int do_one_request(struct nlmsghdr *n)
{
struct ndmsg *ndm = NLMSG_DATA(n);
int len = n->nlmsg_len;
struct rtattr * tb[NDA_MAX+1];
struct dbkey key;
DBT dbkey, dbdat;
int do_acct = 0;
if (n->nlmsg_type == NLMSG_DONE) {
dbase->sync(dbase, 0);
/* Now we have at least mirror of kernel db, so that
* may start real resolution.
*/
do_sysctl_adjustments();
return 0;
}
if (n->nlmsg_type != RTM_GETNEIGH && n->nlmsg_type != RTM_NEWNEIGH)
return 0;
len -= NLMSG_LENGTH(sizeof(*ndm));
if (len < 0)
return -1;
if (ndm->ndm_family != AF_INET ||
(ifnum && !handle_if(ndm->ndm_ifindex)) ||
ndm->ndm_flags ||
ndm->ndm_type != RTN_UNICAST ||
!(ndm->ndm_state&~NUD_NOARP))
return 0;
parse_rtattr(tb, NDA_MAX, NDA_RTA(ndm), len);
if (!tb[NDA_DST])
return 0;
key.iface = ndm->ndm_ifindex;
memcpy(&key.addr, RTA_DATA(tb[NDA_DST]), 4);
dbkey.data = &key;
dbkey.size = sizeof(key);
if (dbase->get(dbase, &dbkey, &dbdat, 0) != 0) {
dbdat.data = 0;
dbdat.size = 0;
}
if (n->nlmsg_type == RTM_GETNEIGH) {
if (!(n->nlmsg_flags&NLM_F_REQUEST))
return 0;
if (!(ndm->ndm_state&(NUD_PROBE|NUD_INCOMPLETE))) {
stats.app_bad++;
return 0;
}
if (ndm->ndm_state&NUD_PROBE) {
/* If we get this, kernel still has some valid
* address, but unicast probing failed and host
* is either dead or changed its mac address.
* Kernel is going to initiate broadcast resolution.
* OK, we invalidate our information as well.
*/
if (dbdat.data && !IS_NEG(dbdat.data))
stats.app_neg++;
dbase->del(dbase, &dbkey, 0);
} else {
/* If we get this kernel does not have any information.
* If we have something tell this to kernel. */
stats.app_recv++;
if (dbdat.data && !IS_NEG(dbdat.data)) {
stats.app_success++;
respond_to_kernel(key.iface, key.addr, dbdat.data, dbdat.size);
return 0;
}
/* Sheeit! We have nothing to tell. */
/* If we have recent negative entry, be silent. */
if (dbdat.data && NEG_VALID(dbdat.data)) {
if (NEG_CNT(dbdat.data) >= active_probing) {
stats.app_suppressed++;
return 0;
}
do_acct = 1;
}
}
if (active_probing &&
queue_active_probe(ndm->ndm_ifindex, key.addr) == 0 &&
do_acct) {
NEG_CNT(dbdat.data)++;
dbase->put(dbase, &dbkey, &dbdat, 0);
}
} else if (n->nlmsg_type == RTM_NEWNEIGH) {
if (n->nlmsg_flags&NLM_F_REQUEST)
return 0;
if (ndm->ndm_state&NUD_FAILED) {
/* Kernel was not able to resolve. Host is dead.
