Hi
i have a problem with RAW sockets.
I have 2 RAW sockets where each socket listens on a networkinterface in promiscuious mode.
Socket A is listening on eth0 and socket B is listening on eth1.
Now, if there is a packet incoming on eth0 it should be send on eth1 and the other way around. So that i have something like a bridge.
This works fine accept:
There is a packet loop because:
e.g. socket A can see both incoming and outgouing packets so it sends back packets which are coming from socket B and so on.
How can i configure the socket so that it can only see incoming packets and ignores outgoing packets??
Please can someone help me with that.
Thanks.
Martin
Comments
:
: i have a problem with RAW sockets.
:
: I have 2 RAW sockets where each socket listens on a networkinterface
: in promiscuious mode.
: Socket A is listening on eth0 and socket B is listening on eth1.
:
: Now, if there is a packet incoming on eth0 it should be send on eth1
: and the other way around. So that i have something like a bridge.
: This works fine accept:
: There is a packet loop because:
: e.g. socket A can see both incoming and outgouing packets so it
: sends back packets which are coming from socket B and so on.
:
: How can i configure the socket so that it can only see incoming
: packets and ignores outgoing packets??
:
: Please can someone help me with that.
: Thanks.
: Martin
:
Look at the ip address.
An ip address has to be at either side of the bridge, and thus you can make a list of ip addresses and then filter them.
OR if the packets that the bridge sent away have the bridges ip address, use that as a filtering.
: :
: : i have a problem with RAW sockets.
: :
: : I have 2 RAW sockets where each socket listens on a networkinterface
: : in promiscuious mode.
: : Socket A is listening on eth0 and socket B is listening on eth1.
: :
: : Now, if there is a packet incoming on eth0 it should be send on eth1
: : and the other way around. So that i have something like a bridge.
: : This works fine accept:
: : There is a packet loop because:
: : e.g. socket A can see both incoming and outgouing packets so it
: : sends back packets which are coming from socket B and so on.
: :
: : How can i configure the socket so that it can only see incoming
: : packets and ignores outgoing packets??
: :
: : Please can someone help me with that.
: : Thanks.
: : Martin
: :
:
: Look at the ip address.
:
: An ip address has to be at either side of the bridge, and thus you
: can make a list of ip addresses and then filter them.
:
: OR if the packets that the bridge sent away have the bridges ip
: address, use that as a filtering.
Thanks for your reply, but that won't work for me.
Because i have to bridge packets without ip too. Like ARP.
And the package is bridged directly (without modifications)
Ok i can checkout the source mac address, but then i have to know each mac address on the two sides of the bridge (if there is only a hub at one side it will be multiple mac addresses just on one side). So this is not flexible enough.
: : :
: : : i have a problem with RAW sockets.
: : :
: : : I have 2 RAW sockets where each socket listens on a networkinterface
: : : in promiscuious mode.
: : : Socket A is listening on eth0 and socket B is listening on eth1.
: : :
: : : Now, if there is a packet incoming on eth0 it should be send on eth1
: : : and the other way around. So that i have something like a bridge.
: : : This works fine accept:
: : : There is a packet loop because:
: : : e.g. socket A can see both incoming and outgouing packets so it
: : : sends back packets which are coming from socket B and so on.
: : :
: : : How can i configure the socket so that it can only see incoming
: : : packets and ignores outgoing packets??
: : :
: : : Please can someone help me with that.
: : : Thanks.
: : : Martin
: : :
: :
: : Look at the ip address.
: :
: : An ip address has to be at either side of the bridge, and thus you
: : can make a list of ip addresses and then filter them.
: :
: : OR if the packets that the bridge sent away have the bridges ip
: : address, use that as a filtering.
:
: Thanks for your reply, but that won't work for me.
: Because i have to bridge packets without ip too. Like ARP.
: And the package is bridged directly (without modifications)
:
: Ok i can checkout the source mac address, but then i have to know
: each mac address on the two sides of the bridge (if there is only a
: hub at one side it will be multiple mac addresses just on one side).
: So this is not flexible enough.
:
You wouldn't need to know each. When you detect a packet comming from side A, add it to a list and then make sure any packet from side B won't be forwarded to side A if it's in the list.
The same for the other way around.
The lists could grow very big, but then you'll just have to reset it.
Optionally you can have a time restriction to the lists.
: : : :
: : : : i have a problem with RAW sockets.
: : : :
: : : : I have 2 RAW sockets where each socket listens on a networkinterface
: : : : in promiscuious mode.
: : : : Socket A is listening on eth0 and socket B is listening on eth1.
: : : :
: : : : Now, if there is a packet incoming on eth0 it should be send on eth1
: : : : and the other way around. So that i have something like a bridge.
: : : : This works fine accept:
: : : : There is a packet loop because:
: : : : e.g. socket A can see both incoming and outgouing packets so it
: : : : sends back packets which are coming from socket B and so on.
: : : :
: : : : How can i configure the socket so that it can only see incoming
: : : : packets and ignores outgoing packets??
: : : :
: : : : Please can someone help me with that.
: : : : Thanks.
: : : : Martin
: : : :
: : :
: : : Look at the ip address.
: : :
: : : An ip address has to be at either side of the bridge, and thus you
: : : can make a list of ip addresses and then filter them.
: : :
: : : OR if the packets that the bridge sent away have the bridges ip
: : : address, use that as a filtering.
: :
: : Thanks for your reply, but that won't work for me.
: : Because i have to bridge packets without ip too. Like ARP.
: : And the package is bridged directly (without modifications)
: :
: : Ok i can checkout the source mac address, but then i have to know
: : each mac address on the two sides of the bridge (if there is only a
: : hub at one side it will be multiple mac addresses just on one side).
: : So this is not flexible enough.
: :
:
: You wouldn't need to know each. When you detect a packet comming
: from side A, add it to a list and then make sure any packet from
: side B won't be forwarded to side A if it's in the list.
: The same for the other way around.
:
: The lists could grow very big, but then you'll just have to reset it.
: Optionally you can have a time restriction to the lists.
Ah thanks this sounds like it will work fine. Well, this is still intensive because you have to check each packet twice. But ok if there is no other way. But I think I will go on a little bit with my research, maybe I find something interesting.