1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00

49 Commits

Author SHA1 Message Date
Martin Schwenke
0536d7a98b ctdb-common: Reimplement ctdb_sys_have_ip() using new infrastructure
It can now be used when net.ipv4.ip_nonlocal_bind=1.

This makes the recovery daemon's local IP verification inefficient.
It can be optimised in a subsequent commit.

Fall back to bind() if unable to fetch IPs.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2024-10-07 15:58:38 +00:00
Martin Schwenke
a489b6699d ctdb-common: Make the argument to ctdb_sys_have_ip() const
Arguably, this would have made sense back in commit
bf86562144fe4e9541bd993519aca958c2bdb794.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2024-10-07 15:58:38 +00:00
Martin Schwenke
cc99d0047d ctdb-common: Add functions for local IP address checking
This is a wrapper around getifaddrs(2), which is in libreplace, so
should always be available.

Some users want to set net.ipv4.ip_nonlocal_bind = 1.  So, CTDB needs
a way of testing if public IPs are present, without using bind(2).

Doing all of this unconditionally in ctdb_sys_have_ip() will be
inefficient in the recovery daemon's local IP verification if there
are a lot of IP addresses.  Split it this way so the interface
information can be retrieved once and used multiple times.

This doesn't appear to need IP canonicalisation for IPv4-mapped IPv6
addresses.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2024-10-07 15:58:38 +00:00
Martin Schwenke
dc7b48c404 ctdb-common: Set immediate mode for pcap capture
Fix a problem where ctdb_killtcp (almost always) fails to capture
packets with --enable-pcap and libpcap ≥ 1.9.1.  The problem is due to
a gradual change in libpcap semantics when using
pcap_get_selectable_fd(3PCAP) to get a file descriptor and then using
that file descriptor in non-blocking mode.

pcap_set_immediate_mode(3PCAP) says:

  pcap_set_immediate_mode() sets whether immediate mode should be set
  on a capture handle when the handle is activated.  In immediate
  mode, packets are always delivered as soon as they arrive, with no
  buffering.

and

  On Linux, with previous releases of libpcap, capture devices are
  always in immediate mode; however, in 1.5.0 and later, they are, by
  default, not in immediate mode, so if pcap_set_immediate_mode() is
  available, it should be used.

However, it wasn't until libpcap commit
2ade7676101366983bd4f86bc039ffd25da8c126 (before libpcap 1.9.1) that
it became a requirement to use pcap_set_immediate_mode(), even with a
timeout of 0.

More explanation in this libpcap issue comment:

  https://github.com/the-tcpdump-group/libpcap/issues/860#issuecomment-541204548

Do a configure check for pcap_set_immediate_mode() even though it has
existed for 10 years.  It is easy enough.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15451

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Aug 15 10:53:52 UTC 2023 on atb-devel-224
2023-08-15 10:53:52 +00:00
Martin Schwenke
ffc2ae616d ctdb-common: Replace pcap_open_live() by lower level calls
A subsequent commit will insert an additional call before
pcap_activate().

This sequence of calls is taken from the source for pcap_open_live(),
so there should be no change in behaviour.

Given the defaults set by pcap_create_common(), it would be possible
to omit the calls to pcap_set_promisc() and pcap_set_timeout().
However, those defaults don't seem to be well documented, so continue
to explicitly set everything that was set before.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15451

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2023-08-15 09:49:38 +00:00
Martin Schwenke
d87041d896 ctdb-common: Improve error handling
Factor out a failure label, which will get more use in subsequent
commits, and only set private_data when success is certain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15451

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2023-08-15 09:49:38 +00:00
Martin Schwenke
9f7d69a05b ctdb-common: Support IB in pcap-based capture
Add simple support for IPoIB via DLT_LINUX_SLL and DLT_LINUX_SLL2.
This seems to work, even when an IB interface is specified.

