[Click] problem with FromHost
pradnyesh sawant
spradnyesh at gmx.net
Tue Jul 15 14:05:13 EDT 2003
thanks for showing interest in my problem
i am working on my final year engg. porject which deals with handling of DoS
attacks
the m/c on which i'm working has a single ethernet card. so in the click
router, i'm using the same interface (eth0) for both incoming and outgoing
packets
i tried disabling eth0, by using ifconfig, and replaced fake0 by eth0 in the
script provided below, but i got the foll error msg: "device eth0 already
exists"
i also tried having the client on another m/c, just as you've suggested
below, but even then click did not catch any packets.
i also wanted to ask 1 more question:
just as dns server addrs are stored in /etc/resolv.conf, in which file is
the gateway addr stored?
i would be very grateful, if you could help me out
thanks for all the help
>
> I am just taking a guess here...
> Since your client(192.168.0.150) is on the same machine as your router
> (192.168.0.150) , i believe you would have assigned these addresses to
> other interfaces of the machine as well (ethX)..
> So , on packet input, the linux kernel routes the packet according to the
> first match in the routing table... in this case, that probably means
> local delivery to the ip stack on the linux kernel, by-passing the fake
> de
> vice...
> You could test this out by using a different machine as a webbrowser
> client and put in a fake device with that client's ip address.
>
> Anyway, what exactly do you want to do ?
> Capture and analyze ddos traffic at a router or an end host?
> Regards,
> Puneet
>
> > i still haven't got the FromHost thing right.
> >
> > my first doubt is :
> > FromHost documentation says that the kernel passes all packets with
> > destination addr as ADDR/MASK to FromHost. I am running a webbrowser
> clie
> nt on the
> > same m/c as the router. hence i want to receive packets destined for any
> ip
> > addr and not just the fixed ADDR in click. my m/c addr is 192.168.0.150
> w
> hile my
> > gateway addr is 192.168.0.1.
> > the script i tried out was:
> >
> > FromHost(fake0,192.168.0.150/8)->cl::Classifier(12/0806,12/0800);
> > cl[0]->ARPResponder(0.0.0.0/0, 1:1:1:1:1:1)->c1::Counter->ToHost;
> > cl[1]->c2::Counter->Discard;
> >
> > i even tried putting 192.168.0.1/8 in FromHost, but to no avail.
> >
> > i can get a tcpdump output when click is not installed.
> > when the above config for click is installed, i can still surf sites,
> whi
> ch
> > shouldn't have been possible since i'm discarding all packets. also the
> c
> ount
> > handlers of both counters remain to zero.
> >
> > i feel lost and would be very grateful if anyone of you could help me
> out
> .
> > thank you for your help
> >
> > --
> > +++ GMX - Mail, Messaging & more http://www.gmx.net +++
> >
> > Jetzt ein- oder umsteigen und USB-Speicheruhr als Prämie sichern!
> >
> > _______________________________________________
> > click mailing list
> > click at amsterdam.lcs.mit.edu
> > https://amsterdam.lcs.mit.edu/mailman/listinfo/click
> >
>
--
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
Jetzt ein- oder umsteigen und USB-Speicheruhr als Prämie sichern!
More information about the click
mailing list