Re: vlan [xx] filter not filtering any packets

[Nikola Ciprich <extmaillist () linuxbox cz>]

Hi Guy,
thanks for your replies. OK, I see. I'm pretty ignorant in this area,
so please forgive my maybe dumb questions. So couldn't the solution
be in disabling hw VLAN headers stripping and letting the kernel do 
the job for the time of dumping? The same way as it works for example
when using this virtio_net driver? Or maybe modifying generated BPF code
that "vlan xx" would become something like 
(vlan==xx || skb->vlan_tci == 1) in kernel BPF? I don't know how complex
this would be though...
n.


> Perhaps I'm missing something, but, at least in the 2.6.29 kernel, I  
> don't see any way that the kernel's BPF interpreter (sk_run_filter() in 
> net/core/filter.c) can get at skb->vlan_tci, so I don't think it's  
> possible to make filtering of packets with the VLAN header stripped off 
> work the same as filtering of packets with the VLAN header intact.
>
> I would suggest that, when capturing on an interface where the VLAN tags 
> get stripped off, you use filters without "vlan" - even though, when 
> filtering the resulting capture file, you *would* use "vlan" in the 
> filters.
> -
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe.

-- 
-------------------------------------
Nikola CIPRICH
LinuxBox.cz, s.r.o.
28. rijna 168, 709 01 Ostrava

tel.:   +420 596 603 142
fax:    +420 596 621 273
mobil:  +420 777 093 799
www.linuxbox.cz

mobil servis: +420 737 238 656
email servis: servis () linuxbox cz
-------------------------------------
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.