Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rewrite arch/bpf #4497

Merged
merged 7 commits into from
Sep 2, 2024
Merged

Rewrite arch/bpf #4497

merged 7 commits into from
Sep 2, 2024

Conversation

gpotter2
Copy link
Member

@gpotter2 gpotter2 commented Aug 8, 2024
edited
Loading

This rewrites most of the arch/bpf code that handles the loading of conf.ifaces, conf.route and conf.route6, in order to use PF_ROUTE (instead of the current reading involving subprocess, parsing ifconfig, and other kinda crappy stuff).

This should:

  • add support for multiple IPv4 on interfaces
  • add proper support for multicast routes
  • stabilize the API by not relying on ifconfig changes.

Also:

(yeah this is a followup to #4352)

TESTED ON:

  • FreeBSD 14.1
  • OpenBSD 7.5
  • NetBSD 10.0
  • MacOS 14

Annoyingly it seems every BSD (at least FreeBSD, OpenBSD and NetBSD) have different rt_* structures. Ugh.

@gpotter2 gpotter2 added the major Major changes label Aug 8, 2024
@gpotter2 gpotter2 marked this pull request as draft August 8, 2024 23:20
@gpotter2 gpotter2 force-pushed the bpf-rewrite branch 2 times, most recently from 35d67e5 to 6929e7d Compare August 10, 2024 12:42
@gpotter2 gpotter2 mentioned this pull request Aug 10, 2024
Closed
@codecov Codecov
Copy link

codecov bot commented Aug 10, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 73.87387% with 116 lines in your changes missing coverage. Please review.

Project coverage is 81.58%. Comparing base (97a49f3) to head (de7ed7a).
Report is 4 commits behind head on master.

Files with missing lines Patch % Lines
scapy/arch/bpf/pfroute.py 78.31% 72 Missing ⚠️
scapy/arch/libpcap.py 44.11% 19 Missing ⚠️
scapy/arch/bpf/core.py 0.00% 15 Missing ⚠️
scapy/arch/common.py 72.72% 3 Missing ⚠️
scapy/arch/bpf/supersocket.py 0.00% 1 Missing ⚠️
scapy/arch/linux/__init__.py 83.33% 1 Missing ⚠️
scapy/arch/solaris.py 0.00% 1 Missing ⚠️
scapy/layers/dhcp.py 66.66% 1 Missing ⚠️
scapy/layers/dhcp6.py 50.00% 1 Missing ⚠️
scapy/tools/UTscapy.py 66.66% 1 Missing ⚠️
... and 1 more
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4497      +/-   ##
==========================================
- Coverage   81.68%   81.58%   -0.11%     
==========================================
  Files         355      356       +1     
  Lines       84936    85207     +271     
==========================================
+ Hits        69384    69519     +135     
- Misses      15552    15688     +136
Files with missing lines Coverage Δ
scapy/arch/__init__.py 64.51% <100.00%> (+0.74%) ⬆️
scapy/arch/linux/rtnetlink.py 93.42% <100.00%> (+0.02%) ⬆️
scapy/arch/unix.py 12.39% <100.00%> (-54.82%) ⬇️
scapy/arch/windows/__init__.py 66.41% <100.00%> (-0.62%) ⬇️
scapy/config.py 80.12% <100.00%> (ø)
scapy/interfaces.py 96.31% <100.00%> (-0.29%) ⬇️
scapy/layers/tuntap.py 82.82% <ø> (ø)
scapy/route6.py 89.94% <ø> (+1.54%) ⬆️
scapy/arch/bpf/supersocket.py 0.00% <0.00%> (ø)
scapy/arch/linux/__init__.py 83.01% <83.33%> (-0.44%) ⬇️
... and 9 more

... and 2 files with indirect coverage changes

@gpotter2
Copy link
Member Author

@dhgutteridge Hi & sorry for bothering. I was wondering if you'd have some advices regarding making this PR work on NetBSD.

Unlike OpenBSD and FreeBSD, NetBSD has chosen to versionize the NET_RT_IFLIST const. In your humble opinion, which version should we be using? From what I understand, some are more compatible than others.

