On May 22, 2004 08:33 am, Antony Stone wrote:
> On Saturday 22 May 2004 1:09 pm, Alistair Tonner wrote:
> > On May 22, 2004 05:06 am, Antony Stone wrote:
> > > Surely there will *always* be two MAC addresses involved in a
> > > communication - that's how two machines find each other across the
> > > local subnet (ie: via a switch / hub / access point etc)?
> >
> > *Thwack*'s self in head. Of course, so long as "Ethernet" is involved.
>
> Or some similar broadcast-based medium such as 802.11 (which isn't
> ethernet, but behaves like it for a lot of things, including MAC
> addresses).
>
> The general rule is: you need MAC addresses for broadcast-connected
> networks (where each device can see every other locally-connected device) -
> the MAC address is needed to tell one device from another.
>
> You don't need MAC addresses for point-to-point (one-to-one) connected
> networks, because you know there's only one device on the other end of each
> of your own interfaces, therefore you don't need to specify where they're
> going.
>
> > in ipt_LOG.c MAC address logging is ONLY done in INPUT. So ..if the
> > packet is NOT destined for the machine, you wont see MAC.
>
> Aha :) [ * Light bulb * ]
>
> The answer to the original poster's question.
>
> I guess (without having looked at the source) that it should be a simple
> enough hack to get ipt_LOG.c to log MAC addresses for all chains.
>
should be ridiculously simple -- the limiter is a wrapping if statement
if ( in && !out) {
(logging of MAC code)
}
I suspect that the clever hacker will want to re-wrap that if statement such
that it only logs it if there IS a MAC address present. Not being a maven
with such, I'm NOT gonna make any suggestions as to how.
Alistair
> Regards,
>
> Antony.
