I would say this is something within IMQ itself. Michal Kustosik (kustosz@xxxxxx) schrieb: > > On Fri, Nov 25, 2005 at 01:42:30PM +0100, Andreas Unterkircher wrote: > > No - if the interface doesn't support the necessary socketoptions (I guess > > something like SO_ATTACH_FILTER) it won't work. > > > thank you for explain... > compiling kernel with "Socket Filtering" in "Networking options" > should be enough to see packets by tcpdump on imq interface? > > -- > Michal > > > > > Michal Kustosik (kustosz@xxxxxx) schrieb: > > > > > > On Fri, Nov 25, 2005 at 12:54:03PM +0100, Andreas Unterkircher wrote: > > > > yes, this is needed to get the traffic on the IMQ devices. > > > > But after this you can't match anything on the IMQ devices. > > > > > > > but "tcpdump -n -i imq0" shoud present any packets going > > > through the imq0 interface, yes? In my event the tcpdump > > > show nothing. > > > > > > -- > > > Michal Kustosik > > > > > > > > > > > > > > > > Michal Kustosik (kustosz@xxxxxx) schrieb: > > > > > > > > > > On Fri, Nov 25, 2005 at 12:26:20PM +0100, Andreas Unterkircher wrote: > > > > > > As far as I know it's simply not possible. Also you can't use iptables on a > > > > > > imq device. > > > > > > > > > > > I read on http://www.linuximq.net/usage.html that it is nessesary to > > > > > use iptables to specify which packets should go through the imq device: > > > > > > > > > > [... http://www.linuximq.net/usage.html ...] > > > > > After attaching a qdisc to the device you have to specify which packets > > > > > should go through the imq device. An iptables target (`IMQ') is provided > > > > > for using all the packet-selecting power of iptables. > > > > > ... > > > > > /usr/sbin/iptables -t mangle -A PREROUTING -i ppp0 -j IMQ --todev 0 > > > > > ... > > > > > [...] > > > > > I have done the same. > > > > > > > > > > Regards, > > > > > -- > > > > > Michal Kustosik > > > > > > > > > > > > > > > > Cheers, > > > > > > Andreas > > > > > > > > > > > > Michal Kustosik (kustosz@xxxxxx) schrieb: > > > > > > > > > > > > > > > > > > > > > On my debian woody (kernel 2.4.31) the tcpdump > > > > > > > doesn't work with imq0 devices. If I try to tcpdump > > > > > > > imq devices there is no packet seen: > > > > > > > [...] > > > > > > > rt1:~# tcpdump -n -i imq0 > > > > > > > Warning: arptype 65535 not supported by libpcap - falling back to cooked > socket > > > > > > > tcpdump: WARNING: imq0: no IPv4 address assigned > > > > > > > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > > > > > > > listening on imq0, link-type LINUX_SLL (Linux cooked), capture size 68 > bytes > > > > > > > > > > > > > > [...] > > > > > > > and there is no packet seen. I have sent the packet to imq0 by: > > > > > > > rt1:~# iptables -I PREROUTING -t mangle -j IMQ --todev 0 > > > > > > > and there is no other entry in mangle table. There is also > > > > > > > no firewall entry and no entry in nat table. > > > > > > > > > > > > > > The ifconfig command show, that the packet goes by imq0: > > > > > > > [...] > > > > > > > rt1:~# ifconfig imq0 > > > > > > > imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00 > > > > > > > UP RUNNING NOARP MTU:1500 Metric:1 > > > > > > > RX packets:3268292 errors:0 dropped:0 overruns:0 frame:0 > > > > > > > TX packets:3248999 errors:0 dropped:0 overruns:0 carrier:0 > > > > > > > collisions:0 txqueuelen:30 > > > > > > > RX bytes:1987844908 (1.8 GiB) TX bytes:1981674079 (1.8 GiB) > > > > > > > [...] > > > > > > > > > > > > > > Everything but iptables is installing from packages deb. > > > > > > > I tried to complile TCPDUMP 3.9.4 from http://www.tcpdump.org/ > > > > > > > but it is the same reason. > > > > > > > > > > > > > > I have other router, with similar configuration (vlan, imq, htb, the > > > > > > > same kernel version 2.4.31, the same distribution debian woody) > > > > > > > and there is no problem with debuging interfaces by tcpdump command. > > > > > > > > > > > > > > Have anybody solved the same problem? > > > > > > > > > > > > > > > > > > > > > Below some information about the strange router: > > > > > > > kernel - 2.4.31 with patch-o-matic-ng, imq-nat.diff, > > > > > > > linux-2.4.28-imq2.diff, > > > > > > > iptables - v1.3.3 with iptables-1.3.0-imq1.diff > > > > > > > vlan - iANS-3.4.3a, e100-3.4.14 > > > > > > > lsmod: > > > > > > > [...] > > > > > > > Module Size Used by Tainted: P > > > > > > > imq 1752 1 > > > > > > > ipt_IMQ 800 0 > > > > > > > ipt_REDIRECT 960 0 (autoclean) > > > > > > > cls_fw 2368 0 (autoclean) > > > > > > > cls_u32 4548 0 (autoclean) > > > > > > > sch_sfq 3456 0 (autoclean) > > > > > > > sch_htb 19040 0 (autoclean) > > > > > > > ipt_ttl 640 0 (autoclean) > > > > > > > ipt_state 608 0 (autoclean) > > > > > > > ipt_REJECT 3072 0 (autoclean) > > > > > > > ipt_connlimit 1504 0 (autoclean) > > > > > > > ipt_LOG 3648 0 (autoclean) > > > > > > > ipt_limit 960 0 (autoclean) > > > > > > > iptable_filter 1728 0 (autoclean) > > > > > > > ipt_mac 672 15 (autoclean) > > > > > > > ipt_helper 992 22 (autoclean) > > > > > > > ipt_multiport 640 132 (autoclean) > > > > > > > ipt_MARK 800 255 (autoclean) > > > > > > > iptable_mangle 2208 1 (autoclean) > > > > > > > ians 113220 3 (autoclean) > > > > > > > reiserfs 167392 1 (autoclean) > > > > > > > e100 36292 4 > > > > > > > ip_nat_ftp 2848 0 (unused) > > > > > > > iptable_nat 22420 2 [ipt_REDIRECT ip_nat_ftp] > > > > > > > ip_tables 13664 17 [ipt_IMQ ipt_REDIRECT ipt_ttl ipt_state > > > ipt_REJECT > > > > > > > ipt_connlimit ipt_LOG ipt_limit iptable_filter ipt_mac ipt_helper > ipt_multiport > > > > > ipt_MARK > > > > > > > iptable_mangle iptable_nat] > > > > > > > ip_conntrack_ftp 3872 1 > > > > > > > ip_conntrack 28544 1 [ipt_REDIRECT ipt_state ipt_connlimit > > > ipt_helper > > > > > > > ip_nat_ftp iptable_nat ip_conntrack_ftp] > > > > > > > rtc 6012 0 (autoclean) > > > > > > > [...] > > > > > > > > > > > > > > > > > > > > > > > > > > > > Regards, > > > > > > > -- > > > > > > > Michal Kustosik > > > > > > > > > > > > > > _______________________________________________ > > > > > > > LARTC mailing list > > > > > > > LARTC@xxxxxxxxxxxxxxx > > > > > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > LARTC mailing list > > > > > > LARTC@xxxxxxxxxxxxxxx > > > > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > > > > > _______________________________________________ > > > > > LARTC mailing list > > > > > LARTC@xxxxxxxxxxxxxxx > > > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > > > > > > > > _______________________________________________ > > > > LARTC mailing list > > > > LARTC@xxxxxxxxxxxxxxx > > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > -- > > > Michal Kustosik > > > Administrator Sieci Damis VeB > > > http://www.veb.damis.pl/ > > > > > > _______________________________________________ > > > LARTC mailing list > > > LARTC@xxxxxxxxxxxxxxx > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > > _______________________________________________ > > LARTC mailing list > > LARTC@xxxxxxxxxxxxxxx > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc