From: Andy Green <andy@warmcat.com>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: Michael Wu <flamingice@sourmilk.net>, linux-wireless@vger.kernel.org
Subject: Re: Filtering in Monitor Mode (was Question about PRISM2 header rate field)
Date: Mon, 05 Mar 2007 13:00:04 +0000 [thread overview]
Message-ID: <45EC1454.4080605@warmcat.com> (raw)
In-Reply-To: <1173094447.6131.56.camel@johannes.berg>
Johannes Berg wrote:
> On Sun, 2007-03-04 at 22:10 -0500, Michael Wu wrote:
>> Note that modifying the management interface to do this is possible, but it
>> would break hostap (and probably wpa_supplicant w/ MLME). Doing packet
>> injection on monitor interfaces instead is safer in that regard.
>
> But if you want to do injection over monitor interfaces we'll need to
> have the stupid mgmt interface hack around forever for the userspace
> MLME so it can receive only management traffic (even the non-promisc
> monitor iface we should have gets *far* too much traffic for a userspace
> MLME)
I used the libpcap filter stuff to limit what I saw to just the packets
of interest. This is the filtering that tcpdump uses to do the
conditional filters like "port 22" or "host 192.168.0.1". The filter
uses something called BPF (Berkeley Packet Filter) which is done
kernelside (at least libpcap is doing the filter install with ioctls in
pcap-bpf.c). So the cost of drinking from a Monitor firehose is much
less than it sounds.
> Besides, to userspace, this is almost identical. In both cases it opens
> a socket, binds to something (either raw socket bound to netdev or
> netlink socket bound to nl80211) and then stuffs frames into that socket
> with some fixed header format (for most apps anyway)
I'm guessing the concern is to leave the crufty scary
not-very-well-known Management Interface monster asleep lest it wake up
while being edited and eat everyone :-)
-Andy
next prev parent reply other threads:[~2007-03-05 13:00 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-04 10:23 Question about PRISM2 header rate field Andy Green
2007-03-04 16:35 ` Andy Green
2007-03-05 0:15 ` Johannes Berg
2007-03-05 1:02 ` Andy Green
2007-03-05 3:10 ` Michael Wu
2007-03-05 8:10 ` Andy Green
2007-03-05 11:24 ` non-promisc monitor interfaces [was: Re: Question about PRISM2 header rate field] Johannes Berg
2007-03-05 11:34 ` Question about PRISM2 header rate field Johannes Berg
2007-03-05 13:00 ` Andy Green [this message]
2007-03-05 13:05 ` Filtering in Monitor Mode (was Question about PRISM2 header rate field) Johannes Berg
2007-03-05 13:18 ` Andy Green
2007-03-05 13:22 ` Johannes Berg
2007-03-05 13:46 ` Andy Green
2007-03-05 16:55 ` Question about PRISM2 header rate field Jouni Malinen
2007-03-05 20:39 ` Andy Green
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45EC1454.4080605@warmcat.com \
--to=andy@warmcat.com \
--cc=flamingice@sourmilk.net \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).