Hi all,
I am trying to tcpdump traffic of a qdisc.
What I do is this:
tc filter add dev $DEVICE parent $QDISC_HANDLE protocol all prio 1 u32
match u32 0 0 action mirred egress mirror dev dummy0
After that I just do:
tcpdump -i dummy0
Everything works perfect, except when $DEVICE is a PPPoE device. In
this case, tcpdump shows "Unknown Ethertype" like these:
18:21:37.036268 00:00:40:11:0c:3f (oui Unknown) > 45:00:00:5d:b4:3d
(oui Unknown), ethertype Unknown (0xc361), length 93:
0x0000: 05ce 2ec6 c21e c8d6 da6f 0049 4368 6431 .........o.IChd1
0x0010: 3a61 6432 3a69 6432 303a 9ffc e740 ca80 :ad2:id20:...@..
0x0020: d39d 49a6 a024 2e84 1207 6b97 8aca 6531 ..I..$....k...e1
0x0030: 3a71 343a 7069 6e67 313a 7432 3aac af31 :q4:ping1:t2:..1
0x0040: 3a76 343a 4c54 0010 313a 7931 3a71 65 :v4:LT..1:y1:qe
18:21:37.036568 00:00:40:11:27:ec (oui Unknown) > 45:00:00:30:4e:0b
(oui Unknown), ethertype Unknown (0xc361), length 48:
0x0000: 05ce 5548 e64e c8d6 f237 001c 5c7b 4100 ..UH.N...7..\{A.
0x0010: ad74 3ce4 51df 0000 0000 0000 0000 662d .t<.Q.........f-
0x0020: 0000 ..
I tried to detect the mirrored traffic in wireshark. It doesn't seem
to be any protocol known. What is it?
I also tried IFB instead of dummy0 (of course with redirect, not
mirror). Same result.
This only happens on egress of PPPoE. If I send all ingress of the
same PPPoE device to an IFB, add a few classes and qdiscs and then
mirror the traffic of any qdisc of the IFB to a dummy, tcpdump works
as expected.
Is there a way to overcome the issue?
If there another way to tcpdump the traffic of a class?
Regards,
Costa
--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
