[Ebtables-devel] PPPoe IP extraction

[Marek J. <ma...@is...>]

Sorry it should have been sent to the ml. And with my other email
address.


Am Dienstag, den 20.06.2006, 10:47 +0000 schrieb bds...@pa...:
> >----- Oorspronkelijk bericht -----
> >Van: Marek Jawurek [mailto:ma...@is...]
> >Verzonden: maandag, juni 19, 2006 11:52 PM
> >Aan: ebt...@li...
> >Onderwerp: [Ebtables-devel] IP over PPPoe:PPP extraction
> >
> >Hi there,
> >
> >I found a post of this mailinglist here:
>
>http://article.gmane.org/gmane.linux.network.bridge.ebtables.devel/413/=
match=3Dppp
> >
> >It appears that this patch has never made it into the code. I am very
> >interested in this functionality and would be willing to code if
> >provided with some ideas/hints. (I am know kernel insider -- yet ;-)
but
> >I think using the tutorial online it can't be so difficult).
> >
> >First, here is what I need: A way to extract and redirect certain IP
> >packets (depending on the IP header) from an Ethernet:PPPoe:PPP:
stream.
> >
> >>From Barts answer I deduct that a general solution would be better
than
> >to add this PPPoE/PPP extraction to every embeddeble protocol and
every
> >embedding protocol. I had a look through the tutorial and the
sourcecode
> >but from what I gathered the functionalities of different filters are
> >not easily combinable ? If I understand the approach that Thomas
> >ESTASECCA wanted to patch-in: apply the PPPoe:PPP extraction first
and
> >then test for the usual IP header/fields against the rule spec. 
> 
> That's not really what I meant. It's just that the same functionality
can be obtained without having to add new flags to ebtables' kernel
space ip match struct.
> This is how:
> The ebt_filter_ip() function doesn't check the MAC protocol type
because that's  done elsewhere. This allows us to add the functionality
without having to use new flags (in kernel space).
> 
> What we could do is add the userspace --embedded-proto flag.
> Valid rules:
> ebtables -p IPv4 --ip-proto x -j ACCEPT
> ebtables -p PPoE --embedded-proto --ip-proto x -j ACCEPT
> invalid rule (providing backwards compatibility):
> ebtables -p PPoE --ip-proto x -j ACCEPT
> 
> This can then be translated to kernel space, without having a new flag
(the --embedded-proto flag is only necessary in userspace).
> Of course, ebtables' kernel ip match function will need to be altered
in a similar way as Estasecca did.
> If the rule
> ebtables -p PPoE --embedded-proto --ip-proto x -j ACCEPT
> is given to a kernel that doesn't have this functionality, the kernel
(i.e. the check function of the ebtables ip match module) will not
accept it, so there's no danger there either.
> 
> cheers,
> Bart

It's me again,
now I have more time to deal with the described problem and I have been
successfull as far as I can see. I'll submit a patch when the code is of
better quality. But on my way I figured that the match code is not the
only thing I need to change. I want to extract IP packets from a PPPoE
stream that goes through my bridge. Therefore I want to write a target
similar to the redirect target but which additionally extracts the IP
from the PPP. For starters I copied the ebt_redirect.c code and tried to
strip the PPPoe+PPP header off using skb_pull() and changing the
skb_buff -ethernet proto to IP. But I ran into 2 problems:

1. in ebt_redirect.c/ebt_extract.c in ebt_target_extract there is a
check whether the supplied skbuffer is a cloned/shared one, if it is it
is copied and further operations are applied to the copy. When can this
happen ? Is there a schematic how all packets traverse the differnt
functions of the ebtables/kernel socket code ? 

The next problem might be connected to this one, If the packet I work on
is a copy then it could explain the strane behaviour:

2. Although I managed to change the ethernet proto to IP and although
the call to skb_pull is successfull (the debug output tells me that the
data pointer in the skbuffer has been raised by sizeof(PPPoe+PPP header)
[8byte] apparantly the skb is passed to the local machiene as it was
before except for the changed ethernet proto field. 
Here is my code of ebt_extract.c:


struct pppoehdr {
  char pppoe[6];
  uint16_t ppp_protocol;
};

static int ebt_target_extract(struct sk_buff **pskb, unsigned int
hooknr,
   const struct net_device *in, const struct net_device *out,
   const void *data, unsigned int datalen)
{
  struct ebt_extract_info *info =3D (struct ebt_extract_info *)data;
  struct pppoehdr pppoe;

/* Struggle with this later
  if (skb_shared(*pskb) || skb_cloned(*pskb)) {
    struct sk_buff *nskb;
    printk("\nit is copied");
    nskb =3D skb_copy(*pskb, GFP_ATOMIC);
    if (!nskb)
      return NF_DROP;
    if ((*pskb)->sk)
      skb_set_owner_w(nskb, (*pskb)->sk);
    kfree_skb(*pskb);
    *pskb =3D nskb;
  }*/
  if (hooknr !=3D NF_BR_BROUTING)
  {
    printk("\n hook : %i",hooknr);
    memcpy(eth_hdr(*pskb)->h_dest,
           in->br_port->br->dev->dev_addr, ETH_ALEN);
  }
  else
  {
    printk("\n second ");
    memcpy(eth_hdr(*pskb)->h_dest, in->dev_addr, ETH_ALEN);
    eth_hdr(*pskb)->h_proto=3Dhtons(ETH_P_IP);
    printk("\n before%p",(*pskb)->data);
    printk("\n size %i",sizeof(pppoe));
    printk("\npull error %p",skb_pull_rcsum(*pskb,sizeof(pppoe)));
    printk("\n after %p",(*pskb)->data);
  }
  (*pskb)->pkt_type =3D PACKET_HOST;
  return info->target;


What am I missing here ? This is the first time I am messing with the
kernel and I am no C professional but I read different skb related pages
and looked into the skbuff.c sourcecode. I just don't get it.

Any hint/url/comment is appreciated.

Marek
PS: Dawid, good luck with your coding ;-)


-- 
Mit freundlichen Gr=C3=BC=C3=9Fen

Marek Jawurek
Informatiksysteme Aachen GmbH
http://www.is-ac.de