From: Willem de Bruijn <willemb@google.com>
To: mihail.dakov@ng4t.com
Cc: Daniel Borkmann <dborkman@redhat.com>, netdev@vger.kernel.org
Subject: Re: AF_PACKET: tx_ring mirrored in rx_ring?
Date: Mon, 21 Jul 2014 18:35:00 -0400 [thread overview]
Message-ID: <CA+FuTScUC08D_+iHwxVuvWBSDdKgT7bQv-sigwAiopFodFOc=w@mail.gmail.com> (raw)
In-Reply-To: <20140721203253.Horde.9bpg4-qQqIsddySIO6hXOw1@ssl.lux01.de>
>>> What'd you mean by local traffic? The packets which are replicated are
>>> destined to remote machine(s).
>>
>>
>> Sure, but you are sending them out via your packet socket.
>
>
> Well yes. It's just that I interpreted local as if they were not going out
> of the machine. But in fact they do.
That is a semantic issue. The technical point is that packet
sockets read not only incoming packets, but also outgoing
ones. The tap in the egress path (dev_queue_xmit_nit) is taken
for almost all transmitted packets, included those transmitted
by a packet socket.
There is logic to avoid looping outgoing packets back into the
originating socket (and fanout group) by detecting the source
socket (skb_loop_sk). Other packet sockets will receive the
outgoing packets, however. This is correct behavior, as it is
how tcpdump can log all traffic, among others.
You can use PACKET_QDISC_BYPASS on your transmit
packet socket, as Daniel mentions, or attach a BPF filter to
your receive socket that filters on !PACKET_OUTGOING, e.g.,:
struct sock_filter bpf_filter[] = {
{BPF_LD | BPF_B | BPF_ABS, 0, 0, (uint32_t) (SKF_AD_OFF + SKF_AD_PKTTYPE)},
{BPF_JMP | BPF_JEQ, 1, 0, PACKET_OUTGOING},
{BPF_RET, 0, 0, 0x00000000},
{BPF_RET, 0, 0, 0x0000ffff},
};
struct sock_fprog bpf_prog;
bpf_prog.filter = bpf_filter;
bpf_prog.len = sizeof(bpf_filter) / sizeof(struct sock_filter);
if (setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, &bpf_prog,
sizeof(bpf_prog))) {
error(1, errno, "setsockopt filter");
}
next prev parent reply other threads:[~2014-07-21 22:35 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-21 13:18 AF_PACKET: tx_ring mirrored in rx_ring? Mihail Dakov
2014-07-21 13:38 ` Mihail Dakov
2014-07-21 13:51 ` Daniel Borkmann
2014-07-21 14:40 ` Mihail Dakov
2014-07-21 14:44 ` Fwd: " Mihail Dakov
2014-07-21 15:13 ` Daniel Borkmann
2014-07-21 18:32 ` mihail.dakov
2014-07-21 22:35 ` Willem de Bruijn [this message]
2014-07-21 22:36 ` Willem de Bruijn
2014-07-22 13:39 ` Mihail Dakov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+FuTScUC08D_+iHwxVuvWBSDdKgT7bQv-sigwAiopFodFOc=w@mail.gmail.com' \
--to=willemb@google.com \
--cc=dborkman@redhat.com \
--cc=mihail.dakov@ng4t.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.