[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: netfilter hook questions

To: Mulyadi Santosa <mulyadi.santosa@xxxxxxxxx>
Subject: Re: netfilter hook questions
From: topi <topi23@xxxxxxxxx>
Date: Thu, 1 Mar 2007 11:27:44 +0100
Cc: "linux-net@xxxxxxxxxxxxxxx" <linux-net@xxxxxxxxxxxxxxx>, "kernelnewbies@xxxxxxxxxxxx" <kernelnewbies@xxxxxxxxxxxx>
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer:mime-version:content-type:content-transfer-encoding; b=mUmzfDmFsfLL4SlP+rMJS1RT11gPqGn3YLc05c1kLbuiyySRSzbhhYqJmCcNKu+Z2BbE21EYDw0ljHmI0IN0g8PrdnAjYBWCKzJ2UtF5l+OEL+QqKkKIWwyzC5qtXZKNbe6hMzGJfWfDbowBAKBh+KtR78i0NOxLMsfc/w5p+Gc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer:mime-version:content-type:content-transfer-encoding; b=BgdIaGCTKCwzj0rX/En1P3CN36Ks2U/u2QV0B7UzS8N6oSSovlvYcLmQ7RjVLSNsBzSEjzoTN+thf7rfFk+SH1AMShFN4Y9Czo2uqWWrsqEHu45VLhZqB6IUyU28a2QbMo1ucUddxyxCU/Rdsw3Fcsw0smEpEymDBSHFrWU6/CA=
In-reply-to: <45E663C3.5000401@gmail.com>
List-archive: <http://mail.nl.linux.org/kernelnewbies/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <kernelnewbies.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:kernelnewbies@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=unsubscribe>
References: <20070225094122.2a0e2058@neser.elpiset.net> <45E663C3.5000401@gmail.com>
Sender: kernelnewbies-bounce@xxxxxxxxxxxx

hi,

El Thu, 01 Mar 2007 12:25:23 +0700
Mulyadi Santosa <mulyadi.santosa@xxxxxxxxx> ha escrit:

> Hi
> > the problem is that with a active RTP flow arriving to the box
> > (tcpdump can see it) my function doesn't get any packet.
> >
> > however, when the same box that is capturing also participates in
> > the RTP flow, it's received correctly in the hook.
> >
> > so, why is not working the promiscuous mode? i'm missing something?
> >   
> I am just adding another "suspect" here. The tcpdump (which is using 
> libpcap) might be operating at layer 2 (data link?), while netfilter 
> operates in layer 3. Since this is just "sniffing", layer 2 of Linux 
> network stack quickly revealed that this packet is not actually for
> your machine, so it it dropped.

yes, it's what now i know, netfilter hooks only get traffic that comes
in layer 3, but i saw that there's a 'promisc' patch (for Linux 2.4) at:

 http://caia.swin.edu.au/cv/szander/netfilter.html

and i don't know if its a similar feature for Linux 2.6, that will be
my solution.

i wrote to netfilter-devel mailing list
(with no results at the moment)

 http://lists.netfilter.org/pipermail/netfilter-devel/2007-February/027134.html


> Maybe, you can observe the code from program like Dug Song's dsniff
> and see how it did the monitoring or even packet interception.

yes, but i need to get this working in kernel space, so it's an
academic work. in addition, the module can block traffic, when running
in a router, and for this reason i implemented it in kernel space. 

thanks for your help,

topi

> regards,
> 
> Mulyadi
> 

--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ

Follow-Ups:
- Re: netfilter hook questions
  - From: Hayim Shaul

References:
- Re: netfilter hook questions
  - From: Mulyadi Santosa

Prev by Date: Re: sock_sendmsg from interrupt context
Next by Date: Re: jiffies
Previous by thread: Re: netfilter hook questions
Next by thread: Re: netfilter hook questions
Index(es):
- Date
- Thread