Re: netfilter hook questions
Date: Thu Mar 01 2007 - 05:27:54 EST
El Thu, 01 Mar 2007 12:25:23 +0700
Mulyadi Santosa <mulyadi.santosa@xxxxxxxxx> ha escrit:
> > the problem is that with a active RTP flow arriving to the box
> > (tcpdump can see it) my function doesn't get any packet.
> > however, when the same box that is capturing also participates in
> > the RTP flow, it's received correctly in the hook.
> > so, why is not working the promiscuous mode? i'm missing something?
> I am just adding another "suspect" here. The tcpdump (which is using
> libpcap) might be operating at layer 2 (data link?), while netfilter
> operates in layer 3. Since this is just "sniffing", layer 2 of Linux
> network stack quickly revealed that this packet is not actually for
> your machine, so it it dropped.
yes, it's what now i know, netfilter hooks only get traffic that comes
in layer 3, but i saw that there's a 'promisc' patch (for Linux 2.4) at:
and i don't know if its a similar feature for Linux 2.6, that will be
i wrote to netfilter-devel mailing list
(with no results at the moment)
> Maybe, you can observe the code from program like Dug Song's dsniff
> and see how it did the monitoring or even packet interception.
yes, but i need to get this working in kernel space, so it's an
academic work. in addition, the module can block traffic, when running
in a router, and for this reason i implemented it in kernel space.
thanks for your help,
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html