Re: netfilter hook questions

From: topi
Date: Thu Mar 01 2007 - 05:27:54 EST


hi,

El Thu, 01 Mar 2007 12:25:23 +0700
Mulyadi Santosa <mulyadi.santosa@xxxxxxxxx> ha escrit:

> Hi
> > the problem is that with a active RTP flow arriving to the box
> > (tcpdump can see it) my function doesn't get any packet.
> >
> > however, when the same box that is capturing also participates in
> > the RTP flow, it's received correctly in the hook.
> >
> > so, why is not working the promiscuous mode? i'm missing something?
> >
> I am just adding another "suspect" here. The tcpdump (which is using
> libpcap) might be operating at layer 2 (data link?), while netfilter
> operates in layer 3. Since this is just "sniffing", layer 2 of Linux
> network stack quickly revealed that this packet is not actually for
> your machine, so it it dropped.

yes, it's what now i know, netfilter hooks only get traffic that comes
in layer 3, but i saw that there's a 'promisc' patch (for Linux 2.4) at:

http://caia.swin.edu.au/cv/szander/netfilter.html

and i don't know if its a similar feature for Linux 2.6, that will be
my solution.

i wrote to netfilter-devel mailing list
(with no results at the moment)

http://lists.netfilter.org/pipermail/netfilter-devel/2007-February/027134.html


> Maybe, you can observe the code from program like Dug Song's dsniff
> and see how it did the monitoring or even packet interception.

yes, but i need to get this working in kernel space, so it's an
academic work. in addition, the module can block traffic, when running
in a router, and for this reason i implemented it in kernel space.

thanks for your help,

topi

> regards,
>
> Mulyadi
>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html