lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <503B6FA7.8070807@efacec.com>
Date:	Mon, 27 Aug 2012 14:01:27 +0100
From:	Aníbal Almeida Pinto <anibal.pinto@...cec.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
CC:	<netdev@...r.kernel.org>
Subject: Re: Gianfar ethernet drop package

Em 27-08-2012 12:08, Eric Dumazet escreveu:
> On Mon, 2012-08-27 at 11:32 +0100, Aníbal Almeida Pinto wrote:
>
>> I generate the log on the board with tcpdump -i eth0 -w log_eth0.txt and
>> loaded the result on wireshark (on other pc).
>>
>> On the wireshark everything appears to be fine don't have nothing that
>> indicate the protocol isn't supported.
>>
>> On /etc/protocols is a list with protocols, it there is a place where
>> exist a place with protocols supported by kernel ?
>
> So all frames understood by wireshark are also automatically handled by
> your linux machine ? That sounds cool, so we no longer have to add stuff
> in the kernel ?
>
> Let me explain again :
>
> For example, if you dont have IPv6 loaded, IPv6 frames wont be handled,
> and they appear to be dropped. They really are.
>
> If you run tcpdump/wireshark, these frames are at least delivered once
> to a sniffer, so they are not "dropped", even if no protocol handler
> actually reacts to them.

I understand your explanation.

My problem now is to identify why the packages were dropped.

Wireshark report what listen and with ifconfig I only know how many have 
been dropped.

I made a program, inline at the end, that tries to see the sockets that 
I can create on a system, that will give me a idea of what protocol 
handler that I have.

The program isn't complete and the options are a lot ...

Even with this I only can see the log of tcpdump and try to find frames 
that belong to protocols not supported, don't know if there isn't 
another reason, like Softnet backlog full or Bad / Unintended VLAN tags

Is there any way of put tcpdump or other tool to only log the packages 
dropped ?

Thanks

#include <stdio.h>
#include <stdlib.h>

#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/tcp.h>

#include <netdb.h>

#include <errno.h>

struct socket_conf {
	int socket_family; // domain
	int socket_type;
	int protocol;
};


struct socket_conf conf_list[] = {
	{ PF_LOCAL, SOCK_STREAM, 0 },	// Local stream socket
	{ PF_LOCAL, SOCK_DGRAM, 0 },	// Local datagram socket
	{ PF_INET, SOCK_STREAM, IPPROTO_TCP }, // TCP/IP stream socket
	{ PF_INET, SOCK_DGRAM, IPPROTO_UDP}, // UDP datagram socket
	{ PF_UNSPEC, SOCK_DGRAM , 0 },
	{ PF_LOCAL, SOCK_DGRAM , 0 },
	{ PF_UNIX, SOCK_DGRAM , 0 },
	{ PF_FILE, SOCK_DGRAM , 0 },
	{ PF_INET, SOCK_DGRAM , 0 },
//	{ PF_AX, SOCK_DGRAM , 0 },
	{ PF_IPX, SOCK_DGRAM , 0 },
	{ PF_APPLETALK, SOCK_DGRAM , 0 },
	{ PF_NETROM, SOCK_DGRAM , 0 },
	{ PF_BRIDGE, SOCK_DGRAM , 0 },
	{ PF_ATMPVC, SOCK_DGRAM , 0 },
//	{ PF_X, SOCK_DGRAM , 0 },
	{ PF_INET, SOCK_DGRAM , 0 },
	{ PF_ROSE, SOCK_DGRAM , 0 },
	{ PF_DECnet, SOCK_DGRAM , 0 },
	{ PF_NETBEUI, SOCK_DGRAM , 0 },
	{ PF_SECURITY, SOCK_DGRAM , 0 },
	{ PF_KEY, SOCK_DGRAM , 0 },
	{ PF_NETLINK , SOCK_DGRAM , 0 },
	{ PF_ROUTE , SOCK_DGRAM , 0 },
	{ PF_PACKET, SOCK_DGRAM , 0 },
	{ PF_ASH, SOCK_DGRAM , 0 },
	{ PF_ECONET, SOCK_DGRAM , 0 },
	{ PF_ATMSVC, SOCK_DGRAM , 0 },
	{ PF_SNA, SOCK_DGRAM , 0 },
	{ PF_IRDA, SOCK_DGRAM , 0 },
	{ PF_MAX, SOCK_DGRAM , 0 },
	{ AF_UNSPEC  , SOCK_DGRAM , 0 },
	{ AF_LOCAL  , SOCK_DGRAM , 0 },
	{ AF_UNIX  , SOCK_DGRAM , 0 },
	{ AF_FILE , SOCK_DGRAM , 0 },
	{ AF_INET, SOCK_DGRAM , 0 },
	{ AF_AX25, SOCK_DGRAM , 0 },
	{ AF_IPX , SOCK_DGRAM , 0 },
	{ AF_APPLETALK  , SOCK_DGRAM , 0 },
	{ AF_NETROM    , SOCK_DGRAM , 0 },
	{ AF_BRIDGE   , SOCK_DGRAM , 0 },
	{ AF_ATMPVC  , SOCK_DGRAM , 0 },
	{ AF_X25    , SOCK_DGRAM , 0 },
	{ AF_INET6 , SOCK_DGRAM , 0 },
	{ AF_ROSE   , SOCK_DGRAM , 0 },
	{ AF_DECnet  , SOCK_DGRAM , 0 },
	{ AF_NETBEUI  , SOCK_DGRAM , 0 },
	{ AF_SECURITY , SOCK_DGRAM , 0 },
//	{ pseudo_AF_KEY , SOCK_DGRAM , 0 },
	{ AF_NETLINK   , SOCK_DGRAM , 0 },
	{ AF_ROUTE    , SOCK_DGRAM , 0 },
	{ AF_PACKET  , SOCK_DGRAM , 0 },
	{ AF_ASH    , SOCK_DGRAM , 0 },
	{ AF_ECONET , SOCK_DGRAM , 0 },
	{ AF_ATMSVC , SOCK_DGRAM , 0 },
	{ AF_SNA   , SOCK_DGRAM , 0 },
	{ AF_IRDA , SOCK_DGRAM , 0 },
	{ AF_MAX  , SOCK_DGRAM , 0 },
};


int main(int argc, char * argv[]){

	int s, i;
	struct protoent * p;

	setprotoent(0);

	for(i = 0 ; i < sizeof(conf_list) / sizeof(struct socket_conf) ; i++) {

		p = getprotobynumber(conf_list[i].socket_family);

		printf("Index %d", i);

		if(p != NULL)
			printf(" prot %s", p->p_name);

		printf(" : ");	
				fflush(stdout);

		s = socket(conf_list[i].socket_family,
				conf_list[i].socket_type,
				conf_list[i].protocol
				);

		if( s == -1)
			perror("socket()");
		else
			printf("ok\n");

		fflush(stdout);
	}

	endprotoent();

	return 1;
}


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