All of lore.kernel.org
 help / color / mirror / Atom feed
From: Mihail Dakov <mihail.dakov@ng4t.com>
To: Willem de Bruijn <willemb@google.com>
Cc: Daniel Borkmann <dborkman@redhat.com>, netdev@vger.kernel.org
Subject: Re: AF_PACKET: tx_ring mirrored in rx_ring?
Date: Tue, 22 Jul 2014 15:39:48 +0200	[thread overview]
Message-ID: <53CE69A4.4040601@ng4t.com> (raw)
In-Reply-To: <CA+FuTScUC08D_+iHwxVuvWBSDdKgT7bQv-sigwAiopFodFOc=w@mail.gmail.com>


On 07/22/2014 12:35 AM, Willem de Bruijn wrote:
>>>> What'd you mean by local traffic? The packets which are replicated are
>>>> destined to remote machine(s).
>>>
>>> Sure, but you are sending them out via your packet socket.
>>
>> Well yes. It's just that I interpreted local as if they were not going out
>> of the machine. But in fact they do.
> That is a semantic issue. The technical point is that packet
> sockets read not only incoming packets, but also outgoing
> ones. The tap in the egress path (dev_queue_xmit_nit) is taken
> for almost all transmitted packets, included those transmitted
> by a packet socket.
>
> There is logic to avoid looping outgoing packets back into the
> originating socket (and fanout group) by detecting the source
> socket (skb_loop_sk). Other packet sockets will receive the
> outgoing packets, however. This is correct behavior, as it is
> how tcpdump can log all traffic, among others.
>
> You can use PACKET_QDISC_BYPASS on your transmit
> packet socket, as Daniel mentions, or attach a BPF filter to
> your receive socket that filters on !PACKET_OUTGOING, e.g.,:
>
>    struct sock_filter bpf_filter[] = {
>      {BPF_LD | BPF_B | BPF_ABS, 0, 0, (uint32_t) (SKF_AD_OFF + SKF_AD_PKTTYPE)},
>      {BPF_JMP | BPF_JEQ, 1, 0, PACKET_OUTGOING},
>      {BPF_RET, 0, 0, 0x00000000},
>      {BPF_RET, 0, 0, 0x0000ffff},
>    };
>    struct sock_fprog bpf_prog;
>
>    bpf_prog.filter = bpf_filter;
>    bpf_prog.len = sizeof(bpf_filter) / sizeof(struct sock_filter);
>    if (setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, &bpf_prog,
>                   sizeof(bpf_prog))) {
>      error(1, errno, "setsockopt filter");
>    }
Thanks.

      parent reply	other threads:[~2014-07-22 13:39 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-07-21 13:18 AF_PACKET: tx_ring mirrored in rx_ring? Mihail Dakov
2014-07-21 13:38 ` Mihail Dakov
2014-07-21 13:51 ` Daniel Borkmann
2014-07-21 14:40   ` Mihail Dakov
2014-07-21 14:44     ` Fwd: " Mihail Dakov
2014-07-21 15:13     ` Daniel Borkmann
2014-07-21 18:32       ` mihail.dakov
2014-07-21 22:35         ` Willem de Bruijn
2014-07-21 22:36           ` Willem de Bruijn
2014-07-22 13:39           ` Mihail Dakov [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=53CE69A4.4040601@ng4t.com \
    --to=mihail.dakov@ng4t.com \
    --cc=dborkman@redhat.com \
    --cc=netdev@vger.kernel.org \
    --cc=willemb@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.