Hi,
While playing around with packet sockets I stumbled across the following strange
thing:
Feb 26 04:41:56 Kerberos ipacctd: [Slot 4] Incoming TCP - Len: 136 Sum: 72b7 [1014694916.161277]
Feb 26 04:41:56 Kerberos ipacctd: [Slot 5] Incoming TCP - Len: 136 Sum: 72b7 [1014694916.161592]
Feb 26 04:41:56 Kerberos ipacctd: [Slot 9] Incoming TCP - Len: 120 Sum: 81b7 [1014694916.168418]
Feb 26 04:41:56 Kerberos ipacctd: [Slot 10] Incoming TCP - Len: 120 Sum: 81b7 [1014694916.168687]
Feb 26 04:41:56 Kerberos ipacctd: [Slot 12] Incoming TCP - Len: 120 Sum: 80b7 [1014694916.170024]
Feb 26 04:41:56 Kerberos ipacctd: [Slot 13] Incoming TCP - Len: 120 Sum: 80b7 [1014694916.170283]
Feb 26 04:41:56 Kerberos ipacctd: [Slot 15] Incoming TCP - Len: 120 Sum: 7fb7 [1014694916.171432]
Feb 26 04:41:56 Kerberos ipacctd: [Slot 16] Incoming TCP - Len: 120 Sum: 7fb7 [1014694916.171681]
Feb 26 04:41:56 Kerberos ipacctd: [Slot 18] Incoming TCP - Len: 120 Sum: 7eb7 [1014694916.172807]
Feb 26 04:41:56 Kerberos ipacctd: [Slot 19] Incoming TCP - Len: 120 Sum: 7eb7 [1014694916.173094]
Feb 26 04:41:56 Kerberos ipacctd: [Slot 21] Incoming TCP - Len: 120 Sum: 7db7 [1014694916.174245]
Feb 26 04:41:56 Kerberos ipacctd: [Slot 22] Incoming TCP - Len: 120 Sum: 7db7 [1014694916.174499]
Feb 26 04:41:56 Kerberos ipacctd: [Slot 24] Incoming TCP - Len: 120 Sum: 7cb7 [1014694916.176289]
Feb 26 04:41:56 Kerberos ipacctd: [Slot 25] Incoming TCP - Len: 120 Sum: 7cb7 [1014694916.176562]
Feb 26 04:41:56 Kerberos ipacctd: [Slot 30] Incoming TCP - Len: 136 Sum: 6bb7 [1014694916.182037]
Feb 26 04:41:56 Kerberos ipacctd: [Slot 31] Incoming TCP - Len: 136 Sum: 6bb7 [1014694916.182308]
^ ^ ^
| | |
Ring Slot Checksum Timestamp
The program runs under Linux-2.4.17 on machine A and looks for packets of type PACKET_OTHERHOST
coming from and going to machine B. For all incoming tcp traffic of machine B, each packet appears
in the mmapped packet ring twice. The ring slots are adjacent and the checksum is the same.
Only the timestamps differ slightly.
Can someone explain this behaviour?
-Udo.
"Udo A. Steinberg" wrote:
>
> Feb 26 04:41:56 Kerberos ipacctd: [Slot 4] Incoming TCP - Len: 136 Sum: 72b7 [1014694916.161277]
> Feb 26 04:41:56 Kerberos ipacctd: [Slot 5] Incoming TCP - Len: 136 Sum: 72b7 [1014694916.161592]
I think I've figured out what is happening. The first copy of the packet is of type 4 (outgoing)
and the second copy is of type 3 (otherhost). We are using an fddi ring here, so what seems to
happen is this:
The station running the program with a packet socket sends out a network packet to some other
host and the packet socket gets a copy of the packet with type "outgoing".
This is what I'd expect.
However, once the packet has been around the fddi ring, the originating host receives it again,
and then passes it back to the packet socket as "otherhost", which is of course not wrong,
because the destination is indeed another host, but the source host is the station itself,
and it seems quite awkward that the packet socket regards this packet as "otherhost"
and sees it twice. Shouldn't it look at the source address too?
Comments?
-Udo.