Merge pull request #40 from OpenCloudOS/dev

IPv6 support for ICMP and address filter

Author: menglongdong

README.md

@@ -136,12 +136,9 @@ $ nettrace -h
 nettrace: a tool to trace skb in kernel and diagnose network problem
 
 Usage:
-    -s, --saddr      filter source ip address
-    --saddr6         filter source ip v6 address
-    -d, --daddr      filter dest ip address
-    --daddr6         filter dest ip v6 address
-    --addr           filter source or dest ip address
-    --addr6          filter source or dest ip v6 address
+    -s, --saddr      filter source ip/ipv6 address
+    -d, --daddr      filter dest ip/ipv6 address
+    --addr           filter source or dest ip/ipv6 address
     -S, --sport      filter source TCP/UDP port
     -D, --dport      filter dest TCP/UDP port
     -P, --port       filter source or dest TCP/UDP port
@@ -165,7 +162,7 @@ Usage:
     -h, --help       show help information
 ```
 
-其中，参数`s/d/addr/S/D/port/p/pid`用于进行报文的过滤，可以通过IP地址、端口、协议等属性进行过滤。其他参数的用途包括：
+其中，参数`s/d/addr/S/D/port/p/pid`用于进行报文的过滤，可以通过IP地址、端口、协议等属性进行过滤。其中，通过IPv6地址进行过滤目前也已经实现了支持。其他参数的用途包括：
 
 - `t/trace`：要启用的跟踪模块，默认启用所有
 - `ret`：跟踪和显示内核函数的返回值

component/arg_parse.c

@@ -6,6 +6,7 @@
 #include <stdlib.h>
 #define _LINUX_IN_H
 #include <netinet/in.h>
+#include <arpa/inet.h>
 
 #include "arg_parse.h"
 #include "net_utils.h"
@@ -124,22 +125,33 @@ int parse_args(int argc, char *argv[], arg_config_t *config,
 			break;
 		}
 		case OPTION_IPV4:
-			if (ip2i(optarg, item->dest)) {
+			if (!inet_pton(AF_INET, optarg, item->dest)) {
 				printf("invalid ip address: %s\n", optarg);
 				goto err;
 			}
 			S_SET(bool, true);
 			break;
 		case OPTION_IPV6:
-			if (ipv6toi(optarg, item->dest)) {
+			if (!inet_pton(AF_INET6, optarg, item->dest)) {
 				printf("invalid ip address: %s\n", optarg);
 				goto err;
 			}
 			S_SET(bool, true);
 			break;
+		case OPTION_IPV4ORIPV6:
+			if (inet_pton(AF_INET, optarg, item->dest)) {
+				S_SET(u16, ETH_P_IP);
+			} else if (inet_pton(AF_INET6, optarg, item->dest)) {
+				S_SET(u16, ETH_P_IPV6);
+			} else {
+				printf("invalid ip address: %s\n", optarg);
+				goto err;
+			}
+			break;
 		case OPTION_HELP:
 			goto help;
 		case OPTION_PROTO: {
+			/* convert string to number in host order */
 			int val, layer = proto2i(optarg, &val);
 			if (!layer) {
 				printf("protocol not found\n");

component/arg_parse.h

@@ -16,6 +16,7 @@ enum option_type {
 	OPTION_INT,
 	OPTION_IPV4,
 	OPTION_IPV6,
+	OPTION_IPV4ORIPV6,
 	OPTION_HELP,
 	OPTION_BLANK,
 	OPTION_PROTO,

component/net_utils.c

@@ -65,6 +65,7 @@ static proto_item_t l4_protos[] = {
 	{ "gre",	47 },
 	{ "esp",	50 },
 	{ "ah",		51 },
+	{ "icmpv6",	58 },
 	{ "mtp",	92 },
