Re: Netfilter issue: inconsistent incoming interface when bridging w/ PPP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Pascal Hambourg wrote:
> Philip A. Prindeville a écrit :
>> Pascal Hambourg wrote:
>>> I didn't watch your logs closely, but this might be caused by bridge-nf
>>> which passes bridged IP packets to iptables. Since Linux 2.6.22 it can
>>> even pass IP packets encapsulated in PPPoE frames. [...] This is enabled
>>> by default.
>>> Oh, I forgot to mention that bridge-nf processing of PPPoE and VLAN
>>> frames is disabled by default since Linux 2.6.29 due to brokenness by
>>> design.
>> I'm running 2.6.27.29 right now...
> 
> This version has /proc/sys/net/bridge/bridge-nf-filter-pppoe-tagged set
> to 1 (enabled) by default. Set it to 0 as I said and bridged PPPoE
> frames won't be passed to iptables any more.
> 
>>>> I'm running PPP over br0.  (Why did I do this?  So I could stick a
>>>> packet sniffer on eth0 and get traces of everything going out over the
>>>> DSL...)
>>> Prepare to be disappointed. A bridge port does not see traffic that
>>> flows between other ports.
>> Oh, right.  I was confused.  I was thinking of actually having an "FBI
>> jack" for watching traffic.
> 
> You might want to try to set the 'setageingtime' to 0 so the bridge code
> does not remember MAC addresses and acts as a dumb hub instead of a
> switch. By the way I use a plain old hub as a wiretap although is has
> the disadvantage of running at 10 Mbit/s half duplex only.
> 
>> Does that use the 'TEE' target, or what?
> 
> Instead of a bridge, you mean ? TEE works on IPv4 packets, so it is not
> possible to wiretap PPPoE traffic, only the IPv4 trafic within before it
> enters or after it leaves the PPP interface.
> 
> Anyway, can't you just run a software packet sniffer on the Linux box ?


The box is an embedded box, with a RO file system, so getting additional apps into it is difficult.  It's also very small footprint, so flash is a premium.

I just want to be able to take all packets coming in or going out the DSL interface and copy them onto an Ethernet interface, for sniffing.

Too bad there's no easy way to do this with netfilter.

-Philip


--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux