arp request and reply using c socket programming
I am trying to receive and send arp packets using c programming in Linux (Ubuntu)
My program works fine (i.e. runs without any error), but I cannot trace the packets using Wireshark. source code:
#include #include #include #include #include #include #include #include #include #include #include #include #include #define BUF_SIZE 42 #define DEVICE "eth0" #define ETH_P_NULL 0x0 #define ETH_MAC_LEN ETH_ALEN #define ETH_ARP 0x0806 int s = 0; /*Socketdescriptor*/ void* buffer = NULL; long total_packets = 0; long answered_packets = 0; void sigint(int signum); struct __attribute__((packed)) arp_header < unsigned short arp_hd; unsigned short arp_pr; unsigned char arp_hdl; unsigned char arp_prl; unsigned short arp_op; unsigned char arp_sha[6]; unsigned char arp_spa[4]; unsigned char arp_dha[6]; unsigned char arp_dpa[4]; >; int main(void) < buffer = (void*)malloc(BUF_SIZE); /*Buffer for Ethernet Frame*/ unsigned char* etherhead = buffer; /*Pointer to Ethenet Header*/ struct ethhdr *eh = (struct ethhdr *)etherhead; /*Another pointer to ethernet header*/ unsigned char* arphead = buffer + 14; struct arp_header *ah; unsigned char src_mac[6]; /*our MAC address*/ struct ifreq ifr; struct sockaddr_ll socket_address; int ifindex = 0; /*Ethernet Interface index*/ int i; int length; /*length of received packet*/ int sent; printf("Server started, entering initialiation phase. \n"); /*open socket*/ s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); if (s == -1) < perror("socket():"); exit(1); >printf("Successfully opened socket: %i\n", s); /*retrieve ethernet interface index*/ strncpy(ifr.ifr_name, DEVICE, IFNAMSIZ); if (ioctl(s, SIOCGIFINDEX, &ifr) == -1) < perror("SIOCGIFINDEX"); exit(1); >ifindex = ifr.ifr_ifindex; printf("Successfully got interface index: %i\n", ifindex); /*retrieve corresponding MAC*/ if (ioctl(s, SIOCGIFHWADDR, &ifr) == -1) < perror("SIOCGIFINDEX"); exit(1); >for (i = 0; i < 6; i++) < src_mac[i] = ifr.ifr_hwaddr.sa_data[i]; >printf("Successfully got our MAC address: %02X:%02X:%02X:%02X:%02X:%02X\n", src_mac[0],src_mac[1],src_mac[2],src_mac[3],src_mac[4],src_mac[5]); /*prepare sockaddr_ll*/ socket_address.sll_family = PF_PACKET; socket_address.sll_protocol = htons(ETH_P_IP); socket_address.sll_ifindex = ifindex; socket_address.sll_hatype = ARPHRD_ETHER; socket_address.sll_pkttype = PACKET_OTHERHOST; socket_address.sll_halen = 0; socket_address.sll_addr[6] = 0x00; socket_address.sll_addr[7] = 0x00; /*establish signal handler*/ signal(SIGINT, sigint); printf("Successfully established signal handler for SIGINT\n"); printf("We are in production state, waiting for incoming packets. \n"); while (1) < /*Wait for incoming packet. */ length = recvfrom(s, buffer, BUF_SIZE, 0, NULL, NULL); if (length == -1) < perror("recvfrom():"); exit(1); >if(htons(eh->h_proto) == 0x806) < unsigned char buf_arp_dha[6]; unsigned char buf_arp_dpa[4]; ah = (struct arp_header *)arphead; if(htons(ah->arp_op) != 0x0001) continue; printf("buffer is---------------- %s \n",(char*)ah); printf("H/D TYPE : %x PROTO TYPE : %x \n",ah->arp_hd,ah->arp_pr); printf("H/D leng : %x PROTO leng : %x \n",ah->arp_hdl,ah->arp_prl); printf("OPERATION : %x \n", ah->arp_op); printf("SENDER MAC address: %02X:%02X:%02X:%02X:%02X:%02X\n", ah->arp_sha[0], ah->arp_sha[1], ah->arp_sha[2], ah->arp_sha[3], ah->arp_sha[4], ah->arp_sha[5] ); printf("SENDER IP address: %02d:%02d:%02d:%02d\n", ah->arp_spa[0], ah->arp_spa[1], ah->arp_spa[2], ah->arp_spa[3] ); if(ah->arp_spa[0]==10&&ah->arp_spa[1]==00&&ah->arp_spa[2]==00&&ah->arp_spa[3]==01) < printf("Sender ip is . bam bam. \n"); system("sudo arp -s 10.0.0.1 00:1e:73:91:04:0d"); >printf("TARGET MAC address: %02X:%02X:%02X:%02X:%02X:%02X\n", ah->arp_dha[0], ah->arp_dha[1], ah->arp_dha[2], ah->arp_dha[3], ah->arp_dha[4], ah->arp_dha[5] ); printf("TARGET IP address: %02d:%02d:%02d:%02d\n", ah->arp_dpa[0], ah->arp_dpa[1], ah->arp_dpa[2], ah->arp_dpa[3] ); printf("+++++++++++++++++++++++++++++++++++++++\n" ); printf("ETHER DST MAC address: %02X:%02X:%02X:%02X:%02X:%02X\n", eh->h_dest[0], eh->h_dest[1], eh->h_dest[2], eh->h_dest[3], eh->h_dest[4], eh->h_dest[5] ); printf("ETHER SRC MAC address: %02X:%02X:%02X:%02X:%02X:%02X\n", eh->h_source[0], eh->h_source[1], eh->h_source[2], eh->h_source[3], eh->h_source[4], eh->h_source[5] ); memcpy( (void*)etherhead, (const void*)(etherhead+ETH_MAC_LEN), ETH_MAC_LEN); memcpy( (void*)(etherhead+ETH_MAC_LEN), (const void*)src_mac, ETH_MAC_LEN); eh->h_proto = ETH_ARP; printf("&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& \n"); printf("ETHER DST MAC address: %02X:%02X:%02X:%02X:%02X:%02X\n", eh->h_dest[0], eh->h_dest[1], eh->h_dest[2], eh->h_dest[3], eh->h_dest[4], eh->h_dest[5] ); printf("ETHER SRC MAC address: %02X:%02X:%02X:%02X:%02X:%02X\n", eh->h_source[0], eh->h_source[1], eh->h_source[2], eh->h_source[3], eh->h_source[4], eh->h_source[5] ); ah->arp_hd = ntohs(ah->arp_hd); ah->arp_pr = ntohs(ah->arp_pr); ah->arp_op = 0x0002; buf_arp_dpa[0] = ah->arp_dpa[0]; buf_arp_dpa[1] = ah->arp_dpa[1]; buf_arp_dpa[2] = ah->arp_dpa[2]; buf_arp_dpa[3] = ah->arp_dpa[3]; ah->arp_dha[0] = ah->arp_sha[0]; ah->arp_dha[1] = ah->arp_sha[1]; ah->arp_dha[2] = ah->arp_sha[2]; ah->arp_dha[3] = ah->arp_sha[3]; ah->arp_dha[4] = ah->arp_sha[4]; ah->arp_dha[5] = ah->arp_sha[5]; ah->arp_dpa[0] = ah->arp_spa[0]; ah->arp_dpa[1] = ah->arp_spa[1]; ah->arp_dpa[2] = ah->arp_spa[2]; ah->arp_dpa[3] = ah->arp_spa[3]; ah->arp_spa[0] = buf_arp_dpa[0]; ah->arp_spa[1] = buf_arp_dpa[1]; ah->arp_spa[2] = buf_arp_dpa[2]; ah->arp_spa[3] = buf_arp_dpa[3]; //change the sender mac address ah->arp_sha[0] = 0x00; ah->arp_sha[1] = 0x1e; ah->arp_sha[2] = 0x73; ah->arp_sha[3] = 0x78; ah->arp_sha[4] = 0x9a; ah->arp_sha[5] = 0x0d; socket_address.sll_addr[0] = eh->h_dest[0]; socket_address.sll_addr[1] = eh->h_dest[1]; socket_address.sll_addr[2] = eh->h_dest[2]; socket_address.sll_addr[3] = eh->h_dest[3]; socket_address.sll_addr[4] = eh->h_dest[4]; socket_address.sll_addr[5] = eh->h_dest[5]; printf("=======================================\n" ); printf("SENDER MAC address: %02X:%02X:%02X:%02X:%02X:%02X\n", ah->arp_sha[0], ah->arp_sha[1], ah->arp_sha[2], ah->arp_sha[3], ah->arp_sha[4], ah->arp_sha[5] ); printf("SENDER IP address: %02d:%02d:%02d:%02d\n", ah->arp_spa[0], ah->arp_spa[1], ah->arp_spa[2], ah->arp_spa[3] ); if((ah->arp_spa[0]==10 && ah->arp_spa[1]==0 && ah->arp_spa[2]==0 && ah->arp_spa[3]==1)) printf("------------------------------------------10.0.0.1-----------------------------------------\n"); printf("TARGET MAC address: %02X:%02X:%02X:%02X:%02X:%02X\n", ah->arp_dha[0], ah->arp_dha[1], ah->arp_dha[2], ah->arp_dha[3], ah->arp_dha[4], ah->arp_dha[5] ); printf("TARGET IP address: %02d:%02d:%02d:%02d\n", ah->arp_dpa[0], ah->arp_dpa[1], ah->arp_dpa[2], ah->arp_dpa[3] ); printf("H/D TYPE : %x PROTO TYPE : %x \n",ah->arp_hd,ah->arp_pr); printf("H/D leng : %x PROTO leng : %x \n",ah->arp_hdl,ah->arp_prl); printf("OPERATION : %x \n", ah->arp_op); sent = sendto(s, buffer, BUF_SIZE, 0, (struct sockaddr*)&socket_address, sizeof(socket_address)); if (sent == -1) < perror("sendto():"); exit(1); >answered_packets++; > total_packets++; > > void sigint(int signum) < /*Clean up. */ struct ifreq ifr; if (s == -1) return; strncpy(ifr.ifr_name, DEVICE, IFNAMSIZ); ioctl(s, SIOCGIFFLAGS, &ifr); ifr.ifr_flags &= ~IFF_PROMISC; ioctl(s, SIOCSIFFLAGS, &ifr); close(s); free(buffer); printf("Server terminating. \n"); printf("Totally received: %ld packets\n", total_packets); printf("Answered %ld packets\n", answered_packets); exit(0); >[SOLVED] No ARP reply when using VLAN Linux bond with LACP
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
semira uthsala
Member
I have two severs (px1 and px2) which connect to same switch (Juniper QFX) with LACP. each server have 2 physical ports and those bonded to bond0 using LACP. I used default Linux bond (not OVS).
After create the bond I created VLAN interface on that bond like below
auto bond0
iface bond0 inet manual
bond-slaves ens1f0 ens1f1
bond-miimon 100
bond-mode 802.3ad
auto bond0.40
iface bond0.40 inet static
address 192.168.40.10
netmask 24
auto bond0
iface bond0 inet manual
bond-slaves ens1f0 ens1f1
bond-miimon 100
bond-mode 802.3ad
auto bond0.40
iface bond0.40 inet static
address 192.168.40.11
netmask 24
After this when I try to ping px2 to px1 I cannot ping. Then I do the tcpdump on px1 while pinging from px2.
tcpdump -nneqt -i any arp | grep 192.168.40.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
B 48:xxxxxxxxxxxxx vlan 40, p 0, Request who-has 192.168.40.10 tell 192.168.40.11, length 46
B 48:xxxxxxxxxxxxx vlan 40, p 0, Request who-has 192.168.40.10 tell 192.168.40.11, length 46
B 48:xxxxxxxxxxxxx vlan 40, p 0, Request who-has 192.168.40.10 tell 192.168.40.11, length 46
B 48:xxxxxxxxxxxxx vlan 40, p 0, Request who-has 192.168.40.10 tell 192.168.40.11, length 46
B 48:xxxxxxxxxxxxx vlan 40, p 0, Request who-has 192.168.40.10 tell 192.168.40.11, length 46
B 48:xxxxxxxxxxxxx vlan 40, p 0, Request who-has 192.168.40.10 tell 192.168.40.11, length 46
B 48:xxxxxxxxxxxxx vlan 40, p 0, Request who-has 192.168.40.10 tell 192.168.40.11, length 46
B 48:xxxxxxxxxxxxx vlan 40, p 0, Request who-has 192.168.40.10 tell 192.168.40.11, length 46
B 48:xxxxxxxxxxxxx vlan 40, p 0, Request who-has 192.168.40.10 tell 192.168.40.11, length 46
B 48:xxxxxxxxxxxxx vlan 40, p 0, Request who-has 192.168.40.10 tell 192.168.40.11, length 46
B 48:xxxxxxxxxxxxx vlan 40, p 0, Request who-has 192.168.40.10 tell 192.168.40.11, length 46
B 48:xxxxxxxxxxxxx vlan 40, p 0, Request who-has 192.168.40.10 tell 192.168.40.11, length 46
(I did the tcpdump on px2 while pinging from px1 and results are same)
I can see ARP request coming from server px2 but no reply to those messages from server px1.