Also if you have something to say regarding this PR in general, feel free to give your opinion :)

Thanks for the help, cheers

@dhgutteridge
Copy link
Contributor

@dhgutteridge Hi & sorry for bothering. I was wondering if you'd have some advices regarding making this PR work on NetBSD.

Sure, my pleasure. Thanks for supporting us. :)

Unlike OpenBSD and FreeBSD, NetBSD has chosen to versionize the NET_RT_IFLIST const. In your humble opinion, which version should we be using? From what I understand, some are more compatible than others.

I think you'd want the magic number 6 here, in other words, the current value of NET_RT_IFLIST. The other values are versioned for compatibility with old NetBSD binaries from EOL releases. Since you're tracking NetBSD 10, I believe, you'd want the most current value. (Now, whether that gives you any additional output needed for your purposes is another matter, I suppose. "3" may "just work" for you. Here I don't know how OpenBSD and FreeBSD vary in their content.)

Also if you have something to say regarding this PR in general, feel free to give your opinion :)

I could test it for you on NetBSD and/or gather input for any other questions you have.

Thanks for the help, cheers

@gpotter2
Copy link
Member Author

gpotter2 commented Aug 14, 2024
edited
Loading

I think you'd want the magic number 6 here, in other words, the current value of NET_RT_IFLIST.

Thanks a lot ! I tried using that in the latest commit. It should now almost support NetBSD.

I could test it for you on NetBSD and/or gather input for any other questions you have.

Thanks !

I've taken inspiration from sbin/route/rtutil.c for some parts. I however don't really understand how the blob of data returned for IPv6 netmask in routes should be interpreted. (see the todo on line 922). rtutil.c seems to do some very weird stuff. If you have an idea I'm open for it, otherwise I'll get back to this eventually :)

If you want to try this PR out BTW, you should be looking at the contents of conf.ifaces, conf.route and conf.route6 in the Scapy CLI. Those are the parts affected by this rewrite.

@gpotter2
Copy link
Member Author

gpotter2 commented Aug 17, 2024
edited
Loading

I however don't really understand how the blob of data returned for IPv6 netmask in routes should be interpreted. (see the todo on line 922)

Apparently the first 6 octets of the sockaddr data are garbage (always 0xFFFFFFFFFF), followed by the actual IPv6 netmask. As far as my understanding goes at least. The netmask payload generally looks kinda malformed, unless I missed something, as the sockaddr type is also FF. On other BSDs, it was either AF_INET6 or 0.

@gpotter2 gpotter2 force-pushed the bpf-rewrite branch 4 times, most recently from 429dbf1 to 848b4ef Compare August 31, 2024 15:49
@gpotter2 gpotter2 force-pushed the bpf-rewrite branch 4 times, most recently from f868cd2 to c495b59 Compare August 31, 2024 16:36
@gpotter2 gpotter2 marked this pull request as ready for review September 1, 2024 20:15
@gpotter2
Copy link
Member Author

gpotter2 commented Sep 1, 2024

@p-l- @guedou @polybassa
This is ready for review. Was kind of a nightmare to make, and is probably also a nightmare to review.

It however works in its latest commit on all *BSDs mentionned above.

@gpotter2 gpotter2 closed this Sep 1, 2024
@gpotter2 gpotter2 reopened this Sep 1, 2024
@gpotter2
Copy link
Member Author

gpotter2 commented Sep 2, 2024

/packit build

@polybassa
Copy link
Contributor

Looks good to me.

@gpotter2 gpotter2 merged commit 528626a into secdev:master Sep 2, 2024
34 checks passed
@gpotter2
Copy link
Member Author

gpotter2 commented Sep 2, 2024

Then let's merge that monster and go for 2.6.0.

@gpotter2 gpotter2 deleted the bpf-rewrite branch September 2, 2024 19:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@polybassa polybassa polybassa approved these changes

Assignees
No one assigned
Labels
major Major changes platform-specific
Projects
None yet
Milestone
No milestone
3 participants
@gpotter2 @dhgutteridge @polybassa