1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
This is a short technical description of the ladvd internals.
Design:
Ladvd will do the least it can get away with at startup (validate the
ladvd-user and call fetch_sysinfo()) and then fork into two processes.
The privileged parent listens for advertisements and performs certain
operations on behalf of the child. The child from its chroot gathers
information, generates packets and receives packets from the parent.
Both are libevent-based to simplify the socket handling needed.
Besides some signal handling the parent has three main entry points:
- parent_send()
Receives, verifies and transmits packets generated by the child.
If needed a new socket will be created via parent_open().
- parent_req()
Receives, verifies and executes requests for privileged operations
by the child. Only a few operations, like interface descriptions or
Ethernet link status, are supported, depending mostly on the
operating system.
- parent_recv()
Receives packets from the network and transmits them on to the child.
The code now uses libpcap which makes it much easier than it used to be.
The main function left is parent_open(), which is called via parent_send()
and which hooks up parent_recv() to the newly generated socket.
Raw sockets are stored in 'rawfd' structures which also store the associated
interface number (ifindex) and interface name. parent_open() calls out to
parent_socket() which uses the rawfd information to create a socket.
parent_socket() also performs various kinds of magic, like adding bpf/socket
filters, to make the opened socket suitable for ladvd. Secondly parent_open()
(like parent_close()) calls parent_multi() to perform multicast registrations
which inform the network interface that we wish to receive various
advertisements.
The child has three main routines as well:
- child_send()
This is the main transmit loop of the child, it runs periodically.
The list of network interfaces is updated dynamically via netif_fetch.
After which media details are fetched for each interface and packets are
transmitted for each (enabled) protocol. At the end of the loop expired
packets are purged from the receive buffer.
- child_queue()
Receives and decodes packets from the parent. Only minimal decoding
is performed to be able to report hostnames and support the ifdescr feature.
- child_cli_accept()
Handles connections from the cli and returns the full list of messages
via child_cli_write.
Debugging:
Newer tcpdump versions contain pretty decent LLDP and CDP dissectors which
can be used to inspect frames directly via the network interface or via
the ladvdc cli. The ladvd tests now read pcap dumps, which makes it a lot
easer to add or re-use captures for various purposes.
To capture LLDP frames use:
tcpdump -vvv -s 1500 ether proto 0x88cc
To capture CDP frames use:
tcpdump -vvv -s 1500 ether host 01:00:0c:cc:cc:cc
To decode the raw frames received by ladvd use:
ladvdc -d | tcpdump -vvv -s 1500 -r -
Ethernet multicast registrations can be viewed via:
Linux: ip maddr show
FreeBSD: netstat -ia
OpenBSD: ifmcstat (via ports)
Protocol Notes:
XXXX
Links:
LLDP:
http://standards.ieee.org/getieee802/download/802.1AB-2005.pdf
http://www.tiaonline.org/standards/technology/voip/documents/ANSI-TIA-1057_final_for_publication.pdf
http://www.ieee802.org/1/pages/802.1AB-rev.html
http://wiki.wireshark.org/LinkLayerDiscoveryProtocol
CDP:
http://wiki.wireshark.org/CDP
http://www.cisco.com/univercd/cc/td/doc/product/lan/trsrb/frames.htm#xtocid12
http://www.cisco.com/en/US/technologies/tk652/tk701/technologies_white_paper0900aecd804cd46d.html
Standards:
http://tools.ietf.org/html/rfc3636
http://tools.ietf.org/html/rfc4836
http://www.iana.org/assignments/ianamau-mib
|
