tcpdump mailing list archives

Re: vlan [xx] filter not filtering any packets

From: Nikola Ciprich <extmaillist () linuxbox cz>
Date: Wed, 10 Jun 2009 06:30:22 +0200

Hi Michael,
saving the traffic to file first and trying the filter while loading the
dump works. Same case when trying vlan filtering in virtual hosts using
virtio interface, so the problem must be related to vlan acceleration somehow.
But I though that for 2.6.29 vlan acceleration should be disabled while switching to
promisc mode, do You have any ideas?
thanks
nik


On Mon, Jun 08, 2009 at 12:08:09PM -0400, Michael Richardson wrote:

"Nikola" == Nikola Ciprich <extmaillist () linuxbox cz> writes:

    Nikola> Hello,

    Nikola> I've spent some time playing with tcpdump and pcap with
    Nikola> regard to vlans. Using libpcap 1.0.0 + tcpdump 4.0.0, I can
    Nikola> able to correctly dump packets including (reconstructed)
    Nikola> vlan headers. But it seems that using the vlan filter
    Nikola> keyword does not work.

    Nikola> example: $ tcpdump -e -i eth1 13:10:05.592027
    Nikola> 00:30:48:92:f6:73 (oui Unknown) > 00:30:48:64:40:9d (oui
    Nikola> Unknown), ethertype 802.1Q (0x8100), length 102: vlan 10, p
    Nikola> 0, ethertype IPv4, 10.0.10.1 > 10.0.10.2: ICMP echo request,
    Nikola> id 27941, seq 12466, length 64

    Nikola> which is OK. But

  Can you capture the data to a .pcap file, and reproduce it with -r?
  If so, then a test case could be added.

  I suspect that the vlan filter may not work if there is further SNAP
headers, but that's just top of my head idea..

-- 
]     Y'avait une poule de jammé dans l'muffler!!!!!!!!!        |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[
]    h("Just another Debian GNU/Linux using, kernel hacking,    ruby  guy");  [

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


-- 
-------------------------------------
Nikola CIPRICH
LinuxBox.cz, s.r.o.
28. rijna 168, 709 01 Ostrava

tel.:   +420 596 603 142
fax:    +420 596 621 273
mobil:  +420 777 093 799

www.linuxbox.cz

mobil servis: +420 737 238 656
email servis: servis () linuxbox cz
-------------------------------------
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

vlan [xx] filter not filtering any packets Nikola Ciprich (Jun 08)
- Re: vlan [xx] filter not filtering any packets sthaug (Jun 08)
- Re: vlan [xx] filter not filtering any packets Nikola Ciprich (Jun 08)
- Re: vlan [xx] filter not filtering any packets Michael Richardson (Jun 08)
  - Re: vlan [xx] filter not filtering any packets Nikola Ciprich (Jun 09)
- Re: vlan [xx] filter not filtering any packets Guy Harris (Jun 10)
  - Re: vlan [xx] filter not filtering any packets Guy Harris (Jun 10)
    - Re: vlan [xx] filter not filtering any packets Nikola Ciprich (Jun 11)
    - Re: vlan [xx] filter not filtering any packets Guy Harris (Jun 11)