lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 9 Jun 2009 14:30:31 -0500
From:	Brent Cook <bcook@...intsys.com>
To:	Gil Beniamini <gil.beniamini@...il.com>
Cc:	Patrick McHardy <kaber@...sh.net>,
	David Miller <davem@...emloft.net>,
	linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: SOCK_RAW does not receive broadcast (with VLAN unless PROMISC)

On Tuesday 09 June 2009 08:08:01 am Gil Beniamini wrote:
> Patrick,
> On the specific NIC (eth1) no vlan is defined, and in the new Linux
> the application receive NOTHING at all. In order to debug, I start
> "wireshark as root" and "wireshark" set PROMISC on, and the
> application start receive the raw packets as expected. Later I started
> setting PROMISC by my application, and it can receive the packets even
> when "wireshark" is not running.
> The problem that I have with PROMISC mode, is that I need to do the
> irelevant  unicast filtering in software rather than get it from the
> hardware (as it works in old kernel 2.6.20).
> Thanks a lot, Gil

One solution is to attach a BPF filter to the socket. Then you will only 
receive packets for whatever you are filtering. This is still in software, but 
it is higher up in the abstraction, and undoubtedly more efficient than doing 
it at the app level.

Simply compile the BPF program you wish to filter, e.g:

# tcpdump -dd vlan 4
{ 0x28, 0, 0, 0x0000000c },
{ 0x15, 0, 4, 0x00008100 },
{ 0x28, 0, 0, 0x0000000e },
{ 0x54, 0, 0, 0x00000fff },
{ 0x15, 0, 1, 0x00000004 },
{ 0x6, 0, 0, 0x00000060 },
{ 0x6, 0, 0, 0x00000000 },

Then attach it to your socket:

    struct sock_filter filter[] = {
      { 0x28, 0, 0, 0x0000000c },
      { 0x15, 0, 4, 0x00008100 },
      { 0x28, 0, 0, 0x0000000e },
      { 0x54, 0, 0, 0x00000fff },
      { 0x15, 0, 1, 0x00000004 },
      { 0x6, 0, 0, 0x00000060 },
      { 0x6, 0, 0, 0x00000000 },
    };

    struct sock_fprog inbound_filter = {
        .len = 7, .filter = filter
    };

    if (setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER,
        &inbound_filter, sizeof(inbound_filter)) < 0) {
        return -1;
    }

Also, note, you can easily set promiscuous mode directly with socket opts too. 
If you're more curious, just look at libpcap source.

 - Brent
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