2 ctdb system specific code to manage raw sockets on linux
4 Copyright (C) Ronnie Sahlberg 2007
5 Copyright (C) Andrew Tridgell 2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, see <http://www.gnu.org/licenses/>.
24 * Use BSD struct tcphdr field names for portability. Modern glibc
25 * makes them available by default via <netinet/tcp.h> but older glibc
26 * requires __FAVOR_BSD to be defined.
28 * __FAVOR_BSD is normally defined in <features.h> if _DEFAULT_SOURCE
29 * (new) or _BSD_SOURCE (now deprecated) is set and _GNU_SOURCE is not
30 * set. Including "replace.h" above causes <features.h> to be
31 * indirectly included and this will not set __FAVOR_BSD because
32 * _GNU_SOURCE is set in Samba's "config.h" (which is included by
35 * Therefore, set __FAVOR_BSD by hand below.
38 #include "system/network.h"
40 #ifdef HAVE_NETINET_IF_ETHER_H
41 #include <netinet/if_ether.h>
43 #ifdef HAVE_NETINET_IP6_H
44 #include <netinet/ip6.h>
46 #ifdef HAVE_NETINET_ICMP6_H
47 #include <netinet/icmp6.h>
49 #ifdef HAVE_LINUX_IF_PACKET_H
50 #include <linux/if_packet.h>
54 #define ETHERTYPE_IP6 0x86dd
57 #include "lib/util/debug.h"
58 #include "lib/util/blocking.h"
60 #include "protocol/protocol.h"
62 #include "common/logging.h"
63 #include "common/system_socket.h"
66 uint16 checksum for n bytes
68 static uint32_t uint16_checksum(uint16_t *data, size_t n)
72 sum += (uint32_t)ntohs(*data);
77 sum += (uint32_t)ntohs(*(uint8_t *)data);
83 * See if the given IP is currently on an interface
85 bool ctdb_sys_have_ip(ctdb_sock_addr *_addr)
89 ctdb_sock_addr __addr = *_addr;
90 ctdb_sock_addr *addr = &__addr;
91 socklen_t addrlen = 0;
93 switch (addr->sa.sa_family) {
95 addr->ip.sin_port = 0;
96 addrlen = sizeof(struct sockaddr_in);
99 addr->ip6.sin6_port = 0;
100 addrlen = sizeof(struct sockaddr_in6);
104 s = socket(addr->sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
109 ret = bind(s, (struct sockaddr *)addr, addrlen);
116 * simple TCP checksum - assumes data is multiple of 2 bytes long
118 static uint16_t ip_checksum(uint16_t *data, size_t n, struct ip *ip)
120 uint32_t sum = uint16_checksum(data, n);
123 sum += uint16_checksum((uint16_t *)&ip->ip_src, sizeof(ip->ip_src));
124 sum += uint16_checksum((uint16_t *)&ip->ip_dst, sizeof(ip->ip_dst));
126 sum = (sum & 0xFFFF) + (sum >> 16);
127 sum = (sum & 0xFFFF) + (sum >> 16);
136 static uint16_t ip6_checksum(uint16_t *data, size_t n, struct ip6_hdr *ip6)
142 sum += uint16_checksum((uint16_t *)(void *)&ip6->ip6_src, 16);
143 sum += uint16_checksum((uint16_t *)(void *)&ip6->ip6_dst, 16);
146 phdr[1] = htonl(ip6->ip6_nxt);
147 sum += uint16_checksum((uint16_t *)phdr, 8);
149 sum += uint16_checksum(data, n);
151 sum = (sum & 0xFFFF) + (sum >> 16);
152 sum = (sum & 0xFFFF) + (sum >> 16);
162 * Send gratuitous ARP request/reply or IPv6 neighbor advertisement
165 #ifdef HAVE_PACKETSOCKET
167 int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface)
170 struct sockaddr_ll sall;
171 struct ether_header *eh;
174 struct nd_neighbor_advert *nd_na;
175 struct nd_opt_hdr *nd_oh;
176 struct ifreq if_hwaddr;
177 /* Size of IPv6 neighbor advertisement (with option) */
178 unsigned char buffer[sizeof(struct ether_header) +
