Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

RAW Packets are getting dropped at linux bridge connected to VM tap interface

Hello,

I am trying to send raw udp packet from one instance to another instance in OpenStack. Even though TCP/UDP communication enabled in security groups, still packets are getting dropped at the linux bridge connected to VM tap interface

I am able to send and recieve the udp packets using udp_server & udp_client socket communication which inturn uses AF_INET as socket domain, but in my case i am using AF_PACKET as socket domain.

I am successfully able to send packets between two VMs managed by VMware vsphere using the same program. Even in the case where OpenDaylight integrated with OpenStack, I am able send packets because there won't be any linux bridge present in environment.

This issue is occurring only with VMs running in pure OpenStack setup.

Below is the program that i am running.

include <arpa inet.h="">

include <linux if_packet.h="">

include <stdio.h>

include <string.h>

include <stdlib.h>

include <sys ioctl.h="">

include <sys socket.h="">

include <net if.h="">

include <netinet ether.h="">

include <netinet ip.h="">

include <netinet udp.h="">

define MY_DEST_MAC0 0xFA

define MY_DEST_MAC1 0x16

define MY_DEST_MAC2 0x3E

define MY_DEST_MAC3 0xE0

define MY_DEST_MAC4 0x40

define MY_DEST_MAC5 0x94

define DEFAULT_IF "eth0"

define BUF_SIZ 1024

unsigned short csum(unsigned short *buf, int nwords) { unsigned long sum; for(sum=0; nwords>0; nwords--) sum += *buf++; sum = (sum >> 16) + (sum &0xffff); sum += (sum >> 16); return (unsigned short)(~sum); }

int main(int argc, char *argv[]) { int sockfd; struct ifreq if_idx; struct ifreq if_mac; int tx_len = 0; char sendbuf[BUF_SIZ]; struct ether_header *eh = (struct ether_header *) sendbuf; //struct iphdr *iph = (struct iphdr *) (sendbuf + sizeof(struct ether_header)); struct sockaddr_ll socket_address; char ifName[IFNAMSIZ];

    /* Get interface name */
    if (argc > 1)
            strcpy(ifName, argv[1]);
    else
            strcpy(ifName, DEFAULT_IF);

    /* Open RAW socket to send on */
    if ((sockfd = socket(AF_PACKET, SOCK_RAW, IPPROTO_RAW)) == -1) {
        perror("socket");
    }
    /* Get the index of the interface to send on */
    memset(&if_idx, 0, sizeof(struct ifreq));
    strncpy(if_idx.ifr_name, ifName, IFNAMSIZ-1);
    if (ioctl(sockfd, SIOCGIFINDEX, &if_idx) < 0)
        perror("SIOCGIFINDEX");
    /* Get the MAC address of the interface to send on */
    memset(&if_mac, 0, sizeof(struct ifreq));
    strncpy(if_mac.ifr_name, ifName, IFNAMSIZ-1);
    if (ioctl(sockfd, SIOCGIFHWADDR, &if_mac) < 0)
        perror("SIOCGIFHWADDR");
    /* Construct the Ethernet header */
    memset(sendbuf, 0, BUF_SIZ);
    /* Ethernet header */
    eh->ether_shost[0] = ((uint8_t *)&if_mac.ifr_hwaddr.sa_data)[0];
    eh->ether_shost[1] = ((uint8_t *)&if_mac.ifr_hwaddr.sa_data)[1];
    eh->ether_shost[2] = ((uint8_t *)&if_mac.ifr_hwaddr.sa_data)[2];
    eh->ether_shost[3] = ((uint8_t *)&if_mac.ifr_hwaddr.sa_data)[3];
    eh->ether_shost[4] = ((uint8_t *)&if_mac.ifr_hwaddr.sa_data)[4];
    eh->ether_shost[5] = ((uint8_t *)&if_mac.ifr_hwaddr.sa_data)[5];
    eh->ether_dhost[0] = MY_DEST_MAC0;
    eh->ether_dhost[1] = MY_DEST_MAC1;
    eh->ether_dhost[2] = MY_DEST_MAC2;
    eh->ether_dhost[3] = MY_DEST_MAC3;
    eh->ether_dhost[4] = MY_DEST_MAC4;
    eh->ether_dhost[5] = MY_DEST_MAC5;
    /* Ethertype field */
    printf("%x\n",eh->ether_shost[0]);
    eh->ether_type = htons(ETH_P_IP);
    tx_len += sizeof(struct ether_header);

    struct iphdr *iph = (struct iphdr *) (sendbuf + sizeof(struct ether_header));
    /* IP Header */
    iph->ihl = 5;
    iph->version = 4;
    iph->tos = 16; // Low delay
    iph->id = htons(54321);
    iph->ttl = 64; // hops
    iph->protocol = 17; // UDP
    /* Source IP address, can be spoofed */
    //iph->saddr = inet_addr(inet_ntoa(((struct sockaddr_in *)&if_ip.ifr_addr)->sin_addr));
    iph->saddr = inet_addr("20.0.0.3");
    /* Destination IP address */
    iph->daddr = inet_addr("20.0.0.4");
    tx_len += sizeof(struct iphdr);
    /* Calculate IP checksum on completed header */
    iph->check = csum((unsigned short *)(sendbuf+sizeof(struct ether_header)), sizeof(struct iphdr)/2);

    struct udphdr *udph = (struct udphdr *) (sendbuf + sizeof(struct iphdr) + sizeof(struct ether_header));
    /* UDP Header */
    udph->source = htons(3423);
    udph->dest = htons(5342);
    udph->check = 0; // skip
    tx_len += sizeof(struct udphdr);
    /* Packet data */
    sendbuf[tx_len++] = 0xde;
    sendbuf[tx_len++] = 0xad;
    sendbuf[tx_len++] = 0xbe;
    sendbuf[tx_len++] = 0xef;

    /* Length of IP payload and header */
    iph->tot_len = htons(tx_len - sizeof(struct ether_header));
    /* Length of UDP payload and header */
    udph->len = htons(tx_len - sizeof(struct ether_header) - sizeof(struct iphdr));

    /* Index of the network device */
    socket_address.sll_ifindex = if_idx.ifr_ifindex;
    /* Address length*/
    socket_address.sll_halen = ETH_ALEN;
    /* Destination MAC */
    socket_address.sll_addr[0] = MY_DEST_MAC0;
    socket_address.sll_addr[1] = MY_DEST_MAC1;
    socket_address.sll_addr[2] = MY_DEST_MAC2;
    socket_address.sll_addr[3] = MY_DEST_MAC3;
    socket_address.sll_addr[4] = MY_DEST_MAC4;
    socket_address.sll_addr[5] = MY_DEST_MAC5;

    /* Send packet */
    if (sendto(sockfd, sendbuf, tx_len, 0, (struct sockaddr*)&socket_address, sizeof(struct sockaddr_ll)) < 0)
        printf("Send failed\n");

    return 0;

}

Do I need to enable any thing further? Kindly help me if anything is missing. Your help is appriciated

Thanks, Vasu.

RAW Packets are getting dropped at linux bridge connected to VM tap interface

Hello,

I am trying to send raw udp packet from one instance to another instance in OpenStack. Even though TCP/UDP communication enabled in security groups, still packets are getting dropped at the linux bridge connected to VM tap interface

I am able to send and recieve the udp packets using udp_server & udp_client socket communication which inturn uses AF_INET as socket domain, but in my case i am using AF_PACKET as socket domain.

I am successfully able to send packets between two VMs managed by VMware vsphere using the same program. Even in the case where OpenDaylight integrated with OpenStack, I am able send packets because there won't be any linux bridge present in environment.

This issue is occurring only with VMs running in pure OpenStack setup.

Below is the program that i am running.

include <arpa inet.h="">

include <linux if_packet.h="">

include <stdio.h>

include <string.h>

include <stdlib.h>

include <sys ioctl.h="">

include <sys socket.h="">

include <net if.h="">

include <netinet ether.h="">

include <netinet ip.h="">

include <netinet udp.h="">

define MY_DEST_MAC0 0xFA

define MY_DEST_MAC1 0x16

define MY_DEST_MAC2 0x3E

define MY_DEST_MAC3 0xE0

define MY_DEST_MAC4 0x40

define MY_DEST_MAC5 0x94

define DEFAULT_IF "eth0"

define BUF_SIZ 1024

unsigned short csum(unsigned short *buf, int nwords) { unsigned long sum; for(sum=0; nwords>0; nwords--) sum += *buf++; sum = (sum >> 16) + (sum &0xffff); sum += (sum >> 16); return (unsigned short)(~sum); }

int main(int argc, char *argv[]) { int sockfd; struct ifreq if_idx; struct ifreq if_mac; int tx_len = 0; char sendbuf[BUF_SIZ]; struct ether_header *eh = (struct ether_header *) sendbuf; //struct iphdr *iph = (struct iphdr *) (sendbuf + sizeof(struct ether_header)); struct sockaddr_ll socket_address; char ifName[IFNAMSIZ];

