> ERROR("fcntl set nonblock failed: %m"); >> else >> { >> packet_event.fd = s; >> packet_event.handler = packet_rcv; > > And then packet_rcv using recvfrom: > struct sockaddr_ll sll; > char buf[4096]; > socklen_t alen; > int len; > > alen = sizeof(sll); > len = recvfrom(sd, buf, sizeof(buf), 0, > (struct sockaddr *)&sll, &alen); > > And sll.sll_ifindex will show vlan device indices. > > >> >> if(0 == add_epoll(&packet_event)) >> return 0; >> } >> >> close(s); >> return -1; >> } >> >> Thanks, Larry >> > ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: "wrong" ifindex on received VLAN tagged packet? 2018-03-07 1:27 ` Lawrence Kreeger @ 2018-03-12 20:26 ` David Ahern 0 siblings, 0 replies; 4+ messages in thread From: David Ahern @ 2018-03-12 20:26 UTC (permalink / raw) To: Lawrence Kreeger; +Cc: netdev On 3/6/18 5:27 PM, Lawrence Kreeger wrote: > Using ETH_P_ALL instead of ETH_P_802_2, is causing mstpd to get 3 > copies of the same BPDU. One from eth0, one from eth0.100, and > another from vlan100 (the bridge). > mstpd will drop the one from vlan100, but since there is also an > instance of spanning tree running on the native VLAN, there is now no > way to differentiate BPDUs coming in > tagged vs untagged because they all show up with eth0. So, there > isn't some kernel knob to get the BPDUs to only come from eth0.100? not that I am aware of. You could bind your socket or program to eth0.100, but I suspect you actually have more than the one vlan interface coming into the bridge that you want to snoop. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-03-12 20:26 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2018-03-06 22:02 "wrong" ifindex on received VLAN tagged packet? Lawrence Kreeger 2018-03-07 0:43 ` David Ahern 2018-03-07 1:27 ` Lawrence Kreeger 2018-03-12 20:26 ` David Ahern
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).