lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 05 Jul 2011 08:47:01 -0400 From: jamal <hadi@...erus.ca> To: Adam Katz <adamkatz0@...il.com> Cc: netdev@...r.kernel.org Subject: Re: libpcap and tc filters On Tue, 2011-07-05 at 06:56 -0400, jamal wrote: > I downloaded tcpreplay and reproduced the issue with your rules. > Will look into it.. Ok - found out whats going on. tcprelay sendpacket_open_pf() does bind to ETH_P_ALL. You are sending IP packets (the name tcpreplay is misleading, this thing replays anything). Your filters are for ip packets as in: --- sudo tc filter add dev eth0 protocol ip parent 1: prio 1 u32 match ip dport 22 0xffff flowid 1:1 --- You have two options: 1) If you change that to capture ETH_P_ALL it works. i.e --- sudo tc filter add dev eth0 protocol all parent 1: prio 1 u32 match ip dport 22 0xffff flowid 1:1 --- Of course this is nasty if you are in a busy network, because _all_ packets not just ip will look at your filters. If it is just an experimental setup, it may be a non-issue 2) Change tcpreplay to take an additional option so it binds to ETH_P_IP (and default stays as is today). The authors of the app may not like that option - but it is sensible if you know you are replaying ip packets. cheers, jamal -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists