Bug 498981
| Summary: | tcpdump cannot deal with 802.1q vlan tag | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Kirby Zhou <kirbyzhou> | ||||||
| Component: | tcpdump | Assignee: | Miroslav Lichvar <mlichvar> | ||||||
| Status: | CLOSED CANTFIX | QA Contact: | BaseOS QE <qe-baseos-auto> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | 5.3 | CC: | benlu | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | |||||||||
| : | 499681 (view as bug list) | Environment: | |||||||
| Last Closed: | 2010-04-14 12:07:10 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | 499681 | ||||||||
| Bug Blocks: | |||||||||
| Attachments: |
|
||||||||
Do the ifcfg files have VLAN=yes? Can you please post content of /proc/net/vlan/config? [@4.55 ~]# cat /proc/net/vlan/config VLAN Dev name | VLAN ID Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD eth1.470 | 470 | eth1 eth1.478 | 478 | eth1 [@4.55 ~]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=4.55 GATEWAY=219.234.81.254 VLAN=yes Ok, looks like this is caused by VLAN acceleration. In libpcap it's supported since version 1.0.0, but it needs to be supported also in kernel. http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git;a=commitdiff;h=393e52e33c6c26ec7db290dab803bac1bed962d4 Created attachment 355016 [details]
reconstruct vlan headers
This is a backport of patches by Patrick McHardy from libpcap git. It requires tp_vlan_tci in kernel's tpacket_auxdata struct.
Please note that the vlan headers are reconstructed after kernel filtering. To filter packets from a vlan unfiltered output has to be passed to another tcpdump:
tcpdump -Uw - | tcpdump -en -r - vlan 200
Created attachment 355983 [details]
reconstruct vlan headers
added missing pcap-vlan.h
As the kernel bug #499681 can't be implemented without breaking compatibility, there is no point in including the libpcap patch. Closing as CANTFIX. |
Description of problem: Tcpdump cannot deal with vlan id. When eth1 being configured with 802.1Q vlan tag, tcpdump cannot capture the vlan id. Version-Release number of selected component (if applicable): [@4.55 ~]# rpm -q tcpdump vconfig kernel rpm -q tcpdump vconfig kernel tcpdump-3.9.4-14.el5 vconfig-1.9-2.1 kernel-2.6.18-128.1.6.el5 [@4.55 ~]# modinfo 8021q filename: /lib/modules/2.6.18-128.1.6.el5/kernel/net/8021q/8021q.ko version: 1.8 license: GPL srcversion: 5CA662C35E46AE4E2DDA98C depends: vermagic: 2.6.18-128.1.6.el5 SMP mod_unload gcc-4.1 module_sig: 883f35049c98f9369db9f7335d33d112967809d101eb893e52fb3257c1e82456b5dfab7b509ee809cb15f81aa6cb9ce75de78f81fa171e1b7f6361d How reproducible: 100% Steps to Reproduce: 1. onfigure eth1 with vlan as below: [@4.55 ~]# head /etc/sysconfig/network-scripts/ifcfg-eth1.* ==> /etc/sysconfig/network-scripts/ifcfg-eth1.470 <== # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet DEVICE=eth1.470 HWADDR=00:1E:0B:C7:0B:E2 ONBOOT=yes IPADDR=219.234.81.36 NETMASK=255.255.255.0 ==> /etc/sysconfig/network-scripts/ifcfg-eth1.478 <== # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet DEVICE=eth1.478 HWADDR=00:1E:0B:C7:0B:E2 ONBOOT=yes IPADDR=118.228.148.22 NETMASK=255.255.255.0 [@4.55 ~]# head -n100 /etc/sysconfig/network-scripts/ifcfg-eth1.* ==> /etc/sysconfig/network-scripts/ifcfg-eth1.470 <== # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet DEVICE=eth1.470 HWADDR=00:1E:0B:C7:0B:E2 ONBOOT=yes IPADDR=yy.yy.yy.yy NETMASK=255.255.255.0 ==> /etc/sysconfig/network-scripts/ifcfg-eth1.478 <== # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet DEVICE=eth1.478 HWADDR=00:1E:0B:C7:0B:E2 ONBOOT=yes IPADDR=xx.xx.xx.xx NETMASK=255.255.255.0 # the default route is via eth1.470 2. run ping in the background ping www.redhat.com &> /dev/null & 3. use tcpdump to capture package tcpdump -i eth1 -e -n icmp tcpdump -i eth1.470 -e -n icmp tcpdump -i eth1 -e -n vlan 470 Actual results: tcpdump -i eth1 -e -n icmp only icmp-echorequest only without vlan id was captured. 23:55:02.587351 00:1e:0b:c7:0b:e2 > 00:00:5e:00:01:51, ethertype IPv4 (0x0800), length 98: xx.xx.xx.xx > 210.192.112.112: ICMP echo request, id 57909, seq 194, length 64 tcpdump -i eth1.470 -e -n icmp both icmp-echorequest and icmp-echoreply without vlan id were captured. 00:02:25.994875 00:1e:0b:c7:0b:e2 > 00:00:5e:00:01:51, ethertype IPv4 (0x0800), length 98: xx.xx.xx.xx > 220.181.6.19: ICMP echo request, id 35651, seq 9862, length 64 00:02:25.996434 00:0f:e2:7e:d0:7c > 00:1e:0b:c7:0b:e2, ethertype IPv4 (0x0800), length 98: 220.181.6.19 > xx.xx.xx.xx: ICMP echo reply, id 35651, seq 9862, length 64 tcpdump -i eth1 -e -n vlan 470 nothing. tcpdump -i eth1 -e -n vlan 478 nothing. Expected results: tcpdump -i eth1 -e -n icmp both icmp-echorequest and icmp-echoreply with vlan id should be captured. OR: neither icmp-echorequest nor icmp-echoreply should be captured. tcpdump -i eth1.470 -e -n icmp both icmp-echorequest and icmp-echoreply without vlan id should be captured. tcpdump -i eth1 -e -n vlan 470 both icmp-echorequest and icmp-echoreply with vlan id should be captured. tcpdump -i eth1 -e -n vlan 478 nothing. Additional info: [@4.55 ~]# cat /etc/modprobe.conf alias eth0 tg3 alias eth1 tg3 [@4.55 ~]# lspci | fgrep Eth 03:01.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5704 Gigabit Ethernet (rev 10) 03:01.1 Ethernet controller: Broadcom Corporation NetXtreme BCM5704 Gigabit Ethernet (rev 10)