RE: raw PF_PACKET protocol selection

2007-10-09 Thread Joakim Tjernlund 
 

 -Original Message-
 From: Herbert Xu [mailto:[EMAIL PROTECTED] 
 Sent: den 9 oktober 2007 05:17
 To: [EMAIL PROTECTED]
 Cc: netdev@vger.kernel.org
 Subject: Re: raw PF_PACKET protocol selection
 
 Joakim Tjernlund [EMAIL PROTECTED] wrote:
  
  I trying to open my own raw PF_PACKET socket to receive 
  pkgs sent to this socket. I can only make ETH_P_ALL protocol
  work, but then I receive all pkgs and I want pkgs with a specific
  protocol type. I have tried lots of ETH_P types and none of 
 them work.
  Naturally I make sure the sender is using the same protocol 
 as my test
  program below. I guess I must be doing something wrong???
 
 Your program works fine here.  You did run it as root, right?

Yes and ETH_P_ALL is the only protocol that prints anything
I am on 2.6.22

 Did you try stracing it?

Just did and now it works, it didn't yesterday :(
But if I change protocol to ETH_P_MOBITEX, I don't get any
pkgs(I did change protocol on sending side too)

 
 Cheers,
 -- 
 Visit Openswan at http://www.openswan.org/
 Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
 Home Page: http://gondor.apana.org.au/~herbert/
 PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
 
 
 

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: raw PF_PACKET protocol selection

2007-10-09 Thread Evgeniy Polyakov 
On Tue, Oct 09, 2007 at 08:08:22AM +0200, Joakim Tjernlund ([EMAIL PROTECTED]) 
wrote:
  Your program works fine here.  You did run it as root, right?
 
 Yes and ETH_P_ALL is the only protocol that prints anything
 I am on 2.6.22

ETH_P_ARP works too.

  Did you try stracing it?
 
 Just did and now it works, it didn't yesterday :(
 But if I change protocol to ETH_P_MOBITEX, I don't get any
 pkgs(I did change protocol on sending side too)

Did you change eth_type_trans() to catch your proto?


-- 
Evgeniy Polyakov
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: raw PF_PACKET protocol selection

2007-10-09 Thread Joakim Tjernlund 
On Tue, 2007-10-09 at 11:13 +0400, Evgeniy Polyakov wrote:
 On Tue, Oct 09, 2007 at 08:08:22AM +0200, Joakim Tjernlund ([EMAIL 
 PROTECTED]) wrote:
   Your program works fine here.  You did run it as root, right?
  
  Yes and ETH_P_ALL is the only protocol that prints anything
  I am on 2.6.22
 
 ETH_P_ARP works too.
 
   Did you try stracing it?
  
  Just did and now it works, it didn't yesterday :(
  But if I change protocol to ETH_P_MOBITEX, I don't get any
  pkgs(I did change protocol on sending side too)
 
 Did you change eth_type_trans() to catch your proto?
 

Just fond out something:
if I redirect my prog like so:
./sniff  log
and press Ctrl-C after a packet has been sent to it, 
it does NOT work. I don't get ANY output in my log file, not
even the printf(-\n) appears.
But if I run whithout redirect it works(at least with ETH_P_BPQ)
Anyone else see this too?

  Jocke
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: raw PF_PACKET protocol selection

2007-10-09 Thread Evgeniy Polyakov 
On Tue, Oct 09, 2007 at 09:27:38AM +0200, Joakim Tjernlund ([EMAIL PROTECTED]) 
wrote:
  Did you change eth_type_trans() to catch your proto?
  
 
 Just fond out something:
 if I redirect my prog like so:
 ./sniff  log
 and press Ctrl-C after a packet has been sent to it, 
 it does NOT work. I don't get ANY output in my log file, not
 even the printf(-\n) appears.
 But if I run whithout redirect it works(at least with ETH_P_BPQ)
 Anyone else see this too?

I only tested with IP and ARP packets - I can not say when packet was
actually received and written to log, but it does start filling up, but
maybe not immediately - it can be output buffering in shell though.

-- 
Evgeniy Polyakov
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: raw PF_PACKET protocol selection

2007-10-09 Thread Joakim Tjernlund 
On Tue, 2007-10-09 at 11:34 +0400, Evgeniy Polyakov wrote:
 On Tue, Oct 09, 2007 at 09:27:38AM +0200, Joakim Tjernlund ([EMAIL 
 PROTECTED]) wrote:
   Did you change eth_type_trans() to catch your proto?
   
  
  Just fond out something:
  if I redirect my prog like so:
  ./sniff  log
  and press Ctrl-C after a packet has been sent to it, 
  it does NOT work. I don't get ANY output in my log file, not
  even the printf(-\n) appears.
  But if I run whithout redirect it works(at least with ETH_P_BPQ)
  Anyone else see this too?
 
 I only tested with IP and ARP packets - I can not say when packet was
 actually received and written to log, but it does start filling up, but
 maybe not immediately - it can be output buffering in shell though.

