Re: Logging MAC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On May 22, 2004 08:33 am, Antony Stone wrote:
> On Saturday 22 May 2004 1:09 pm, Alistair Tonner wrote:
> > On May 22, 2004 05:06 am, Antony Stone wrote:
> > > Surely there will *always* be two MAC addresses involved in a
> > > communication - that's how two machines find each other across the
> > > local subnet (ie: via a switch / hub / access point etc)?
> >
> > 	*Thwack*'s self in head.  Of course, so long as "Ethernet" is involved.
>
> Or some similar broadcast-based medium such as 802.11 (which isn't
> ethernet, but behaves like it for a lot of things, including MAC
> addresses).
>
> The general rule is: you need MAC addresses for broadcast-connected
> networks (where each device can see every other locally-connected device) -
> the MAC address is needed to tell one device from another.
>
> You don't need MAC addresses for point-to-point (one-to-one) connected
> networks, because you know there's only one device on the other end of each
> of your own interfaces, therefore you don't need to specify where they're
> going.
>
> > 	in ipt_LOG.c MAC address logging is ONLY done in INPUT.  So ..if the
> > 	packet is NOT destined for the machine, you wont see MAC.
>
> Aha :)   [ * Light bulb * ]
>
> The answer to the original poster's question.
>
> I guess (without having looked at the source) that it should be a simple
> enough hack to get ipt_LOG.c to log MAC addresses for all chains.
>
	should be ridiculously simple -- the limiter is a wrapping if statement

	if ( in && !out) {

	(logging of MAC code)
	}

	I suspect that the clever hacker will want to re-wrap that if statement such 
that it only logs it if there IS a MAC address present.  Not being a maven 
with such, I'm NOT gonna make any suggestions as to how.

	Alistair

> Regards,
>
> Antony.


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux