Alexander Pollack - 2019-07-31

Added attachment of a bpf to raw Ethernet socket, removed all
previous checks on server-side for MAC addresses and stream IDs,
now handled by bpf. Removed all usage of ProperPacket() method.

include/Server.hpp | 2 --
include/SocketAddr.h | 2 ++
src/Listener.cpp | 6 ++++
src/SocketAddr.c | 75 ++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 83 insertions(+), 2 deletions(-)

diff --git a/include/Server.hpp b/include/Server.hpp
index 7a9f219..31f30fa 100644
--- a/include/Server.hpp
+++ b/include/Server.hpp
@@ -104,8 +104,6 @@ private:
int myDropSocket;
#endif
ReportHeader *myJob;

  • // Confirms source, destination, and ethertype of packet
  • bool ProperPacket(int numBytes, bool checkType);
    void SetServerStats(int offset);
    // Send acknowledgement to client that server is ready to receive
    void SendInitialACK();
    diff --git a/include/SocketAddr.h b/include/SocketAddr.h
    index 9dca421..04047fe 100644
    --- a/include/SocketAddr.h
    +++ b/include/SocketAddr.h
    @@ -103,6 +103,8 @@ extern "C" {
    int SockAddr_Accept_BPF(int socket, uint16_t port);
    int SockAddr_Drop_All_BPF(int socket);
    int SockAddr_v4_Connect_BPF(int socket, uint32_t srcip, uint32_t dstip, uint16_t srcport, uint16_t dstport);
  • int SockAddr_v4_Ethernet_Connect_BPF (int sock, uint8_t src_mac[6], uint8_t dest_mac[6],
  • uint32_t source_stream_id, uint32_t dest_stream_id );
    int SockAddr_v4_Connect_BPF_Drop(int socket, uint32_t srcip, uint32_t dstip, uint16_t srcport, uint16_t dstport);
    # ifdef HAVE_IPV6
    int SockAddr_v6_Connect_BPF (int sock, struct in6_addr src, struct in6_addr dst, uint16_t dstport, uint16_t srcport);
    diff --git a/src/Listener.cpp b/src/Listener.cpp
    index 8b5d307..1becbfd 100644
    --- a/src/Listener.cpp
    +++ b/src/Listener.cpp
    @@ -829,7 +829,13 @@ int Listener::L2_setup (void) {
    mSettings->mLocalhost = new char[ INET_ADDRSTRLEN + 1 ];
    strcpy(mSettings->mLocalhost, src_ip);
    }
    +
    inet_aton(mSettings->mLocalhost, localAddr);
    +
  • // Connect BPF
  • SockAddr_v4_Ethernet_Connect_BPF (server->mSock, server->client_mac, mSettings->server_mac,
  • server->mSourceStreamID, server->mStreamID );
  • WARN_errno (rc == SOCKET_ERROR, "l2 connect Ethernet bpf");
    }
    if (rc < 0)
    return -1;
    diff --git a/src/SocketAddr.c b/src/SocketAddr.c
    index ee7f8bc..e1036c7 100644
    --- a/src/SocketAddr.c
    +++ b/src/SocketAddr.c
    @@ -698,6 +698,81 @@ int SockAddr_v4_Connect_BPF (int sock, uint32_t dstip, uint32_t srcip, uint16_t
    return(setsockopt(sock, SOL_SOCKET, SO_ATTACH_FILTER, &bpf, sizeof(bpf)));
    }

+//
+// Simulate the Raw Ethernet connect for the AF_PACKET (or PF_PACKET)
+//
+int SockAddr_v4_Ethernet_Connect_BPF (int sock, uint8_t src_mac[6], uint8_t dest_mac[6],

  • uint32_t source_stream_id, uint32_t dest_stream_id ) {
    +
  • // tcpdump ether src bc:30:5b:c4:d7:7d and ether dst 12:34:56:78:9a:be and ether proto 0x88b5
  • // and ether[18] == 0x00 and ether[19] = 0x00 and ether[20] = 0x00 and ether[21] = 0x00 and
  • // ether [22] = 0x00 and ether[23] = 0x00 and ether[24] = 0x00 and ether[25] = 0x00 -dd
  • // ether [18:21] corresponds to destination stream ID,
  • // ether [22:25] corresponds to source stream ID
  • struct sock_filter raw_eth_filter[] = {
  • { 0x20, 0, 0, 0x00000008 },
  • { 0x15, 0, 25, 0x00000000 },
  • { 0x28, 0, 0, 0x00000006 },
  • { 0x15, 0, 23, 0x00000000 },
  • { 0x20, 0, 0, 0x00000002 },
  • { 0x15, 0, 21, 0x00000000 },
  • { 0x28, 0, 0, 0x00000000 },
  • { 0x15, 0, 19, 0x00000000 },
  • { 0x28, 0, 0, 0x0000000c },
  • { 0x15, 0, 17, 0x000088b5 },
  • { 0x30, 0, 0, 0x00000012 },
  • { 0x15, 0, 15, 0x00000000 },
  • { 0x30, 0, 0, 0x00000013 },
  • { 0x15, 0, 13, 0x00000000 },
  • { 0x30, 0, 0, 0x00000014 },
  • { 0x15, 0, 11, 0x00000000 },
  • { 0x30, 0, 0, 0x00000015 },
  • { 0x15, 0, 9, 0x00000000 },
  • { 0x30, 0, 0, 0x00000016 },
  • { 0x15, 0, 7, 0x00000000 },
  • { 0x30, 0, 0, 0x00000017 },
  • { 0x15, 0, 5, 0x00000000 },
  • { 0x30, 0, 0, 0x00000018 },
  • { 0x15, 0, 3, 0x00000000 },
  • { 0x30, 0, 0, 0x00000019 },
  • { 0x15, 0, 1, 0x00000000 },
  • { 0x6, 0, 0, 0x00040000 },
  • { 0x6, 0, 0, 0x00000000 }
  • };
    +
  • uint32_t extended_src[6], extended_dest[6];
  • for(int i = 0; i < 6; i++){
  • extended_src[i] = src_mac[i];
  • extended_dest[i] = dest_mac[i];
  • }
    +
  • // Filter source MAC address
  • raw_eth_filter[1].k = (extended_src[2] << 24) | (extended_src[3] << 16) | (extended_src[4] << 8) | extended_src[5];
  • raw_eth_filter[3].k = (extended_src[0] << 8) | extended_src[1];
    +
  • // Filter destination MAC address
  • raw_eth_filter[5].k = (extended_dest[2] << 24) | (extended_dest[3] << 16) | (extended_dest[4] << 8) | extended_dest[5];
  • raw_eth_filter[7].k = (extended_dest[0] << 8) | extended_dest[1];
    +
  • // Filter destination stream ID
  • raw_eth_filter[11].k = dest_stream_id & 0x000000ff;
  • raw_eth_filter[13].k = (dest_stream_id & 0x0000ff00) >> 8;
  • raw_eth_filter[15].k = (dest_stream_id & 0x00ff0000) >> 16;
  • raw_eth_filter[17].k = (dest_stream_id & 0xff000000) >> 24;
    +
  • // Filter source stream ID
  • raw_eth_filter[19].k = source_stream_id & 0x000000ff;
  • raw_eth_filter[21].k = (source_stream_id & 0x0000ff00) >> 8;
  • raw_eth_filter[23].k = (source_stream_id & 0x00ff0000) >> 16;
  • raw_eth_filter[25].k = (source_stream_id & 0xff000000) >> 24;
    +
  • struct sock_fprog bpf = {
  • .len = (sizeof(raw_eth_filter) / sizeof(struct sock_filter)),
  • .filter = raw_eth_filter,
  • };
  • return(setsockopt(sock, SOL_SOCKET, SO_ATTACH_FILTER, &bpf, sizeof(bpf)));
    +}
    +
    int SockAddr_v4_Connect_BPF_Drop (int sock, uint32_t dstip, uint32_t srcip, uint16_t dstport, uint16_t srcport) {
    // Use full quintuple, proto, src ip, dst ip, src port, dst port
    // ip proto is already set per the PF_PACKET ETH_P_IP
    --
    2.17.1