Again me,
On Thu, Sep 18, 2014 at 07:07:24PM +0200, Alexander Aring wrote:
> Hi Martin,
>
> On Thu, Sep 18, 2014 at 05:54:19PM +0100, Martin Townsend wrote:
> > Hi Alex,
> >
> > On 18/09/14 17:05, Alexander Aring wrote:
> > >Hi Martin,
> > >
> > >On Thu, Sep 18, 2014 at 03:36:55PM +0100, Martin Townsend wrote:
> > >>On 18/09/14 14:42, Alexander Aring wrote:
> > >>>On Thu, Sep 18, 2014 at 03:34:24PM +0200, Alexander Aring wrote:
> > >>>...
> > >>>>>I want to be able from COORD or NODE mode to put the device in promiscuous mode so packets can be received by wireshark. For example if we are seeing a problem on a device, I want to be able to ssh into this node via Ethernet (or maybe connect via the serial console) and run tcpdump -U -i wpan0 to help debugging by seeing what packets are being sent/received. As it's going to stdout it will be sent over ssh and I can then do some pipe redirection to pipe it into Wireshark running on a different machine.
> > >>>>>
> > >>>>> From my understanding this is not MONITOR mode and I don't won't to put the device into MONITOR mode as this could effect it's functionality.
> > >>>>>I'm currently looking at how tcpdump does this and it looks like it uses a raw socket using PF_PACKET. I think it then sets the IFF_PROMISC flag on this socket to put the device into promiscuous mode. As I'm in COORD or NODE mode this will arrive at the ndo_change_rx_flags for the net device ops defined in wpan.c not monitor.c in my linux tree.
> > >>>Has nothing to do with raw sockets, I think.
> > >>I'm just going on what I'm seeing in libpcap, I think tshark and tcpdump both use this library. If you have a debug environment setup, set a breakpoint on activate_new or look through pcap-linux.c, one of the first things it does is:
> > >> sock_fd = is_any_device ?
> > >> socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL)) :
> > >> socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
> > >>
> > >>is_any_device should be set to false as we are capturing a specific device so we should be creating a raw socket. Then later on
> > >> if (!is_any_device && handle->opt.promisc) {
> > >> memset(&mr, 0, sizeof(mr));
> > >> mr.mr_ifindex = handlep->ifindex;
> > >> mr.mr_type = PACKET_MR_PROMISC;
> > >> if (setsockopt(sock_fd, SOL_PACKET, PACKET_ADD_MEMBERSHIP,
> > >> &mr, sizeof(mr)) == -1) {
> > >> snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
> > >> "setsockopt: %s", pcap_strerror(errno));
> > >> close(sock_fd);
> > >> return PCAP_ERROR;
> > >> }
> > >> }
> > >>Then I think this ends up in the kernel at packet_dev_mc
> > >>http://lxr.free-electrons.com/source/net/packet/af_packet.c#L3060
> > >>which calls dev_set_promiscuity.
> > >>
> > >yes, there existing any magic for capturing all interface incomming and
> > >outcomming data. But I don't know now how this is related currently.
> > >
> > >You exacly want the incomming/outcomming data of an interface and that's
> > >what the default behaviour is. There existing also some netdev flag
> > >which activate this the "IFF_PROMISC". But then we don't need any
> > >handling to turn the device driver into any special mode?
> > >
> > >We already support the promiscuous mode. I mean the normal capturing of
> > >interface data and this is the default behaviour, we don't need any
> > >extra implementation to make something when rx flag IFF_PROMISC is set.
> > >
> > >Is there something missing now, which we should support when activate
> > >wireshark & co on a wpan interface?
> > >
> > >- Alex
> > I thought the default behaviour was to filter? Currently we implement the hw
> > filter driver op function and our HW implements the third level of filtering
> > as per 802.15.4 spec so by default we only get packets for our PAN/Address.
> > I think one of the user space functions, probably iz sends a netlink command
> > which invokes the driver operation to set the filter up in the driver.
> > So I want to use set promisc to disable this HW filter and let all packets
> > through.
>
> But this is MONITOR iftype then "to see all packets without filtering".
> Doing a ifup on a MONITOR interface will enable the HW promiscuous mode.
>
do hw promiscuous while setting IFF_PROMISC, please don't do this. It isn't
easy to handle because we have these multiple interfaces tupes. Simple have a
monitor interface type which enables HW promiscuous mode while interface
up. (ifconfig foo0 up, ip set link dev foo0 up)
Again look at rework code what I did there [0].
- Alex
[0] https://github.com/linux-wpan/linux-wpan-next/blob/wpan_rework_rfc/net/mac802154/iface.c#L42
--
To unsubscribe from this list: send the line "unsubscribe linux-wpan" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