Did you receive many packets? Seems like when I receive just 1 or 2 pkgs
I get the empty log. If I strace ./sniff  log I see that recvfrom gets
pkgs, but there are no trace of writes. I guess this
is a bash(3.2_p17) or glibc(2.5.-r4) bug?
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: raw PF_PACKET protocol selection

2007-10-09 Thread Herbert Xu 
On Tue, Oct 09, 2007 at 09:27:38AM +0200, Joakim Tjernlund wrote:

 Just fond out something:
 if I redirect my prog like so:
 ./sniff  log
 and press Ctrl-C after a packet has been sent to it, 
 it does NOT work. I don't get ANY output in my log file, not
 even the printf(-\n) appears.
 But if I run whithout redirect it works(at least with ETH_P_BPQ)
 Anyone else see this too?

Um, this is what we call buffering.

You either need to turn buffering off with setbuf(3) or you
should install a SIGINT handler to flush the output before
exiting.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: raw PF_PACKET protocol selection

2007-10-09 Thread Evgeniy Polyakov 
On Tue, Oct 09, 2007 at 09:51:25AM +0200, Joakim Tjernlund ([EMAIL PROTECTED]) 
wrote:
 On Tue, 2007-10-09 at 11:34 +0400, Evgeniy Polyakov wrote:
  On Tue, Oct 09, 2007 at 09:27:38AM +0200, Joakim Tjernlund ([EMAIL 
  PROTECTED]) wrote:
Did you change eth_type_trans() to catch your proto?

   
   Just fond out something:
   if I redirect my prog like so:
   ./sniff  log
   and press Ctrl-C after a packet has been sent to it, 
   it does NOT work. I don't get ANY output in my log file, not
   even the printf(-\n) appears.
   But if I run whithout redirect it works(at least with ETH_P_BPQ)
   Anyone else see this too?
  
  I only tested with IP and ARP packets - I can not say when packet was
  actually received and written to log, but it does start filling up, but
  maybe not immediately - it can be output buffering in shell though.
 
 Did you receive many packets? Seems like when I receive just 1 or 2 pkgs
 I get the empty log. If I strace ./sniff  log I see that recvfrom gets
 pkgs, but there are no trace of writes. I guess this
 is a bash(3.2_p17) or glibc(2.5.-r4) bug?

I received 1396 bytes of logs before terminated, which is 27 ARP packets, 
so there is quite big number of packet there. 
Your application works correctly (although you swapped source and
destination ethernet fields) - buffered writing is not a bug,
if you do not like it, use write(2), mmap(2) or turn buffering off as
Herbert suggested. To get packets with your own ethernet protocol number
you have to change eth_type_trans() function in kernel, which parses
ethernet header and returns protocol number, under some conditions it
will just return your number automatically, but you should check it.

-- 
Evgeniy Polyakov
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: raw PF_PACKET protocol selection

2007-10-09 Thread Joakim Tjernlund 
On Tue, 2007-10-09 at 12:17 +0400, Evgeniy Polyakov wrote:
 On Tue, Oct 09, 2007 at 09:51:25AM +0200, Joakim Tjernlund ([EMAIL 
 PROTECTED]) wrote:
  On Tue, 2007-10-09 at 11:34 +0400, Evgeniy Polyakov wrote:
   On Tue, Oct 09, 2007 at 09:27:38AM +0200, Joakim Tjernlund ([EMAIL 
   PROTECTED]) wrote:
 Did you change eth_type_trans() to catch your proto?
 

Just fond out something:
if I redirect my prog like so:
./sniff  log
and press Ctrl-C after a packet has been sent to it, 
it does NOT work. I don't get ANY output in my log file, not
even the printf(-\n) appears.
But if I run whithout redirect it works(at least with ETH_P_BPQ)
Anyone else see this too?
   
   I only tested with IP and ARP packets - I can not say when packet was
   actually received and written to log, but it does start filling up, but
   maybe not immediately - it can be output buffering in shell though.
  
  Did you receive many packets? Seems like when I receive just 1 or 2 pkgs
  I get the empty log. If I strace ./sniff  log I see that recvfrom gets
  pkgs, but there are no trace of writes. I guess this
  is a bash(3.2_p17) or glibc(2.5.-r4) bug?
 
 I received 1396 bytes of logs before terminated, which is 27 ARP packets, 
 so there is quite big number of packet there. 
 Your application works correctly (although you swapped source and
 destination ethernet fields) - buffered writing is not a bug,
 if you do not like it, use write(2), mmap(2) or turn buffering off as
 Herbert suggested. To get packets with your own ethernet protocol number
 you have to change eth_type_trans() function in kernel, which parses
 ethernet header and returns protocol number, under some conditions it
 will just return your number automatically, but you should check it.

I thought that flushing was done automatically when SIGINT happened
but I was apperently wrong. Sorry for the noise and thanks for your
help. I have added setvbuf calls to make it unbuffered.

 Jocke
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: raw PF_PACKET protocol selection

2007-10-08 Thread Herbert Xu 
Joakim Tjernlund [EMAIL PROTECTED] wrote:
 
 I trying to open my own raw PF_PACKET socket to receive 
 pkgs sent to this socket. I can only make ETH_P_ALL protocol
 work, but then I receive all pkgs and I want pkgs with a specific
 protocol type. I have tried lots of ETH_P types and none of them work.
 Naturally I make sure the sender is using the same protocol as my test
 program below. I guess I must be doing something wrong???

Your program works fine here.  You did run it as root, right?
Did you try stracing it?

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html