On Tuesday 2010-03-30 17:57, Roman Tsisyk wrote: >On Tue, Mar 30, 2010 at 9:56 PM, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: >> On Tuesday 2010-03-30 16:06, Roman Tsisyk wrote: >> >> iptables does not drop these, your NIC does when it's not in promiscuous mode. >> > >If I am no mistaken, for all packets whose mac doesn't match to the >nic mac pkt_type is set to PACKET_OTHERHOST. >Iptables drop packets with PACKET_OTHERHOST, I don't remember exactly >where, may be in ip_rcv routine. Indeed. You could make it a runtime option (e.g. sysfs-moduleparam) during your tests. -- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
