lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 9 Sep 2009 06:12:39 -0700 (PDT)
From:	Xiaofei Wu <xiaofei_wu08@...oo.com>
To:	hadi@...erus.ca
Cc:	linux netdev <netdev@...r.kernel.org>
Subject: Re: [iproute2] tc action mirred    question


I did an experiment. It seems that something is wrong.



>> (1) Could I use  pedit action to modify the dst MAC, so the destination node D will accept it, 
>> then forward it to node C?  

>Yes, you can achieve it with pedit; 
>it is as usable as u32 is - you have to know your offsets
>example, here's something done on an incoming packet:
=-=
#Note:
#dst MAC starts at -14
#src MAC at -8
#ethertype at -2
#
>
>

  A
 /  \
B  D
 \  /
  C
A: eth0,  IP 192.168.1.242
     waln1,  IP 192.168.2.200  ,MAC  00 23 cd af d0 74

D:  wlan1, IP  192.168.2.11, MAC 00 23 cd af ec da
     wlan2, IP 192.168.4.11

On node A,
1) run 'tc qdisc add dev eth0 handle 1: root prio'

2) run 'tc filter add dev eth0 parent 1: protocol ip prio 10 u32 \
match ip src 192.168.1.0/24 flowid 1:16 \
action mirred egress mirror dev wlan1'

Node A sent some packets to C. (path: A-B-C)
I can use 'tcpdump -i wlan1 -e' to capture the packets from eth0  (node A),  but I can't forward the mirroring packets to D, (then D forwards them to C).

3 ) run 'tc filter del dev eth0 parent 1: protocol ip prio 10 u32'
then,
'tc filter add dev eth0 parent 1: protocol ip prio 10 u32 \
match ip src 192.168.1.0/32 flowid 1:16 \
action pedit munge offset -14 u16 set 0x0023 \
munge offset -12 u32 set 0xcdafecda \
munge offset -8 u32 set 0x0023cdaf \
munge offset -4 u32 set 0xd0740800 pipe \
action mirred egress mirror dev wlan1'

After run 'tcpdump -i wlan1 -e', I can not capture any packets.
I change 'mirror' to 'redirect'   ('action mirred egress mirror dev wlan1'),  also capture nothing.
Why?

BTW,
'uname -a'
Linux fedora 2.6.27.30-170.2.82.fc10.i686 #1 SMP Mon Aug 17 08:38:59 EDT 2009
i686 i686 i386 GNU/Linux
iproute2:
iproute-2.6.27-2.fc10.i386


regards,
wu


      

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