Thomas Jacob a écrit :
I do not get any conntrack entries from mirrored ports when I am port mirroring packets onto a Linux interface that is up but has no configured addresses.
You could get some, under some conditions.
As long as these packets are not addressed to your machine the netfilter code never gets to see them, AFAIK.
The netfilter code, including conntrack, sees IPv4 packets on an interface as soon as it is bound to the IPv4 stack. An interface does not need to have an IP address to be bound to the IPv4 stack. Before kernel 2.6.21, it just required that the interface had had an address in the past (even though it was later removed) ; "ifconfig <interface> 0.0.0.0" did the trick too. Since kernel 2.6.21, interfaces are automatically bound to the IPv4 (and IPv6) stack when they are created.
However... if a packet is not addressed to the machine *and* the machine does not know what to do with it (e.g. IP forwarding is disabled or there is no route to the destination), the packet will be dropped at the input routing stage after PREROUTING, thus the conntrack entry won't be confirmed and will be deleted.
-- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
