Problem receiving UDP broadcast packets.

Grant Edwards invalid at invalid.invalid
Wed Apr 20 10:30:13 EDT 2011 

On 2011-04-20, Heiko Wundram <modelnine at modelnine.org> wrote:
> Am 20.04.2011 01:54, schrieb Grant Edwards:
>> I guess the problem is that I expected to receive a packet on an
>> interface anytime a packet was received with a destination IP address
>> that matched that of the the interface.  Apprently there's some
>> filtering in the network stack based on the _source_ address as well
>> (that seems very counter-intuitive to me).
>
> Just to pitch in here (because nobody's mentioned it yet AFAICT): yes,
> there's a filtering done (at least under Linux, and I'd guess something
> similar on xBSD too) to packets based on the source address coming in on
> an interface, and it's called the reverse path filter and is on by
> default (the tunable on Linux is /proc/sys/net/ipv4/conf/*/rp_filter).

Brilliant!  While I had determined that such filtering took place, I'd
been unable to figure out if it was configurable.

> The idea behind the reverse path filter is that your machine won't
> accept packets coming in over an interface when a return packet (i.e.,
> the presumed response) won't be routed over the same interface, and from
> what I gather, this is what makes the TCP/IP stack drop the packets
> because your machine will not route packets to 192.168.x.x over the same
> interface it sees the packet coming in. This is a _security_ feature,
> because it makes address spoofing harder.

And it's an eminently sensible feature.

> If you need to see the packets regardless, either use a promiscuous mode
> sniffer (i.e., tcpdump, but that's relatively easy to mirror in Python
> using SOCK_RAW, capturing packets at the ethernet level), or add a route
> on your system for the 192.168.x.x network on the same interface.

I've thought about the SOCK_RAW option, but the CPU load of looking
all received Ethernet packets in user-space would be a big down-side.

Adding the route isn't an option since 1) the device doesn't know what
route to add, and 2) adding such a route could  break the normal
networking operation.

-- 
Grant Edwards               grant.b.edwards        Yow! My haircut is totally
                                  at               traditional!
                              gmail.com

More information about the Python-list mailing list