tcpdump mailing list archives
Re: Warning on enabling ip6 protochain 6
From: ramkumar p <ramkumar.paranandi () gmail com>
Date: Fri, 5 Aug 2011 00:42:46 -0400
Hi, Thanks good info. If we specify "ip6 tcp port 25 " does this also filter the traffic with IPv6 and extension headers like Routing, Fragment,hop and destination options etc... and tcp port 25 or it filters only ipv6 traffic without extension headers and tcp port 25 Thanks, ./Ram On Thu, Aug 4, 2011 at 7:46 PM, Guy Harris <guy () alum mit edu> wrote:
On Aug 2, 2011, at 4:42 PM, ramkumar p wrote:I am receiving warning that kernel filter failed: invalid argument whenI enable ip6 protochain 6 to filter tcp traffic. That warning means that the filter code generated for "ip6 protochain 6" was rejected by the Linux kernel socket filter code. It's only a warning; libpcap will do the filtering in user mode (without any filtering being done in the kernel, so there is a greater risk of dropped packets). The kernel is correct to reject the filter code. "ip6 protochain" requires parsing through an indefinite number of extension headers, so the BPF code has a loop. No kernel implementation of BPF I know of (*BSD, Mac OS X, Linux, WinPcap, Tru64 UNIX, etc.) allows BPF programs that loop, as, if somebody has sufficient privilege to give the kernel a filter program (and often systems are set up to allow at least some users to capture network traffic), that would give them sufficient privilege to make at least one kernel thread or process or interrupt routine loop infinitely; the intent of BPF is to allow only "safe" filters to be given to the kernel. That could, in theory, be fixed - for example, BSD/OS's BPF interpreter had an instruction that would do IPv6 extension header parsing - but the Linux kernel's BPF interpreter doesn't have any instructions to handle that, and nobody's implemented, for example, the proof-carrying code mechanism mentioned in the BPF+ paper mentioned on the Related Projects page: http://www.tcpdump.org/related.html to allow the kernel to determine whether a given looping BPF program is "safe".- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Warning on enabling ip6 protochain 6 ramkumar p (Aug 02)
- Re: Warning on enabling ip6 protochain 6 Guy Harris (Aug 04)
- Re: Warning on enabling ip6 protochain 6 ramkumar p (Aug 04)
- Re: Warning on enabling ip6 protochain 6 Guy Harris (Aug 04)
- Re: Warning on enabling ip6 protochain 6 ramkumar . paranandi (Aug 04)
- Re: Warning on enabling ip6 protochain 6 Guy Harris (Aug 04)
- Re: Warning on enabling ip6 protochain 6 ramkumar p (Aug 04)
- Re: Warning on enabling ip6 protochain 6 Guy Harris (Aug 04)
- Re: Warning on enabling ip6 protochain 6 Darren Reed (Aug 05)
- Re: Warning on enabling ip6 protochain 6 Guy Harris (Aug 06)
- Re: Warning on enabling ip6 protochain 6 Darren Reed (Aug 09)
- Re: Warning on enabling ip6 protochain 6 ramkumar . paranandi (Aug 09)
- Re: Warning on enabling ip6 protochain 6 Guy Harris (Aug 09)
- Re: Warning on enabling ip6 protochain 6 ramkumar . paranandi (Aug 09)
- Re: Warning on enabling ip6 protochain 6 Guy Harris (Aug 09)