    /* Get interface name */
    if (argc > 1)
            strcpy(ifName, argv[1]);
    else
            strcpy(ifName, DEFAULT_IF);

    /* Open RAW socket to send on */
    if ((sockfd = socket(AF_PACKET, SOCK_RAW, IPPROTO_RAW)) == -1) {
        perror("socket");
    }
    /* Get the index of the interface to send on */
    memset(&if_idx, 0, sizeof(struct ifreq));
    strncpy(if_idx.ifr_name, ifName, IFNAMSIZ-1);
    if (ioctl(sockfd, SIOCGIFINDEX, &if_idx) < 0)
        perror("SIOCGIFINDEX");
    /* Get the MAC address of the interface to send on */
    memset(&if_mac, 0, sizeof(struct ifreq));
    strncpy(if_mac.ifr_name, ifName, IFNAMSIZ-1);
    if (ioctl(sockfd, SIOCGIFHWADDR, &if_mac) < 0)
        perror("SIOCGIFHWADDR");
    /* Construct the Ethernet header */
    memset(sendbuf, 0, BUF_SIZ);
    /* Ethernet header */
    eh->ether_shost[0] = ((uint8_t *)&if_mac.ifr_hwaddr.sa_data)[0];
    eh->ether_shost[1] = ((uint8_t *)&if_mac.ifr_hwaddr.sa_data)[1];
    eh->ether_shost[2] = ((uint8_t *)&if_mac.ifr_hwaddr.sa_data)[2];
    eh->ether_shost[3] = ((uint8_t *)&if_mac.ifr_hwaddr.sa_data)[3];
    eh->ether_shost[4] = ((uint8_t *)&if_mac.ifr_hwaddr.sa_data)[4];
    eh->ether_shost[5] = ((uint8_t *)&if_mac.ifr_hwaddr.sa_data)[5];
    eh->ether_dhost[0] = MY_DEST_MAC0;
    eh->ether_dhost[1] = MY_DEST_MAC1;
    eh->ether_dhost[2] = MY_DEST_MAC2;
    eh->ether_dhost[3] = MY_DEST_MAC3;
    eh->ether_dhost[4] = MY_DEST_MAC4;
    eh->ether_dhost[5] = MY_DEST_MAC5;
    /* Ethertype field */
    printf("%x\n",eh->ether_shost[0]);
    eh->ether_type = htons(ETH_P_IP);
    tx_len += sizeof(struct ether_header);

    struct iphdr *iph = (struct iphdr *) (sendbuf + sizeof(struct ether_header));
    /* IP Header */
    iph->ihl = 5;
    iph->version = 4;
    iph->tos = 16; // Low delay
    iph->id = htons(54321);
    iph->ttl = 64; // hops
    iph->protocol = 17; // UDP
    /* Source IP address, can be spoofed */
    //iph->saddr = inet_addr(inet_ntoa(((struct sockaddr_in *)&if_ip.ifr_addr)->sin_addr));
    iph->saddr = inet_addr("20.0.0.3");
    /* Destination IP address */
    iph->daddr = inet_addr("20.0.0.4");
    tx_len += sizeof(struct iphdr);
    /* Calculate IP checksum on completed header */
    iph->check = csum((unsigned short *)(sendbuf+sizeof(struct ether_header)), sizeof(struct iphdr)/2);

    struct udphdr *udph = (struct udphdr *) (sendbuf + sizeof(struct iphdr) + sizeof(struct ether_header));
    /* UDP Header */
    udph->source = htons(3423);
    udph->dest = htons(5342);
    udph->check = 0; // skip
    tx_len += sizeof(struct udphdr);
    /* Packet data */
    sendbuf[tx_len++] = 0xde;
    sendbuf[tx_len++] = 0xad;
    sendbuf[tx_len++] = 0xbe;
    sendbuf[tx_len++] = 0xef;

    /* Length of IP payload and header */
    iph->tot_len = htons(tx_len - sizeof(struct ether_header));
    /* Length of UDP payload and header */
    udph->len = htons(tx_len - sizeof(struct ether_header) - sizeof(struct iphdr));

    /* Index of the network device */
    socket_address.sll_ifindex = if_idx.ifr_ifindex;
    /* Address length*/
    socket_address.sll_halen = ETH_ALEN;
    /* Destination MAC */
    socket_address.sll_addr[0] = MY_DEST_MAC0;
    socket_address.sll_addr[1] = MY_DEST_MAC1;
    socket_address.sll_addr[2] = MY_DEST_MAC2;
    socket_address.sll_addr[3] = MY_DEST_MAC3;
    socket_address.sll_addr[4] = MY_DEST_MAC4;
    socket_address.sll_addr[5] = MY_DEST_MAC5;

    /* Send packet */
    if (sendto(sockfd, sendbuf, tx_len, 0, (struct sockaddr*)&socket_address, sizeof(struct sockaddr_ll)) < 0)
        printf("Send failed\n");

    return 0;

}

Do I need to enable any thing further? Kindly help me if anything is missing. Your help is appriciated

Thanks, Vasu.

RAW UDP Packets are getting dropped at linux bridge connected to VM tap interface

Hello,

I am trying to send raw udp packet from one instance to another instance in OpenStack. Even though TCP/UDP communication enabled in security groups, still packets are getting dropped at the linux bridge connected to VM tap interface

I am able to send and recieve the udp packets using udp_server & udp_client socket communication which inturn uses AF_INET as socket domain, but in my case i am using AF_PACKET as socket domain.

I am successfully able to send packets between two VMs managed by VMware vsphere using the same program. Even in the case where OpenDaylight integrated with OpenStack, I am able send packets because there won't be any linux bridge present in environment.

This issue is occurring only with VMs running in pure OpenStack setup.

Below is the program that i am running.

include <arpa inet.h="">

include <linux if_packet.h="">

include <stdio.h>

include <string.h>

include <stdlib.h>

include <sys ioctl.h="">

include <sys socket.h="">

include <net if.h="">

include <netinet ether.h="">

include <netinet ip.h="">

include <netinet udp.h="">

define MY_DEST_MAC0 0xFA

define MY_DEST_MAC1 0x16

define MY_DEST_MAC2 0x3E

define MY_DEST_MAC3 0xE0

define MY_DEST_MAC4 0x40

define MY_DEST_MAC5 0x94

define DEFAULT_IF "eth0"

define BUF_SIZ 1024

unsigned short csum(unsigned short *buf, int nwords) { unsigned long sum; for(sum=0; nwords>0; nwords--) sum += *buf++; sum = (sum >> 16) + (sum &0xffff); sum += (sum >> 16); return (unsigned short)(~sum); }

int main(int argc, char *argv[]) { int sockfd; struct ifreq if_idx; struct ifreq if_mac; int tx_len = 0; char sendbuf[BUF_SIZ]; struct ether_header *eh = (struct ether_header *) sendbuf; //struct iphdr *iph = (struct iphdr *) (sendbuf + sizeof(struct ether_header)); struct sockaddr_ll socket_address; char ifName[IFNAMSIZ];

    /* Get interface name */
    if (argc > 1)
            strcpy(ifName, argv[1]);
    else
            strcpy(ifName, DEFAULT_IF);

    /* Open RAW socket to send on */
    if ((sockfd = socket(AF_PACKET, SOCK_RAW, IPPROTO_RAW)) == -1) {
        perror("socket");
    }
    /* Get the index of the interface to send on */
    memset(&if_idx, 0, sizeof(struct ifreq));
    strncpy(if_idx.ifr_name, ifName, IFNAMSIZ-1);
    if (ioctl(sockfd, SIOCGIFINDEX, &if_idx) < 0)
        perror("SIOCGIFINDEX");
    /* Get the MAC address of the interface to send on */
    memset(&if_mac, 0, sizeof(struct ifreq));
    strncpy(if_mac.ifr_name, ifName, IFNAMSIZ-1);
    if (ioctl(sockfd, SIOCGIFHWADDR, &if_mac) < 0)
        perror("SIOCGIFHWADDR");
    /* Construct the Ethernet header */
    memset(sendbuf, 0, BUF_SIZ);
    /* Ethernet header */
    eh->ether_shost[0] = ((uint8_t *)&if_mac.ifr_hwaddr.sa_data)[0];
    eh->ether_shost[1] = ((uint8_t *)&if_mac.ifr_hwaddr.sa_data)[1];
    eh->ether_shost[2] = ((uint8_t *)&if_mac.ifr_hwaddr.sa_data)[2];
    eh->ether_shost[3] = ((uint8_t *)&if_mac.ifr_hwaddr.sa_data)[3];
    eh->ether_shost[4] = ((uint8_t *)&if_mac.ifr_hwaddr.sa_data)[4];
    eh->ether_shost[5] = ((uint8_t *)&if_mac.ifr_hwaddr.sa_data)[5];
    eh->ether_dhost[0] = MY_DEST_MAC0;
    eh->ether_dhost[1] = MY_DEST_MAC1;
    eh->ether_dhost[2] = MY_DEST_MAC2;
    eh->ether_dhost[3] = MY_DEST_MAC3;
    eh->ether_dhost[4] = MY_DEST_MAC4;
    eh->ether_dhost[5] = MY_DEST_MAC5;
    /* Ethertype field */
    printf("%x\n",eh->ether_shost[0]);
    eh->ether_type = htons(ETH_P_IP);
    tx_len += sizeof(struct ether_header);

    struct iphdr *iph = (struct iphdr *) (sendbuf + sizeof(struct ether_header));
    /* IP Header */
    iph->ihl = 5;
    iph->version = 4;
    iph->tos = 16; // Low delay
    iph->id = htons(54321);
    iph->ttl = 64; // hops
    iph->protocol = 17; // UDP
    /* Source IP address, can be spoofed */
    //iph->saddr = inet_addr(inet_ntoa(((struct sockaddr_in *)&if_ip.ifr_addr)->sin_addr));
    iph->saddr = inet_addr("20.0.0.3");
    /* Destination IP address */
    iph->daddr = inet_addr("20.0.0.4");
    tx_len += sizeof(struct iphdr);
    /* Calculate IP checksum on completed header */
    iph->check = csum((unsigned short *)(sendbuf+sizeof(struct ether_header)), sizeof(struct iphdr)/2);

    struct udphdr *udph = (struct udphdr *) (sendbuf + sizeof(struct iphdr) + sizeof(struct ether_header));
    /* UDP Header */
    udph->source = htons(3423);
    udph->dest = htons(5342);
    udph->check = 0; // skip
    tx_len += sizeof(struct udphdr);
    /* Packet data */
    sendbuf[tx_len++] = 0xde;
    sendbuf[tx_len++] = 0xad;
    sendbuf[tx_len++] = 0xbe;
    sendbuf[tx_len++] = 0xef;

    /* Length of IP payload and header */
    iph->tot_len = htons(tx_len - sizeof(struct ether_header));
    /* Length of UDP payload and header */
    udph->len = htons(tx_len - sizeof(struct ether_header) - sizeof(struct iphdr));

    /* Index of the network device */
    socket_address.sll_ifindex = if_idx.ifr_ifindex;
    /* Address length*/
    socket_address.sll_halen = ETH_ALEN;
    /* Destination MAC */
    socket_address.sll_addr[0] = MY_DEST_MAC0;
    socket_address.sll_addr[1] = MY_DEST_MAC1;
    socket_address.sll_addr[2] = MY_DEST_MAC2;
    socket_address.sll_addr[3] = MY_DEST_MAC3;
    socket_address.sll_addr[4] = MY_DEST_MAC4;
    socket_address.sll_addr[5] = MY_DEST_MAC5;

    /* Send packet */
    if (sendto(sockfd, sendbuf, tx_len, 0, (struct sockaddr*)&socket_address, sizeof(struct sockaddr_ll)) < 0)
        printf("Send failed\n");

    return 0;

}

Do I need to enable any thing further? Kindly help me if anything is missing. Your help is appriciated

Thanks, Vasu.