hi, El Thu, 01 Mar 2007 12:25:23 +0700 Mulyadi Santosa <mulyadi.santosa@xxxxxxxxx> ha escrit: > Hi > > the problem is that with a active RTP flow arriving to the box > > (tcpdump can see it) my function doesn't get any packet. > > > > however, when the same box that is capturing also participates in > > the RTP flow, it's received correctly in the hook. > > > > so, why is not working the promiscuous mode? i'm missing something? > > > I am just adding another "suspect" here. The tcpdump (which is using > libpcap) might be operating at layer 2 (data link?), while netfilter > operates in layer 3. Since this is just "sniffing", layer 2 of Linux > network stack quickly revealed that this packet is not actually for > your machine, so it it dropped. yes, it's what now i know, netfilter hooks only get traffic that comes in layer 3, but i saw that there's a 'promisc' patch (for Linux 2.4) at: http://caia.swin.edu.au/cv/szander/netfilter.html and i don't know if its a similar feature for Linux 2.6, that will be my solution. i wrote to netfilter-devel mailing list (with no results at the moment) http://lists.netfilter.org/pipermail/netfilter-devel/2007-February/027134.html > Maybe, you can observe the code from program like Dug Song's dsniff > and see how it did the monitoring or even packet interception. yes, but i need to get this working in kernel space, so it's an academic work. in addition, the module can block traffic, when running in a router, and for this reason i implemented it in kernel space. thanks for your help, topi > regards, > > Mulyadi > -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
