Philip A. Prindeville a écrit : > Pascal Hambourg wrote: >> I didn't watch your logs closely, but this might be caused by bridge-nf >> which passes bridged IP packets to iptables. Since Linux 2.6.22 it can >> even pass IP packets encapsulated in PPPoE frames. [...] This is enabled >> by default. >> Oh, I forgot to mention that bridge-nf processing of PPPoE and VLAN >> frames is disabled by default since Linux 2.6.29 due to brokenness by >> design. > > I'm running 2.6.27.29 right now... This version has /proc/sys/net/bridge/bridge-nf-filter-pppoe-tagged set to 1 (enabled) by default. Set it to 0 as I said and bridged PPPoE frames won't be passed to iptables any more. >>> I'm running PPP over br0. (Why did I do this? So I could stick a >>> packet sniffer on eth0 and get traces of everything going out over the >>> DSL...) >> >> Prepare to be disappointed. A bridge port does not see traffic that >> flows between other ports. > > Oh, right. I was confused. I was thinking of actually having an "FBI > jack" for watching traffic. You might want to try to set the 'setageingtime' to 0 so the bridge code does not remember MAC addresses and acts as a dumb hub instead of a switch. By the way I use a plain old hub as a wiretap although is has the disadvantage of running at 10 Mbit/s half duplex only. > Does that use the 'TEE' target, or what? Instead of a bridge, you mean ? TEE works on IPv4 packets, so it is not possible to wiretap PPPoE traffic, only the IPv4 trafic within before it enters or after it leaves the PPP interface. Anyway, can't you just run a software packet sniffer on the Linux box ? -- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
