Description of problem: Tcpdump cannot deal with vlan id. When eth1 being configured with 802.1Q vlan tag, tcpdump cannot capture the vlan id. Version-Release number of selected component (if applicable): [@4.55 ~]# rpm -q tcpdump vconfig kernel rpm -q tcpdump vconfig kernel tcpdump-3.9.4-14.el5 vconfig-1.9-2.1 kernel-2.6.18-128.1.6.el5 [@4.55 ~]# modinfo 8021q filename: /lib/modules/2.6.18-128.1.6.el5/kernel/net/8021q/8021q.ko version: 1.8 license: GPL srcversion: 5CA662C35E46AE4E2DDA98C depends: vermagic: 2.6.18-128.1.6.el5 SMP mod_unload gcc-4.1 module_sig: 883f35049c98f9369db9f7335d33d112967809d101eb893e52fb3257c1e82456b5dfab7b509ee809cb15f81aa6cb9ce75de78f81fa171e1b7f6361d How reproducible: 100% Steps to Reproduce: 1. onfigure eth1 with vlan as below: [@4.55 ~]# head /etc/sysconfig/network-scripts/ifcfg-eth1.* ==> /etc/sysconfig/network-scripts/ifcfg-eth1.470 <== # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet DEVICE=eth1.470 HWADDR=00:1E:0B:C7:0B:E2 ONBOOT=yes IPADDR=219.234.81.36 NETMASK=255.255.255.0 ==> /etc/sysconfig/network-scripts/ifcfg-eth1.478 <== # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet DEVICE=eth1.478 HWADDR=00:1E:0B:C7:0B:E2 ONBOOT=yes IPADDR=118.228.148.22 NETMASK=255.255.255.0 [@4.55 ~]# head -n100 /etc/sysconfig/network-scripts/ifcfg-eth1.* ==> /etc/sysconfig/network-scripts/ifcfg-eth1.470 <== # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet DEVICE=eth1.470 HWADDR=00:1E:0B:C7:0B:E2 ONBOOT=yes IPADDR=yy.yy.yy.yy NETMASK=255.255.255.0 ==> /etc/sysconfig/network-scripts/ifcfg-eth1.478 <== # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet DEVICE=eth1.478 HWADDR=00:1E:0B:C7:0B:E2 ONBOOT=yes IPADDR=xx.xx.xx.xx NETMASK=255.255.255.0 # the default route is via eth1.470 2. run ping in the background ping www.redhat.com &> /dev/null & 3. use tcpdump to capture package tcpdump -i eth1 -e -n icmp tcpdump -i eth1.470 -e -n icmp tcpdump -i eth1 -e -n vlan 470 Actual results: tcpdump -i eth1 -e -n icmp only icmp-echorequest only without vlan id was captured. 23:55:02.587351 00:1e:0b:c7:0b:e2 > 00:00:5e:00:01:51, ethertype IPv4 (0x0800), length 98: xx.xx.xx.xx > 210.192.112.112: ICMP echo request, id 57909, seq 194, length 64 tcpdump -i eth1.470 -e -n icmp both icmp-echorequest and icmp-echoreply without vlan id were captured. 00:02:25.994875 00:1e:0b:c7:0b:e2 > 00:00:5e:00:01:51, ethertype IPv4 (0x0800), length 98: xx.xx.xx.xx > 220.181.6.19: ICMP echo request, id 35651, seq 9862, length 64 00:02:25.996434 00:0f:e2:7e:d0:7c > 00:1e:0b:c7:0b:e2, ethertype IPv4 (0x0800), length 98: 220.181.6.19 > xx.xx.xx.xx: ICMP echo reply, id 35651, seq 9862, length 64 tcpdump -i eth1 -e -n vlan 470 nothing. tcpdump -i eth1 -e -n vlan 478 nothing. Expected results: tcpdump -i eth1 -e -n icmp both icmp-echorequest and icmp-echoreply with vlan id should be captured. OR: neither icmp-echorequest nor icmp-echoreply should be captured. tcpdump -i eth1.470 -e -n icmp both icmp-echorequest and icmp-echoreply without vlan id should be captured. tcpdump -i eth1 -e -n vlan 470 both icmp-echorequest and icmp-echoreply with vlan id should be captured. tcpdump -i eth1 -e -n vlan 478 nothing. Additional info: [@4.55 ~]# cat /etc/modprobe.conf alias eth0 tg3 alias eth1 tg3 [@4.55 ~]# lspci | fgrep Eth 03:01.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5704 Gigabit Ethernet (rev 10) 03:01.1 Ethernet controller: Broadcom Corporation NetXtreme BCM5704 Gigabit Ethernet (rev 10)
Do the ifcfg files have VLAN=yes? Can you please post content of /proc/net/vlan/config?
[@4.55 ~]# cat /proc/net/vlan/config VLAN Dev name | VLAN ID Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD eth1.470 | 470 | eth1 eth1.478 | 478 | eth1 [@4.55 ~]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=4.55 GATEWAY=219.234.81.254 VLAN=yes
Ok, looks like this is caused by VLAN acceleration. In libpcap it's supported since version 1.0.0, but it needs to be supported also in kernel. http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git;a=commitdiff;h=393e52e33c6c26ec7db290dab803bac1bed962d4
Created attachment 355016 [details] reconstruct vlan headers This is a backport of patches by Patrick McHardy from libpcap git. It requires tp_vlan_tci in kernel's tpacket_auxdata struct. Please note that the vlan headers are reconstructed after kernel filtering. To filter packets from a vlan unfiltered output has to be passed to another tcpdump: tcpdump -Uw - | tcpdump -en -r - vlan 200
Created attachment 355983 [details] reconstruct vlan headers added missing pcap-vlan.h
As the kernel bug #499681 can't be implemented without breaking compatibility, there is no point in including the libpcap patch. Closing as CANTFIX.