If this is later found to be insufficient, support for DLT_IPOIB can
be implemented.  See https://www.tcpdump.org/linktypes.html for a
starting point.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-09-20 10:43:37 +00:00
Martin Schwenke
e5541a7e02 ctdb-common: Support "any" interface for pcap-based capture
This uses Linux cooked capture link-layer headers.  See:

  https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html
  https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL2.html

The header type needs to be checked to ensure the protocol
type (i.e. ether type, for the protocols we might be interested in) is
meaningful.  The size of the header needs to be known so it can be
skipped, allowing the IP header to be found and parsed.

It would be possible to define support for DLT_LINUX_SLL2 if it is
missing.  However, if a platform is missing support in the header file
then it is almost certainly missing in the run-time library too.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-09-20 10:43:37 +00:00
Martin Schwenke
3bf20300ac ctdb-common: Add packet type detection to pcap-based capture
The current code will almost certainly generate ENOMSG for
non-ethernet packets, even for ethernet packets when the "any"
interface is used.

pcap_datalink(3PCAP) says:

  Do NOT assume that the packets for a given capture or ``savefile``
  will have any given link-layer header type, such as DLT_EN10MB for
  Ethernet.  For example, the "any" device on Linux will have a
  link-layer header type of DLT_LINUX_SLL or DLT_LINUX_SLL2 even if
  all devices on the sys‐ tem at the time the "any" device is opened
  have some other data link type, such as DLT_EN10MB for Ethernet.

So, pcap_datalink() must be used.

Detect pcap packet types that are supported (currently only ethernet)
in the open code. There is no use continuing if the read code can't
parse packets.  The pattern of using switch statements supports future
addition of other packet types.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-09-20 10:43:37 +00:00
Martin Schwenke
33a80c1d63 ctdb-common: Improve/add debug
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-09-20 10:43:37 +00:00
Martin Schwenke
075414dc05 ctdb-common: Use pcap_get_selectable_fd()
This is preferred because it will fail for devices that do not support
epoll_wait() and similar.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-09-20 10:43:37 +00:00
Martin Schwenke
40380a8042 ctdb-common: Stop a pcap-related crash on error
errbuf can't be NULL.  Might as well use it.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-09-20 10:43:37 +00:00
Martin Schwenke
8b54587b1a ctdb-common: Fix a warning in the pcap code
[173/416] Compiling ctdb/common/system_socket.c
../../common/system_socket.c: In function ‘ctdb_sys_read_tcp_packet’:
../../common/system_socket.c:1016:15: error: cast discards ‘const’ qualifier from pointer target type [-Werror=cast-qual]
 1016 |         eth = (struct ether_header *)buffer;
      |               ^

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-09-20 10:43:37 +00:00
Martin Schwenke
ad445abebd ctdb-common: Do not use raw socket when ENABLE_PCAP is defined
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-09-20 10:43:37 +00:00
Martin Schwenke
c522f4f604 ctdb-common: Move a misplaced comment
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-09-20 10:43:37 +00:00
Amitay Isaacs
6aa396b0cd ctdb-common: Avoid aliasing errors during code optimization
When compiling with GCC 10.x and -O3 optimization, the IP checksum
calculation code generates wrong checksum.  The function uint16_checksum
gets inlined during optimization and ip4pkt->tcp data gets wrongly
aliased.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14537

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Oct 21 05:52:28 UTC 2020 on sn-devel-184
2020-10-21 05:52:28 +00:00
Mathieu Parent
781eaea07f Spelling fixes s/advertisment/advertisement/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-09-01 22:21:25 +00:00
Martin Schwenke
271d96e4fc ctdb-common: Fix error handling
According to the documentation, sendto() should either send the packet
as given or return with an error.  However, given that it can return
the number of bytes sent, treat the theoretical error of a short
packet send separately, since errno would not be set in this case.

