From: Eric Dumazet <eric.dumazet@gmail.com>
To: Ronny Meeus <ronny.meeus@gmail.com>
Cc: Daniel Borkmann <dborkman@redhat.com>, netdev <netdev@vger.kernel.org>
Subject: Re: How do I receive vlan tags on an AF_PACKET socket in 3.4 kernel?
Date: Wed, 31 Jul 2013 13:47:31 -0700 [thread overview]
Message-ID: <1375303651.10515.110.camel@edumazet-glaptop> (raw)
In-Reply-To: <CAMJ=MEcZBU9e+X3w5EFv3+FfKq5K7nKpF+Qc4XWYOFq7apKprw@mail.gmail.com>
On Wed, 2013-07-31 at 22:01 +0200, Ronny Meeus wrote:
> On Wed, Jul 31, 2013 at 5:09 PM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> > On Wed, 2013-07-31 at 16:42 +0200, Daniel Borkmann wrote:
> >
> >> You can use bpfc (git://github.com/borkmann/netsniff-ng.git), it also has
> >> an extensive man page. That should probably do it:
> >>
> >> $ cat foo
> >> ld vlant
> >> jneq #4094, drop
> >> ret #-1
> >> drop: ret #0
> >>
> >> $ bpfc foo
> >> { 0x20, 0, 0, 0xfffff02c },
> >> { 0x15, 0, 1, 0x00000ffe },
> >> { 0x6, 0, 0, 0xffffffff },
> >> { 0x6, 0, 0, 0x00000000 },
> >
>
> Thanks Daniel, this is very useful information.
> I have cloned the repo and compiled the tool myself. It will be very
> useful in the future.
>
> > Thanks Daniel.
> >
> > If the load of this BPF fails (because its an old kernel), then load
> > your old filter.
> >
>
> I created a small test application after I backported the filter code
> to the 3.4 kernel.
> I instrumented the kernel with a printk at the moment the
> vlan_tx_tag_get call is done to see the actual value of the vlan tag
> since it did not work initially.
>
> These are the packets displayed by tcpdump:
>
> tcpdump: WARNING: eth-ntb: no IPv4 address assigned
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth-ntb, link-type EN10MB (Ethernet), capture size 65535 bytes
> 00:18:49.233283 06:00:00:00:00:80 > f7:00:00:00:ff:ff, ethertype
> 802.1Q (0x8100), length 64:
> 0x0000: f700 0000 ffff 0600 0000 0080 8100 affe
> 0x0010: 08ab 0014 0000 0000 0f00 0001 0096 6000
> 0x0020: 0096 0000 0001 0000 000d 0000 0000 0000
> 0x0030: 0000 0000 0000 0000 0000 0000 0000 0000
>
> So the Vlan is 0xffe and the priority/CFI field is 0xA.
> Apparently the value I need to use in the filter is 0xaffe to make it
> work. Is this normal or is this a bug in the kernel?
>
> This is the filter I used:
> { 0x20, 0, 0, 0xfffff02c }
> { 0x15, 0, 1, 0x0000affe }
> { 0x06, 0, 0, 0x00000800 }
> { 0x06, 0, 0, 0x00000000 }
>
> And this is the trace of the kernel and my application:
>
> [12529.357172] BPF_S_ANC_VLAN_TAG: affe
> packets received: 1
> [12533.020743] BPF_S_ANC_VLAN_TAG: affe
> packets received: 2
> [12536.667159] BPF_S_ANC_VLAN_TAG: affe
> packets received: 3
> [12540.343857] BPF_S_ANC_VLAN_TAG: affe
> packets received: 4
Right, vlan_tx_tag_get() gets the whole tag, so you want to mask A with
0xfff before the compare (to strip the prio)
ld vlant
and #4095
jneq #4094, drop
ret #-1
drop: ret #0
or something like that.
next prev parent reply other threads:[~2013-07-31 20:47 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-30 13:07 How do I receive vlan tags on an AF_PACKET socket in 3.4 kernel? Ronny Meeus
2013-07-30 14:09 ` Eric Dumazet
2013-07-31 12:51 ` Ronny Meeus
2013-07-31 12:54 ` Daniel Borkmann
2013-07-31 14:16 ` Eric Dumazet
2013-07-31 14:36 ` Ronny Meeus
2013-07-31 14:42 ` Daniel Borkmann
2013-07-31 15:09 ` Eric Dumazet
2013-07-31 20:01 ` Ronny Meeus
2013-07-31 20:47 ` Eric Dumazet [this message]
2013-08-01 9:24 ` Ronny Meeus
2013-08-02 8:15 ` Daniel Borkmann
2013-08-02 9:03 ` Ronny Meeus
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1375303651.10515.110.camel@edumazet-glaptop \
--to=eric.dumazet@gmail.com \
--cc=dborkman@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=ronny.meeus@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox