From: David Ahern <dsahern@gmail.com>
To: Lawrence Kreeger <lkreeger@gmail.com>, netdev@vger.kernel.org
Subject: Re: "wrong" ifindex on received VLAN tagged packet?
Date: Tue, 6 Mar 2018 17:43:04 -0700 [thread overview]
Message-ID: <a1b27e99-0b06-585a-7f28-514b1b8e3a4c@gmail.com> (raw)
In-Reply-To: <CAOfa6T3ic9TGRUQTjZSc-HC5roAam2suD5+H1Sa60uqu3DE8Qw@mail.gmail.com>
On 3/6/18 3:02 PM, Lawrence Kreeger wrote:
> Hello,
>
> I'm trying to run mstpd on a per VLAN basis using one traditional
> linux bridge per VLAN. I'm running it on kernel version 4.12.4. It
> works fine for untagged frames, but I'm having a problem with VLAN
> tagged BPDUs arriving on the socket with the ifindex of the bridge
> itself, and not the VLAN tagged interface. For example, I have a
> tagged interface eth0.100 connected to the bridge "vlan100". When
> packets arrive, they have the ifindex of vlan100, which mstpd doesn't
> recognize as a valid spanning tree interface, so it drops them. Is
> there something needed to be set in the kernel to get the ifindex of
> eth0.100 instead? This is how mstpd opens the raw socket:
>
>
> /* Berkeley Packet filter code to filter out spanning tree packets.
> from tcpdump -s 1152 -dd stp
> */
> static struct sock_filter stp_filter[] = {
> { 0x28, 0, 0, 0x0000000c },
> { 0x25, 3, 0, 0x000005dc },
> { 0x30, 0, 0, 0x0000000e },
> { 0x15, 0, 1, 0x00000042 },
> { 0x6, 0, 0, 0x00000480 },
> { 0x6, 0, 0, 0x00000000 },
> };
>
> /*
> * Open up a raw packet socket to catch all 802.2 packets.
> * and install a packet filter to only see STP (SAP 42)
> *
> * Since any bridged devices are already in promiscious mode
> * no need to add multicast address.
> */
> int packet_sock_init(void)
> {
> int s;
> struct sock_fprog prog =
> {
> .len = sizeof(stp_filter) / sizeof(stp_filter[0]),
> .filter = stp_filter,
> };
>
> s = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_802_2));
try ETH_P_ALL
> if(s < 0)
> {
> ERROR("socket failed: %m");
> return -1;
> }
>
> if(setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &prog, sizeof(prog)) < 0)
> ERROR("setsockopt packet filter failed: %m");
> else if(fcntl(s, F_SETFL, O_NONBLOCK) < 0)
> ERROR("fcntl set nonblock failed: %m");
> else
> {
> packet_event.fd = s;
> packet_event.handler = packet_rcv;
And then packet_rcv using recvfrom:
struct sockaddr_ll sll;
char buf[4096];
socklen_t alen;
int len;
alen = sizeof(sll);
len = recvfrom(sd, buf, sizeof(buf), 0,
(struct sockaddr *)&sll, &alen);
And sll.sll_ifindex will show vlan device indices.
>
> if(0 == add_epoll(&packet_event))
> return 0;
> }
>
> close(s);
> return -1;
> }
>
> Thanks, Larry
>
next prev parent reply other threads:[~2018-03-07 0:43 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-06 22:02 "wrong" ifindex on received VLAN tagged packet? Lawrence Kreeger
2018-03-07 0:43 ` David Ahern [this message]
2018-03-07 1:27 ` Lawrence Kreeger
2018-03-12 20:26 ` David Ahern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a1b27e99-0b06-585a-7f28-514b1b8e3a4c@gmail.com \
--to=dsahern@gmail.com \
--cc=lkreeger@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).