Similarly, treat a short packet recv() separately from an error where
errno is set.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2019-07-05 05:03:24 +00:00
Andreas Schneider
6c520978e2 ctdb:common: Use C99 initializer for 'struct ifreq'
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-01-28 10:29:21 +01:00
Martin Schwenke
58b8f2a31e ctdb-common: Clean up comments in TCP packet parsing
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Aug 30 07:50:04 CEST 2018 on sn-devel-144
2018-08-30 07:50:04 +02:00
Martin Schwenke
53ceac9694 ctdb-common: Check the version field in IPv6 packets
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:59 +02:00
Martin Schwenke
924a655b2a ctdb-common: Improve TCP packet size and offset calculations
The IPv4 check for short packets was strange.  It appeared to ensure
that the capture included everything up to and including the window
size.  The checksum field immediately follows the window size field,
so just ensure that the packet is large enough to contain everything
up to the start of the checksum.

Add a similar check for IPv6 packets.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:59 +02:00
Martin Schwenke
e2ac36867d ctdb-common: Factor out TCP packet parsing code
This can be tested separately.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:59 +02:00
Martin Schwenke
028fdc12e7 ctdb-common: Clean up types/declarations in TCP socket reading
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:59 +02:00
Martin Schwenke
cb4848e359 ctdb-common: Fix error handling when parsing TCP packets
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:58 +02:00
Martin Schwenke
f3a1f1e1fa ctdb-common: Fix a bug in non-Linux (PCAP) TCP packet capturing
Captured packets include a link-layer header, which is considered in
the Linux code but not the PCAP code.  Also, the actual captured
length is in caplen, not len.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:58 +02:00
Martin Schwenke
0beb16f34e ctdb-common: Don't modify a const argument
The current code might be slightly more efficient but
intentionally (although temporarily) modifying a const argument just
seems wrong.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:58 +02:00
Martin Schwenke
8fcf1af559 ctdb-common: Avoid magic numbers when building TCP packets
Most packet sizes and offsets are multiples of 32-bit words.  The IPv6
payload length is in octets.  The IPv6 version is the top 4 bits of
the relevant field.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:58 +02:00
Martin Schwenke
d7d23e78ed ctdb-common: Factor out TCP packet marshalling code
This can be tested separately.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:58 +02:00
Martin Schwenke
a67899573a ctdb-common: Avoid single line multi-assignment
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:58 +02:00
Martin Schwenke
af5a42bf02 ctdb-common: Set version more obviously in IPv6 NA packet
Version is the top 4 bits of this field.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:58 +02:00
Martin Schwenke
ca0db67df9 ctdb-common: Clarify offset and packet length calculations
Calculate each offset from the beginning of the buffer and explicitly
use the sizes of structures.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:58 +02:00
Martin Schwenke
6b1e9a43dc ctdb-common: Use struct ether_arp to avoid manual offset calculations
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:58 +02:00
Martin Schwenke
e2a00feca3 ctdb-common: Be more careful with packet sizes
Ethernet packets must be at least 64 bytes.

For ARP the packet size was limited to 64 bytes.  This is probably OK
but the code might as well be a little more general.

For IPv6 NA there was no guarantee that the packet is at least 64
bytes.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:57 +02:00
Martin Schwenke
39cfd51143 ctdb-common: Separate ARP and IPv6 NA marshalling code
This can be tested separately.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:57 +02:00
Martin Schwenke
50a6d15256 ctdb-common: Fix error handling when sending ARPs
There are numerous places in the code where errno can be lost causing
the wrong error to be printed by a caller.  Change ctdb_sys_send_arp()
to always return a useful errno on error instead of returning -1 and
sometimes having errno set correctly.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:57 +02:00
Martin Schwenke
2ebb25dfc8 ctdb-common: Factor out common ARP code
Finding the interface and the MAC address are obvious.  Might as well
set up the common parts of the destination address structure.

Continue to open the socket and find the MAC address first.  This
might seem odd because marshalling and other subsequent steps may
fail.  However, in the future this code might be optimised to open a
single socket to send ARPs for a list of addresses on each interface,
so don't change the logic.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:57 +02:00
Martin Schwenke
172b87cb1b ctdb-common: Initialise structures when declared
Instead of using ZERO_STRUCT().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:57 +02:00
Martin Schwenke
7c361f4866 ctdb-common: Restore dropped copyright attributions
Commit fa94a49dbbec4a65c368a533a534f952a9f147a7 accidentally dropped
some copyright attributions.  The original version of system_socket.c
was based on system_linux.c but many parts have been taking from
system_freebsd.c, which had these additional copyright attributions.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:57 +02:00
Martin Schwenke
032593487f ctdb-common: Fix CID 1414745 - Out-of-bounds access
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-30 04:48:56 +02:00
Martin Schwenke
48335725de ctdb-common: Fix aliasing issue in IPv6 checksum
Since commit 9c51b278b1700cd5f3e2addc19b7c711cc2ea10b the compiler has
been able to inline the affected call to uint16_checksum().  Given
that the data (phdr) is being accessed by an incompatible
pointer (data) there is an aliasing problem when the call is inlined.
This results in incorrect behaviour with -O2/-O3 when compiling with
at least GCC 6, 7, and 8.

Fix this by making the types compatible.

Also fixes CID 1437604 (Reliance on integer endianness).  This is a
false positive because the uint16_checksum doesn't depend on the order
of the input uint16_t items.

https://bugzilla.samba.org/show_bug.cgi?id=13588

Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-08-24 10:59:20 +02:00
Amitay Isaacs
be43e08072 ctdb-common: Fix the TCP packet length check
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13520

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2018-07-28 03:50:11 +02:00
Martin Schwenke
77242e7631 ctdb-common: Drop function parse_ip_mask() and supporting functions
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-07-27 05:45:21 +02:00
Martin Schwenke
5dd84bf5d7 ctdb-common: Fix compilation issue with strncpy()
When configured with --picky-developer and using -O3 with gcc 8.1:

../common/system_socket.c: In function ‘parse_ip_mask’:
../common/system_socket.c:229:2: error: ‘strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
  strncpy(s, str, len+1);
  ^~~~~~~~~~~~~~~~~~~~~~
../common/system_socket.c:223:8: note: length computed here
  len = strlen(str);
        ^~~~~~~~~~~

Use strlcpy() instead and check the result.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13545

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-07-27 05:45:20 +02:00
Martin Schwenke
fa94a49dbb ctdb-common: Move capture_socket functions to ctdb_socket.[ch]
The system_<os>.c files contain a lot of duplication, making
maintenance difficult.  These functions are being merged into
system_socket.c and system.c.

Bring across ctdb_sys_open_capture_socket(),
ctdb_sys_close_capture_socket() and ctdb_sys_read_tcp_packet().

Remove empty system_<os>.c files.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-07-02 08:51:21 +02:00
Martin Schwenke
eafcc98b03 ctdb-common: Move ctdb_sys_send_tcp() to ctdb_socket.[ch]
The system_<os>.c files contain a lot of duplication, making
maintenance difficult.  These functions are being merged into
system_socket.c and system.c.

Bring across tcp_checksum(), renamed to ip_checksum().
uint16_checksum() becomes static.

Use the BSD struct tcphdr field names for portability.  See the
comment in the code for more details about how we get this to compile
on older glibc versions.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-07-02 08:51:21 +02:00
Martin Schwenke
9c51b278b1 ctdb-common: Move ctdb_sys_send_arp() to ctdb_socket.[ch]
The system_<os>.c files contain a lot of duplication, making
maintenance difficult.  These functions are being merged into
system_socket.c and system.c.

Bring a copy of tcp_checksum6(), renamed to ip6_checksum().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-07-02 08:51:21 +02:00
Martin Schwenke
2f0a4d2095 ctdb-common: Move parse_ip_mask() to system_socket.[ch]
This uses ctdb_sock_addr so belongs here.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-07-02 08:51:20 +02:00
Martin Schwenke
57834c64be ctdb-common: Rename system utility files
system_socket.[ch] will contain all the raw socket code and other
functions that use ctdb_sock_addr.  system.[ch] will contain other
platform dependent functions.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-07-02 08:51:20 +02:00