 	{ "beetph",	94 },
 	{ "encap",	98 },
@@ -91,6 +92,7 @@ char *l4_proto_names[] = {
 	[46]	= "RSVP",
 	[47]	= "GRE",
 	[50]	= "ESP",
+	[58]	= "ICMPV6",
 	[51]	= "AH",
 	[92]	= "MTP",
 	[94]	= "BEETPH",
@@ -146,39 +148,3 @@ int proto2i(char *proto, int *dest)
 		return 4;
 	return 0;
 }
-
-void i2ipv6(char *dest, __u8 ip[])
-{
-	int i = 0, offset = 0;
-
-	for (;  i < 16; i += 2) {
-		if (ip[i] || ip[i + 1])
-			offset += sprintf(dest + offset, "%02x%02x:",
-					  ip[i], ip[i + 1]);
-		else
-			offset += sprintf(dest + offset, ":");
-	}
-	*(dest + offset - 1) = '\0';
-}
-
-int ipv6toi(char *ip, __u8 *dest)
-{
-	u16 *c = (u16 *)dest;
-	u32 t[8] = {}, i = 0;
-
-	if (sscanf(ip, "%x:%x:%x:%x:%x:%x:%x:%x", t, t + 1, t + 2,
-		   t + 3, t + 4, t + 5, t + 6, t + 7) == 8)
-		goto is_valid;
-
-	memset(t, 0, sizeof(t));
-	if (sscanf(ip, "%x::%x:%x:%x:%x", t, t + 4, t + 5, t + 6,
-		   t + 7) == 5)
-		goto is_valid;
-
-	return -1;
-
-is_valid:
-	for (i = 0; i < 8; i++)
-		c[i] = htons(t[i]);
-	return 0;
-}

component/net_utils.h

@@ -27,36 +27,11 @@ typedef __u64 u64;
 
 extern char *l4_proto_names[];
 
-static inline void i2ip(char *dest, __u32 ip)
-{
-	u8 *t = (u8 *)&ip;
-	sprintf(dest, "%d.%d.%d.%d", t[0], t[1], t[2], t[3]);
-}
-
-static inline int ip2i(char *ip, __u32 *dest)
-{
-	u8 *c = (u8 *)dest;
-	u32 t[4] = {};
-
-	if (sscanf(ip, "%u.%u.%u.%u", t, t + 1, t + 2, t + 3) != 4)
-		return -EINVAL;
-
-#define C(index) c[index] = t[index] 
-	C(0);
-	C(1);
-	C(2);
-	C(3);
-#undef C
-	return 0;
-}
-
 static inline char *i2l4(u8 num)
 {
 	return l4_proto_names[num];
 }
 
 int proto2i(char *proto, int *dest);
-void i2ipv6(char *dest, u8 ip[]);
-int ipv6toi(char *ip, u8 *dest);
 
 #endif

nodetrace/mark.c

@@ -31,11 +31,10 @@ static void print_bpf_output(void *ctx, int cpu, void *data, __u32 size)
 
 static int parse_opts(int argc, char *argv[], bpf_args_t *args)
 {
-	int proto_l;
-	u16 proto;
+	COMMON_PROG_ARGS_BEGIN()
 
 	option_item_t opts[] = {
-		COMMON_PROG_ARGS(&args->pkt),
+		COMMON_PROG_ARGS_DEFINE(&args->pkt),
 		{ .type = OPTION_BLANK },
 		{
 			.sname = 'i', .dest = &nic, .type = OPTION_STRING,
@@ -54,11 +53,11 @@ static int parse_opts(int argc, char *argv[], bpf_args_t *args)
 			.desc = "show help information",
 		},
 	};
-#undef E
-#undef R
 
 	if (parse_args(argc, argv, &prog_config, opts, ARRAY_SIZE(opts)))
 		goto err;
+	
+	COMMON_PROG_ARGS_END(&args->pkt)
 	return 0;
 err:
 	return -1;

script/bash-completion.sh

@@ -1,2 +1,2 @@
-complete -W '-s --saddr --saddr6 -d --daddr --daddr6 --addr --addr6 -p -D --dport -S --sport -P --port --pid -t --trace -v --detail --debug --bpf-debug --ret --basic --diag --diag-quiet --diag-keep --date --drop --drop-stack --hooks -h --help' nettrace
+complete -W '-s --saddr -d --daddr --addr -p -D --dport -S --sport -P --port --pid -t --trace -v --detail --debug --bpf-debug --ret --basic --diag --diag-quiet --diag-keep --date --drop --drop-stack --hooks -h --help' nettrace
 complete -W '-h -s -d --addr -p --dport --sport --port -t -v --detail --stack --stack-tracer --timeline -c --ret --skb-mode --force-stack --tcp-flags -o --output' nettrace-legacy

shared/bpf/macro.h

@@ -6,6 +6,15 @@
 
 #define ETH_HLEN	14		/* Total octets in header.	 */
 
+#define IPPROTO_ICMPV6		58	/* ICMPv6			*/
+
+#define ICMPV6_ECHO_REQUEST		128
+#define ICMPV6_ECHO_REPLY		129
+
+/* Codes for EXT_ECHO (PROBE) */
+#define ICMPV6_EXT_ECHO_REQUEST		160
+#define ICMPV6_EXT_ECHO_REPLY		161
+
 #define TC_ACT_UNSPEC	(-1)
 #define TC_ACT_OK		0
 #define TC_ACT_RECLASSIFY	1

shared/bpf/skb_shared.h

@@ -57,30 +57,29 @@ typedef struct __attribute__((__packed__)) {
 #define TCP_FLAGS_RST	(1 << 2)
 #define TCP_FLAGS_SYN	(1 << 1)
 
+#define APPLY_DEFINE_FIELD(dummy, a, b, ...)	DEFINE_FIELD_##b
+#define DEFINE_FIELD_STD(type, name)		\
+	type name;				\
+	bool enable_##name;
+#define DEFINE_FIELD_ARRAY(type, name, size)	\
+	type name[size];			\
+	bool enable_##name;
+#define DEFINE_FIELD(type, name, args...)	\
+	APPLY_DEFINE_FIELD(dummy, ##args, ARRAY, STD)(type, name, ##args)
+
 /* used for packet filter condition */
 typedef struct {
-	u32	saddr;
-	bool	enable_saddr;
-	u32	daddr;
-	bool	enable_daddr;
-	u32	addr;
-	bool	enable_addr;
-	u8	saddr_v6[16];
-	bool	enable_saddr_v6;
-	u8	daddr_v6[16];
-	bool	enable_daddr_v6;
-	u8	addr_v6[16];
-	bool	enable_addr_v6;
-	u16	sport;
-	bool	enable_sport;
-	u16	dport;
-	bool	enable_dport;
-	u16	port;
-	bool	enable_port;
-	u16	l3_proto;
-	bool	enable_l3_proto;
-	u8	l4_proto;
-	bool	enable_l4_proto;
+	DEFINE_FIELD(u32, saddr)
+	DEFINE_FIELD(u32, daddr)
+	DEFINE_FIELD(u32, addr)
+	DEFINE_FIELD(u8, saddr_v6, 16)
+	DEFINE_FIELD(u8, daddr_v6, 16)
+	DEFINE_FIELD(u8, addr_v6, 16)
+	DEFINE_FIELD(u16, sport)
+	DEFINE_FIELD(u16, dport)
+	DEFINE_FIELD(u16, port)
+	DEFINE_FIELD(u16, l3_proto)
+	DEFINE_FIELD(u8, l4_proto)
 } pkt_args_t;
 
 #define CONFIG_MAP_SIZE	1024

shared/bpf/skb_utils.h

@@ -274,6 +274,7 @@ static try_inline int probe_parse_ip(void *ip, parse_ctx_t *ctx)
 		pkt->l4.udp.dport = dport;
 		break;
 	}
+	case IPPROTO_ICMPV6:
 	case IPPROTO_ICMP: {
 		struct icmphdr *icmp = l4;
 
@@ -285,7 +286,7 @@ static try_inline int probe_parse_ip(void *ip, parse_ctx_t *ctx)
 		pkt->l4.icmp.id = _(icmp->un.echo.id);
 		break;
 	}
-        case IPPROTO_ESP: {
+	case IPPROTO_ESP: {
 		struct ip_esp_hdr *esp_hdr = l4;
 		if (ATTR_ENABLE(port))
 			goto err;