Re: SOCK_RAW does not receive broadcast (with VLAN unless PROMISC)

From: Brent Cook
Date: Tue Jun 09 2009 - 15:45:43 EST

Next message: Steven Rostedt: "Re: [RFC PATCH 2/5] tracing/events: nicer print format for parsing"
Previous message: Johannes Weiner: "Re: [patch v3] swap: virtual swap readahead"
In reply to: Patrick McHardy: "Re: SOCK_RAW does not receive broadcast (with VLAN unless PROMISC)"
Next in thread: Gil Beniamini: "Re: SOCK_RAW does not receive broadcast (with VLAN unless PROMISC)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday 09 June 2009 08:08:01 am Gil Beniamini wrote:
> Patrick,
> On the specific NIC (eth1) no vlan is defined, and in the new Linux
> the application receive NOTHING at all. In order to debug, I start
> "wireshark as root" and "wireshark" set PROMISC on, and the
> application start receive the raw packets as expected. Later I started
> setting PROMISC by my application, and it can receive the packets even
> when "wireshark" is not running.
> The problem that I have with PROMISC mode, is that I need to do the
> irelevant unicast filtering in software rather than get it from the
> hardware (as it works in old kernel 2.6.20).
> Thanks a lot, Gil

One solution is to attach a BPF filter to the socket. Then you will only
receive packets for whatever you are filtering. This is still in software, but
it is higher up in the abstraction, and undoubtedly more efficient than doing
it at the app level.

Simply compile the BPF program you wish to filter, e.g:

# tcpdump -dd vlan 4
{ 0x28, 0, 0, 0x0000000c },
{ 0x15, 0, 4, 0x00008100 },
{ 0x28, 0, 0, 0x0000000e },
{ 0x54, 0, 0, 0x00000fff },
{ 0x15, 0, 1, 0x00000004 },
{ 0x6, 0, 0, 0x00000060 },
{ 0x6, 0, 0, 0x00000000 },

Then attach it to your socket:

struct sock_filter filter[] = {
{ 0x28, 0, 0, 0x0000000c },
{ 0x15, 0, 4, 0x00008100 },
{ 0x28, 0, 0, 0x0000000e },
{ 0x54, 0, 0, 0x00000fff },
{ 0x15, 0, 1, 0x00000004 },
{ 0x6, 0, 0, 0x00000060 },
{ 0x6, 0, 0, 0x00000000 },
};

struct sock_fprog inbound_filter = {
.len = 7, .filter = filter
};

if (setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER,
&inbound_filter, sizeof(inbound_filter)) < 0) {
return -1;
}

Also, note, you can easily set promiscuous mode directly with socket opts too.
If you're more curious, just look at libpcap source.

- Brent
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steven Rostedt: "Re: [RFC PATCH 2/5] tracing/events: nicer print format for parsing"
Previous message: Johannes Weiner: "Re: [patch v3] swap: virtual swap readahead"
In reply to: Patrick McHardy: "Re: SOCK_RAW does not receive broadcast (with VLAN unless PROMISC)"
Next in thread: Gil Beniamini: "Re: SOCK_RAW does not receive broadcast (with VLAN unless PROMISC)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]