tcpdump mailing list archives
Re: Warning on enabling ip6 protochain 6
From: Darren Reed <darren.reed () oracle com>
Date: Tue, 09 Aug 2011 15:06:24 +0200
On 6/08/11 11:22 PM, Guy Harris wrote:
On Aug 5, 2011, at 6:59 AM, Darren Reed wrote:On 5/08/11 01:46 AM, Guy Harris wrote:... That could, in theory, be fixed - for example, BSD/OS's BPF interpreter had an instruction that would do IPv6 extension header parsingHow much interest is there in that? And what would the functional requirements be? I've written a prototype BPF instruction that is a "search for header X" that seems to work. This takes the loop out of BPF and puts it into the driver, which has is a positive for both performance and validation.(Presumably by "in the driver" you mean "in the kernel BPF interpreter".) For "ip6 protochain", it needs to look at the next header field and: if it's "hop-by-hop options", "destination options", "routing", "fragment", or AH, skip to the next header, and loop back to check its type (according to RFC 2402, there can be "destination options" headers after the AH header); otherwise, stop. It should leave the final header type in the A register, so you could, for example, do "ip6 protochain tcp or ip", with the protochain instruction followed by compare-and-branch for both 6 and 17. It should leave in the X register the offset of the first byte after the IPv6 header if it didn't skip any headers and the first byte after the last extension header if it skipped any headers (i.e., skip past even the matching header), so it points to the payload of the protocol in question. The operand should be the address of the beginning of the IPv6 header. There should be versions of the instruction where the effective address is just the constant field and where it's the constant field plus the X register (ABS vs. IND).
The attached patch creates two new miscellaneous instructions, BPF_CHAIN_ABS and BPF_CHAIN_IND. The following of the chain has been written for IPv6 extension headers and to not rely on there being structures such as "struct ip6" around. In the main loop of bpf_filter(), I introduced "a" so that the address is never taken of "A". Comments? Of course it needs some accompanying work on libpcap to be useful and that seems to be a bit trickier... Darren
Attachment:
ip6chain.patch
Description:
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Re: Warning on enabling ip6 protochain 6, (continued)
- Re: Warning on enabling ip6 protochain 6 ramkumar . paranandi (Aug 04)
- Re: Warning on enabling ip6 protochain 6 Guy Harris (Aug 04)
- Re: Warning on enabling ip6 protochain 6 Darren Reed (Aug 05)
- Re: Warning on enabling ip6 protochain 6 Guy Harris (Aug 06)
- Re: Warning on enabling ip6 protochain 6 Darren Reed (Aug 09)
- Re: Warning on enabling ip6 protochain 6 ramkumar . paranandi (Aug 09)
- Re: Warning on enabling ip6 protochain 6 Guy Harris (Aug 09)
- Re: Warning on enabling ip6 protochain 6 ramkumar . paranandi (Aug 09)
- Re: Warning on enabling ip6 protochain 6 Guy Harris (Aug 09)
- Re: Warning on enabling ip6 protochain 6 ramkumar . paranandi (Aug 09)
- Re: Warning on enabling ip6 protochain 6 Darren Reed (Aug 09)