lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 9 Oct 2007 12:17:52 +0400
From:	Evgeniy Polyakov <johnpol@....mipt.ru>
To:	Joakim Tjernlund <joakim.tjernlund@...nsmode.se>
Cc:	"'Herbert Xu'" <herbert@...dor.apana.org.au>,
	netdev@...r.kernel.org
Subject: Re: raw PF_PACKET protocol selection

On Tue, Oct 09, 2007 at 09:51:25AM +0200, Joakim Tjernlund (joakim.tjernlund@...nsmode.se) wrote:
> On Tue, 2007-10-09 at 11:34 +0400, Evgeniy Polyakov wrote:
> > On Tue, Oct 09, 2007 at 09:27:38AM +0200, Joakim Tjernlund (joakim.tjernlund@...nsmode.se) wrote:
> > > > Did you change eth_type_trans() to catch your proto?
> > > > 
> > > 
> > > Just fond out something:
> > > if I redirect my prog like so:
> > > ./sniff > log
> > > and press Ctrl-C after a packet has been sent to it, 
> > > it does NOT work. I don't get ANY output in my "log" file, not
> > > even the printf("---------\n") appears.
> > > But if I run whithout redirect it works(at least with ETH_P_BPQ)
> > > Anyone else see this too?
> > 
> > I only tested with IP and ARP packets - I can not say when packet was
> > actually received and written to log, but it does start filling up, but
> > maybe not immediately - it can be output buffering in shell though.
> 
> Did you receive many packets? Seems like when I receive just 1 or 2 pkgs
> I get the empty log. If I strace ./sniff > log I see that recvfrom gets
> pkgs, but there are no trace of writes. I guess this
> is a bash(3.2_p17) or glibc(2.5.-r4) bug?

I received 1396 bytes of logs before terminated, which is 27 ARP packets, 
so there is quite big number of packet there. 
Your application works correctly (although you swapped source and
destination ethernet fields) - buffered writing is not a bug,
if you do not like it, use write(2), mmap(2) or turn buffering off as
Herbert suggested. To get packets with your own ethernet protocol number
you have to change eth_type_trans() function in kernel, which parses
ethernet header and returns protocol number, under some conditions it
will just return your number automatically, but you should check it.

-- 
	Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