On my debian woody (kernel 2.4.31) the tcpdump
doesn''t work with imq0 devices. If I try to tcpdump
imq devices there is no packet seen:
[...]
rt1:~# tcpdump -n -i imq0
Warning: arptype 65535 not supported by libpcap - falling back to cooked socket
tcpdump: WARNING: imq0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on imq0, link-type LINUX_SLL (Linux cooked), capture size 68 bytes
[...]
and there is no packet seen. I have sent the packet to imq0 by:
rt1:~# iptables -I PREROUTING -t mangle -j IMQ --todev 0
and there is no other entry in mangle table. There is also
no firewall entry and no entry in nat table.
The ifconfig command show, that the packet goes by imq0:
[...]
rt1:~# ifconfig imq0
imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00
UP RUNNING NOARP MTU:1500 Metric:1
RX packets:3268292 errors:0 dropped:0 overruns:0 frame:0
TX packets:3248999 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:30
RX bytes:1987844908 (1.8 GiB) TX bytes:1981674079 (1.8 GiB)
[...]
Everything but iptables is installing from packages deb.
I tried to complile TCPDUMP 3.9.4 from http://www.tcpdump.org/
but it is the same reason.
I have other router, with similar configuration (vlan, imq, htb, the
same kernel version 2.4.31, the same distribution debian woody)
and there is no problem with debuging interfaces by tcpdump command.
Have anybody solved the same problem?
Below some information about the strange router:
kernel - 2.4.31 with patch-o-matic-ng, imq-nat.diff,
linux-2.4.28-imq2.diff,
iptables - v1.3.3 with iptables-1.3.0-imq1.diff
vlan - iANS-3.4.3a, e100-3.4.14
lsmod:
[...]
Module Size Used by Tainted: P
imq 1752 1
ipt_IMQ 800 0
ipt_REDIRECT 960 0 (autoclean)
cls_fw 2368 0 (autoclean)
cls_u32 4548 0 (autoclean)
sch_sfq 3456 0 (autoclean)
sch_htb 19040 0 (autoclean)
ipt_ttl 640 0 (autoclean)
ipt_state 608 0 (autoclean)
ipt_REJECT 3072 0 (autoclean)
ipt_connlimit 1504 0 (autoclean)
ipt_LOG 3648 0 (autoclean)
ipt_limit 960 0 (autoclean)
iptable_filter 1728 0 (autoclean)
ipt_mac 672 15 (autoclean)
ipt_helper 992 22 (autoclean)
ipt_multiport 640 132 (autoclean)
ipt_MARK 800 255 (autoclean)
iptable_mangle 2208 1 (autoclean)
ians 113220 3 (autoclean)
reiserfs 167392 1 (autoclean)
e100 36292 4
ip_nat_ftp 2848 0 (unused)
iptable_nat 22420 2 [ipt_REDIRECT ip_nat_ftp]
ip_tables 13664 17 [ipt_IMQ ipt_REDIRECT ipt_ttl ipt_state
ipt_REJECT ipt_connlimit ipt_LOG ipt_limit iptable_filter ipt_mac ipt_helper
ipt_multiport ipt_MARK iptable_mangle iptable_nat]
ip_conntrack_ftp 3872 1
ip_conntrack 28544 1 [ipt_REDIRECT ipt_state ipt_connlimit
ipt_helper ip_nat_ftp iptable_nat ip_conntrack_ftp]
rtc 6012 0 (autoclean)
[...]
Regards,
--
Michal Kustosik
Andreas Unterkircher
2005-Nov-25 11:26 UTC
Re: [LARTC] tcpdump not working with imq0 devices
As far as I know it''s simply not possible. Also you can''t use iptables on a imq device. Cheers, Andreas Michal Kustosik (kustosz@veb.pl) schrieb:> > > On my debian woody (kernel 2.4.31) the tcpdump > doesn''t work with imq0 devices. If I try to tcpdump > imq devices there is no packet seen: > [...] > rt1:~# tcpdump -n -i imq0 > Warning: arptype 65535 not supported by libpcap - falling back to cooked socket > tcpdump: WARNING: imq0: no IPv4 address assigned > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on imq0, link-type LINUX_SLL (Linux cooked), capture size 68 bytes > > [...] > and there is no packet seen. I have sent the packet to imq0 by: > rt1:~# iptables -I PREROUTING -t mangle -j IMQ --todev 0 > and there is no other entry in mangle table. There is also > no firewall entry and no entry in nat table. > > The ifconfig command show, that the packet goes by imq0: > [...] > rt1:~# ifconfig imq0 > imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00 > UP RUNNING NOARP MTU:1500 Metric:1 > RX packets:3268292 errors:0 dropped:0 overruns:0 frame:0 > TX packets:3248999 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:30 > RX bytes:1987844908 (1.8 GiB) TX bytes:1981674079 (1.8 GiB) > [...] > > Everything but iptables is installing from packages deb. > I tried to complile TCPDUMP 3.9.4 from http://www.tcpdump.org/ > but it is the same reason. > > I have other router, with similar configuration (vlan, imq, htb, the > same kernel version 2.4.31, the same distribution debian woody) > and there is no problem with debuging interfaces by tcpdump command. > > Have anybody solved the same problem? > > > Below some information about the strange router: > kernel - 2.4.31 with patch-o-matic-ng, imq-nat.diff, > linux-2.4.28-imq2.diff, > iptables - v1.3.3 with iptables-1.3.0-imq1.diff > vlan - iANS-3.4.3a, e100-3.4.14 > lsmod: > [...] > Module Size Used by Tainted: P > imq 1752 1 > ipt_IMQ 800 0 > ipt_REDIRECT 960 0 (autoclean) > cls_fw 2368 0 (autoclean) > cls_u32 4548 0 (autoclean) > sch_sfq 3456 0 (autoclean) > sch_htb 19040 0 (autoclean) > ipt_ttl 640 0 (autoclean) > ipt_state 608 0 (autoclean) > ipt_REJECT 3072 0 (autoclean) > ipt_connlimit 1504 0 (autoclean) > ipt_LOG 3648 0 (autoclean) > ipt_limit 960 0 (autoclean) > iptable_filter 1728 0 (autoclean) > ipt_mac 672 15 (autoclean) > ipt_helper 992 22 (autoclean) > ipt_multiport 640 132 (autoclean) > ipt_MARK 800 255 (autoclean) > iptable_mangle 2208 1 (autoclean) > ians 113220 3 (autoclean) > reiserfs 167392 1 (autoclean) > e100 36292 4 > ip_nat_ftp 2848 0 (unused) > iptable_nat 22420 2 [ipt_REDIRECT ip_nat_ftp] > ip_tables 13664 17 [ipt_IMQ ipt_REDIRECT ipt_ttl ipt_state ipt_REJECT > ipt_connlimit ipt_LOG ipt_limit iptable_filter ipt_mac ipt_helper ipt_multiport ipt_MARK > iptable_mangle iptable_nat] > ip_conntrack_ftp 3872 1 > ip_conntrack 28544 1 [ipt_REDIRECT ipt_state ipt_connlimit ipt_helper > ip_nat_ftp iptable_nat ip_conntrack_ftp] > rtc 6012 0 (autoclean) > [...] > > > > Regards, > -- > Michal Kustosik > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >
On Fri, Nov 25, 2005 at 12:26:20PM +0100, Andreas Unterkircher wrote:> As far as I know it''s simply not possible. Also you can''t use iptables on a > imq device. >I read on http://www.linuximq.net/usage.html that it is nessesary to use iptables to specify which packets should go through the imq device: [... http://www.linuximq.net/usage.html ...] After attaching a qdisc to the device you have to specify which packets should go through the imq device. An iptables target (`IMQ'') is provided for using all the packet-selecting power of iptables. ... /usr/sbin/iptables -t mangle -A PREROUTING -i ppp0 -j IMQ --todev 0 ... [...] I have done the same. Regards, -- Michal Kustosik> Cheers, > Andreas > > Michal Kustosik (kustosz@veb.pl) schrieb: > > > > > > On my debian woody (kernel 2.4.31) the tcpdump > > doesn''t work with imq0 devices. If I try to tcpdump > > imq devices there is no packet seen: > > [...] > > rt1:~# tcpdump -n -i imq0 > > Warning: arptype 65535 not supported by libpcap - falling back to cooked socket > > tcpdump: WARNING: imq0: no IPv4 address assigned > > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > > listening on imq0, link-type LINUX_SLL (Linux cooked), capture size 68 bytes > > > > [...] > > and there is no packet seen. I have sent the packet to imq0 by: > > rt1:~# iptables -I PREROUTING -t mangle -j IMQ --todev 0 > > and there is no other entry in mangle table. There is also > > no firewall entry and no entry in nat table. > > > > The ifconfig command show, that the packet goes by imq0: > > [...] > > rt1:~# ifconfig imq0 > > imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00 > > UP RUNNING NOARP MTU:1500 Metric:1 > > RX packets:3268292 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:3248999 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:30 > > RX bytes:1987844908 (1.8 GiB) TX bytes:1981674079 (1.8 GiB) > > [...] > > > > Everything but iptables is installing from packages deb. > > I tried to complile TCPDUMP 3.9.4 from http://www.tcpdump.org/ > > but it is the same reason. > > > > I have other router, with similar configuration (vlan, imq, htb, the > > same kernel version 2.4.31, the same distribution debian woody) > > and there is no problem with debuging interfaces by tcpdump command. > > > > Have anybody solved the same problem? > > > > > > Below some information about the strange router: > > kernel - 2.4.31 with patch-o-matic-ng, imq-nat.diff, > > linux-2.4.28-imq2.diff, > > iptables - v1.3.3 with iptables-1.3.0-imq1.diff > > vlan - iANS-3.4.3a, e100-3.4.14 > > lsmod: > > [...] > > Module Size Used by Tainted: P > > imq 1752 1 > > ipt_IMQ 800 0 > > ipt_REDIRECT 960 0 (autoclean) > > cls_fw 2368 0 (autoclean) > > cls_u32 4548 0 (autoclean) > > sch_sfq 3456 0 (autoclean) > > sch_htb 19040 0 (autoclean) > > ipt_ttl 640 0 (autoclean) > > ipt_state 608 0 (autoclean) > > ipt_REJECT 3072 0 (autoclean) > > ipt_connlimit 1504 0 (autoclean) > > ipt_LOG 3648 0 (autoclean) > > ipt_limit 960 0 (autoclean) > > iptable_filter 1728 0 (autoclean) > > ipt_mac 672 15 (autoclean) > > ipt_helper 992 22 (autoclean) > > ipt_multiport 640 132 (autoclean) > > ipt_MARK 800 255 (autoclean) > > iptable_mangle 2208 1 (autoclean) > > ians 113220 3 (autoclean) > > reiserfs 167392 1 (autoclean) > > e100 36292 4 > > ip_nat_ftp 2848 0 (unused) > > iptable_nat 22420 2 [ipt_REDIRECT ip_nat_ftp] > > ip_tables 13664 17 [ipt_IMQ ipt_REDIRECT ipt_ttl ipt_state ipt_REJECT > > ipt_connlimit ipt_LOG ipt_limit iptable_filter ipt_mac ipt_helper ipt_multiport ipt_MARK > > iptable_mangle iptable_nat] > > ip_conntrack_ftp 3872 1 > > ip_conntrack 28544 1 [ipt_REDIRECT ipt_state ipt_connlimit ipt_helper > > ip_nat_ftp iptable_nat ip_conntrack_ftp] > > rtc 6012 0 (autoclean) > > [...] > > > > > > > > Regards, > > -- > > Michal Kustosik > > > > _______________________________________________ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Andreas Unterkircher
2005-Nov-25 11:54 UTC
Re: [LARTC] tcpdump not working with imq0 devices
yes, this is needed to get the traffic on the IMQ devices. But after this you can''t match anything on the IMQ devices. Michal Kustosik (kustosz@veb.pl) schrieb:> > On Fri, Nov 25, 2005 at 12:26:20PM +0100, Andreas Unterkircher wrote: > > As far as I know it''s simply not possible. Also you can''t use iptables on a > > imq device. > > > I read on http://www.linuximq.net/usage.html that it is nessesary to > use iptables to specify which packets should go through the imq device: > > [... http://www.linuximq.net/usage.html ...] > After attaching a qdisc to the device you have to specify which packets > should go through the imq device. An iptables target (`IMQ'') is provided > for using all the packet-selecting power of iptables. > ... > /usr/sbin/iptables -t mangle -A PREROUTING -i ppp0 -j IMQ --todev 0 > ... > [...] > I have done the same. > > Regards, > -- > Michal Kustosik > > > > Cheers, > > Andreas > > > > Michal Kustosik (kustosz@veb.pl) schrieb: > > > > > > > > > On my debian woody (kernel 2.4.31) the tcpdump > > > doesn''t work with imq0 devices. If I try to tcpdump > > > imq devices there is no packet seen: > > > [...] > > > rt1:~# tcpdump -n -i imq0 > > > Warning: arptype 65535 not supported by libpcap - falling back to cooked socket > > > tcpdump: WARNING: imq0: no IPv4 address assigned > > > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > > > listening on imq0, link-type LINUX_SLL (Linux cooked), capture size 68 bytes > > > > > > [...] > > > and there is no packet seen. I have sent the packet to imq0 by: > > > rt1:~# iptables -I PREROUTING -t mangle -j IMQ --todev 0 > > > and there is no other entry in mangle table. There is also > > > no firewall entry and no entry in nat table. > > > > > > The ifconfig command show, that the packet goes by imq0: > > > [...] > > > rt1:~# ifconfig imq0 > > > imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00 > > > UP RUNNING NOARP MTU:1500 Metric:1 > > > RX packets:3268292 errors:0 dropped:0 overruns:0 frame:0 > > > TX packets:3248999 errors:0 dropped:0 overruns:0 carrier:0 > > > collisions:0 txqueuelen:30 > > > RX bytes:1987844908 (1.8 GiB) TX bytes:1981674079 (1.8 GiB) > > > [...] > > > > > > Everything but iptables is installing from packages deb. > > > I tried to complile TCPDUMP 3.9.4 from http://www.tcpdump.org/ > > > but it is the same reason. > > > > > > I have other router, with similar configuration (vlan, imq, htb, the > > > same kernel version 2.4.31, the same distribution debian woody) > > > and there is no problem with debuging interfaces by tcpdump command. > > > > > > Have anybody solved the same problem? > > > > > > > > > Below some information about the strange router: > > > kernel - 2.4.31 with patch-o-matic-ng, imq-nat.diff, > > > linux-2.4.28-imq2.diff, > > > iptables - v1.3.3 with iptables-1.3.0-imq1.diff > > > vlan - iANS-3.4.3a, e100-3.4.14 > > > lsmod: > > > [...] > > > Module Size Used by Tainted: P > > > imq 1752 1 > > > ipt_IMQ 800 0 > > > ipt_REDIRECT 960 0 (autoclean) > > > cls_fw 2368 0 (autoclean) > > > cls_u32 4548 0 (autoclean) > > > sch_sfq 3456 0 (autoclean) > > > sch_htb 19040 0 (autoclean) > > > ipt_ttl 640 0 (autoclean) > > > ipt_state 608 0 (autoclean) > > > ipt_REJECT 3072 0 (autoclean) > > > ipt_connlimit 1504 0 (autoclean) > > > ipt_LOG 3648 0 (autoclean) > > > ipt_limit 960 0 (autoclean) > > > iptable_filter 1728 0 (autoclean) > > > ipt_mac 672 15 (autoclean) > > > ipt_helper 992 22 (autoclean) > > > ipt_multiport 640 132 (autoclean) > > > ipt_MARK 800 255 (autoclean) > > > iptable_mangle 2208 1 (autoclean) > > > ians 113220 3 (autoclean) > > > reiserfs 167392 1 (autoclean) > > > e100 36292 4 > > > ip_nat_ftp 2848 0 (unused) > > > iptable_nat 22420 2 [ipt_REDIRECT ip_nat_ftp] > > > ip_tables 13664 17 [ipt_IMQ ipt_REDIRECT ipt_ttl ipt_state ipt_REJECT > > > ipt_connlimit ipt_LOG ipt_limit iptable_filter ipt_mac ipt_helper ipt_multiport > ipt_MARK > > > iptable_mangle iptable_nat] > > > ip_conntrack_ftp 3872 1 > > > ip_conntrack 28544 1 [ipt_REDIRECT ipt_state ipt_connlimit ipt_helper > > > ip_nat_ftp iptable_nat ip_conntrack_ftp] > > > rtc 6012 0 (autoclean) > > > [...] > > > > > > > > > > > > Regards, > > > -- > > > Michal Kustosik > > > > > > _______________________________________________ > > > LARTC mailing list > > > LARTC@mailman.ds9a.nl > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > > _______________________________________________ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >
On Fri, Nov 25, 2005 at 12:54:03PM +0100, Andreas Unterkircher wrote:> yes, this is needed to get the traffic on the IMQ devices. > But after this you can''t match anything on the IMQ devices. >but "tcpdump -n -i imq0" shoud present any packets going through the imq0 interface, yes? In my event the tcpdump show nothing. -- Michal Kustosik> Michal Kustosik (kustosz@veb.pl) schrieb: > > > > On Fri, Nov 25, 2005 at 12:26:20PM +0100, Andreas Unterkircher wrote: > > > As far as I know it''s simply not possible. Also you can''t use iptables on a > > > imq device. > > > > > I read on http://www.linuximq.net/usage.html that it is nessesary to > > use iptables to specify which packets should go through the imq device: > > > > [... http://www.linuximq.net/usage.html ...] > > After attaching a qdisc to the device you have to specify which packets > > should go through the imq device. An iptables target (`IMQ'') is provided > > for using all the packet-selecting power of iptables. > > ... > > /usr/sbin/iptables -t mangle -A PREROUTING -i ppp0 -j IMQ --todev 0 > > ... > > [...] > > I have done the same. > > > > Regards, > > -- > > Michal Kustosik > > > > > > > Cheers, > > > Andreas > > > > > > Michal Kustosik (kustosz@veb.pl) schrieb: > > > > > > > > > > > > On my debian woody (kernel 2.4.31) the tcpdump > > > > doesn''t work with imq0 devices. If I try to tcpdump > > > > imq devices there is no packet seen: > > > > [...] > > > > rt1:~# tcpdump -n -i imq0 > > > > Warning: arptype 65535 not supported by libpcap - falling back to cooked socket > > > > tcpdump: WARNING: imq0: no IPv4 address assigned > > > > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > > > > listening on imq0, link-type LINUX_SLL (Linux cooked), capture size 68 bytes > > > > > > > > [...] > > > > and there is no packet seen. I have sent the packet to imq0 by: > > > > rt1:~# iptables -I PREROUTING -t mangle -j IMQ --todev 0 > > > > and there is no other entry in mangle table. There is also > > > > no firewall entry and no entry in nat table. > > > > > > > > The ifconfig command show, that the packet goes by imq0: > > > > [...] > > > > rt1:~# ifconfig imq0 > > > > imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00 > > > > UP RUNNING NOARP MTU:1500 Metric:1 > > > > RX packets:3268292 errors:0 dropped:0 overruns:0 frame:0 > > > > TX packets:3248999 errors:0 dropped:0 overruns:0 carrier:0 > > > > collisions:0 txqueuelen:30 > > > > RX bytes:1987844908 (1.8 GiB) TX bytes:1981674079 (1.8 GiB) > > > > [...] > > > > > > > > Everything but iptables is installing from packages deb. > > > > I tried to complile TCPDUMP 3.9.4 from http://www.tcpdump.org/ > > > > but it is the same reason. > > > > > > > > I have other router, with similar configuration (vlan, imq, htb, the > > > > same kernel version 2.4.31, the same distribution debian woody) > > > > and there is no problem with debuging interfaces by tcpdump command. > > > > > > > > Have anybody solved the same problem? > > > > > > > > > > > > Below some information about the strange router: > > > > kernel - 2.4.31 with patch-o-matic-ng, imq-nat.diff, > > > > linux-2.4.28-imq2.diff, > > > > iptables - v1.3.3 with iptables-1.3.0-imq1.diff > > > > vlan - iANS-3.4.3a, e100-3.4.14 > > > > lsmod: > > > > [...] > > > > Module Size Used by Tainted: P > > > > imq 1752 1 > > > > ipt_IMQ 800 0 > > > > ipt_REDIRECT 960 0 (autoclean) > > > > cls_fw 2368 0 (autoclean) > > > > cls_u32 4548 0 (autoclean) > > > > sch_sfq 3456 0 (autoclean) > > > > sch_htb 19040 0 (autoclean) > > > > ipt_ttl 640 0 (autoclean) > > > > ipt_state 608 0 (autoclean) > > > > ipt_REJECT 3072 0 (autoclean) > > > > ipt_connlimit 1504 0 (autoclean) > > > > ipt_LOG 3648 0 (autoclean) > > > > ipt_limit 960 0 (autoclean) > > > > iptable_filter 1728 0 (autoclean) > > > > ipt_mac 672 15 (autoclean) > > > > ipt_helper 992 22 (autoclean) > > > > ipt_multiport 640 132 (autoclean) > > > > ipt_MARK 800 255 (autoclean) > > > > iptable_mangle 2208 1 (autoclean) > > > > ians 113220 3 (autoclean) > > > > reiserfs 167392 1 (autoclean) > > > > e100 36292 4 > > > > ip_nat_ftp 2848 0 (unused) > > > > iptable_nat 22420 2 [ipt_REDIRECT ip_nat_ftp] > > > > ip_tables 13664 17 [ipt_IMQ ipt_REDIRECT ipt_ttl ipt_state ipt_REJECT > > > > ipt_connlimit ipt_LOG ipt_limit iptable_filter ipt_mac ipt_helper ipt_multiport > > ipt_MARK > > > > iptable_mangle iptable_nat] > > > > ip_conntrack_ftp 3872 1 > > > > ip_conntrack 28544 1 [ipt_REDIRECT ipt_state ipt_connlimit ipt_helper > > > > ip_nat_ftp iptable_nat ip_conntrack_ftp] > > > > rtc 6012 0 (autoclean) > > > > [...] > > > > > > > > > > > > > > > > Regards, > > > > -- > > > > Michal Kustosik > > > > > > > > _______________________________________________ > > > > LARTC mailing list > > > > LARTC@mailman.ds9a.nl > > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > > > > > _______________________________________________ > > > LARTC mailing list > > > LARTC@mailman.ds9a.nl > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > _______________________________________________ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc-- Michal Kustosik Administrator Sieci Damis VeB http://www.veb.damis.pl/
Andreas Unterkircher
2005-Nov-25 12:42 UTC
Re: [LARTC] tcpdump not working with imq0 devices
No - if the interface doesn''t support the necessary socketoptions (I guess something like SO_ATTACH_FILTER) it won''t work. Michal Kustosik (kustosz@veb.pl) schrieb:> > On Fri, Nov 25, 2005 at 12:54:03PM +0100, Andreas Unterkircher wrote: > > yes, this is needed to get the traffic on the IMQ devices. > > But after this you can''t match anything on the IMQ devices. > > > but "tcpdump -n -i imq0" shoud present any packets going > through the imq0 interface, yes? In my event the tcpdump > show nothing. > > -- > Michal Kustosik > > > > > > Michal Kustosik (kustosz@veb.pl) schrieb: > > > > > > On Fri, Nov 25, 2005 at 12:26:20PM +0100, Andreas Unterkircher wrote: > > > > As far as I know it''s simply not possible. Also you can''t use iptables on a > > > > imq device. > > > > > > > I read on http://www.linuximq.net/usage.html that it is nessesary to > > > use iptables to specify which packets should go through the imq device: > > > > > > [... http://www.linuximq.net/usage.html ...] > > > After attaching a qdisc to the device you have to specify which packets > > > should go through the imq device. An iptables target (`IMQ'') is provided > > > for using all the packet-selecting power of iptables. > > > ... > > > /usr/sbin/iptables -t mangle -A PREROUTING -i ppp0 -j IMQ --todev 0 > > > ... > > > [...] > > > I have done the same. > > > > > > Regards, > > > -- > > > Michal Kustosik > > > > > > > > > > Cheers, > > > > Andreas > > > > > > > > Michal Kustosik (kustosz@veb.pl) schrieb: > > > > > > > > > > > > > > > On my debian woody (kernel 2.4.31) the tcpdump > > > > > doesn''t work with imq0 devices. If I try to tcpdump > > > > > imq devices there is no packet seen: > > > > > [...] > > > > > rt1:~# tcpdump -n -i imq0 > > > > > Warning: arptype 65535 not supported by libpcap - falling back to cooked socket > > > > > tcpdump: WARNING: imq0: no IPv4 address assigned > > > > > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > > > > > listening on imq0, link-type LINUX_SLL (Linux cooked), capture size 68 bytes > > > > > > > > > > [...] > > > > > and there is no packet seen. I have sent the packet to imq0 by: > > > > > rt1:~# iptables -I PREROUTING -t mangle -j IMQ --todev 0 > > > > > and there is no other entry in mangle table. There is also > > > > > no firewall entry and no entry in nat table. > > > > > > > > > > The ifconfig command show, that the packet goes by imq0: > > > > > [...] > > > > > rt1:~# ifconfig imq0 > > > > > imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00 > > > > > UP RUNNING NOARP MTU:1500 Metric:1 > > > > > RX packets:3268292 errors:0 dropped:0 overruns:0 frame:0 > > > > > TX packets:3248999 errors:0 dropped:0 overruns:0 carrier:0 > > > > > collisions:0 txqueuelen:30 > > > > > RX bytes:1987844908 (1.8 GiB) TX bytes:1981674079 (1.8 GiB) > > > > > [...] > > > > > > > > > > Everything but iptables is installing from packages deb. > > > > > I tried to complile TCPDUMP 3.9.4 from http://www.tcpdump.org/ > > > > > but it is the same reason. > > > > > > > > > > I have other router, with similar configuration (vlan, imq, htb, the > > > > > same kernel version 2.4.31, the same distribution debian woody) > > > > > and there is no problem with debuging interfaces by tcpdump command. > > > > > > > > > > Have anybody solved the same problem? > > > > > > > > > > > > > > > Below some information about the strange router: > > > > > kernel - 2.4.31 with patch-o-matic-ng, imq-nat.diff, > > > > > linux-2.4.28-imq2.diff, > > > > > iptables - v1.3.3 with iptables-1.3.0-imq1.diff > > > > > vlan - iANS-3.4.3a, e100-3.4.14 > > > > > lsmod: > > > > > [...] > > > > > Module Size Used by Tainted: P > > > > > imq 1752 1 > > > > > ipt_IMQ 800 0 > > > > > ipt_REDIRECT 960 0 (autoclean) > > > > > cls_fw 2368 0 (autoclean) > > > > > cls_u32 4548 0 (autoclean) > > > > > sch_sfq 3456 0 (autoclean) > > > > > sch_htb 19040 0 (autoclean) > > > > > ipt_ttl 640 0 (autoclean) > > > > > ipt_state 608 0 (autoclean) > > > > > ipt_REJECT 3072 0 (autoclean) > > > > > ipt_connlimit 1504 0 (autoclean) > > > > > ipt_LOG 3648 0 (autoclean) > > > > > ipt_limit 960 0 (autoclean) > > > > > iptable_filter 1728 0 (autoclean) > > > > > ipt_mac 672 15 (autoclean) > > > > > ipt_helper 992 22 (autoclean) > > > > > ipt_multiport 640 132 (autoclean) > > > > > ipt_MARK 800 255 (autoclean) > > > > > iptable_mangle 2208 1 (autoclean) > > > > > ians 113220 3 (autoclean) > > > > > reiserfs 167392 1 (autoclean) > > > > > e100 36292 4 > > > > > ip_nat_ftp 2848 0 (unused) > > > > > iptable_nat 22420 2 [ipt_REDIRECT ip_nat_ftp] > > > > > ip_tables 13664 17 [ipt_IMQ ipt_REDIRECT ipt_ttl ipt_state > ipt_REJECT > > > > > ipt_connlimit ipt_LOG ipt_limit iptable_filter ipt_mac ipt_helper ipt_multiport > > > ipt_MARK > > > > > iptable_mangle iptable_nat] > > > > > ip_conntrack_ftp 3872 1 > > > > > ip_conntrack 28544 1 [ipt_REDIRECT ipt_state ipt_connlimit > ipt_helper > > > > > ip_nat_ftp iptable_nat ip_conntrack_ftp] > > > > > rtc 6012 0 (autoclean) > > > > > [...] > > > > > > > > > > > > > > > > > > > > Regards, > > > > > -- > > > > > Michal Kustosik > > > > > > > > > > _______________________________________________ > > > > > LARTC mailing list > > > > > LARTC@mailman.ds9a.nl > > > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > > > > > > > > _______________________________________________ > > > > LARTC mailing list > > > > LARTC@mailman.ds9a.nl > > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > _______________________________________________ > > > LARTC mailing list > > > LARTC@mailman.ds9a.nl > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > > _______________________________________________ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > -- > Michal Kustosik > Administrator Sieci Damis VeB > http://www.veb.damis.pl/ > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >
On Fri, Nov 25, 2005 at 01:42:30PM +0100, Andreas Unterkircher wrote:> No - if the interface doesn''t support the necessary socketoptions (I guess > something like SO_ATTACH_FILTER) it won''t work. >thank you for explain... compiling kernel with "Socket Filtering" in "Networking options" should be enough to see packets by tcpdump on imq interface? -- Michal> Michal Kustosik (kustosz@veb.pl) schrieb: > > > > On Fri, Nov 25, 2005 at 12:54:03PM +0100, Andreas Unterkircher wrote: > > > yes, this is needed to get the traffic on the IMQ devices. > > > But after this you can''t match anything on the IMQ devices. > > > > > but "tcpdump -n -i imq0" shoud present any packets going > > through the imq0 interface, yes? In my event the tcpdump > > show nothing. > > > > -- > > Michal Kustosik > > > > > > > > > > > Michal Kustosik (kustosz@veb.pl) schrieb: > > > > > > > > On Fri, Nov 25, 2005 at 12:26:20PM +0100, Andreas Unterkircher wrote: > > > > > As far as I know it''s simply not possible. Also you can''t use iptables on a > > > > > imq device. > > > > > > > > > I read on http://www.linuximq.net/usage.html that it is nessesary to > > > > use iptables to specify which packets should go through the imq device: > > > > > > > > [... http://www.linuximq.net/usage.html ...] > > > > After attaching a qdisc to the device you have to specify which packets > > > > should go through the imq device. An iptables target (`IMQ'') is provided > > > > for using all the packet-selecting power of iptables. > > > > ... > > > > /usr/sbin/iptables -t mangle -A PREROUTING -i ppp0 -j IMQ --todev 0 > > > > ... > > > > [...] > > > > I have done the same. > > > > > > > > Regards, > > > > -- > > > > Michal Kustosik > > > > > > > > > > > > > Cheers, > > > > > Andreas > > > > > > > > > > Michal Kustosik (kustosz@veb.pl) schrieb: > > > > > > > > > > > > > > > > > > On my debian woody (kernel 2.4.31) the tcpdump > > > > > > doesn''t work with imq0 devices. If I try to tcpdump > > > > > > imq devices there is no packet seen: > > > > > > [...] > > > > > > rt1:~# tcpdump -n -i imq0 > > > > > > Warning: arptype 65535 not supported by libpcap - falling back to cooked socket > > > > > > tcpdump: WARNING: imq0: no IPv4 address assigned > > > > > > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > > > > > > listening on imq0, link-type LINUX_SLL (Linux cooked), capture size 68 bytes > > > > > > > > > > > > [...] > > > > > > and there is no packet seen. I have sent the packet to imq0 by: > > > > > > rt1:~# iptables -I PREROUTING -t mangle -j IMQ --todev 0 > > > > > > and there is no other entry in mangle table. There is also > > > > > > no firewall entry and no entry in nat table. > > > > > > > > > > > > The ifconfig command show, that the packet goes by imq0: > > > > > > [...] > > > > > > rt1:~# ifconfig imq0 > > > > > > imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00 > > > > > > UP RUNNING NOARP MTU:1500 Metric:1 > > > > > > RX packets:3268292 errors:0 dropped:0 overruns:0 frame:0 > > > > > > TX packets:3248999 errors:0 dropped:0 overruns:0 carrier:0 > > > > > > collisions:0 txqueuelen:30 > > > > > > RX bytes:1987844908 (1.8 GiB) TX bytes:1981674079 (1.8 GiB) > > > > > > [...] > > > > > > > > > > > > Everything but iptables is installing from packages deb. > > > > > > I tried to complile TCPDUMP 3.9.4 from http://www.tcpdump.org/ > > > > > > but it is the same reason. > > > > > > > > > > > > I have other router, with similar configuration (vlan, imq, htb, the > > > > > > same kernel version 2.4.31, the same distribution debian woody) > > > > > > and there is no problem with debuging interfaces by tcpdump command. > > > > > > > > > > > > Have anybody solved the same problem? > > > > > > > > > > > > > > > > > > Below some information about the strange router: > > > > > > kernel - 2.4.31 with patch-o-matic-ng, imq-nat.diff, > > > > > > linux-2.4.28-imq2.diff, > > > > > > iptables - v1.3.3 with iptables-1.3.0-imq1.diff > > > > > > vlan - iANS-3.4.3a, e100-3.4.14 > > > > > > lsmod: > > > > > > [...] > > > > > > Module Size Used by Tainted: P > > > > > > imq 1752 1 > > > > > > ipt_IMQ 800 0 > > > > > > ipt_REDIRECT 960 0 (autoclean) > > > > > > cls_fw 2368 0 (autoclean) > > > > > > cls_u32 4548 0 (autoclean) > > > > > > sch_sfq 3456 0 (autoclean) > > > > > > sch_htb 19040 0 (autoclean) > > > > > > ipt_ttl 640 0 (autoclean) > > > > > > ipt_state 608 0 (autoclean) > > > > > > ipt_REJECT 3072 0 (autoclean) > > > > > > ipt_connlimit 1504 0 (autoclean) > > > > > > ipt_LOG 3648 0 (autoclean) > > > > > > ipt_limit 960 0 (autoclean) > > > > > > iptable_filter 1728 0 (autoclean) > > > > > > ipt_mac 672 15 (autoclean) > > > > > > ipt_helper 992 22 (autoclean) > > > > > > ipt_multiport 640 132 (autoclean) > > > > > > ipt_MARK 800 255 (autoclean) > > > > > > iptable_mangle 2208 1 (autoclean) > > > > > > ians 113220 3 (autoclean) > > > > > > reiserfs 167392 1 (autoclean) > > > > > > e100 36292 4 > > > > > > ip_nat_ftp 2848 0 (unused) > > > > > > iptable_nat 22420 2 [ipt_REDIRECT ip_nat_ftp] > > > > > > ip_tables 13664 17 [ipt_IMQ ipt_REDIRECT ipt_ttl ipt_state > > ipt_REJECT > > > > > > ipt_connlimit ipt_LOG ipt_limit iptable_filter ipt_mac ipt_helper ipt_multiport > > > > ipt_MARK > > > > > > iptable_mangle iptable_nat] > > > > > > ip_conntrack_ftp 3872 1 > > > > > > ip_conntrack 28544 1 [ipt_REDIRECT ipt_state ipt_connlimit > > ipt_helper > > > > > > ip_nat_ftp iptable_nat ip_conntrack_ftp] > > > > > > rtc 6012 0 (autoclean) > > > > > > [...] > > > > > > > > > > > > > > > > > > > > > > > > Regards, > > > > > > -- > > > > > > Michal Kustosik > > > > > > > > > > > > _______________________________________________ > > > > > > LARTC mailing list > > > > > > LARTC@mailman.ds9a.nl > > > > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > > > > > > > > > > > _______________________________________________ > > > > > LARTC mailing list > > > > > LARTC@mailman.ds9a.nl > > > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > > > _______________________________________________ > > > > LARTC mailing list > > > > LARTC@mailman.ds9a.nl > > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > > > > > _______________________________________________ > > > LARTC mailing list > > > LARTC@mailman.ds9a.nl > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > -- > > Michal Kustosik > > Administrator Sieci Damis VeB > > http://www.veb.damis.pl/ > > > > _______________________________________________ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Andreas Unterkircher
2005-Nov-25 13:32 UTC
Re: [LARTC] tcpdump not working with imq0 devices
I would say this is something within IMQ itself. Michal Kustosik (kustosz@veb.pl) schrieb:> > On Fri, Nov 25, 2005 at 01:42:30PM +0100, Andreas Unterkircher wrote: > > No - if the interface doesn''t support the necessary socketoptions (I guess > > something like SO_ATTACH_FILTER) it won''t work. > > > thank you for explain... > compiling kernel with "Socket Filtering" in "Networking options" > should be enough to see packets by tcpdump on imq interface? > > -- > Michal > > > > > Michal Kustosik (kustosz@veb.pl) schrieb: > > > > > > On Fri, Nov 25, 2005 at 12:54:03PM +0100, Andreas Unterkircher wrote: > > > > yes, this is needed to get the traffic on the IMQ devices. > > > > But after this you can''t match anything on the IMQ devices. > > > > > > > but "tcpdump -n -i imq0" shoud present any packets going > > > through the imq0 interface, yes? In my event the tcpdump > > > show nothing. > > > > > > -- > > > Michal Kustosik > > > > > > > > > > > > > > > > Michal Kustosik (kustosz@veb.pl) schrieb: > > > > > > > > > > On Fri, Nov 25, 2005 at 12:26:20PM +0100, Andreas Unterkircher wrote: > > > > > > As far as I know it''s simply not possible. Also you can''t use iptables on a > > > > > > imq device. > > > > > > > > > > > I read on http://www.linuximq.net/usage.html that it is nessesary to > > > > > use iptables to specify which packets should go through the imq device: > > > > > > > > > > [... http://www.linuximq.net/usage.html ...] > > > > > After attaching a qdisc to the device you have to specify which packets > > > > > should go through the imq device. An iptables target (`IMQ'') is provided > > > > > for using all the packet-selecting power of iptables. > > > > > ... > > > > > /usr/sbin/iptables -t mangle -A PREROUTING -i ppp0 -j IMQ --todev 0 > > > > > ... > > > > > [...] > > > > > I have done the same. > > > > > > > > > > Regards, > > > > > -- > > > > > Michal Kustosik > > > > > > > > > > > > > > > > Cheers, > > > > > > Andreas > > > > > > > > > > > > Michal Kustosik (kustosz@veb.pl) schrieb: > > > > > > > > > > > > > > > > > > > > > On my debian woody (kernel 2.4.31) the tcpdump > > > > > > > doesn''t work with imq0 devices. If I try to tcpdump > > > > > > > imq devices there is no packet seen: > > > > > > > [...] > > > > > > > rt1:~# tcpdump -n -i imq0 > > > > > > > Warning: arptype 65535 not supported by libpcap - falling back to cooked > socket > > > > > > > tcpdump: WARNING: imq0: no IPv4 address assigned > > > > > > > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > > > > > > > listening on imq0, link-type LINUX_SLL (Linux cooked), capture size 68 > bytes > > > > > > > > > > > > > > [...] > > > > > > > and there is no packet seen. I have sent the packet to imq0 by: > > > > > > > rt1:~# iptables -I PREROUTING -t mangle -j IMQ --todev 0 > > > > > > > and there is no other entry in mangle table. There is also > > > > > > > no firewall entry and no entry in nat table. > > > > > > > > > > > > > > The ifconfig command show, that the packet goes by imq0: > > > > > > > [...] > > > > > > > rt1:~# ifconfig imq0 > > > > > > > imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00 > > > > > > > UP RUNNING NOARP MTU:1500 Metric:1 > > > > > > > RX packets:3268292 errors:0 dropped:0 overruns:0 frame:0 > > > > > > > TX packets:3248999 errors:0 dropped:0 overruns:0 carrier:0 > > > > > > > collisions:0 txqueuelen:30 > > > > > > > RX bytes:1987844908 (1.8 GiB) TX bytes:1981674079 (1.8 GiB) > > > > > > > [...] > > > > > > > > > > > > > > Everything but iptables is installing from packages deb. > > > > > > > I tried to complile TCPDUMP 3.9.4 from http://www.tcpdump.org/ > > > > > > > but it is the same reason. > > > > > > > > > > > > > > I have other router, with similar configuration (vlan, imq, htb, the > > > > > > > same kernel version 2.4.31, the same distribution debian woody) > > > > > > > and there is no problem with debuging interfaces by tcpdump command. > > > > > > > > > > > > > > Have anybody solved the same problem? > > > > > > > > > > > > > > > > > > > > > Below some information about the strange router: > > > > > > > kernel - 2.4.31 with patch-o-matic-ng, imq-nat.diff, > > > > > > > linux-2.4.28-imq2.diff, > > > > > > > iptables - v1.3.3 with iptables-1.3.0-imq1.diff > > > > > > > vlan - iANS-3.4.3a, e100-3.4.14 > > > > > > > lsmod: > > > > > > > [...] > > > > > > > Module Size Used by Tainted: P > > > > > > > imq 1752 1 > > > > > > > ipt_IMQ 800 0 > > > > > > > ipt_REDIRECT 960 0 (autoclean) > > > > > > > cls_fw 2368 0 (autoclean) > > > > > > > cls_u32 4548 0 (autoclean) > > > > > > > sch_sfq 3456 0 (autoclean) > > > > > > > sch_htb 19040 0 (autoclean) > > > > > > > ipt_ttl 640 0 (autoclean) > > > > > > > ipt_state 608 0 (autoclean) > > > > > > > ipt_REJECT 3072 0 (autoclean) > > > > > > > ipt_connlimit 1504 0 (autoclean) > > > > > > > ipt_LOG 3648 0 (autoclean) > > > > > > > ipt_limit 960 0 (autoclean) > > > > > > > iptable_filter 1728 0 (autoclean) > > > > > > > ipt_mac 672 15 (autoclean) > > > > > > > ipt_helper 992 22 (autoclean) > > > > > > > ipt_multiport 640 132 (autoclean) > > > > > > > ipt_MARK 800 255 (autoclean) > > > > > > > iptable_mangle 2208 1 (autoclean) > > > > > > > ians 113220 3 (autoclean) > > > > > > > reiserfs 167392 1 (autoclean) > > > > > > > e100 36292 4 > > > > > > > ip_nat_ftp 2848 0 (unused) > > > > > > > iptable_nat 22420 2 [ipt_REDIRECT ip_nat_ftp] > > > > > > > ip_tables 13664 17 [ipt_IMQ ipt_REDIRECT ipt_ttl ipt_state > > > ipt_REJECT > > > > > > > ipt_connlimit ipt_LOG ipt_limit iptable_filter ipt_mac ipt_helper > ipt_multiport > > > > > ipt_MARK > > > > > > > iptable_mangle iptable_nat] > > > > > > > ip_conntrack_ftp 3872 1 > > > > > > > ip_conntrack 28544 1 [ipt_REDIRECT ipt_state ipt_connlimit > > > ipt_helper > > > > > > > ip_nat_ftp iptable_nat ip_conntrack_ftp] > > > > > > > rtc 6012 0 (autoclean) > > > > > > > [...] > > > > > > > > > > > > > > > > > > > > > > > > > > > > Regards, > > > > > > > -- > > > > > > > Michal Kustosik > > > > > > > > > > > > > > _______________________________________________ > > > > > > > LARTC mailing list > > > > > > > LARTC@mailman.ds9a.nl > > > > > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > LARTC mailing list > > > > > > LARTC@mailman.ds9a.nl > > > > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > > > > > _______________________________________________ > > > > > LARTC mailing list > > > > > LARTC@mailman.ds9a.nl > > > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > > > > > > > > _______________________________________________ > > > > LARTC mailing list > > > > LARTC@mailman.ds9a.nl > > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > -- > > > Michal Kustosik > > > Administrator Sieci Damis VeB > > > http://www.veb.damis.pl/ > > > > > > _______________________________________________ > > > LARTC mailing list > > > LARTC@mailman.ds9a.nl > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > > _______________________________________________ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >