Wednesday Oct 28, 2009

Berkeley Packet Filter and pf_packet in Solaris

Darren Reed recently delivered Berkeley Packet Filter and PF_PACKET into Solaris Nevada:

BPF is now as a supported option for the Solaris kernel. Support has been implemented for capturing packets at the link layer as well as at the IP layer. By using the IPNET device from Clearview Observability, BPF can be used to sniff packets local to the host (loopback & between zones) as well as those from "the wire" through interfaces supplied by Crossbow. In subsequent builds you can look forward to the libpcap shipped with Solaris being switched over from DLPI to BPF and updates to wireshark and tcpdump to support IPNET for loopback packet capture.

In addition to BPF, an implementation of PF_PACKET has now been added to Solaris. This provides both another mechanism to sniff packets from the network, with in-kernel filtering supported by BPF. Both raw and datagram PF_PACKET sockets have been included in this implementation of PF_PACKET for Solaris. Unlike BPF, PF_PACKET does not have access to loopback packets on Solaris.

Crossbow link protection attribute in Solaris Nevada

Eric Cheng recently integrated two interesting new features into Solaris Nevada, the Solaris.Next development gate:

1. Link protection -

this allows an administrator to prevent certain types of spoofed packets from being sent from a link. This is typically used in virtual environments (zones/domU) where individual domains can't be trusted to behave properly. In this phase, we deliver support for anti-spoofing of IP addresses (v4 only), mac addresses, and non-IP l2 frames.

2. flowadm remote_port attribute -

this allows flows to created with the 'remote_port' attribute. A flow is typically used for enforcing resource controls (e.g. bandwidth limit) on the type of traffic described by the flow.

More to come ...
Markus
About

MarkusFlierl-Oracle

Search

Categories
Archives
« October 2009 »
SunMonTueWedThuFriSat
    
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
29
30
31
       
Today