179 sizeof(struct ip6_hdr) +
180 sizeof(struct nd_neighbor_advert) +
181 sizeof(struct nd_opt_hdr) + ETH_ALEN];
183 char bdcast[] = {0xff,0xff,0xff,0xff,0xff,0xff};
188 ZERO_STRUCT(if_hwaddr);
190 switch (addr->ip.sin_family) {
192 s = socket(AF_PACKET, SOCK_RAW, 0);
194 DBG_ERR("Failed to open raw socket\n");
198 DBG_DEBUG("Created SOCKET FD:%d for sending arp\n", s);
199 strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name));
200 if (ioctl(s, SIOCGIFINDEX, &ifr) < 0) {
201 DBG_ERR("Interface '%s' not found\n", iface);
206 /* get the mac address */
207 strlcpy(if_hwaddr.ifr_name, iface, sizeof(if_hwaddr.ifr_name));
208 ret = ioctl(s, SIOCGIFHWADDR, &if_hwaddr);
211 DBG_ERR("ioctl failed\n");
214 if (ARPHRD_LOOPBACK == if_hwaddr.ifr_hwaddr.sa_family) {
215 D_DEBUG("Ignoring loopback arp request\n");
219 if (if_hwaddr.ifr_hwaddr.sa_family != ARPHRD_ETHER) {
222 DBG_ERR("Not an ethernet address family (0x%x)\n",
223 if_hwaddr.ifr_hwaddr.sa_family);
228 memset(buffer, 0 , 64);
229 eh = (struct ether_header *)buffer;
230 memset(eh->ether_dhost, 0xff, ETH_ALEN);
231 memcpy(eh->ether_shost, if_hwaddr.ifr_hwaddr.sa_data, ETH_ALEN);
232 eh->ether_type = htons(ETHERTYPE_ARP);
234 ah = (struct arphdr *)&buffer[sizeof(struct ether_header)];
235 ah->ar_hrd = htons(ARPHRD_ETHER);
236 ah->ar_pro = htons(ETH_P_IP);
237 ah->ar_hln = ETH_ALEN;
240 /* send a gratious arp */
241 ah->ar_op = htons(ARPOP_REQUEST);
242 ptr = (char *)&ah[1];
243 memcpy(ptr, if_hwaddr.ifr_hwaddr.sa_data, ETH_ALEN);
245 memcpy(ptr, &addr->ip.sin_addr, 4);
247 memset(ptr, 0, ETH_ALEN);
249 memcpy(ptr, &addr->ip.sin_addr, 4);
252 sall.sll_family = AF_PACKET;
254 memcpy(&sall.sll_addr[0], bdcast, sall.sll_halen);
255 sall.sll_protocol = htons(ETH_P_ALL);
256 sall.sll_ifindex = ifr.ifr_ifindex;
257 ret = sendto(s,buffer, 64, 0,
258 (struct sockaddr *)&sall, sizeof(sall));
261 DBG_ERR("Failed sendto\n");
265 /* send unsolicited arp reply broadcast */
266 ah->ar_op = htons(ARPOP_REPLY);
267 ptr = (char *)&ah[1];
268 memcpy(ptr, if_hwaddr.ifr_hwaddr.sa_data, ETH_ALEN);
270 memcpy(ptr, &addr->ip.sin_addr, 4);
272 memcpy(ptr, if_hwaddr.ifr_hwaddr.sa_data, ETH_ALEN);
274 memcpy(ptr, &addr->ip.sin_addr, 4);
277 ret = sendto(s, buffer, 64, 0,
278 (struct sockaddr *)&sall, sizeof(sall));
280 DBG_ERR("Failed sendto\n");
288 s = socket(AF_PACKET, SOCK_RAW, 0);
290 DBG_ERR("Failed to open raw socket\n");
294 DBG_DEBUG("Created SOCKET FD:%d for sending arp\n", s);
295 strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name));
296 if (ioctl(s, SIOCGIFINDEX, &ifr) < 0) {
297 DBG_ERR("Interface '%s' not found\n", iface);
302 /* get the mac address */
303 strlcpy(if_hwaddr.ifr_name, iface, sizeof(if_hwaddr.ifr_name));
304 ret = ioctl(s, SIOCGIFHWADDR, &if_hwaddr);
307 DBG_ERR("ioctl failed\n");
310 if (ARPHRD_LOOPBACK == if_hwaddr.ifr_hwaddr.sa_family) {
311 DBG_DEBUG("Ignoring loopback arp request\n");
315 if (if_hwaddr.ifr_hwaddr.sa_family != ARPHRD_ETHER) {
318 DBG_ERR("Not an ethernet address family (0x%x)\n",
319 if_hwaddr.ifr_hwaddr.sa_family);
323 memset(buffer, 0 , sizeof(buffer));
324 eh = (struct ether_header *)buffer;
326 * Ethernet multicast: 33:33:00:00:00:01 (see RFC2464,
327 * section 7) - note zeroes above!
329 eh->ether_dhost[0] = eh->ether_dhost[1] = 0x33;
330 eh->ether_dhost[5] = 0x01;
331 memcpy(eh->ether_shost, if_hwaddr.ifr_hwaddr.sa_data, ETH_ALEN);
332 eh->ether_type = htons(ETHERTYPE_IP6);
334 ip6 = (struct ip6_hdr *)(eh+1);
336 ip6->ip6_plen = htons(sizeof(*nd_na) +
337 sizeof(struct nd_opt_hdr) +
339 ip6->ip6_nxt = IPPROTO_ICMPV6;
341 ip6->ip6_src = addr->ip6.sin6_addr;
342 /* all-nodes multicast */
344 ret = inet_pton(AF_INET6, "ff02::1", &ip6->ip6_dst);
347 DBG_ERR("Failed inet_pton\n");
351 nd_na = (struct nd_neighbor_advert *)(ip6+1);
352 nd_na->nd_na_type = ND_NEIGHBOR_ADVERT;
353 nd_na->nd_na_code = 0;
354 nd_na->nd_na_flags_reserved = ND_NA_FLAG_OVERRIDE;
355 nd_na->nd_na_target = addr->ip6.sin6_addr;
356 /* Option: Target link-layer address */
357 nd_oh = (struct nd_opt_hdr *)(nd_na+1);
358 nd_oh->nd_opt_type = ND_OPT_TARGET_LINKADDR;
359 nd_oh->nd_opt_len = 1;
360 memcpy(&(nd_oh+1)[0], if_hwaddr.ifr_hwaddr.sa_data, ETH_ALEN);
362 nd_na->nd_na_cksum = ip6_checksum((uint16_t *)nd_na,
363 ntohs(ip6->ip6_plen), ip6);
365 sall.sll_family = AF_PACKET;
367 memcpy(&sall.sll_addr[0], &eh->ether_dhost[0], sall.sll_halen);
368 sall.sll_protocol = htons(ETH_P_ALL);
369 sall.sll_ifindex = ifr.ifr_ifindex;
370 ret = sendto(s, buffer, sizeof(buffer),
371 0, (struct sockaddr *)&sall, sizeof(sall));
374 DBG_ERR("Failed sendto\n");
381 DBG_ERR("Not an ipv4/ipv6 address (family is %u)\n",
382 addr->ip.sin_family);
389 #else /* HAVE_PACKETSOCKET */
391 int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface)
393 /* Not implemented */
398 #endif /* HAVE_PACKETSOCKET */
401 * Send tcp segment from the specified IP/port to the specified
402 * destination IP/port.
404 * This is used to trigger the receiving host into sending its own ACK,
405 * which should trigger early detection of TCP reset by the client
408 * This can also be used to send RST segments (if rst is true) and also
409 * if correct seq and ack numbers are provided.
411 int ctdb_sys_send_tcp(const ctdb_sock_addr *dest,
412 const ctdb_sock_addr *src,
421 ctdb_sock_addr *tmpdest;
432 switch (src->ip.sin_family) {
436 ip4pkt.ip.ip_hl = sizeof(ip4pkt.ip)/4;
437 ip4pkt.ip.ip_len = htons(sizeof(ip4pkt));
438 ip4pkt.ip.ip_ttl = 255;
439 ip4pkt.ip.ip_p = IPPROTO_TCP;
440 ip4pkt.ip.ip_src.s_addr = src->ip.sin_addr.s_addr;
441 ip4pkt.ip.ip_dst.s_addr = dest->ip.sin_addr.s_addr;
442 ip4pkt.ip.ip_sum = 0;
444 ip4pkt.tcp.th_sport = src->ip.sin_port;
445 ip4pkt.tcp.th_dport = dest->ip.sin_port;
446 ip4pkt.tcp.th_seq = seq;
447 ip4pkt.tcp.th_ack = ack;
448 ip4pkt.tcp.th_flags = 0;
449 ip4pkt.tcp.th_flags |= TH_ACK;
451 ip4pkt.tcp.th_flags |= TH_RST;
453 ip4pkt.tcp.th_off = sizeof(ip4pkt.tcp)/4;
454 /* this makes it easier to spot in a sniffer */
455 ip4pkt.tcp.th_win = htons(1234);
456 ip4pkt.tcp.th_sum = ip_checksum((uint16_t *)&ip4pkt.tcp,
460 /* open a raw socket to send this segment from */
461 s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
463 DBG_ERR("Failed to open raw socket (%s)\n",
468 ret = setsockopt(s, IPPROTO_IP, IP_HDRINCL, &one, sizeof(one));
470 DBG_ERR("Failed to setup IP headers (%s)\n",
476 ret = sendto(s, &ip4pkt, sizeof(ip4pkt), 0,
477 (const struct sockaddr *)&dest->ip,
481 if (ret != sizeof(ip4pkt)) {
482 D_ERR("Failed sendto (%s)\n", strerror(saved_errno));
488 ip6pkt.ip6.ip6_vfc = 0x60;
489 ip6pkt.ip6.ip6_plen = htons(20);
490 ip6pkt.ip6.ip6_nxt = IPPROTO_TCP;
491 ip6pkt.ip6.ip6_hlim = 64;
492 ip6pkt.ip6.ip6_src = src->ip6.sin6_addr;
493 ip6pkt.ip6.ip6_dst = dest->ip6.sin6_addr;
495 ip6pkt.tcp.th_sport = src->ip6.sin6_port;
496 ip6pkt.tcp.th_dport = dest->ip6.sin6_port;
497 ip6pkt.tcp.th_seq = seq;
498 ip6pkt.tcp.th_ack = ack;
499 ip6pkt.tcp.th_flags = 0;
500 ip6pkt.tcp.th_flags |= TH_RST;
502 ip6pkt.tcp.th_flags |= TH_RST;
504 ip6pkt.tcp.th_off = sizeof(ip6pkt.tcp)/4;
505 /* this makes it easier to spot in a sniffer */
506 ip6pkt.tcp.th_win = htons(1234);
507 ip6pkt.tcp.th_sum = ip6_checksum((uint16_t *)&ip6pkt.tcp,
511 s = socket(AF_INET6, SOCK_RAW, IPPROTO_RAW);
513 DBG_ERR("Failed to open sending socket\n");
517 /* sendto() don't like if the port is set and the socket is
520 tmpdest = discard_const(dest);
521 tmpport = tmpdest->ip6.sin6_port;
523 tmpdest->ip6.sin6_port = 0;
524 ret = sendto(s, &ip6pkt, sizeof(ip6pkt), 0,
525 (const struct sockaddr *)&dest->ip6,
528 tmpdest->ip6.sin6_port = tmpport;
531 if (ret != sizeof(ip6pkt)) {
532 D_ERR("Failed sendto (%s)\n", strerror(saved_errno));
538 DBG_ERR("Not an ipv4/v6 address\n");
548 * If AF_PACKET is available then use a raw socket otherwise use pcap.
549 * wscript has checked to make sure that pcap is available if needed.
552 #ifdef HAVE_AF_PACKET
555 * This function is used to open a raw socket to capture from
557 int ctdb_sys_open_capture_socket(const char *iface, void **private_data)
561 /* Open a socket to capture all traffic */
562 s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
564 DBG_ERR("Failed to open raw socket\n");
568 DBG_DEBUG("Created RAW SOCKET FD:%d for tcp tickle\n", s);
570 ret = set_blocking(s, false);
572 DBG_ERR("Failed to set socket non-blocking (%s)\n",
578 set_close_on_exec(s);
584 * This function is used to do any additional cleanup required when closing
586 * Note that the socket itself is closed automatically in the caller.
