Add support for B.A.T.M.A.N. Advanced

[T-X]

This adds support for the layer 2 mesh routing protocol
B.A.T.M.A.N. Advanced. "batadv" can be used to filter on batman-adv
packets. It also allows later filters to look at frames inside the
tunnel when both "version" and "type" are specified.

Documentation for the batman-adv protocol can be found at the following
locations:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/networking/batman-adv.rst
https://www.open-mesh.org/

Signed-off-by: Linus Lüssing <[email protected]>

[T-X]

One remark: pcap/batadv_packet.h and pcap/batadv_legacy_packet.h are basically copies from the Linux kernel and are therefore GPLv2 licensed. Let me know if that's okay for you or if I should ask the other maintainers and contributors for a BSD-3-Clause (compatible) dual-license for these two header files.

[infrastation]

Thank you for preparing this feature. Neither macOS nor FreeBSD like the new Linux-specific headers. As you mentioned, these are GPL, also the amount of filter-specific code seems to be much smaller than the amount of declarations. So it might be worth to consider if the new code could have just the declarations it needs, then it would be simpler to make these portable and have the same licence as the rest of libpcap. Other opinions are welcome.

[guyharris]

So it might be worth to consider if the new code could have just the declarations it needs, then it would be simpler to make these portable and have the same licence as the rest of libpcap. Other opinions are welcome.

My opinion can be summarized as "+1". :-)

I.e., no GPLed code, please.

[guyharris]

None of those three headers are available on all the operating systems on which libpcap operates. (Note that one of those operating systems is Windows.)

Find a way not to use them.

[guyharris]

No GPLed code, please.

[guyharris]

Here's a tarball containing a patch, pcap/batadv_legacy_packet.h, and pcap/batadv_packet.h. The patch is a variant of your change that compiles on macOS Catalina and Xcode 11.7, so it rips out enough Linuxisms to get it to compile there, at least.

It also gets rid of all #pragma pack stuff (not all compilers necessarily support it), instead declaring 2-byte and 4-byte integral values as arrays of uint8_t of the appropriate length.

Do those headers need to be part of the libpcap distribution, rather than being internal to the libpcap source?

tarfile.gz

[T-X]

Thanks for the great feedback!

Changelog v2:

• changes to batadv_{legacy_,}packet.h:
  • integrated @guyharris' suggested changes: removal of #pragma packed(2), bitfield endianess #ifdefs, Linux specific includes, unused definitions, conversion to uint8_t only
  • further removed kernel doc comments and instead added a small note to consult the Linux kernel version for a complete definition
  • changed the license to BSD-3 for these new, tiny versions
  • moved these two header files from the pcap directory to the root directory
  • shortened the include guards, the UAPI directory for instance was Linux specific

[T-X]

Changelog v3:

• removed unused variables "s" and "b1" in gen_batadv() to satisfy the AppVeyor CI / Visual Studio builds

[infrastation]

Passed FreeBSD build this time, that's better. One other thing that would complement this feature is some tcpdump test(s) to flex the new keywords. Do you have enough batman packets with the right protocol fields?

[T-X]

Changelog v4:

• changed offset parameter of gen_batadv_push_offset() from size_t to u_int and added according type cast on callers, to make AppVeyor CI / Visual Studio happy

[T-X]

@infrastation sure, generating some test packets is no issue, can do that next weekend. According tests need to be added to the tcpdump repository in a separate commit over there, right?

[infrastation]

Yes, that's correct, and the tests will not pass until this feature has been merged, but eventually it would be consistent.

[T-X]

Some simple tests for tcpdump for the batman-adv version 15 packet types and their decoding offsets can be found here: the-tcpdump-group/tcpdump#891

[infrastation]

Thank you. For what it's worth, I have just looked through the proposed changes one more time and could not find any immediate issues to fix (which does not automatically mean everything is good, but still). Other reviewers are welcome.

[T-X]

I'm a bit hesitant to ask, as I can see with all the frequent commits that everyone is very eagerly working on libpcap/tcpdump. But any chance to get this merged? Would help me adding it to the collaborative projects I would want to use this in. Which are usually reluctant in adding changes that are not upstream yet.

[mcr]

Hi, @fenner , you've been down the pcap compiler space more than I, do you have any final comments before I merge this?

[guyharris]

This should probably call bpf_set_error() to report that $1 is an unsupported batman-adv version.

[T-X]

Thanks! I've added an according error message with bpf_set_error().

[fxlb]

Rebased. "All checks have failed" => There are some errors fo fix.

[AiyionPrime]

@fxlb Have you gotten any feedback from @guyharris on this?
It's been another four months; is there anything I can provide to get this thing moving forward?

[fxlb]

The current types/sub-types in libpcap filter syntax use "-" and not "_".

Examples:

wlan:   
assoc-req,  assoc-resp, ...

The  following   ICMP   type   field   values   are   available:
icmp-echoreply,  icmp-unreach, ...

The  following  ICMPv6  type   field   values   are   available:
icmp6-destinationunreach, icmp6-packettoobig, ...

The following TCP flags field  values  are  available:  tcp-fin,
tcp-syn, tcp-rst, tcp-push, tcp-ack, tcp-urg, tcp-ece, tcp-cwr.

Thus for batman-adv packet types,

The following packet type aliases are available for compat  ver-
sion  14:  iv_ogm,  unicast-frag (?), tt_query, roam_adv, unicast_4addr.

The following packet type aliases are available for compat  ver-
sion 15: iv_ogm, unicast_frag, unicast_4addr, unicast_tvlv.

it should be better to replace "_" by "-".

[T-X]

Changelog v6:

• rebased to current master (no changes)
• changed all packet sub-type aliases to use hyphens instead of underscores and updated manpage accordingly

[T-X]

Changelog v7:

• rebased to current master branch
• added new batman-adv multicast packet type, introduced in batman-adv v2024.0

[T-X]

I would also like to add the correct offset to the batadv_mcast_packet type, which has a variable payload offset. I would need to add the contents of the two bytes tvlv_len field to the offset:
https://git.open-mesh.org/batman-adv.git/blob/9e1f3974cca1fc0866793076684ea0f5c2649412:/include/uapi/linux/batadv_packet.h#l509

My tries so far were not successful with this, I might need some help/guidance for that.

[T-X]

Changelog v8:

• removed mention of BATADV_UNICAST_TVLV from gen_batadv_offsets_v15(): currently a batman-adv unicast tvlv packets do not carry/support any payload frames, it only contains TVLVs, therefore removing it from offset considerations
• added a new patch to take variable length offsets, the tvlv length, in a batman-adv mcast packet into account ("batman-adv: Add offset support to batman-adv mcast packet"), allows using offset adjustments with this packet type, too

[T-X]

Changelog v9:

• removed an implicit cast from size_t to bpf_u_int32 for the field_offset variable in gen_batadv_offsets_v15(), which was added in v8 in the newly added patch

[simonwunderlich]

I would love to see this in tcpdump, too!

@mcr @fenner @infrastation @guyharris any chance you could help getting it merged? It sounded like @mcr was ready to merge it in 2021 already, but it's been stalled since then. Some embedded distributions already took the code as patch in to support their users, but having actually it merged would be great ...