Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support L2 filters such as ARP #255

Merged
merged 4 commits into from
Sep 25, 2023
Merged

Support L2 filters such as ARP #255

merged 4 commits into from
Sep 25, 2023

Conversation

jschwinger233
Copy link
Member

Fixes: #233

Signed-off-by: Zhichuan Liang [email protected]

@jschwinger233
Copy link
Member Author

jschwinger233 commented Sep 22, 2023
edited
Loading

@brb Please read the 1st commit's message, I'm not sure it's what we want.

The 1st commit actually changes the meaning of len field from pwru --output-meta: previously it's skb->len, now it's L3 len.

I did it because I found it sometimes misleading, for example, pwru --output-meta icmp gives:

0xffff935bb1349e00      0           [ping]           __ip_local_out netns=4026531840 mark=0x0 ifindex=0 proto=0 mtu=0 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]             nf_hook_slow netns=4026531840 mark=0x0 ifindex=0 proto=8 mtu=0 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]                ip_output netns=4026531840 mark=0x0 ifindex=0 proto=8 mtu=0 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]             nf_hook_slow netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]    apparmor_ip_postroute netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]         ip_finish_output netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]       __ip_finish_output netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]        ip_finish_output2 netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]         __dev_queue_xmit netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]       qdisc_pkt_len_init netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]      netdev_core_pick_tx netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]        validate_xmit_skb netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]       netif_skb_features netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]     skb_network_protocol netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]       validate_xmit_xfrm netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]      dev_hard_start_xmit netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]            loopback_xmit netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]   skb_clone_tx_timestamp netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]               sock_wfree netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]           eth_type_trans netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]               __netif_rx netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]        netif_rx_internal netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]       enqueue_to_backlog netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]      __netif_receive_skb netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping] __netif_receive_skb_one_core netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]                   ip_rcv netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]              ip_rcv_core netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]             nf_hook_slow netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]         ip_local_deliver netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]             nf_hook_slow netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]  ip_local_deliver_finish netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]  ip_protocol_deliver_rcu netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=64 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]        raw_local_deliver netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=64 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]             raw_v4_input netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=64 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]                 icmp_rcv netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=64 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]  __skb_checksum_complete netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=64 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]                icmp_echo netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=56 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]               icmp_reply netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=56 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]        __ip_options_echo netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=56 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]     fib_compute_spec_dst netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=56 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping] security_skb_classify_flow netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=56 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]           __ip_local_out netns=4026531840 mark=0x0 ifindex=0 proto=0 mtu=0 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]             nf_hook_slow netns=4026531840 mark=0x0 ifindex=0 proto=8 mtu=0 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]                ip_output netns=4026531840 mark=0x0 ifindex=0 proto=8 mtu=0 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]             nf_hook_slow netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]    apparmor_ip_postroute netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]         ip_finish_output netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]       __ip_finish_output netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]        ip_finish_output2 netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]         __dev_queue_xmit netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]       qdisc_pkt_len_init netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]      netdev_core_pick_tx netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]        validate_xmit_skb netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]       netif_skb_features netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]     skb_network_protocol netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]       validate_xmit_xfrm netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]      dev_hard_start_xmit netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]            loopback_xmit netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]   skb_clone_tx_timestamp netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]               sock_wfree netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]           eth_type_trans netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=98 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]               __netif_rx netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]        netif_rx_internal netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349d00      0           [ping]       enqueue_to_backlog netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=84 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]              consume_skb netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=56 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]   skb_release_head_state netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=56 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]         skb_release_data netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=56 127.0.0.1:0->127.0.0.1:0(icmp)
0xffff935bb1349e00      0           [ping]            skb_free_head netns=4026531840 mark=0x0 ifindex=1 proto=8 mtu=65536 len=56 127.0.0.1:0->127.0.0.1:0(icmp)

For those who aren't fimiliar with skb, they may think the skb payload changes. It's even misleading for us when we're looking into an skb with encap and encryption, the len value reflects "wrong" indication.

My commit changes its value to L3 len, reduces confusion, but also causes another confusion: for those who know how skb->len works in kernel, the unchanges len values look fishy.

I'm not sure it's a good commit or not. Feel free to reject it if you don't think it's right.

@jschwinger233 jschwinger233 changed the title Support L2 only filters such as ARP Support L2 filters such as ARP Sep 22, 2023
@jschwinger233
Copy link
Member Author

jschwinger233 commented Sep 22, 2023
edited
Loading

Never mind, after a second thought I think it's a bad idea. Just dropped that change.

@jschwinger233
Correctly calculate data_end
91a309d 
 *     ,---------------------------  + head
 *    /          ,-----------------  + data
 *   /          /      ,-----------  + tail
 *  |          |      |            , + end
 *  |          |      |           |
 *  v          v      v           v
 *   -----------------------------------------------
 *  | headroom | data |  tailroom | skb_shared_info |
 *   -----------------------------------------------

According to above illustration of skb, data_end should be skb->head +
skb->tail.

Signed-off-by: Zhichuan Liang <[email protected]>
@jschwinger233
Distinguish L3 skb and L2 skb in bpf
308ff56 
Signed-off-by: Zhichuan Liang <[email protected]>
@jschwinger233
Compile and inject ebpf for both L3 and L2 skb
7e24797 
Signed-off-by: Zhichuan Liang <[email protected]>
@jschwinger233
Allow to inject L2 filters
7ae91dd 
Signed-off-by: Zhichuan Liang <[email protected]>
@jschwinger233 jschwinger233 marked this pull request as ready for review September 22, 2023 19:26
brb
brb approved these changes Sep 25, 2023
View reviewed changes
Copy link
Member

@brb brb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

internal/libpcap/compile.go
pcap_compile mode only works for a complete frame data.
*/
pcap := C.pcap_open_dead(C.DLT_RAW, MAXIMUM_SNAPLEN)
pcap := C.pcap_open_dead(C.DLT_EN10MB, MAXIMUM_SNAPLEN)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: does the Go compiler optimize this statement? I.e., pcap := C.pcap_open_dead(C.DLT_EN10MB, MAXIMUM_SNAPLEN) is called only if l3=false?

@brb brb merged commit 8a14820 into main Sep 25, 2023
5 checks passed
@jschwinger233 jschwinger233 deleted the gray/arp branch September 27, 2023 13:19
@jschwinger233 jschwinger233 mentioned this pull request Sep 27, 2023
Merged
@llhhbc
Copy link

llhhbc commented Oct 11, 2024

@jschwinger233 Hello, Can pwru display macAddr when package type is arp?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brb brb brb approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Can this watch arp request?
3 participants
@jschwinger233 @llhhbc @brb