On Tue, May 5, 2009 at 11:08 AM, Wade Maxfield <wmaxfield@xxxxxxxxx> wrote:
It wouldn't be much use for packet capture (e.g. Ethereal) if it didn't.
You always have the option of not sending stuff over your data link.
I don't know whether libpcap operates before or after iptables. It may operate before, in which case iptables would filter outgoing traffic sent from your raw socket, but not incoming.
Something like this might help (it passes iptables-selected packets to user-mode)
http://eatingsecurity.blogspot.com/2007/09/transparent-bridging-mmap-pcap-and.html
Just replace snort in that discussion with your communication application and you should be good.
Sorry I don't know that. I'm not sure if it's necessarily the same across systems.
That is an interesting proposition. I'll investigate.
I don't know anything about libpcap, so I have a few questions for the expert <grin>.
Will it handle all Etherent frames? As a bridge, that is what I need.
It wouldn't be much use for packet capture (e.g. Ethereal) if it didn't.
Will it allow me to gracefully drop stuff on the floor? I'm assuming the Ethernet bridge code in the kernel will do that, I'm not sure of the effect in libpcap.
You always have the option of not sending stuff over your data link.
I'm also assuming that I could not use IPchains if I do libpcap. That might be worth a tradeoff.
I don't know whether libpcap operates before or after iptables. It may operate before, in which case iptables would filter outgoing traffic sent from your raw socket, but not incoming.
Something like this might help (it passes iptables-selected packets to user-mode)
http://eatingsecurity.blogspot.com/2007/09/transparent-bridging-mmap-pcap-and.html
Just replace snort in that discussion with your communication application and you should be good.
Finally, just for curiosity sake, what Major, Minor numbers should the /dev/tap entries be? I have not yet had anyone be able to answer that question, and it puzzles me.
Sorry I don't know that. I'm not sure if it's necessarily the same across systems.
thanks,
Wade
_______________________________________________ Bridge mailing list Bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/bridge
