Mailing List Archive: vpnc: devel

Detect routing table changes

Index | Next | Previous | View Threaded

despen at verizon

Nov 14, 2009, 6:27 AM

Post #1 of 6 (1633 views)
Permalink

Detect routing table changes

I'm using vpnc to connect to a Nortel VPN from Linux.
The Nortel Client detects changes to the clients routing
table and blocks the change or disconnects when the routing table
changes.

Has anyone come up with a way to duplicate that behavior?

I'm thinking of modifying the source to save a copy of the
routing table after it's set up, then periodically getting a new
copy and comparing the 2 tables. I'd rather be able to directly
detect changes but I don't see any API for that.

Any help or advice appreciated.

Thanks.
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

borneo.antonio at gmail

Nov 14, 2009, 7:08 AM

Post #2 of 6 (1562 views)
Permalink

Re: Detect routing table changes [In reply to]

Ciao Dan,

in Linux the easiest way I can find is to check the content of /proc/net/route
The command /sbin/route just formats and prints its content.

In theory you could monitor file changes with "inotify", but I expect
it should not work for virtual files in /proc/
For sure you can compute an hash of /proc/net/route content, and check
it over and over.

No idea how to make this portable to other architectures.

Best Regards,
Antonio Borneo

On Sat, Nov 14, 2009 at 10:27 PM, <despen [at] verizon> wrote:
>
> I'm using vpnc to connect to a Nortel VPN from Linux.
> The Nortel Client detects changes to the clients routing
> table and blocks the change or disconnects when the routing table
> changes.
>
> Has anyone come up with a way to duplicate that behavior?
>
> I'm thinking of modifying the source to save a copy of the
> routing table after it's set up, then periodically getting a new
> copy and comparing the 2 tables. I'd rather be able to directly
> detect changes but I don't see any API for that.
>
> Any help or advice appreciated.
>
> Thanks.
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

jengelh at medozas

Nov 14, 2009, 8:18 AM

Post #3 of 6 (1571 views)
Permalink

Re: Detect routing table changes [In reply to]

On Saturday 2009-11-14 16:08, Antonio Borneo wrote:

>Ciao Dan,
>
>in Linux the easiest way I can find is to check the content of /proc/net/route
>The command /sbin/route just formats and prints its content.
>
>In theory you could monitor file changes with "inotify", but I expect
>it should not work for virtual files in /proc/

procfs does not support inotify AFAICR. What you can try is using

ip monitor route

Which (/sbin/ip) is btw better than net-tools's route anyhow.
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

dwmw2 at infradead

Nov 14, 2009, 11:40 AM

Post #4 of 6 (1571 views)
Permalink

Re: Detect routing table changes [In reply to]

On Sat, 2009-11-14 at 09:27 -0500, despen [at] verizon wrote:
>
> I'm thinking of modifying the source to save a copy of the
> routing table after it's set up, then periodically getting a new
> copy and comparing the 2 tables. I'd rather be able to directly
> detect changes but I don't see any API for that.

Netlink.

--
dwmw2

_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

despen at verizon

Nov 14, 2009, 1:56 PM

Post #5 of 6 (1560 views)
Permalink

Re: Detect routing table changes [In reply to]

David Woodhouse <dwmw2 [at] infradead> writes:

> On Sat, 2009-11-14 at 09:27 -0500, despen [at] verizon wrote:
>>
>> I'm thinking of modifying the source to save a copy of the
>> routing table after it's set up, then periodically getting a new
>> copy and comparing the 2 tables. I'd rather be able to directly
>> detect changes but I don't see any API for that.
>
> Netlink.

Hmm, never heard of it. Just gave it a quick try,
(code below).

What does it do? I found some sample code then added groups
for route add, delete, get, then did some route, route add, route del
commands but got no messages.

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

#include <asm/types.h>
#include <sys/socket.h>
#include <linux/netlink.h>

#include <linux/rtnetlink.h>

struct sockaddr_nl sa;
#define handle_error(msg) \
do { perror(msg); exit(EXIT_FAILURE); } while (0)

void read_msgs( );
int fd;

int main (int argc, char *argv[])
{
int rc;
memset (&sa, 0, sizeof(sa));
sa.nl_family = AF_NETLINK;
sa.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR | RTM_NEWROUTE | RTM_DELROUTE | RTM_GETROUTE;

fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
rc = bind(fd, (struct sockaddr*)&sa, sizeof(sa));
if (rc == -1) {
handle_error("bind");
}
read_msgs();

return 0;
}

void read_msgs(void)
{
int len;
char buf[4096];
struct iovec iov = { buf, sizeof(buf) };
struct msghdr msg = { (void *)&sa, sizeof(sa), &iov, 1, NULL, 0, 0 };
struct nlmsghdr *nh;

printf("enter recvmsg\n");
len = recvmsg (fd, &msg, 0);
printf("got recvmsg");

for (nh = (struct nlmsghdr *) buf;
NLMSG_OK (nh, len);
nh = NLMSG_NEXT (nh, len)) {
/* The end of multipart message. */
if (nh->nlmsg_type == NLMSG_DONE)
return;

if (nh->nlmsg_type == NLMSG_ERROR) {
printf("Error\n");
/* Do some error handling. */
/* Continue with parsing payload. */
}
}
}

_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

jengelh at medozas

Nov 14, 2009, 2:59 PM

Post #6 of 6 (1566 views)
Permalink

Re: Detect routing table changes [In reply to]

On Saturday 2009-11-14 22:56, despen [at] verizon wrote:
>David Woodhouse <dwmw2 [at] infradead> writes:
>
>> On Sat, 2009-11-14 at 09:27 -0500, despen [at] verizon wrote:
>>>
>>> I'm thinking of modifying the source to save a copy of the
>>> routing table after it's set up, then periodically getting a new
>>> copy and comparing the 2 tables. I'd rather be able to directly
>>> detect changes but I don't see any API for that.
>>
>> Netlink.
>
>Hmm, never heard of it. Just gave it a quick try,
>(code below).
>What does it do? I found some sample code then added groups
>for route add, delete, get, then did some route, route add, route del
>commands but got no messages.

It does work. Like I said in this thread before - look at iproute
(and/or its source; uses netlink):

# ip monitor route &
# modprobe dummy
# ip link set dev dummy0 up
ff00::/8 dev if8 table local metric 256 mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev if8 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
local fe80::b080:80ff:fec7:f731 via :: dev lo table local proto none metric
0 mtu 16436 advmss 16376 hoplimit 0
# ip route add 192.168.15.1/32 dev dummy0
192.168.15.1 dev if8 scope link
# ip r d 192.168.15.1/32 dev dummy0
Deleted 192.168.15.1 dev if8 scope link
# ip a a 192.168.15.0/24 dev dummy0
192.168.15.0/24 dev if8 proto kernel scope link src 192.168.15.0
broadcast 192.168.15.0 dev if8 table local proto kernel scope link src
192.168.15.0
broadcast 192.168.15.255 dev if8 table local proto kernel scope link src
192.168.15.0

_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads