Re: Linux, tcpdump and vlan

[Florian Lohoff]

On Wed, Jul 18, 2007 at 12:34:33PM -0700, andrei radulescu-banu wrote:
> 
> Dear kernel networking gurus, 
> 
> I am trying to understand why tcpdump does not work properly for vlan packets on linux. Here is the existing behavior, observed with:
>   - kernel 2.6.16,   
> - e1000 driver  
> - libpcap 0.9.6  
> - tcpdump 3.9.6 
>   
> 
> The e1000 driver has two modes when handling vlan frames:  
> (A) Default mode, when   
> - on rx, the mac includes vlan headers   
> - on tx, the mac expects tx frames to include vlan headers.   
> (B) Vlan hw accelerated mode, when:  
> - on rx, the mac does not include vlan headers, and instead passes vlan tag information in the status field of the ring buffer
>   - on tx, the mac expects no vlan headers, and instead expects vlan tag information to be passed in the status field of the ring buffer

I have seen similar behaviour. Once the kernel is compiled with VLAN
support the e1000 driver drops the vlan tag completely even when no
vlans are configured on that port. I would consider this beeing a bug
that enableing a kernel option changes behaviour even if the feature is
not in use.

As i was tracing dot1qinq i could actually see that only the outer
vlan tag was beeing dropped.

Flo
-- 
Florian Lohoff                  flo@xxxxxxxxxx             +49-171-2280134
	Those who would give up a little freedom to get a little 
          security shall soon have neither - Benjamin Franklin

Attachment: signature.asc
Description: Digital signature