Re: vlan [xx] filter not filtering any packets

[Guy Harris <guy () alum mit edu>]

On Jun 11, 2009, at 1:12 AM, Nikola Ciprich wrote:

> thanks for your replies. OK, I see. I'm pretty ignorant in this area,
> so please forgive my maybe dumb questions. So couldn't the solution
> be in disabling hw VLAN headers stripping and letting the kernel do
> the job for the time of dumping?

If there's a way for libpcap to disable VLAN header stripping, that  
might work.

Or if

	1) there's a way for libpcap to detect whether VLAN header stripping  
is being done

and

        2) VLAN header stripping, if being done, is done on *ALL* packets

libpcap might be able to change the filter code before handing it to  
the kernel (although it'd have to have all "is this a vlan packet"  
checks return "false", as there won't be VLAN headers unless you have  
multiple VLAN headers).

> TOr maybe modifying generated BPF code
> that "vlan xx" would become something like
> (vlan==xx || skb->vlan_tci == 1) in kernel BPF?

That's what

> > Perhaps I'm missing something, but, at least in the 2.6.29 kernel, I
> > don't see any way that the kernel's BPF interpreter  
> > (sk_run_filter() in
> > net/core/filter.c) can get at skb->vlan_tci,

was meant to indicate was impossible - I can't see a way to test skb- 
>vlan_tci in the kernel BPF interpreter.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.