[LARTC] tcpdump not working with imq0 devices
Andreas Unterkircher
unki at netshadow.at
Fri Nov 25 14:32:19 CET 2005
I would say this is something within IMQ itself.
Michal Kustosik (kustosz at veb.pl) schrieb:
>
> On Fri, Nov 25, 2005 at 01:42:30PM +0100, Andreas Unterkircher wrote:
> > No - if the interface doesn't support the necessary socketoptions (I guess
> > something like SO_ATTACH_FILTER) it won't work.
> >
> thank you for explain...
> compiling kernel with "Socket Filtering" in "Networking options"
> should be enough to see packets by tcpdump on imq interface?
>
> --
> Michal
>
>
>
> > Michal Kustosik (kustosz at veb.pl) schrieb:
> > >
> > > On Fri, Nov 25, 2005 at 12:54:03PM +0100, Andreas Unterkircher wrote:
> > > > yes, this is needed to get the traffic on the IMQ devices.
> > > > But after this you can't match anything on the IMQ devices.
> > > >
> > > but "tcpdump -n -i imq0" shoud present any packets going
> > > through the imq0 interface, yes? In my event the tcpdump
> > > show nothing.
> > >
> > > --
> > > Michal Kustosik
> > >
> > >
> > >
> > >
> > > > Michal Kustosik (kustosz at veb.pl) schrieb:
> > > > >
> > > > > On Fri, Nov 25, 2005 at 12:26:20PM +0100, Andreas Unterkircher wrote:
> > > > > > As far as I know it's simply not possible. Also you can't use iptables on a
> > > > > > imq device.
> > > > > >
> > > > > I read on http://www.linuximq.net/usage.html that it is nessesary to
> > > > > use iptables to specify which packets should go through the imq device:
> > > > >
> > > > > [... http://www.linuximq.net/usage.html ...]
> > > > > After attaching a qdisc to the device you have to specify which packets
> > > > > should go through the imq device. An iptables target (`IMQ') is provided
> > > > > for using all the packet-selecting power of iptables.
> > > > > ...
> > > > > /usr/sbin/iptables -t mangle -A PREROUTING -i ppp0 -j IMQ --todev 0
> > > > > ...
> > > > > [...]
> > > > > I have done the same.
> > > > >
> > > > > Regards,
> > > > > --
> > > > > Michal Kustosik
> > > > >
> > > > >
> > > > > > Cheers,
> > > > > > Andreas
> > > > > >
> > > > > > Michal Kustosik (kustosz at veb.pl) schrieb:
> > > > > > >
> > > > > > >
> > > > > > > On my debian woody (kernel 2.4.31) the tcpdump
> > > > > > > doesn't work with imq0 devices. If I try to tcpdump
> > > > > > > imq devices there is no packet seen:
> > > > > > > [...]
> > > > > > > rt1:~# tcpdump -n -i imq0
> > > > > > > Warning: arptype 65535 not supported by libpcap - falling back to cooked
> socket
> > > > > > > tcpdump: WARNING: imq0: no IPv4 address assigned
> > > > > > > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> > > > > > > listening on imq0, link-type LINUX_SLL (Linux cooked), capture size 68
> bytes
> > > > > > >
> > > > > > > [...]
> > > > > > > and there is no packet seen. I have sent the packet to imq0 by:
> > > > > > > rt1:~# iptables -I PREROUTING -t mangle -j IMQ --todev 0
> > > > > > > and there is no other entry in mangle table. There is also
> > > > > > > no firewall entry and no entry in nat table.
> > > > > > >
> > > > > > > The ifconfig command show, that the packet goes by imq0:
> > > > > > > [...]
> > > > > > > rt1:~# ifconfig imq0
> > > > > > > imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00
> > > > > > > UP RUNNING NOARP MTU:1500 Metric:1
> > > > > > > RX packets:3268292 errors:0 dropped:0 overruns:0 frame:0
> > > > > > > TX packets:3248999 errors:0 dropped:0 overruns:0 carrier:0
> > > > > > > collisions:0 txqueuelen:30
> > > > > > > RX bytes:1987844908 (1.8 GiB) TX bytes:1981674079 (1.8 GiB)
> > > > > > > [...]
> > > > > > >
> > > > > > > Everything but iptables is installing from packages deb.
> > > > > > > I tried to complile TCPDUMP 3.9.4 from http://www.tcpdump.org/
> > > > > > > but it is the same reason.
> > > > > > >
> > > > > > > I have other router, with similar configuration (vlan, imq, htb, the
> > > > > > > same kernel version 2.4.31, the same distribution debian woody)
> > > > > > > and there is no problem with debuging interfaces by tcpdump command.
> > > > > > >
> > > > > > > Have anybody solved the same problem?
> > > > > > >
> > > > > > >
> > > > > > > Below some information about the strange router:
> > > > > > > kernel - 2.4.31 with patch-o-matic-ng, imq-nat.diff,
> > > > > > > linux-2.4.28-imq2.diff,
> > > > > > > iptables - v1.3.3 with iptables-1.3.0-imq1.diff
> > > > > > > vlan - iANS-3.4.3a, e100-3.4.14
> > > > > > > lsmod:
> > > > > > > [...]
> > > > > > > Module Size Used by Tainted: P
> > > > > > > imq 1752 1
> > > > > > > ipt_IMQ 800 0
> > > > > > > ipt_REDIRECT 960 0 (autoclean)
> > > > > > > cls_fw 2368 0 (autoclean)
> > > > > > > cls_u32 4548 0 (autoclean)
> > > > > > > sch_sfq 3456 0 (autoclean)
> > > > > > > sch_htb 19040 0 (autoclean)
> > > > > > > ipt_ttl 640 0 (autoclean)
> > > > > > > ipt_state 608 0 (autoclean)
> > > > > > > ipt_REJECT 3072 0 (autoclean)
> > > > > > > ipt_connlimit 1504 0 (autoclean)
> > > > > > > ipt_LOG 3648 0 (autoclean)
> > > > > > > ipt_limit 960 0 (autoclean)
> > > > > > > iptable_filter 1728 0 (autoclean)
> > > > > > > ipt_mac 672 15 (autoclean)
> > > > > > > ipt_helper 992 22 (autoclean)
> > > > > > > ipt_multiport 640 132 (autoclean)
> > > > > > > ipt_MARK 800 255 (autoclean)
> > > > > > > iptable_mangle 2208 1 (autoclean)
> > > > > > > ians 113220 3 (autoclean)
> > > > > > > reiserfs 167392 1 (autoclean)
> > > > > > > e100 36292 4
> > > > > > > ip_nat_ftp 2848 0 (unused)
> > > > > > > iptable_nat 22420 2 [ipt_REDIRECT ip_nat_ftp]
> > > > > > > ip_tables 13664 17 [ipt_IMQ ipt_REDIRECT ipt_ttl ipt_state
> > > ipt_REJECT
> > > > > > > ipt_connlimit ipt_LOG ipt_limit iptable_filter ipt_mac ipt_helper
> ipt_multiport
> > > > > ipt_MARK
> > > > > > > iptable_mangle iptable_nat]
> > > > > > > ip_conntrack_ftp 3872 1
> > > > > > > ip_conntrack 28544 1 [ipt_REDIRECT ipt_state ipt_connlimit
> > > ipt_helper
> > > > > > > ip_nat_ftp iptable_nat ip_conntrack_ftp]
> > > > > > > rtc 6012 0 (autoclean)
> > > > > > > [...]
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Regards,
> > > > > > > --
> > > > > > > Michal Kustosik
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > LARTC mailing list
> > > > > > > LARTC at mailman.ds9a.nl
> > > > > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> > > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > LARTC mailing list
> > > > > > LARTC at mailman.ds9a.nl
> > > > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> > > > >
> > > > > _______________________________________________
> > > > > LARTC mailing list
> > > > > LARTC at mailman.ds9a.nl
> > > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> > > > >
> > > >
> > > > _______________________________________________
> > > > LARTC mailing list
> > > > LARTC at mailman.ds9a.nl
> > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> > >
> > > --
> > > Michal Kustosik
> > > Administrator Sieci Damis VeB
> > > http://www.veb.damis.pl/
> > >
> > > _______________________________________________
> > > LARTC mailing list
> > > LARTC at mailman.ds9a.nl
> > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> > >
> >
> > _______________________________________________
> > LARTC mailing list
> > LARTC at mailman.ds9a.nl
> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
> _______________________________________________
> LARTC mailing list
> LARTC at mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
More information about the LARTC
mailing list