Libipq problems... - Michael Forrest

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Michael Forrest" <michael@erg.abdn.ac.uk>
To: netfilter@lists.netfilter.org
Subject: Libipq problems...
Date: Wed, 21 May 2003 12:23:24 +0100	[thread overview]
Message-ID: <000201c31f8b$64eec270$66cf858b@ENTERPRISE> (raw)

Hi all,

I was wondering if anyone had seen a similar problem to the one am
having? Its more than likely a simple issue, but just cant seem to
figure it out at the mo. I'm connecting two machines to a hub and the
hub is then connected onwards into the network. The machine that I wish
to see all traffic has the promisc mode on the interface and should see
all traffic.

I'm using a QUEUE target with an appropriate program for receiving the
packets in userspace, I'm almost 100% certain the program works. It
works for loopback cases and receives all other traffic I throw at it.
Locally generated traffic is seen by the QUEUE module...although other
traffic on the hub is not seen by the QUEUE module. It sees only
broadcast messages and multicast, but no unicast.

I'm adding a hook to the mangle table on the PREROUTING chain as follows
:-

	iptables -t mangle -I PREROUTING -j QUEUE

This should queue anything......from my understanding of the iptables
command syntax.

Watching the physical packet counts on the mangle chains, they don't
increment by much...usually only a few packets here and there, which are
network broadcasts or multicast packets from other machines.

The strange part is, if I run tcpdump on the machine or use pcap for
packet capture. All packets are seen by the machine on tcpdump/or
pcap...although the QUEUE module only sees the packets I mentioned
above.

Is this normal or have I missed something here??

Thanks,

Michael.

--
[root@atlantis root]# ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:04:76:DD:BD:3A  
          inet addr:192.168.0.103  Bcast:192.168.0.255
Mask:255.255.255.0
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:201616 errors:0 dropped:0 overruns:1 frame:0
          TX packets:86807 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:229546583 (218.9 Mb)  TX bytes:7732765 (7.3 Mb)
          Interrupt:11 Base address:0xdc00 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:94 errors:0 dropped:0 overruns:0 frame:0
          TX packets:94 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:6307 (6.1 Kb)  TX bytes:6307 (6.1 Kb)
--

next             reply	other threads:[~2003-05-21 11:23 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-05-21 11:23 Michael Forrest [this message]
2003-05-21 18:39 ` Libipq problems Alexander Demenshin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='000201c31f8b$64eec270$66cf858b@ENTERPRISE' \
    --to=michael@erg.abdn.ac.uk \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.