Then I tried adding MACs manually using arp -s command on both servers and I able to ping after that.
I don’t have any visibility from the switch end what are the configurations. But since both servers can see incoming ARP requests why there is no ARP reply for those messages ?
To ensure this setup working without bond, I setup 3rd physical connection to the both servers and tag vlan 50 using OVSintport. I can access the VLAN 50 and I can see both ARP request and reply coming through that connection. and I can access all the hosts on that network (192.168.50.0/24)
update
—————————-
I added MTU 9000 on bond0 and bond.40 as found in some posts. But still not working.
update 2
—————————-
When I remove one interface from bond I can reach all hosts in 192.168.40.0/24 VLAN. and ARP reply is sending properly.
Why aren’t ARP or ICMPv6 packets processed by a Linux TAP device
The problem I am facing is when an application (say mozilla) wants to send out a packet via the tap device, it needs to get the dst mac address. So the kernel sends out an ARP request. The application I am writing forwards the arp request (via a raw socket on a physical eth device) and gets an arp reply. This arp reply is forwarded back to the tap device, but the kernel refuses to accept this. If I add an arp entry manually, no arp request is generated and there is two way ip packet exchange (mozilla is happy). Wireshark is able to receive the packet and finds no errors. Same is the case with ICMPv6 packets (neighbor solicitation & advertisement). Any application listening on the device gets the packet intact. But the kernel does not process it for ARP/ICMP. My question is, why doesn’t the kernel accept the arp reply/ICMPv6 msgs? Is there some ioctl call that we need to call? Edit: Here is the details of packet captured (tshark output) at the tap device «ethgress»
9 16.548328 fc00:1::2 -> ff02::1:ff00:1 ICMPv6 86 Neighbor Solicitation 10 17.243247 fc00:1::100 -> fc00:1::2 ICMPv6 86 Neighbor Advertisement 11 17.548652 fc00:1::2 -> ff02::1:ff00:1 ICMPv6 86 Neighbor Solicitation 12 17.668736 fc00:1::100 -> fc00:1::2 ICMPv6 86 Neighbor Advertisement ethgress Link encap:Ethernet HWaddr 00:01:02:03:04:05 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:83 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10000 RX bytes:0 (0.0 b) TX bytes:7062 (6.8 KiB) As can be seen, the kernel is refusing the accept the ICMPv6 packets as received. But the tx packets are incremented. The tap device «ethgress» is configured with IPv6 address fc00:1::2 and it an application wants to communicate to fc00:1::1. fc00:1::1 is at the same interface as fc00:1:100 which is responding with the neighbor advertisement (the target ip is fc00:1::1 in that packet) with proper mac address. Tcpdump is able to capture it and wireshark/tshark is able to decode it without and says its a properly formed packet. But Rx counters are not incremented by the kernel, nor does it update its arp cache. Same is the case with ARP packets. Edit 2: The network looks like this. There are two external boxes which are configured to be redundant. Only one of them will be active. They are connected to a pc via a physical NIC each. The application I am writing runs on this pc and opens a raw socket on each of the NICs. It also opens a TAP device. The NICs are not configured with an IP address. The TAP device is configured with both IPv4 and IPv6 address. A standard application, say mozilla, opens a socket via the tap device and wants to connect to the active box. For that the kernel generates an ARP request/Neighbor solicitation message on the tap device. The application reads this message and forwards it to both the NICs. The active box responds to the ARP request with an ARP reply which the application reads and writes it to the TAP device. This arp reply packet is captured by tcpdump, but the kernel doesn’t update its arp cache. The mac address of both NICs and the TAP device are the same. Other parameters asked for.
cat /proc/sys/net/ipv4/conf/all/log_martians 0 cat /proc/sys/net/ipv4/conf/all/rp_filter 1 cat /proc/sys/net/ipv4/conf/all/arp_filter 0