This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 498981 - tcpdump cannot deal with 802.1q vlan tag
tcpdump cannot deal with 802.1q vlan tag
Status: CLOSED CANTFIX
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: tcpdump (Show other bugs)
5.3
All Linux
low Severity medium
: ---
: ---
Assigned To: Miroslav Lichvar
BaseOS QE
:
Depends On: 499681
Blocks:
  Show dependency treegraph
 
Reported: 2009-05-04 13:03 EDT by Kirby Zhou
Modified: 2013-03-06 00:08 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 499681 (view as bug list)
Environment:
Last Closed: 2010-04-14 08:07:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
reconstruct vlan headers (4.86 KB, patch)
2009-07-24 09:30 EDT, Miroslav Lichvar
no flags Details | Diff
reconstruct vlan headers (7.22 KB, patch)
2009-08-03 06:18 EDT, Miroslav Lichvar
no flags Details | Diff

  None (edit)
Description Kirby Zhou 2009-05-04 13:03:54 EDT
Description of problem:

Tcpdump cannot deal with vlan id. When eth1 being configured with 802.1Q vlan tag, tcpdump cannot capture the vlan id.

Version-Release number of selected component (if applicable):
  [@4.55 ~]# rpm -q tcpdump vconfig kernel
  rpm -q tcpdump vconfig kernel
  tcpdump-3.9.4-14.el5
  vconfig-1.9-2.1
  kernel-2.6.18-128.1.6.el5
  [@4.55 ~]# modinfo 8021q
  filename:       /lib/modules/2.6.18-128.1.6.el5/kernel/net/8021q/8021q.ko
  version:        1.8
  license:        GPL
  srcversion:     5CA662C35E46AE4E2DDA98C
  depends:        
  vermagic:       2.6.18-128.1.6.el5 SMP mod_unload gcc-4.1
  module_sig:     883f35049c98f9369db9f7335d33d112967809d101eb893e52fb3257c1e82456b5dfab7b509ee809cb15f81aa6cb9ce75de78f81fa171e1b7f6361d


How reproducible:

  100%

Steps to Reproduce:
1. onfigure eth1 with vlan as below:
[@4.55 ~]# head /etc/sysconfig/network-scripts/ifcfg-eth1.*      
==> /etc/sysconfig/network-scripts/ifcfg-eth1.470 <==
# Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet
DEVICE=eth1.470
HWADDR=00:1E:0B:C7:0B:E2
ONBOOT=yes
IPADDR=219.234.81.36
NETMASK=255.255.255.0

==> /etc/sysconfig/network-scripts/ifcfg-eth1.478 <==
# Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet
DEVICE=eth1.478
HWADDR=00:1E:0B:C7:0B:E2
ONBOOT=yes
IPADDR=118.228.148.22
NETMASK=255.255.255.0
[@4.55 ~]# head -n100 /etc/sysconfig/network-scripts/ifcfg-eth1.* 
==> /etc/sysconfig/network-scripts/ifcfg-eth1.470 <==
# Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet
DEVICE=eth1.470
HWADDR=00:1E:0B:C7:0B:E2
ONBOOT=yes
IPADDR=yy.yy.yy.yy
NETMASK=255.255.255.0

==> /etc/sysconfig/network-scripts/ifcfg-eth1.478 <==
# Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet
DEVICE=eth1.478
HWADDR=00:1E:0B:C7:0B:E2
ONBOOT=yes
IPADDR=xx.xx.xx.xx
NETMASK=255.255.255.0

# the default route is via eth1.470

2. run ping in the background
ping www.redhat.com &> /dev/null &

3. use tcpdump to capture package

  tcpdump -i eth1 -e -n icmp
  tcpdump -i eth1.470 -e -n icmp
  tcpdump -i eth1 -e -n vlan 470
  
Actual results:

  tcpdump -i eth1 -e -n icmp
    only icmp-echorequest only without vlan id was captured.
    23:55:02.587351 00:1e:0b:c7:0b:e2 > 00:00:5e:00:01:51, ethertype IPv4 (0x0800), length 98: xx.xx.xx.xx > 210.192.112.112: ICMP echo request, id 57909, seq 194, length 64

  tcpdump -i eth1.470 -e -n icmp
    both icmp-echorequest and icmp-echoreply without vlan id were captured.
    00:02:25.994875 00:1e:0b:c7:0b:e2 > 00:00:5e:00:01:51, ethertype IPv4 (0x0800), length 98: xx.xx.xx.xx > 220.181.6.19: ICMP echo request, id 35651, seq 9862, length 64
    00:02:25.996434 00:0f:e2:7e:d0:7c > 00:1e:0b:c7:0b:e2, ethertype IPv4 (0x0800), length 98: 220.181.6.19 > xx.xx.xx.xx: ICMP echo reply, id 35651, seq 9862, length 64

  tcpdump -i eth1 -e -n vlan 470
    nothing.

  tcpdump -i eth1 -e -n vlan 478
    nothing.

Expected results:
  tcpdump -i eth1 -e -n icmp
    both icmp-echorequest and icmp-echoreply with vlan id should be captured.
    OR: neither icmp-echorequest nor icmp-echoreply should be captured.

  tcpdump -i eth1.470 -e -n icmp
    both icmp-echorequest and icmp-echoreply without vlan id should be captured.

  tcpdump -i eth1 -e -n vlan 470
    both icmp-echorequest and icmp-echoreply with vlan id should be captured.

  tcpdump -i eth1 -e -n vlan 478
    nothing.

Additional info:

  [@4.55 ~]# cat /etc/modprobe.conf
  alias eth0 tg3
  alias eth1 tg3

  [@4.55 ~]# lspci  | fgrep Eth
  03:01.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5704 Gigabit Ethernet (rev 10)
  03:01.1 Ethernet controller: Broadcom Corporation NetXtreme BCM5704 Gigabit Ethernet (rev 10)
Comment 1 Miroslav Lichvar 2009-05-07 08:24:09 EDT
Do the ifcfg files have VLAN=yes? Can you please post content of /proc/net/vlan/config?
Comment 2 Kirby Zhou 2009-05-07 10:22:19 EDT
[@4.55 ~]# cat /proc/net/vlan/config 
VLAN Dev name    | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
eth1.470       | 470  | eth1
eth1.478       | 478  | eth1

[@4.55 ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=4.55
GATEWAY=219.234.81.254
VLAN=yes
Comment 3 Miroslav Lichvar 2009-05-07 12:23:14 EDT
Ok, looks like this is caused by VLAN acceleration.

In libpcap it's supported since version 1.0.0, but it needs to be supported also in kernel.

http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git;a=commitdiff;h=393e52e33c6c26ec7db290dab803bac1bed962d4
Comment 4 Miroslav Lichvar 2009-07-24 09:30:20 EDT
Created attachment 355016 [details]
reconstruct vlan headers

This is a backport of patches by Patrick McHardy from libpcap git. It requires tp_vlan_tci in kernel's tpacket_auxdata struct.

Please note that the vlan headers are reconstructed after kernel filtering. To filter packets from a vlan unfiltered output has to be passed to another tcpdump:

tcpdump -Uw - | tcpdump -en -r - vlan 200
Comment 5 Miroslav Lichvar 2009-08-03 06:18:08 EDT
Created attachment 355983 [details]
reconstruct vlan headers

added missing pcap-vlan.h
Comment 6 Miroslav Lichvar 2010-04-14 08:07:10 EDT
As the kernel bug #499681 can't be implemented without breaking compatibility, there is no point in including the libpcap patch.

Closing as CANTFIX.

Note You need to log in before you can comment on or make changes to this bug.