588 int ctdb_sys_close_capture_socket(void *private_data)
595 * called when the raw socket becomes readable
597 int ctdb_sys_read_tcp_packet(int s, void *private_data,
606 #define RCVPKTSIZE 100
607 char pkt[RCVPKTSIZE];
608 struct ether_header *eth;
613 ret = recv(s, pkt, RCVPKTSIZE, MSG_TRUNC);
614 if (ret < sizeof(*eth)+sizeof(*ip)) {
622 eth = (struct ether_header *)pkt;
624 /* we want either IPv4 or IPv6 */
625 if (ntohs(eth->ether_type) == ETHERTYPE_IP) {
627 ip = (struct iphdr *)(eth+1);
629 /* We only want IPv4 packets */
630 if (ip->version != 4) {
633 /* Dont look at fragments */
634 if ((ntohs(ip->frag_off)&0x1fff) != 0) {
637 /* we only want TCP */
638 if (ip->protocol != IPPROTO_TCP) {
642 /* make sure its not a short packet */
643 if (offsetof(struct tcphdr, th_ack) + 4 +
644 (ip->ihl*4) + sizeof(*eth) > ret) {
648 tcp = (struct tcphdr *)((ip->ihl*4) + (char *)ip);
650 /* tell the caller which one we've found */
651 src->ip.sin_family = AF_INET;
652 src->ip.sin_addr.s_addr = ip->saddr;
653 src->ip.sin_port = tcp->th_sport;
654 dst->ip.sin_family = AF_INET;
655 dst->ip.sin_addr.s_addr = ip->daddr;
656 dst->ip.sin_port = tcp->th_dport;
657 *ack_seq = tcp->th_ack;
659 if (window != NULL) {
660 *window = tcp->th_win;
663 *rst = tcp->th_flags & TH_RST;
667 } else if (ntohs(eth->ether_type) == ETHERTYPE_IP6) {
669 ip6 = (struct ip6_hdr *)(eth+1);
671 /* we only want TCP */
672 if (ip6->ip6_nxt != IPPROTO_TCP) {
677 tcp = (struct tcphdr *)(ip6+1);
679 /* tell the caller which one we've found */
680 src->ip6.sin6_family = AF_INET6;
681 src->ip6.sin6_port = tcp->th_sport;
682 src->ip6.sin6_addr = ip6->ip6_src;
684 dst->ip6.sin6_family = AF_INET6;
685 dst->ip6.sin6_port = tcp->th_dport;
686 dst->ip6.sin6_addr = ip6->ip6_dst;
688 *ack_seq = tcp->th_ack;
690 if (window != NULL) {
691 *window = tcp->th_win;
694 *rst = tcp->th_flags & TH_RST;
703 #else /* HAVE_AF_PACKET */
707 int ctdb_sys_open_capture_socket(const char *iface, void **private_data)
711 pt=pcap_open_live(iface, 100, 0, 0, NULL);
713 DBG_ERR("Failed to open capture device %s\n", iface);
716 *((pcap_t **)private_data) = pt;
718 return pcap_fileno(pt);
721 int ctdb_sys_close_capture_socket(void *private_data)
723 pcap_t *pt = (pcap_t *)private_data;
728 int ctdb_sys_read_tcp_packet(int s,
738 struct ether_header *eth;
742 struct ctdb_killtcp_connection *conn;
743 struct pcap_pkthdr pkthdr;
744 const u_char *buffer;
745 pcap_t *pt = (pcap_t *)private_data;
747 buffer=pcap_next(pt, &pkthdr);
756 eth = (struct ether_header *)buffer;
758 /* we want either IPv4 or IPv6 */
759 if (eth->ether_type == htons(ETHERTYPE_IP)) {
761 ip = (struct ip *)(eth+1);
763 /* We only want IPv4 packets */
767 /* Dont look at fragments */
768 if ((ntohs(ip->ip_off)&0x1fff) != 0) {
771 /* we only want TCP */
772 if (ip->ip_p != IPPROTO_TCP) {
776 /* make sure its not a short packet */
777 if (offsetof(struct tcphdr, th_ack) + 4 +
778 (ip->ip_hl*4) > ret) {
782 tcp = (struct tcphdr *)((ip->ip_hl*4) + (char *)ip);
784 /* tell the caller which one we've found */
785 src->ip.sin_family = AF_INET;
786 src->ip.sin_addr.s_addr = ip->ip_src.s_addr;
787 src->ip.sin_port = tcp->th_sport;
788 dst->ip.sin_family = AF_INET;
789 dst->ip.sin_addr.s_addr = ip->ip_dst.s_addr;
790 dst->ip.sin_port = tcp->th_dport;
791 *ack_seq = tcp->th_ack;
793 if (window != NULL) {
794 *window = tcp->th_win;
797 *rst = tcp->th_flags & TH_RST;
801 } else if (eth->ether_type == htons(ETHERTYPE_IP6)) {
803 ip6 = (struct ip6_hdr *)(eth+1);
805 /* we only want TCP */
806 if (ip6->ip6_nxt != IPPROTO_TCP) {
811 tcp = (struct tcphdr *)(ip6+1);
813 /* tell the caller which one we've found */
814 src->ip6.sin6_family = AF_INET6;
815 src->ip6.sin6_port = tcp->th_sport;
816 src->ip6.sin6_addr = ip6->ip6_src;
818 dst->ip6.sin6_family = AF_INET6;
819 dst->ip6.sin6_port = tcp->th_dport;
820 dst->ip6.sin6_addr = ip6->ip6_dst;
822 *ack_seq = tcp->th_ack;
824 if (window != NULL) {
825 *window = tcp->th_win;
828 *rst = tcp->th_flags & TH_RST;
837 #endif /* HAVE_AF_PACKET */
git.samba.org / bbaumbach / samba-autobuild / .git / blob