Urgent. Thanks for the BPF packet interception problem.
Source: Internet
Author: User
Urgent. For the BPF packet interception problem, thank you-Linux general technology-Linux programming and kernel information. The following is a detailed description. Debug nat-pt on fedora. BPF is used to intercept data packets, and BPF intercept data packets to the system protocol stack. For example,
The following is an ethereal packet capture. For an ICMPv6 Echo request, Echo reply is expected, aaaa: bbbb: cccc: dddd: eeee: ffff: c0a8: d4 is the address corresponding to V4 host in the V6 domain. It is a non-existent virtual address. After nat-pt intercepts this packet, it will return Echo reply after processing, but at the same time, the protocol stack of the machine where nat-pt is located receives Echo reply because
Aaaa: bbbb: cccc: dddd: eeee: ffff: c0a8: d4 is not a routable address in the V6 domain. Therefore, an ICMPv6 Unreachable (Route unreachable) is returned at the same time ), this Unreachable (Route unreachable) is an unexpected packet.
Aaaa: bbbb: cccc: dddd: eeee: ffff: c0a8: d4 2001: 250: f007: 15: 600 ICMPv6 Echo request
// Explanation: the V4 host is pinged to the V6 host and sent to the V6 host after nat-pt processing. The IP address is 2001: 250: f007: 15: 600 (V6 host address)
2001: 250: f007: 15: 600 aaaa: bbbb: cccc: dddd: eeee: ffff: c0a8: d4 ICMPv6 Echo reply
// Explanation: the V6 host sends reachable data packets to the nat-pt to notify the V4 host to ping V6 (2001: 250: f007: 15: 600 ).
2001: 250: f007: 15: 800 2001: 250: f007: 15: 600 ICMPv6 Unreachable (Route unreachable)
// Explanation: At the same time, the machine where the nat-pt is located (2001: 250: f007: 15: 800) obtains the ICMPv6 Echo reply message from the system protocol stack, returns an Unreachable (Route unreachable) to the V6 host)
Now the problem is: I am running the same program on red hat, but this problem does not occur, but I am running on fedora. Thank you very much for your advice!
Is it true that intercepting data packets can solve this problem without being handed over to the system's protocol stack? How can we prevent the protocol stack from handling intercepted data packets?
Why is there no such problem when the same program runs on red hat 9? Is it because the BPF mechanism has different timing for capturing data packets on fedora and red hat?
Thank you!
You can also give E-mail and QQ instructions,
E-mail: calf9007@163.com
QQ: 43885970
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
