Re: Fetching interface name

Re: Fetching interface name

[Pablo Neira Ayuso]

Cc'ing netfilter-devel for development questions.

On Fri, Sep 25, 2015 at 10:40:54AM +0530, Vikas wrote:
> Hi,
> 
> In the netlink infra I could see these attributes:
> 
>  enum nfqnl_attr_type {
> 0034     NFQA_UNSPEC,0035     NFQA_PACKET_HDR,
> 0036     NFQA_VERDICT_HDR,       /* nfqnl_msg_verdict_hrd */
> 0037     NFQA_MARK,          /* __u32 nfmark */
> 0038     NFQA_TIMESTAMP,         /* nfqnl_msg_packet_timestamp */
> 0039*NFQA_IFINDEX_INDEV*,     /* __u32 ifindex */
> 0040*NFQA_IFINDEX_OUTDEV*,        /* __u32 ifindex */
> 0041     NFQA_IFINDEX_PHYSINDEV,     /* __u32 ifindex */
> 0042     NFQA_IFINDEX_PHYSOUTDEV,    /* __u32 ifindex */
> 0043     NFQA_HWADDR,            /* nfqnl_msg_packet_hw */
> 0044     NFQA_PAYLOAD,           /* opaque data payload */
> 0045     NFQA_CT,            /* nf_conntrack_netlink.h */
> 0046     NFQA_CT_INFO,           /* enum ip_conntrack_info */
> 0047     NFQA_CAP_LEN,           /* __u32 length of captured packet */
> 0048     NFQA_SKB_INFO,          /* __u32 skb meta information */
> 0049     NFQA_EXP,           /* nf_conntrack_netlink.h */
> 0050
> 0051     __NFQA_MAX
> 0052 };
> 
> Currently we are doing this to get the input/putput interface index:
>    input_interface_index = mnl_attr_get_u32(tb[NFQA_IFINDEX_INDEV]);    // where tb being a nlattr structure: struct nlattr *tb[NFQA_MAX]
>    output_interface_index = mnl_attr_get_u32(tb[NFQA_IFINDEX_OUTDEV]);
> 
> Is there a way(or any attribute like NFQA_IFINDEX_INDEV/OUTDEV) by
> which we can get the input/output interface*name*?  I don't want to
> use kernel call: if_indextoname() to map index to name, because it
> may be time consuming.

It should be easy to build a cache of ifindex in userspace and
maintain it up to date. So you don't need to use if_indextoname()
since it generates quite a lot of netlink traffic between kernel and
userspace.

You can probably contribute some example to libmnl that we can apply
to the tree. You can use this change I made quite recently as
reference for that code:

http://git.netfilter.org/nftables/commit/?id=3ed296118a065caff5600e60d4f7ef18e137f9a0

Re: Fetching interface name

[Vikas]

This will indeed help us. Thanx for the pointer.

Regards
Vikas

On 25/09/15 3:52 pm, Pablo Neira Ayuso wrote:
> Cc'ing netfilter-devel for development questions.
>
> On Fri, Sep 25, 2015 at 10:40:54AM +0530, Vikas wrote:
>> Hi,
>>
>> In the netlink infra I could see these attributes:
>>
>>   enum nfqnl_attr_type {
>> 0034     NFQA_UNSPEC,0035     NFQA_PACKET_HDR,
>> 0036     NFQA_VERDICT_HDR,       /* nfqnl_msg_verdict_hrd */
>> 0037     NFQA_MARK,          /* __u32 nfmark */
>> 0038     NFQA_TIMESTAMP,         /* nfqnl_msg_packet_timestamp */
>> 0039*NFQA_IFINDEX_INDEV*,     /* __u32 ifindex */
>> 0040*NFQA_IFINDEX_OUTDEV*,        /* __u32 ifindex */
>> 0041     NFQA_IFINDEX_PHYSINDEV,     /* __u32 ifindex */
>> 0042     NFQA_IFINDEX_PHYSOUTDEV,    /* __u32 ifindex */
>> 0043     NFQA_HWADDR,            /* nfqnl_msg_packet_hw */
>> 0044     NFQA_PAYLOAD,           /* opaque data payload */
>> 0045     NFQA_CT,            /* nf_conntrack_netlink.h */
>> 0046     NFQA_CT_INFO,           /* enum ip_conntrack_info */
>> 0047     NFQA_CAP_LEN,           /* __u32 length of captured packet */
>> 0048     NFQA_SKB_INFO,          /* __u32 skb meta information */
>> 0049     NFQA_EXP,           /* nf_conntrack_netlink.h */
>> 0050
>> 0051     __NFQA_MAX
>> 0052 };
>>
>> Currently we are doing this to get the input/putput interface index:
>>     input_interface_index = mnl_attr_get_u32(tb[NFQA_IFINDEX_INDEV]);    // where tb being a nlattr structure: struct nlattr *tb[NFQA_MAX]
>>     output_interface_index = mnl_attr_get_u32(tb[NFQA_IFINDEX_OUTDEV]);
>>
>> Is there a way(or any attribute like NFQA_IFINDEX_INDEV/OUTDEV) by
>> which we can get the input/output interface*name*?  I don't want to
>> use kernel call: if_indextoname() to map index to name, because it
>> may be time consuming.
> It should be easy to build a cache of ifindex in userspace and
> maintain it up to date. So you don't need to use if_indextoname()
> since it generates quite a lot of netlink traffic between kernel and
> userspace.
>
> You can probably contribute some example to libmnl that we can apply
> to the tree. You can use this change I made quite recently as
> reference for that code:
>
> http://git.netfilter.org/nftables/commit/?id=3ed296118a065caff5600e60d4f7ef18e137f9a0

Re: Fetching interface name

[Pablo Neira Ayuso]

On Fri, Sep 25, 2015 at 06:12:19PM +0530, Vikas wrote:
> Have two questions wrt to the recent code changes, specially function:
> iface_cache_update().
> 
> 1. Inside iface_cache_update(), I see lot of socket
> calls(open/bind/sendto/recvfrom) and also list_add() inside callback:
> data_cb(). Are these calls not impacting performace?
> We didn't wanted to use if_indextoname() for the fact that it was kernel
> operation. Performance & traffic wise how iface_cache_update() is different
> from if_indextoname()?

I guess you'll have a daemon, so you cache it once and then reuse.

nft is a command line tool, we get the cache once to look up for as
many ifindex as we need, thus we save quite a lot of traffic.

> 2. Looks like iface_cache_update() is called only once(since there is
> boolean flag: iface_cache_init). But even if we update the cache but there
> is no surity that interface index will not change post update.

You have to subscribe to netlink event notifications, to keep the
cache up to date incrementally.

There's also other code in our tree that is doing this:

http://git.netfilter.org/libnfnetlink/tree/src/iftable.c

As I said, it should be very easy to implement an example daemon for
libmnl that initially creates and ifindex cache and then it updates it
based on netlink event notification.