BIND 10 #3188: socket creator support for raw sockets
BIND 10 Development
do-not-reply at isc.org
Wed Oct 9 15:43:21 UTC 2013
#3188: socket creator support for raw sockets
-------------------------------------+-------------------------------------
Reporter: shane | Owner:
Type: | Status: new
enhancement | Milestone: Next-Sprint-
Priority: | Proposed
medium | Keywords:
Component: | Sensitive: 0
Unclassified | Sub-Project: Core
CVSS Scoring: | Estimated Difficulty: 0
Defect Severity: N/A | Total Hours: 0
Feature Depending on Ticket: |
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
The DHCP team needs to have support for raw sockets in the socket creator.
Currently this is done directly in the code (iface_mgr_linux.cc):
{{{#!cpp
fd_ = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
if (fd_ < 0) {
isc_throw(Unexpected, "Failed to create NETLINK socket.");
}
if (setsockopt(fd_, SOL_SOCKET, SO_SNDBUF, &SNDBUF_SIZE,
sizeof(SNDBUF_SIZE)) < 0) {
isc_throw(Unexpected, "Failed to set send buffer in NETLINK
socket.");
}
if (setsockopt(fd_, SOL_SOCKET, SO_RCVBUF, &RCVBUF_SIZE,
sizeof(RCVBUF_SIZE)) < 0) {
isc_throw(Unexpected, "Failed to set receive buffer in NETLINK
socket.");
}
local_.nl_family = AF_NETLINK;
local_.nl_groups = 0;
if (bind(fd_, convertSockAddr(&local_), sizeof(local_)) < 0) {
isc_throw(Unexpected, "Failed to bind netlink socket.");
}
}}}
Or in pkt_filter_lpf:
{{{#!cpp
int sock = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
if (sock < 0) {
isc_throw(SocketConfigError, "Failed to create raw LPF socket");
}
// Create socket filter program. This program will only allow incoming
UDP
// traffic which arrives on the specific (DHCP) port). It will also
filter
// out all fragmented packets.
struct sock_fprog filter_program;
memset(&filter_program, 0, sizeof(filter_program));
filter_program.filter = dhcp_sock_filter;
filter_program.len = sizeof(dhcp_sock_filter) / sizeof(struct
sock_filter);
// Override the default port value.
dhcp_sock_filter[8].k = port;
// Apply the filter.
if (setsockopt(sock, SOL_SOCKET, SO_ATTACH_FILTER, &filter_program,
sizeof(filter_program)) < 0) {
close(sock);
isc_throw(SocketConfigError, "Failed to install packet filtering
program"
<< " on the socket " << sock);
}
struct sockaddr_ll sa;
memset(&sa, 0, sizeof(sockaddr_ll));
sa.sll_family = AF_PACKET;
sa.sll_ifindex = iface.getIndex();
// For raw sockets we construct IP headers on our own, so we don't
bind
// socket to IP address but to the interface. We will later use the
// Linux Packet Filtering to filter out these packets that we are
// interested in.
if (bind(sock, reinterpret_cast<const struct sockaddr*>(&sa),
sizeof(sa)) < 0) {
close(sock);
isc_throw(SocketConfigError, "Failed to bind LPF socket '" << sock
<< "' to interface '" << iface.getName() << "'");
}
return (sock);
}}}
This may be a simple change to the protocol (described in
src/bin/socketcreator/README). The current command consists of:
* 'S' 'U|T' '4|6' port address: Asks it to create a port.
Probably we want to add something like:
* 'R' 'N|L' ifindex: Asks it to create a raw port for either netlink or
LPF (with the specified interface index).
--
Ticket URL: <http://bind10.isc.org/ticket/3188>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list