I am having two (may be related) issues but I will describe the one mentioned in title first.
I am modifying the dummy network device driver to echo back the transmitted UDP packet to the transmitting interface. In the callback function of ndo_start_xmit, I have added following piece of code to echo back the transmitted packet:
struct sk_buff *skb2;
unsigned char *ptr;
skb2 = netdev_alloc_skb(dev, pkt_len + 2);
if(skb2)
{
ptr = skb_put(skb2 , pkt_len);
memcpy(ptr , (void*)skb->data, pkt_len);
/* Code to swap source and destination IP & Ports and increment tx rx counts here */
netif_rx(skb2);
}
Now if I assign IP to interface after inserting this module, send packets on this interface and then run ifconfig dummy0, I get following output:
dummy0 Link encap:Ethernet HWaddr 42:cd:19:7d:52:3f
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::40cd:19ff:fe7d:523f/64 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:4 errors:0 dropped:4 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:192 (192.0 B) TX bytes:258 (258.0 B)
Here we can see that along with packet TX and RX count, RX Drop count is also increasing. Can someone point to the reason why packets are being dropped?
Now coming to the second issue, if I try to run tcpdump to capture the packets, as soon as some packet arrives on RX of this dummy0 interface the whole virtual machine hangs (I guess the kernel panics). Is there something that I am missing in the code which causes this issue?
I was able to solve both issues by adding:
skb2->protocol = eth_type_trans(skb2, dev);
just before netif_rx(skb2).
Related
I have two ethernet interfaces on my machine: one is for internet, and the other would be used for raw ethernet connection without tcp/ip. Also i have a program that uses this interface in promiscuous mode. However, sometimes this interface is used by linux to send broadcast telegrams. I don't know, what service exactly does this, but i need to be sure that there would be no packets on this interface except mine.
Output of sudo ifconfig -v enp2s0 is listed below.
enp2s0: flags=67<UP,BROADCAST,RUNNING> mtu 1500
inet6 fe80::f137:afa0:2d44:f685 prefixlen 64 scopeid 0x20<link>
ether 54:bf:64:03:a8:76 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 197 bytes 27531 (26.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
As you can see, there is 197 TX packets, althougt i did not send anything in by app. My question is how to forbid any processes except one using this interface?
The interface is configured UP and has an address.
Arrange for it to not have an inet6 address, and no more broadcast datagrams will be sent.
I'm testing a 4G modem with different SIM cards, and with one of them, I'm having the following output from ifconfig ppp0:
ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.168.34.88 netmask 255.255.255.255 destination 10.168.34.88
ppp txqueuelen 3 (Point-to-Point Protocol)
RX packets 1873 bytes 1490197 (1.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1679 bytes 214990 (209.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
I'm a bit troubled by the fact that local IP address is the same as the destination IP address (10.168.34.88). (I would expect destination to be the address of the peer).
By the way, this is confirmed by the output of pppd, which says:
May 31 12:39:50 bouli9 pppd[1223384]: CHAP authentication succeeded: Welcome!
May 31 12:39:50 bouli9 pppd[1223384]: CHAP authentication succeeded
May 31 12:39:52 bouli9 pppd[1223384]: Protocol-Reject for unsupported protocol 0xff03
May 31 12:39:52 bouli9 pppd[1223384]: local IP address 10.168.34.88
May 31 12:39:52 bouli9 pppd[1223384]: remote IP address 10.168.34.88
I have access to internet using ppp0 anyway, but still, I'm a bit curious on what's going on here.
when i try to send command ifconfig im getting this
ath0 IEEE 802.11ng ESSID:"test" Nickname:""
Mode:Master Frequency:2.412 GHz Access Point: 00:00:00:00:00:00
Bit Rate:0 kb/s Tx-Power=-4 dBm Sensitivity=16/16
Retry:off RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=0/94 Signal level=-96 dBm Noise level=-96 dBm
Rx invalid nwid:475654423 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
how to get from this only part of lines for example
ESSID:""test
Frequency:2.412 GHz
Given your actual paste (and disregarding the malformed sample output):
$ cat ifconf
ath0 IEEE 802.11ng ESSID:"test" Nickname:""
Mode:Master Frequency:2.412 GHz Access Point: 00:00:00:00:00:00
Bit Rate:0 kb/s Tx-Power=-4 dBm Sensitivity=16/16
Retry:off RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=0/94 Signal level=-96 dBm Noise level=-96 dBm
Rx invalid nwid:475654423 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
$ grep -oE 'ESSID:"[^"]+"|Frequency:[^ ]+' ifconf
ESSID:"test"
Frequency:2.412
it's really just an extended RegEx, and grep's -o flag to ONLY output the exact match, rather than the matching line.
With asterisk I can set the volume of TX and RX. But what are those options? I've already googled this but can't find anything.
Whats is the difference between TX and RX?
RX is receive, incoming.
TX is transmitting, outgoing.
I'm dumping outgoing traffic. I only want TCP and UDP packets destined outside my LAN, nothing else. I just used the following filter with tcpdump:
ip and (tcp or udp) and (not icmp) and src host myIPAddr and not dst net myNet/myNetBits and not ip broadcast
But I captured the following packet:
###[ Ethernet ]###
dst = ff:ff:ff:ff:ff:ff
src = 00:1e:4a:e0:9e:00
type = 0x806
###[ ARP ]###
hwtype = 0x1
ptype = 0x800
hwlen = 6
plen = 4
op = who-has
hwsrc = 00:1e:4a:e0:9e:00
psrc = X.X.X.X
hwdst = 00:00:00:00:00:00
pdst = Y.Y.Y.Y
###[ Padding ]###
load = '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
What happened here? I thought I was dumping only IP packets.
Set filtering on your host as a source:
tcpdump src <YOUR_IP>
From looking at your dump you received ARP packet with IP protocol type (i.e. ptype = 0x800). You should filter out also ARP packets and (not arp) and that should cleanup your dump. I think if you look at the tcpdump code you will find the reason why it keeps also these specific ARP packets (but since IP uses these packets for network resolution I guess these ARP packets are considered part of IP by tcpdump).
Kind regards,
Bo