* Libipq problems...
@ 2003-05-21 11:23 Michael Forrest
2003-05-21 18:39 ` Alexander Demenshin
0 siblings, 1 reply; 2+ messages in thread
From: Michael Forrest @ 2003-05-21 11:23 UTC (permalink / raw)
To: netfilter
Hi all,
I was wondering if anyone had seen a similar problem to the one am
having? Its more than likely a simple issue, but just cant seem to
figure it out at the mo. I'm connecting two machines to a hub and the
hub is then connected onwards into the network. The machine that I wish
to see all traffic has the promisc mode on the interface and should see
all traffic.
I'm using a QUEUE target with an appropriate program for receiving the
packets in userspace, I'm almost 100% certain the program works. It
works for loopback cases and receives all other traffic I throw at it.
Locally generated traffic is seen by the QUEUE module...although other
traffic on the hub is not seen by the QUEUE module. It sees only
broadcast messages and multicast, but no unicast.
I'm adding a hook to the mangle table on the PREROUTING chain as follows
:-
iptables -t mangle -I PREROUTING -j QUEUE
This should queue anything......from my understanding of the iptables
command syntax.
Watching the physical packet counts on the mangle chains, they don't
increment by much...usually only a few packets here and there, which are
network broadcasts or multicast packets from other machines.
The strange part is, if I run tcpdump on the machine or use pcap for
packet capture. All packets are seen by the machine on tcpdump/or
pcap...although the QUEUE module only sees the packets I mentioned
above.
Is this normal or have I missed something here??
Thanks,
Michael.
--
[root@atlantis root]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:04:76:DD:BD:3A
inet addr:192.168.0.103 Bcast:192.168.0.255
Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:201616 errors:0 dropped:0 overruns:1 frame:0
TX packets:86807 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:229546583 (218.9 Mb) TX bytes:7732765 (7.3 Mb)
Interrupt:11 Base address:0xdc00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:94 errors:0 dropped:0 overruns:0 frame:0
TX packets:94 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6307 (6.1 Kb) TX bytes:6307 (6.1 Kb)
--
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Libipq problems...
2003-05-21 11:23 Libipq problems Michael Forrest
@ 2003-05-21 18:39 ` Alexander Demenshin
0 siblings, 0 replies; 2+ messages in thread
From: Alexander Demenshin @ 2003-05-21 18:39 UTC (permalink / raw)
To: netfilter
On Wed, May 21, 2003 at 12:23:24PM +0100, Michael Forrest wrote:
> I'm using a QUEUE target with an appropriate program for receiving the
> packets in userspace, I'm almost 100% certain the program works. It
AFAIK, the netfilter code won't see any traffic which is not destined to
your computer. Promiscuous mode will enable to receive all packets if you
do this through packet socket (or similar means), but it won't force the
netfilter to process it.
Regards,
/Al
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-05-21 18:39 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-05-21 11:23 Libipq problems Michael Forrest
2003-05-21 18:39 ` Alexander Demenshin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.