From: Mihail Dakov <mihail.dakov@ng4t.com>
To: Willem de Bruijn <willemb@google.com>
Cc: Daniel Borkmann <dborkman@redhat.com>, netdev@vger.kernel.org
Subject: Re: AF_PACKET: tx_ring mirrored in rx_ring?
Date: Tue, 22 Jul 2014 15:39:48 +0200 [thread overview]
Message-ID: <53CE69A4.4040601@ng4t.com> (raw)
In-Reply-To: <CA+FuTScUC08D_+iHwxVuvWBSDdKgT7bQv-sigwAiopFodFOc=w@mail.gmail.com>
On 07/22/2014 12:35 AM, Willem de Bruijn wrote:
>>>> What'd you mean by local traffic? The packets which are replicated are
>>>> destined to remote machine(s).
>>>
>>> Sure, but you are sending them out via your packet socket.
>>
>> Well yes. It's just that I interpreted local as if they were not going out
>> of the machine. But in fact they do.
> That is a semantic issue. The technical point is that packet
> sockets read not only incoming packets, but also outgoing
> ones. The tap in the egress path (dev_queue_xmit_nit) is taken
> for almost all transmitted packets, included those transmitted
> by a packet socket.
>
> There is logic to avoid looping outgoing packets back into the
> originating socket (and fanout group) by detecting the source
> socket (skb_loop_sk). Other packet sockets will receive the
> outgoing packets, however. This is correct behavior, as it is
> how tcpdump can log all traffic, among others.
>
> You can use PACKET_QDISC_BYPASS on your transmit
> packet socket, as Daniel mentions, or attach a BPF filter to
> your receive socket that filters on !PACKET_OUTGOING, e.g.,:
>
> struct sock_filter bpf_filter[] = {
> {BPF_LD | BPF_B | BPF_ABS, 0, 0, (uint32_t) (SKF_AD_OFF + SKF_AD_PKTTYPE)},
> {BPF_JMP | BPF_JEQ, 1, 0, PACKET_OUTGOING},
> {BPF_RET, 0, 0, 0x00000000},
> {BPF_RET, 0, 0, 0x0000ffff},
> };
> struct sock_fprog bpf_prog;
>
> bpf_prog.filter = bpf_filter;
> bpf_prog.len = sizeof(bpf_filter) / sizeof(struct sock_filter);
> if (setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, &bpf_prog,
> sizeof(bpf_prog))) {
> error(1, errno, "setsockopt filter");
> }
Thanks.
prev parent reply other threads:[~2014-07-22 13:39 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-21 13:18 AF_PACKET: tx_ring mirrored in rx_ring? Mihail Dakov
2014-07-21 13:38 ` Mihail Dakov
2014-07-21 13:51 ` Daniel Borkmann
2014-07-21 14:40 ` Mihail Dakov
2014-07-21 14:44 ` Fwd: " Mihail Dakov
2014-07-21 15:13 ` Daniel Borkmann
2014-07-21 18:32 ` mihail.dakov
2014-07-21 22:35 ` Willem de Bruijn
2014-07-21 22:36 ` Willem de Bruijn
2014-07-22 13:39 ` Mihail Dakov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53CE69A4.4040601@ng4t.com \
--to=mihail.dakov@ng4t.com \
--cc=dborkman@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).