On 27.07.2011 20:59, Stig wrote: > I'm using ULOG iptables target to capture packets for pmacct (a > netflow exporter). I noticed when ulog gets a packet from a vlan > interface that the ulog header shows a mac_len of 18 bytes, but it > appears that the vlan tag has already been stripped from the packet > header: > > (gdb) p/x *ulog_pkt > $7 = { > mark = 0x0, > timestamp_sec = 0x4e2f6077, > timestamp_usec = 0x222f3, > hook = 0x0, > indev_name = {0x65, 0x74, 0x68, 0x31, 0x2e, 0x31, 0x30, 0x30, 0x0, 0x0, 0x0, > 0x0, 0x0, 0x0, 0x0, 0x0}, > outdev_name = {0x0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x5, 0xf, 0x0, > 0x0, 0x5, 0xf, 0x0, 0x0}, > data_len = 0x40, > prefix = {0x0, 0x0, 0x2, 0x0, 0x72, 0x60, 0x2f, 0x4e, 0xed, 0x6, 0x0, 0x0, > 0xa, 0x40, 0x80, 0xfd, 0x2, 0x0, 0x0, 0x0, 0x14, 0x0, 0x1, 0x0, 0xfe, > 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, > mac_len = 0x12, > mac = {0x0, 0xd, 0xb9, 0x15, 0x6d, 0x1, 0x0, 0xf, 0x30, 0x4, 0x35, 0x4f, > 0x8, 0x0, 0x45, 0x0, 0x0, 0x54, 0xff, 0x21, 0x12, 0x0, 0x0, 0x21, 0x12, > 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x14, 0x0, 0x2, 0x0, 0x72, 0x60, 0x2f, > 0x4e, 0xed, 0x6, 0x0, 0x0, 0xa, 0x40, 0x80, 0xfd, 0x3, 0x0, 0x0, 0x0, > 0x14, 0x0, 0x1, 0x0, 0xfe, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xd, > 0xb9, 0xff, 0xfe, 0x15, 0x6d, 0x1, 0x14, 0x0, 0x6, 0x0, 0xff, 0xff, 0xff, > 0xff, 0xff}, > payload = 0x941cc35 > } > > > If the vlan has been remove, shouldn't the mac_len be reduced to 14? Yes. How is your vlan device configured (ip -s link show vlanX)? > > This causes parsing problems of the ip header for pmacct because it > does the following: > > if (ulog_pkt->mac_len) { > memcpy(jumbo_container, ulog_pkt->mac, ulog_pkt->mac_len); > memcpy(jumbo_container+ulog_pkt->mac_len, ulog_pkt->payload, hdr.caplen); > hdr.caplen += ulog_pkt->mac_len; > hdr.len += ulog_pkt->mac_len; > > > Obviously I can work around it, but I'm wondering if this is the > expected behavior for ulog with vlans? No, if the tag is stripped, the length should reflect that. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html