Pascal Hambourg wrote: > Philip A. Prindeville a écrit : >>>>>> I'm running PPP over br0. (Why did I do this? So I could stick a >>>>>> packet sniffer on eth0 and get traces of everything going out over the >>>>>> DSL...) >>>>> Prepare to be disappointed. A bridge port does not see traffic that >>>>> flows between other ports. >>>> Oh, right. I was confused. I was thinking of actually having an "FBI >>>> jack" for watching traffic. >>> You might want to try to set the 'setageingtime' to 0 so the bridge code >>> does not remember MAC addresses and acts as a dumb hub instead of a >>> switch. > > I did some testing with the bridge ageing time. Firstly, brctl man page > contains a mistake : the command is "setageing", not "setageingtime". > Secondly, when the ageing time is set to zero locally generated frames > and incoming frames with the destination MAC address different from any > of the bridge own MAC addresses are forwarded on all ports, but incoming > frames with the destination address equal to one of the bridge own MAC > addresses are not forwarded on all ports. That was expected : the bridge > permanently knows these addresses are its own, even when the aging time > is 0. So it does not completely turn the bridge into a dumb hub. You can > "mirror" outgoing frames on the other port, but not all incoming frames > and specifically not PPPoE frames sent to the bridge MAC address, if > that is what you are interested in. > >>>> Does that use the 'TEE' target, or what? >>> Instead of a bridge, you mean ? TEE works on IPv4 packets, so it is not >>> possible to wiretap PPPoE traffic, only the IPv4 trafic within before it >>> enters or after it leaves the PPP interface. > [...] >> I just want to be able to take all packets coming in or going out the >> DSL interface and copy them onto an Ethernet interface, for sniffing. >> >> Too bad there's no easy way to do this with netfilter. > > What are you interested in exactly ? The whole PPPoE frames with > ethernet and PPPoE headers, LCP and IPCP packets and so on or only the > IP packets in the PPP session ? If you are only interested in the IP > packets, then TEE may be an option instead of a bridge for both incoming > and outgoing traffic, although it is not included in the standard kernel > AFAIK. The PPPoE packets. It's not in the source tree? Is there a reason? Was it rejected for submission? Thanks, -Philip -- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
