* Bogus MAC in netfilter-queue for IF_MULTICAST_LOOPed packets.
@ 2011-06-01 9:36 Nicolas Cavallari
2011-06-01 10:31 ` Jan Engelhardt
0 siblings, 1 reply; 3+ messages in thread
From: Nicolas Cavallari @ 2011-06-01 9:36 UTC (permalink / raw)
To: netfilter
Multicast packets sent from local applications that use the
IF_MULTICAST_LOOP are to be sent to the specified interface as well as
being delivered to all local applications on the host listening for the
right multicast address. But i found that the looped packets for local
applications are being filtered in PREROUTING.
I want to accept them to not break local applications that depends on
it, but there isn't an easy way to accept them.
but in PREROUTING i also have a NFQUEUE target for incoming multicast
packets to do MAC-based accounting/filtering/marking, and these looped
packets are delivered with bogus source MAC addresses.
I found out that this bogus MAC address is taken from the IP header. For
example, the given looped packet :
45 00 00 3d 00 00 40 00 ff 11 ce 05 0a 00 01 02 e0 00 00 fb ....
yield this sMAC : 40:00:ff:11:ce:05, as if the IP header was treated as
a MAC header.
The LOG target display these packets as having no MAC address (Indeed,
the multicast loop code strips the MAC header). By looking at the code,
nf_queue.c and ipk_LOG.c access the mac address in different ways, and i
don't know which one should be used and what should be fixed.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Bogus MAC in netfilter-queue for IF_MULTICAST_LOOPed packets.
2011-06-01 9:36 Bogus MAC in netfilter-queue for IF_MULTICAST_LOOPed packets Nicolas Cavallari
@ 2011-06-01 10:31 ` Jan Engelhardt
2011-06-01 12:05 ` Nicolas Cavallari
0 siblings, 1 reply; 3+ messages in thread
From: Jan Engelhardt @ 2011-06-01 10:31 UTC (permalink / raw)
To: Nicolas Cavallari; +Cc: netfilter
> but in PREROUTING i also have a NFQUEUE target for incoming multicast
> packets to do MAC-based accounting/filtering/marking, and these looped
> packets are delivered with bogus source MAC addresses.
>
> I found out that this bogus MAC address is taken from the IP header. For
> example, the given looped packet :
> 45 00 00 3d 00 00 40 00 ff 11 ce 05 0a 00 01 02 e0 00 00 fb ....
> yield this sMAC : 40:00:ff:11:ce:05, as if the IP header was treated as
> a MAC header.
>
> The LOG target display these packets as having no MAC address (Indeed,
> the multicast loop code strips the MAC header).
Headers are not stripped.
The "lo" device is of type loopback, so there will be no MAC header
generated at all, because none is necessary. Subsequently, there is
nothing to strip.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Bogus MAC in netfilter-queue for IF_MULTICAST_LOOPed packets.
2011-06-01 10:31 ` Jan Engelhardt
@ 2011-06-01 12:05 ` Nicolas Cavallari
0 siblings, 0 replies; 3+ messages in thread
From: Nicolas Cavallari @ 2011-06-01 12:05 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter
>> The LOG target display these packets as having no MAC address (Indeed,
>> the multicast loop code strips the MAC header).
>
> Headers are not stripped.
>
> The "lo" device is of type loopback, so there will be no MAC header
> generated at all, because none is necessary. Subsequently, there is
> nothing to strip.
The multicast loopback code does not use the lo device, it uses netif_rx
on the output interface.
see ip_dev_loopback_xmit() at net/ipv4/ip_output.c:118. it does a
skb_reset_mac_header() and a __skb_pull(skb_network_offset()).
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-06-01 12:05 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-06-01 9:36 Bogus MAC in netfilter-queue for IF_MULTICAST_LOOPed packets Nicolas Cavallari
2011-06-01 10:31 ` Jan Engelhardt
2011-06-01 12:05 ` Nicolas Cavallari
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox