promiscuous mode

promiscuous mode

[Shankari Vaidyalingam]

Hi,


Would like to know whether enabling of promiscouous mode in the command
line is removed in the DPDK version 1.7.1.
I tried enabling the option by giving -P but it was giving me "Invalid
argument" error.

Regards
Shankari.V

Re: promiscuous mode

[Olivier MATZ]

On 03/26/2015 05:00 AM, Shankari Vaidyalingam wrote:
> Hi,
>
>
> Would like to know whether enabling of promiscouous mode in the command
> line is removed in the DPDK version 1.7.1.
> I tried enabling the option by giving -P but it was giving me "Invalid
> argument" error.

Which program?
Have you checked the source code in git?

You probably have all the elements to answer to your question
by yourself.


Regards,
Olivier

promiscuous mode

[Wolfgang]

static struct {
	struct sockaddr_can src;
	int pkt_len;
} ss = {
	.pkt_len = 1024,
	.src.can_addr.j1939 = {
		.name = J1939_NO_NAME,
		.addr = J1939_NO_ADDR,
		.pgn = J1939_NO_PGN,
	},
};


int main (void)
{
	
	int s;
	s = socket(PF_CAN, SOCK_DGRAM, CAN_J1939);
	    
	struct sockaddr_can addr;

    memset(&addr, 0, sizeof(addr));
    addr.can_ifindex = ss.src.can_ifindex;
    addr.can_addr.j1939.name = J1939_NO_NAME;    
    addr.can_addr.j1939.addr = J1939_NO_ADDR;
    addr.can_addr.j1939.pgn = J1939_NO_PGN;
    addr.can_family = AF_CAN;  
   
   
    if (bind(s, (void *)&addr, sizeof(addr))<0)
    	   		perror ("bind failed");
    	   	else
        		printf("bind of promiscuous socket successful\n");
        		     		
        		   	       	       	
    int s2;
	s2 = socket(PF_CAN, SOCK_DGRAM, CAN_J1939);
	
	struct sockaddr_can addr2;	
	   
    memset(&addr2, 0, sizeof(addr2));
    addr2.can_ifindex = if_nametoindex("can1");
    addr2.can_addr.j1939.name = J1939_NO_NAME;    
    addr2.can_addr.j1939.addr = 0x3d;
    addr2.can_addr.j1939.pgn = J1939_NO_PGN;
    addr2.can_family = AF_CAN;     
   
    if (bind(s2, (void *)&addr2, sizeof(addr2))<0)
    	   		perror ("bind2 failed");
        	else
        		printf("bind of s2 on can1 addr 0x3d successful\n");
        		
        		
    int ret;
	socklen_t len; 
	struct sockaddr_can src_addr;
	char buf[128];
;
	
	
	while (1)
	 {
			
			len = sizeof(src_addr);
			ret = recvfrom(s, buf, sizeof(buf), 0, (void *)&src_addr, &len);
			if (ret < 0)
			perror ("recvfrom failed");
		
		}
			
	}					
	

  		 
  return 0;
}

It is working, is it possible to use it or do I have to use recvmsg, because
when I do sendto it is receiving the sent message again and again or is it
possible to clear the buffer somehow? Recvmsg is working as well but how do I 
have to change the sendto, 'sendto failed: Invalid argument'?


	
	static char ctrlmsg[
	CMSG_SPACE(sizeof(uint8_t)) /* dest addr */
	+ CMSG_SPACE(sizeof(uint64_t)) /* dest name */
	+ CMSG_SPACE(sizeof(uint8_t)) /* priority */
	];
	
static struct {
	struct sockaddr_can addr;
	int pkt_len;
} s = {
	.pkt_len = 1024,
	.addr.can_addr.j1939 = {
		.name = J1939_NO_NAME,
		.addr = J1939_NO_ADDR,
		.pgn = J1939_NO_PGN,
	},
};

int main (void)
{
   int sock, ret, j;
   unsigned int len;
   struct msghdr msg;
   struct iovec iov;
   static uint8_t *buf;
   struct sockaddr_can src;

	socklen_t leng; 
   
   
   	buf = malloc(s.pkt_len);
	if (!buf)
		error(1, errno, "malloc %u", s.pkt_len);
   
   sock = socket(PF_CAN,SOCK_DGRAM,CAN_J1939);
      
   
   memset(&src, 0, sizeof(src));
   src.can_ifindex = s.addr.can_ifindex;
   src.can_family = AF_CAN;
   src.can_addr.j1939.name = J1939_NO_NAME;
   src.can_addr.j1939.addr = J1939_NO_ADDR;
   src.can_addr.j1939.pgn = J1939_NO_PGN;
   
   bind(sock,(void*)&src,sizeof(src));
   len = sizeof(src);
   
   iov.iov_base = &buf[0];
   msg.msg_name = &src;
   msg.msg_iov = &iov;
   msg.msg_iovlen = 1;
   msg.msg_control = &ctrlmsg;
   
   msg.msg_namelen = len;
   
   
       int s2;
	s2 = socket(PF_CAN, SOCK_DGRAM, CAN_J1939);
	
	struct sockaddr_can addr2;	
	   
    memset(&addr2, 0, sizeof(addr2));
    addr2.can_ifindex = if_nametoindex("can1");
    addr2.can_addr.j1939.name = J1939_NO_NAME;    
    addr2.can_addr.j1939.addr = 0x3d;
    addr2.can_addr.j1939.pgn = J1939_NO_PGN;
    addr2.can_family = AF_CAN;     
   
    if (bind(s2, (void *)&addr2, sizeof(addr2))<0)
    	   		perror ("bind2 failed");
        	else
        		printf("bind of s2 on can1 addr 0x3d successful\n");

   
   
	while (1) {
		/* these settings may be modified by recvmsg() */
		iov.iov_len = s.pkt_len;
		msg.msg_namelen = sizeof(src);
		msg.msg_controllen = sizeof(ctrlmsg);
		msg.msg_flags = 0;

		ret = recvmsg(sock, &msg, 0);
		
		
		len = ret;
		

			
			if ((sendto(s2, buf, ret, 0, (void *)&src, leng))<0);
			perror("sendto failed");
			
			
		
		}
		free(buf);
	
		
	return 0;
}

Thanks
Best regards,
Wolfgang

Re: promiscuous mode

[KOVACS Krisztian]

  Hi,

2005-06-03, p keltezéssel 10.09-kor knash@cs.tcd.ie ezt írta:
> I set up my wireless card in promiscuous mode. I want to capture all
> unicast packets using the hook NF_IP_PRE_ROUTING but packets other then
> the ones destined for my machine are been dropped.
> I found this link, which talks about a NF_IP_PROMISC hook
> This seems to be exactly what I want
> 
> https://lists.netfilter.org/pipermail/netfilter-devel/2001-November.txt
> 
> The only think is it refers to modifying
> netfilter/userspace/libiptc/libip4tc.c which doesn't seem to exist on the
> version of linux I'm running.

  The patch is a combined one containing userspace and kernelspace
modifications as well (patches files in iptables and adds files to the
old patch-o-matic). You probably won't be able to apply it easily,
hand-editing files seems to be necessary.

  BTW, Neither of the Netfilter hooks sees promisc packets, they are
dropped very early in the IP stack. If you take a look at that patch,
you can even see the comment describing this:

+-	/* When the interface is in promisc. mode, drop all the crap
+-	 * that it receives, do not try to analyse it.
+-	 */
+-	if (skb->pkt_type == PACKET_OTHERHOST)
+-		goto drop;

  Gianni's patch seems to create a new NF_IP_PROMISC hook which receives
exactly these packets.

-- 
KOVACS Krisztian <hidden@sch.bme.hu>

Re: promiscuous mode

[Jonas Berlin]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Quoting knash@cs.tcd.ie on 2005-06-05 16:00 UTC:

> Jonas,
>      Thanks for the info :-). I tried what you suggested by changing the
> rp_filter setting but this does not appear to effect the packets I
> see at the NF_IP_PRE_ROUTING hook.
> 
> Does this mean that rp_filter comes into effect after the
> NF_IP_PRE_ROUTING hook and before the NF_IP_LOCAL_IN hook?.

Sorry, I really have no idea about that.. I just hoped that rp_filter
would have helped :P

Hopefully somebody else can help out, you could also come to #netfilter
on freenode ircnet and ask..

- --
- - xkr47
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCo17CxyF48ZTvn+4RAqDEAKC3pJzDh7lS46qhM1csQI9VUls6hgCg0CF1
lP0k9XEHZnmD5E+LXQII4lE=
=/Nnt
-----END PGP SIGNATURE-----

Re: promiscuous mode

[knash]

Jonas,
     Thanks for the info :-). I tried what you suggested by changing the
rp_filter setting but this does not appear to effect the packets I
see at the NF_IP_PRE_ROUTING hook.

Does this mean that rp_filter comes into effect after the
NF_IP_PRE_ROUTING hook and before the NF_IP_LOCAL_IN hook?.

I also set up a socket using the PF_PACKET protocol to make sure that my
network card is in promiscuous mode. This is the case and I can see
unicast packets going to and from one of my other linux boxes.

I've just started working with the linux network protocol stack so my
understanding is fairly limited (and I might have got this wrong) but this
is what I think is happening:

All the IP packets picked up by my network card are revceived at the
ip_rcv() function (in net/ipv4/ip_input.c)

The very first thing ip_rcv does is check whether the packet is destinted
for another host and if so drops it


/*
 *      Main IP Receive routine.
 */
int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type
*pt)
{
        struct iphdr *iph;

   /* When the interface is in promisc. mode, drop all the crap
    * that it receives, do not try to analyse it.
    */
        if (skb->pkt_type == PACKET_OTHERHOST)
                goto drop;

At the end of the ip_rcv() function the NF_IP_PRE_ROUTING hook is called

        return NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, dev, NULL,
                      ip_rcv_finish);

By this stage the packets which I want to look at have already been
dropped. So what I need is a hook which can grab these packets received in
promiscuous mode before they are dropped,

Thanks,
Kevin




> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Quoting knash@cs.tcd.ie on 2005-06-03 09:09 UTC:
>> Hello,
>
> Hi :)
>
>> I set up my wireless card in promiscuous mode. I want to capture all
>> unicast packets using the hook NF_IP_PRE_ROUTING but packets other then
>> the ones destined for my machine are been dropped.
>
> Could it be that you have rp_filter turned on?
>
> Try doing this:
>
>   echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
>
> (replace eth1 with whatever your wlan interface is)
>
> Here's some more info (chapter 13.1):
>
>   http://www.linuxguruz.com/iptables/howto/2.4routing-13.html
>
> - --
> - - xkr47
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
>
> iD8DBQFCoWsCxyF48ZTvn+4RAui4AJ4422QWePo6mfZ1AixtXjDGKAdvSQCgx2jR
> gbBwczPHtnuIDrePPyaq/6k=
> =+Kry
> -----END PGP SIGNATURE-----
>
>

Re: promiscuous mode

[Jonas Berlin]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Quoting knash@cs.tcd.ie on 2005-06-03 09:09 UTC:
> Hello,

Hi :)

> I set up my wireless card in promiscuous mode. I want to capture all
> unicast packets using the hook NF_IP_PRE_ROUTING but packets other then
> the ones destined for my machine are been dropped.

Could it be that you have rp_filter turned on?

Try doing this:

  echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter

(replace eth1 with whatever your wlan interface is)

Here's some more info (chapter 13.1):

  http://www.linuxguruz.com/iptables/howto/2.4routing-13.html

- --
- - xkr47
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCoWsCxyF48ZTvn+4RAui4AJ4422QWePo6mfZ1AixtXjDGKAdvSQCgx2jR
gbBwczPHtnuIDrePPyaq/6k=
=+Kry
-----END PGP SIGNATURE-----

promiscuous mode

[knash]

Hello,
I set up my wireless card in promiscuous mode. I want to capture all
unicast packets using the hook NF_IP_PRE_ROUTING but packets other then
the ones destined for my machine are been dropped.
I found this link, which talks about a NF_IP_PROMISC hook
This seems to be exactly what I want

https://lists.netfilter.org/pipermail/netfilter-devel/2001-November.txt

The only think is it refers to modifying
netfilter/userspace/libiptc/libip4tc.c which doesn't seem to exist on the
version of linux I'm running.

I'm currently using
Fedora Core 2 (2.6.5-1.358)
and iptables v1.2.9

I was wondering does the latest version of netfilter support promiscuous
mode or is there a patch available out there somewhere ??

Thanks very much for your help,

Kevin

promiscuous mode

[knash]

Hello,
I set up my wireless card in promiscuous mode. I want to capture all
unicast packets using the hook NF_IP_PRE_ROUTING but packets other the
ones destined for my machine are been dropped.
I found this link, but its dated 2001

http://www.scaramanga.co.uk/code-fu/netfilter-promisc.diff

It refers to modifying netfilter/userspace/libiptc/libip4tc.c which my
version of netfilter doesn't seem to have.
I'm running Fedora Core 2 (2.6.5-1.358)
and iptables v1.2.9

I was wondering does the current version of netfilter support promiscuous
mode or is there a patch available??

Thanks very much for your help,

Kevin

Re: promiscuous mode

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1155 bytes --]

On Fri, Oct 03, 2003 at 01:12:39AM +0200, nils toedtmann wrote:
> Hi,
> 
> i want to do passive accounting using the ULOG target. As i 
> understood, netfilter can only see packets passing the kernel
> routing code. That explains why i cannot see packets (except 
> those for the box itself) passing the NIC in mangle/PREROUTING
> (NIC in promiscuous mode).

yes.  This is how a packet filtering framework is supposed to behave.

> but thats against iptables 1.2.3 (2001-11-06). Is there any
> other way doing passive accounting with iptables?

no, and I don't recommend it.  neither iptables, nor ULOG/ulogd are a
good way of doing accounting.

This discussion happened before.  Either on netdev, the ulogd list or
netfilter-devel, don't remember.

> /nils.


-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

promiscuous mode

[nils toedtmann]

Hi,

i want to do passive accounting using the ULOG target. As i 
understood, netfilter can only see packets passing the kernel
routing code. That explains why i cannot see packets (except 
those for the box itself) passing the NIC in mangle/PREROUTING
(NIC in promiscuous mode).

The only solution google digged was 

  <http://www.fokus.gmd.de/research/cc/glone/employees/sebastian.zander/private/netfilter.html>

but thats against iptables 1.2.3 (2001-11-06). Is there any
other way doing passive accounting with iptables?

I know that this is not the first time this question shows up.
The last message on this topic i found is 11 months old, i am 
just hoping things changed since then ;-) Our needs are simple,
so i try to avoid using one of those listening userland deamons 
like net-acctd.

/nils.


-- 
sig.