lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 4 Jul 2011 16:24:11 +0300
From:	Adam Katz <adamkatz0@...il.com>
To:	jhs@...atatu.com
Cc:	netdev@...r.kernel.org
Subject: Re: libpcap and tc filters

ok, I checked now and the packets sent by tcpreplay are identical to
the ones captured originally by wireshark.

I'm using the stock ubuntu 10.04 kernel that wasn't compiled with
CONFIG_CLS_U32_PERF so sudo tc -s filter ls dev eth1 shows nothing
useful (and i'm not sure that recompiling the entire kernel is worth
it to tell me what I already know - that these packets missed the
filters... but i'm willing to do it if you think that'll help).
Anyway, I suspect the problem to be something else - I suspect that
the packets sent using tcpreplay simply skip the filters in the kernel
and are being injected somewhere afterwards. But this theory is
problematic since I find it strange that the packets do end up in the
default queue after all - hence they ARE seen by tc and they don't
skip tc entirely.

On Mon, Jul 4, 2011 at 4:05 PM, jamal <hadi@...erus.ca> wrote:
> On Mon, 2011-07-04 at 15:37 +0300, Adam Katz wrote:
>> here's a more concrete example:
>>
>> An example configuration:
>>
>>       sudo tc qdisc add dev eth1 root handle 1: prio priomap 2 2 2 2 2 2 2
>> 2 2 2 2 2 2 2 2 2
>>       sudo tc qdisc add dev eth1 parent 1:1 handle 10: pfifo
>>       sudo tc qdisc add dev eth1 parent 1:2 handle 20: pfifo
>>       sudo tc qdisc add dev eth1 parent 1:3 handle 30: pfifo
>>       sudo tc filter add dev eth1 protocol ip parent 1: prio 1 u32 match ip
>> dport 22 0xffff flowid 1:1
>>       sudo tc filter add dev eth1 protocol ip parent 1: prio 1 u32 match ip
>> sport 22 0xffff flowid 1:1
>>       sudo tc filter add dev eth1 protocol ip parent 1: prio 2 u32 match ip
>> dport 80 0xffff flowid 1:2
>>       sudo tc filter add dev eth1 protocol ip parent 1: prio 2 u32 match ip
>> sport 80 0xffff flowid 1:2
>
>
> looks fine.
>
>> I then used scp to copy a small file between computers while capturing
>> with wireshark:
>>
>> http://dl.dropbox.com/u/3237005/port22example.pcap
>>
>> and later I replayed the same capture using tcpreplay.
>> When using scp, the packets once again ended up where they should be
>> (1:1 in this configuration). With tcpreplay they ended up in the
>> default 1:3
>
> Where is the capture from tcpreplay? What i was asking is you validate
> that the capture before and what is sent out by tcprelay look the same.
> Can you please do that?
> It is possible because your filters are not matched they end up on your
> default queue based on tos value.
>
> If you have your kernel compiled with CONFIG_CLS_U32_PERF you should
> see when the filters get hit as well
> (do something like sudo tc -s filter ls dev eth1)
>
>
> cheers,
> jamal
>
>
>
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