netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Bridge] RE: [VLAN] Re: [PATCH/RFC] Let {ip, arp}tables "see" bridg

from [Christian Darnell] [Permanent Link][Original]
To: "'Linux 802.1Q VLAN'" <vlan@xxxxxxxxxxx>, "'Tommy Christensen'" <tommy.christensen@xxxxxxxxx>
Subject: RE: [Bridge] RE: [VLAN] Re: [PATCH/RFC] Let {ip, arp}tables "see" bridged VLAN tagged{I,AR}P packets
From: Christian Darnell <Christian.Darnell@xxxxxxxxxxxxxxxxxx>
Date: Wed, 8 Oct 2003 15:09:21 +0200
Cc: netdev@xxxxxxxxxxx, bridge <bridge@xxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx 
>-----Original Message-----
>From: Christian Darnell [mailto:Christian.Darnell@xxxxxxxxxxxxxxxxxx]
>Sent: Wednesday, October 08, 2003 10:18 AM
>To: 'Tommy Christensen'
>Cc: netdev@xxxxxxxxxxx; 'Linux 802.1Q VLAN'; bridge
>Subject: RE: [Bridge] RE: [VLAN] Re: [PATCH/RFC] Let {ip, arp}tables
>"see" bridged VLAN tagged{I,AR}P packets
>
>
>
>-----Original Message-----
>>From: Tommy Christensen [mailto:tommy.christensen@xxxxxxxxx]
>>Sent: Wednesday, October 08, 2003 10:09 AM
>>To: Christian Darnell
>>Cc: 'Linux 802.1Q VLAN'; Bart De Schuymer; netdev@xxxxxxxxxxx; bridge
>>Subject: Re: [Bridge] RE: [VLAN] Re: [PATCH/RFC] Let {ip, arp}tables
>>"see" bridged VLAN tagged{I,AR}P packets
>>
>>
>>
>>This is because the VLAN code is mangling shared data.
>>You need to do something like this:
>>
>>
>>--- linux-2.4/net/8021q/vlan_dev.c.org        2003-02-25
15:23:09.000000000
>>+0100
>>+++ linux-2.4/net/8021q/vlan_dev.c    2003-10-07 16:01:29.000000000 +0200
>>@@ -75,7 +75,12 @@
>> static inline struct sk_buff *vlan_check_reorder_header(struct sk_buff
>>*skb)
>> {
>>      if (VLAN_DEV_INFO(skb->dev)->flags & 1) {
>>-             skb = skb_share_check(skb, GFP_ATOMIC);
>>+             if (skb_shared(skb) || skb_cloned(skb)) {
>>+                     struct sk_buff *nskb;
>>+                     nskb = skb_copy(skb, GFP_ATOMIC);
>>+                     kfree_skb(skb);
>>+                     skb = nskb;
>>+             }
>>              if (skb) {
>>                      /* Lifted from Gleb's VLAN code... */
>>                      memmove(skb->data - ETH_HLEN,
>>
>>
>>Christian, could you try this out?
>
>
>Thanks Tommy! I tried this (on kernel 2.4.22) and it works great!
>
>

Hi again, when the problem with VLAN and pcap was solved I found a bug in
pcap. The problem is that pcap_setfilter doesn't work correctly when using
vlan x. The problem is that pcap don't mask VID. This results in that for
packets with priority (802.1q) set to 0 the vlan x filter works fine, but
when the packet has a priority != 0 the vlan x fails. 

An example:
If one have a vlan with VID = 2 and sniffing using the filter "vlan 2"
packets with priority = 0 will be shown. Changing to priority = 1 the
packets wont appear, if one changes the filter to "vlan 8194" the packets
will appear.

Fixing so pcap will mask the TCI field with "& 0xfff " to get the VID should
probably fix this problem. I have try to locate where this check is
performed in the pcap code but with no success. I think
gencode.c::gen_vlan(vlan_num) has something to do with...

Is there someone who knows the pcap code and know where this check is done?
I have tried with tcpdump-workers@xxxxxxxxxxx before without any response,
is there anyone who knows how to contact the maintainers of the libpcap?


Best regards,

Christian Darnell
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bridge] RE: [VLAN] Re: [PATCH/RFC] Let {ip, arp}tables "see" bridged VLAN tagged{I,AR}P packets, David S. Miller
Next by Date:  Re: [PATCH] Fix 64bit bugs in dscc44.c, David S. Miller
Previous by Thread:  Re: [Bridge] RE: [VLAN] Re: [PATCH/RFC] Let {ip, arp}tables "see" bridged VLAN tagged{I,AR}P packets, David S. Miller
Next by Thread:  [2.6 PATCH] ipvs - avoid returning NF_DROP from the packet schedulers, Julian Anastasov
Indexes:  [Date] [Thread] [Top] [All Lists]