* Create negative entry if it is not present
* or renew it if it is too old. */
if (!dbdat.data ||
!IS_NEG(dbdat.data) ||
!NEG_VALID(dbdat.data)) {
__u8 ndata[6];
stats.kern_neg++;
prepare_neg_entry(ndata, time(NULL));
dbdat.data = ndata;
dbdat.size = sizeof(ndata);
dbase->put(dbase, &dbkey, &dbdat, 0);
}
} else if (tb[NDA_LLADDR]) {
if (dbdat.data && !IS_NEG(dbdat.data)) {
if (memcmp(RTA_DATA(tb[NDA_LLADDR]), dbdat.data, dbdat.size) == 0)
return 0;
stats.kern_change++;
} else {
stats.kern_new++;
}
dbdat.data = RTA_DATA(tb[NDA_LLADDR]);
dbdat.size = RTA_PAYLOAD(tb[NDA_LLADDR]);
dbase->put(dbase, &dbkey, &dbdat, 0);
}
}
return 0;
}
static int send_probe(int ifindex, __u32 addr)
{
struct ifreq ifr = { .ifr_ifindex = ifindex };
struct sockaddr_in dst = {
.sin_family = AF_INET,
.sin_port = htons(1025),
.sin_addr.s_addr = addr,
};
socklen_t len;
unsigned char buf[256];
struct arphdr *ah = (struct arphdr *)buf;
unsigned char *p = (unsigned char *)(ah+1);
struct sockaddr_ll sll = {
.sll_family = AF_PACKET,
.sll_ifindex = ifindex,
.sll_protocol = htons(ETH_P_ARP),
};
if (ioctl(udp_sock, SIOCGIFNAME, &ifr))
return -1;
if (ioctl(udp_sock, SIOCGIFHWADDR, &ifr))
return -1;
if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER)
return -1;
if (setsockopt(udp_sock, SOL_SOCKET, SO_BINDTODEVICE, ifr.ifr_name, strlen(ifr.ifr_name)+1) < 0)
return -1;
if (connect(udp_sock, (struct sockaddr *)&dst, sizeof(dst)) < 0)
return -1;
len = sizeof(dst);
if (getsockname(udp_sock, (struct sockaddr *)&dst, &len) < 0)
return -1;
ah->ar_hrd = htons(ifr.ifr_hwaddr.sa_family);
ah->ar_pro = htons(ETH_P_IP);
ah->ar_hln = 6;
ah->ar_pln = 4;
ah->ar_op = htons(ARPOP_REQUEST);
memcpy(p, ifr.ifr_hwaddr.sa_data, ah->ar_hln);
p += ah->ar_hln;
memcpy(p, &dst.sin_addr, 4);
p += 4;
memset(sll.sll_addr, 0xFF, sizeof(sll.sll_addr));
memcpy(p, &sll.sll_addr, ah->ar_hln);
p += ah->ar_hln;
memcpy(p, &addr, 4);
p += 4;
if (sendto(pset[0].fd, buf, p-buf, 0, (struct sockaddr *)&sll, sizeof(sll)) < 0)
return -1;
stats.probes_sent++;
return 0;
}
/* Be very tough on sending probes: 1 per second with burst of 3. */
static int queue_active_probe(int ifindex, __u32 addr)
{
static struct timeval prev;
static int buckets;
struct timeval now;
gettimeofday(&now, NULL);
if (prev.tv_sec) {
int diff = (now.tv_sec-prev.tv_sec)*1000+(now.tv_usec-prev.tv_usec)/1000;
buckets += diff;
} else {
buckets = broadcast_burst;
}
if (buckets > broadcast_burst)
buckets = broadcast_burst;
if (buckets >= broadcast_rate && !send_probe(ifindex, addr)) {
buckets -= broadcast_rate;
prev = now;
return 0;
}
stats.probes_suppressed++;
return -1;
}
static int respond_to_kernel(int ifindex, __u32 addr, char *lla, int llalen)
{
struct {
struct nlmsghdr n;
struct ndmsg ndm;
char buf[256];
} req = {
.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ndmsg)),
.n.nlmsg_flags = NLM_F_REQUEST,
.n.nlmsg_type = RTM_NEWNEIGH,
.ndm.ndm_family = AF_INET,
.ndm.ndm_state = NUD_STALE,
.ndm.ndm_ifindex = ifindex,
.ndm.ndm_type = RTN_UNICAST,
};
addattr_l(&req.n, sizeof(req), NDA_DST, &addr, 4);
addattr_l(&req.n, sizeof(req), NDA_LLADDR, lla, llalen);
return rtnl_send(&rth, &req, req.n.nlmsg_len) <= 0;
}
static void prepare_neg_entry(__u8 *ndata, __u32 stamp)
{
ndata[0] = 0xFF;
ndata[1] = 0;
ndata[2] = stamp>>24;
ndata[3] = stamp>>16;
ndata[4] = stamp>>8;
ndata[5] = stamp;
}
static int do_one_request(struct nlmsghdr *n)
{
struct ndmsg *ndm = NLMSG_DATA(n);
int len = n->nlmsg_len;
struct rtattr *tb[NDA_MAX+1];
struct dbkey key;
DBT dbkey, dbdat;
int do_acct = 0;
if (n->nlmsg_type == NLMSG_DONE) {
dbase->sync(dbase, 0);
/* Now we have at least mirror of kernel db, so that
* may start real resolution.
*/
do_sysctl_adjustments();
return 0;
}
if (n->nlmsg_type != RTM_GETNEIGH && n->nlmsg_type != RTM_NEWNEIGH)
return 0;
len -= NLMSG_LENGTH(sizeof(*ndm));
if (len < 0)
return -1;
if (ndm->ndm_family != AF_INET ||
(ifnum && !handle_if(ndm->ndm_ifindex)) ||
ndm->ndm_flags ||
ndm->ndm_type != RTN_UNICAST ||
!(ndm->ndm_state&~NUD_NOARP))
return 0;
parse_rtattr(tb, NDA_MAX, NDA_RTA(ndm), len);
if (!tb[NDA_DST])
return 0;
key.iface = ndm->ndm_ifindex;
memcpy(&key.addr, RTA_DATA(tb[NDA_DST]), 4);
dbkey.data = &key;
dbkey.size = sizeof(key);
if (dbase->get(dbase, &dbkey, &dbdat, 0) != 0) {
dbdat.data = 0;
dbdat.size = 0;
}
if (n->nlmsg_type == RTM_GETNEIGH) {
if (!(n->nlmsg_flags&NLM_F_REQUEST))
return 0;
if (!(ndm->ndm_state&(NUD_PROBE|NUD_INCOMPLETE))) {
stats.app_bad++;
return 0;
}
if (ndm->ndm_state&NUD_PROBE) {
/* If we get this, kernel still has some valid
* address, but unicast probing failed and host
* is either dead or changed its mac address.
* Kernel is going to initiate broadcast resolution.
* OK, we invalidate our information as well.
*/
if (dbdat.data && !IS_NEG(dbdat.data))
stats.app_neg++;
dbase->del(dbase, &dbkey, 0);
} else {
/* If we get this kernel does not have any information.
* If we have something tell this to kernel. */
stats.app_recv++;
if (dbdat.data && !IS_NEG(dbdat.data)) {
stats.app_success++;
respond_to_kernel(key.iface, key.addr, dbdat.data, dbdat.size);
return 0;
}
/* Sheeit! We have nothing to tell. */
/* If we have recent negative entry, be silent. */
if (dbdat.data && NEG_VALID(dbdat.data)) {
if (NEG_CNT(dbdat.data) >= active_probing) {
stats.app_suppressed++;
return 0;
}
do_acct = 1;
}
}
if (active_probing &&
queue_active_probe(ndm->ndm_ifindex, key.addr) == 0 &&
do_acct) {
NEG_CNT(dbdat.data)++;
dbase->put(dbase, &dbkey, &dbdat, 0);
}
} else if (n->nlmsg_type == RTM_NEWNEIGH) {
if (n->nlmsg_flags&NLM_F_REQUEST)
return 0;
if (ndm->ndm_state&NUD_FAILED) {
/* Kernel was not able to resolve. Host is dead.
* Create negative entry if it is not present
* or renew it if it is too old. */
if (!dbdat.data ||
!IS_NEG(dbdat.data) ||
!NEG_VALID(dbdat.data)) {
__u8 ndata[6];
stats.kern_neg++;
prepare_neg_entry(ndata, time(NULL));
dbdat.data = ndata;
dbdat.size = sizeof(ndata);
dbase->put(dbase, &dbkey, &dbdat, 0);
}
} else if (tb[NDA_LLADDR]) {
if (dbdat.data && !IS_NEG(dbdat.data)) {
if (memcmp(RTA_DATA(tb[NDA_LLADDR]), dbdat.data, dbdat.size) == 0)
return 0;
stats.kern_change++;
} else {
stats.kern_new++;
}
dbdat.data = RTA_DATA(tb[NDA_LLADDR]);
dbdat.size = RTA_PAYLOAD(tb[NDA_LLADDR]);
dbase->put(dbase, &dbkey, &dbdat, 0);
}
}
return 0;
}
static void load_initial_table(void)
{
if (rtnl_wilddump_request(&rth, AF_INET, RTM_GETNEIGH) < 0) {
perror("dump request failed");
exit(1);
}
}
static void get_kern_msg(void)
{
int status;
struct nlmsghdr *h;
struct sockaddr_nl nladdr = {};
struct iovec iov;
char buf[8192];
struct msghdr msg = {
(void *)&nladdr, sizeof(nladdr),
&iov, 1,
NULL, 0,
0
};
iov.iov_base = buf;
iov.iov_len = sizeof(buf);
status = recvmsg(rth.fd, &msg, MSG_DONTWAIT);
if (status <= 0)
return;
if (msg.msg_namelen != sizeof(nladdr))
return;
if (nladdr.nl_pid)
return;
for (h = (struct nlmsghdr *)buf; status >= sizeof(*h); ) {
int len = h->nlmsg_len;
int l = len - sizeof(*h);
if (l < 0 || len > status)
return;
if (do_one_request(h) < 0)
return;
status -= NLMSG_ALIGN(len);
h = (struct nlmsghdr *)((char *)h + NLMSG_ALIGN(len));
}
}