Joris van Rantwijk wrote:
> I'm trying to see outgoing network packets through the AF_PACKET
> interface. This works as long as I bind the packet socket with
> sll_protocol==htons(ETH_P_ALL). I would expect that I can filter
> on IP packets by binding to sll_protocol==htons(ETH_P_IP), but when
> I try it I suddenly see only the incoming packets and no outgoing at all.
Deja vu? :-) See this message:
> Subject: Re: PF_PACKET, ETH_P_IP does not catch outgoing packets.
> From: email@example.com
> Date: Thu, 23 Dec 1999 20:41:11 +0300 (MSK)
> > do not receive outgoing packets. Just changing the
> > protocol to ETH_P_ALL (or a later bind with that proto)
> > will get all packets. Is this intentional? (I don't think
> > so *g*)
> Yes, sort of. It is planned flaw in design. 8)
> > Any idea for a quick fix?
> No, it is not very easy. If it were easy, it would be made. 8)
> The problem is that bound to protocol sockets are not
> checked at output at all, only ETH_P_ALL ones are checked.
> We could check all, but it affects performance, because
> true protocols (looking exactly as packet socket) really
> need not it. The direction of compromise is not evident.
> Someone promised to think on this and repair at the end of 2.1,
> I even reserved sockopt PACKET_RECV_OUTPUT to switch it on/off,
> but, alas, I did not receive any patches.
Two years nobody cared. Seems the BPF is good enough...
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to firstname.lastname@example.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Nov 07 2001 - 21:00:17 EST