I'm using ULOG iptables target to capture packets for pmacct (a
netflow exporter). I noticed when ulog gets a packet from a vlan
interface that the ulog header shows a mac_len of 18 bytes, but it
appears that the vlan tag has already been stripped from the packet
header:
(gdb) p/x *ulog_pkt
$7 = {
mark = 0x0,
timestamp_sec = 0x4e2f6077,
timestamp_usec = 0x222f3,
hook = 0x0,
indev_name = {0x65, 0x74, 0x68, 0x31, 0x2e, 0x31, 0x30, 0x30, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0},
outdev_name = {0x0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x5, 0xf, 0x0,
0x0, 0x5, 0xf, 0x0, 0x0},
data_len = 0x40,
prefix = {0x0, 0x0, 0x2, 0x0, 0x72, 0x60, 0x2f, 0x4e, 0xed, 0x6, 0x0, 0x0,
0xa, 0x40, 0x80, 0xfd, 0x2, 0x0, 0x0, 0x0, 0x14, 0x0, 0x1, 0x0, 0xfe,
0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
mac_len = 0x12,
mac = {0x0, 0xd, 0xb9, 0x15, 0x6d, 0x1, 0x0, 0xf, 0x30, 0x4, 0x35, 0x4f,
0x8, 0x0, 0x45, 0x0, 0x0, 0x54, 0xff, 0x21, 0x12, 0x0, 0x0, 0x21, 0x12,
0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x14, 0x0, 0x2, 0x0, 0x72, 0x60, 0x2f,
0x4e, 0xed, 0x6, 0x0, 0x0, 0xa, 0x40, 0x80, 0xfd, 0x3, 0x0, 0x0, 0x0,
0x14, 0x0, 0x1, 0x0, 0xfe, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xd,
0xb9, 0xff, 0xfe, 0x15, 0x6d, 0x1, 0x14, 0x0, 0x6, 0x0, 0xff, 0xff, 0xff,
0xff, 0xff},
payload = 0x941cc35
}
If the vlan has been remove, shouldn't the mac_len be reduced to 14?
This causes parsing problems of the ip header for pmacct because it
does the following:
if (ulog_pkt->mac_len) {
memcpy(jumbo_container, ulog_pkt->mac, ulog_pkt->mac_len);
memcpy(jumbo_container+ulog_pkt->mac_len, ulog_pkt->payload, hdr.caplen);
hdr.caplen += ulog_pkt->mac_len;
hdr.len += ulog_pkt->mac_len;
Obviously I can work around it, but I'm wondering if this is the
expected behavior for ulog with vlans?
stig
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
