dhcpcd-discuss

Home Other Lists Thread Index Date Index Search
Thread Prev Thread Next Date Prev Date Next Thread Index Date Index

RE: RE: Yocto Build and Feature Request

Karstens, Nate

Tue Dec 15 19:42:28 2015
Roy,

The first patch looks good. You caught my mistake in that the first JUMP instruction, which should have been a 4 for the failure case instead of a 5.

The second patch is basically the following pcap filter:

arp && arp[2:2] == 0x800 && (arp[6:2] == 1 || arp[6:2] == 2)

Changes to the code look good and I verified operation with my setup.

Nate

-----Original Message-----
From: Roy Marples [mailto:roy@xxxxxxxxxxxx]
Sent: Tuesday, December 15, 2015 8:48 AM
To: dhcpcd-discuss@xxxxxxxxxxxx
Cc: Karstens, Nate <Nate.Karstens@xxxxxxxxxx>
Subject: Re: [dhcpcd-discuss] RE: Yocto Build and Feature Request

Hi Nate

On Monday 14 December 2015 23:54:58 Karstens, Nate wrote:
> Something else I noticed. From bpf-filter.h with notes in comments:
>
> static const struct bpf_insn arp_bpf_filter [] = { #ifndef
> BPF_SKIPTYPE
>        /* Make sure this is an ARP packet... */
>        BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 12),
>        BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_ARP, 0, 3), /*
> should be 5 ... */ #endif
>        /* Make sure this is an ARP REQUEST... */
>        BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 20 + BPF_ETHCOOK),
>        BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ARPOP_REQUEST, 2, 0),
>        /* or ARP REPLY... */
>        BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 20 + BPF_ETHCOOK), /* this
> line isn't strictly necessary */ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K,
> ARPOP_REPLY, 0, 1), /* if it is 3 then we jump here */ /* If we passed
> all the tests, ask for the whole packet. */ BPF_STMT(BPF_RET + BPF_K,
> BPF_WHOLEPACKET),
>        /* Otherwise, drop it. */
>        BPF_STMT(BPF_RET + BPF_K, 0),
> };
>
> This can be confirmed by putting the pcap filter through a BPF compiler.
>
> arp && (arp[6:2] == 1 || arp[6:2] == 2)
>
> Compiles to:
>
> static const struct bpf_insn arp_bpf_filter [] = { #ifndef
> BPF_SKIPTYPE
>        /* Make sure this is an ARP packet... */
>        BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 12),
>        BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_ARP, 0, 5),
> #endif
>        /* Make sure this is an ARP REQUEST or REPLY... */
>        BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 20 + BPF_ETHCOOK),
>        BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ARPOP_REQUEST, 1, 0),
>        BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ARPOP_REPLY, 0, 1),
>        /* If we passed all the tests, ask for the whole packet. */
>        BPF_STMT(BPF_RET + BPF_K, BPF_WHOLEPACKET),
>        /* Otherwise, drop it. */
>        BPF_STMT(BPF_RET + BPF_K, 0),
> };


Applied here: http://roy.marples.name/projects/dhcpcd/info/d20598aa1b763a92
I've also made a subsequent change to check for ETHERTYPE_IP as the ARP protocol in the BPF filter here:
http://roy.marples.name/projects/dhcpcd/info/d20598aa1b763a92

Let me know of that works for you as well!

Thanks

Roy

________________________________

CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient(s) and contain information that may be confidential and/or legally privileged. If you have received this email in error, please notify the sender by reply email and delete the message. Any disclosure, copying, distribution or use of this communication (including attachments) by someone other than the intended recipient is prohibited. Thank you.
References:
Yocto Build and Feature RequestKarstens, Nate
RE: Yocto Build and Feature RequestKarstens, Nate
Re: RE: Yocto Build and Feature RequestRoy Marples
Archive administrator: postmaster@marples.name