lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Oct 2009 21:59:11 +0200 From: Jarek Poplawski <jarkao2@...il.com> To: Denys Fedoryschenko <denys@...p.net.lb> Cc: hadi@...erus.ca, netdev@...r.kernel.org Subject: Re: kernel mode pppoe ppp if + ifb + mirred redirect, ethernet packets in ifb?! On Wed, Oct 14, 2009 at 09:11:55PM +0200, Jarek Poplawski wrote: > Denys Fedoryschenko wrote, On 10/13/2009 12:44 AM: > ... > > As i understand, for pppoe case, he can just skip offset for ethernet and > > pppoe header, and he can filter by ip, or not? > > Current way is maybe better, cause someone who want to count everything with > > ethernet and pppoe headers - can, and who want without - also can (by setting > > offset , just a bit more difficult. > > > > Like > > /sbin/tc filter add dev eth1 protocol 0x8864 parent 2:0 prio 1 u32 \ > > match u32 0x$IPREMOTE_HEX 0xffffffff at 24 flowid 2:$ID > > (found in LARTC) > > Maybe I miss something, but generally (for IP, TCP etc. matches) it > should work "as usual". I think you and those other users you quoted > were mislead by that tcpdump on ifb. Probably in some configs you > might needed this 'protocol 0x8864' or 'protocol all'. You should > see it on ppp's tcpdump then, like yours: Hmm... Of course, like yours, where we can't see it ;-) so 'protocol ip' is enough. > > > PPPoE_146 ~ # tcpdump -ni ppp0 -e -vvv -s 1500 -c 4 > > tcpdump: WARNING: > > tcpdump: listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size > > 1500 bytes > > 17:03:17.015598 Out ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 111, id BTW, let's note this 'protocol 0x8864' was used with dev eth1, so it's a different case. Jarek P. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists