invalid packets

invalid packets

[Padraig]

Hi, under what circumstances would iptraf (PF_PACKET)
be able to recieve packets on an interface, and
for those same packets to be not registered
with netfilter at all. I'm setting the filter on
the PREROUTING chain in the mangle table and no
packets are registered?

I have a suspicion that the checksums in the packets
are incorrect, so would this cause it, and any
work arounds (so I can just match ip addresses
for e.g. and then drop the packet).

Hmm I suppose if the checksum is wrong you can't depend
on anything, but I'm just surprised iptraf can
log them which netfilter can't.

cheers,
Pádraig.

Re: invalid packets

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1131 bytes --]

On Fri, May 16, 2003 at 05:38:39PM +0100, Padraig@Linux.ie wrote:
> Hi, under what circumstances would iptraf (PF_PACKET)
> be able to recieve packets on an interface, and
> for those same packets to be not registered
> with netfilter at all. I'm setting the filter on
> the PREROUTING chain in the mangle table and no
> packets are registered?

PF_PACKET has no relation to the IP stack.  So PF_PACKET sockets will always
receive copies of all packets on a higher layer (layer2) than
netfilter/iptables.

> Hmm I suppose if the checksum is wrong you can't depend
> on anything, but I'm just surprised iptraf can
> log them which netfilter can't.

packets with wrong checksums are dropped by the higher layers (3/4)

> cheers,
> Pádraig.

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]