PoC: use ip route
to read IPv6 routes instead of /proc
#3275
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note: This is a proof-of-concept only, handling just IPv6 routes at the moment (although it would be almost exactly same code for IPv4 too), and only tested on Arch (iproute2 v5.13, python v3.9). The intent is to check whether this approach would be suitable for scapy.
The legacy /proc/net interface has several disadvantages:
For example, my system has ~60 routes in the 'main' table and ~120K routes in the 'inet' table. It is useless for scapy to scan routes from non-default tables because it does not process policy rules anyway; it would be better if it only looked at the 'main' table.
With netlink it is possible to request a filtered dump (even though getting the complete dump is already reasonably fast), but /proc/net does not even have an indication of which table a route belongs to.)
Of course, it would be much better to use a native Python netlink module instead of shelling out to
ip
(especially considering that the-json
option only became available last year), but I honestly don't know which one to use, and even the current approach shows quite an improvement:(The small differences in route count come mostly from BGP announcements and withdrawals happening between dumps.)
Ref: #2133