tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: vlan tagged packets and libpcap breakage

From: Ani Sinha <ani () aristanetworks com>
Date: Wed, 31 Oct 2012 15:35:27 -0700
On Wed, Oct 31, 2012 at 3:20 PM, Guy Harris <guy () alum mit edu> wrote:


On Oct 31, 2012, at 2:50 PM, Ani Sinha <ani () aristanetworks com> wrote:


pcap files that already have the tags reinsrted should work with
current filter code. However for live traffic, one has to get the tags
from CMSG() and then reinsert it back to the packet for the current
filter to work.


*Somebody* has to do that, at least to packets that pass the filter,



yes but if the packet is passed to the filter within libpcap (when we
are not using the kernel filter) before the reinsertion, then the
filter has to be taught to look into the metadata for tag information
and not in the packet itself.

before they're handed to a libpcap-based application, for programs
that expect to see packets as they arrived from/were transmitted to
the wire to work.


I.e., the tags *should* be reinserted by libpcap, and, as I understand it, that's what the

        #if defined(HAVE_PACKET_AUXDATA) && defined(HAVE_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI)
                ...
        #endif

blocks of code in pcap-linux.c in libpcap are doing.


yes, I agree.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: