Re: ULOG and vlans

Stig <stig@xxxxxxxx> · Thu, 28 Jul 2011 10:00:15 -0700



On Thu, Jul 28, 2011 at 4:15 AM, Patrick McHardy <kaber@xxxxxxxxx> wrote:
> On 27.07.2011 20:59, Stig wrote:
>> I'm using ULOG iptables target to capture packets for pmacct (a
>> netflow exporter).  I noticed when ulog gets a packet from a vlan
>> interface that the ulog header shows a mac_len of 18 bytes, but it
>> appears that the vlan tag has already been stripped from the packet
>> header:
>>
>> (gdb) p/x *ulog_pkt
>> $7 = {
>>   mark = 0x0,
>>   timestamp_sec = 0x4e2f6077,
>>   timestamp_usec = 0x222f3,
>>   hook = 0x0,
>>   indev_name = {0x65, 0x74, 0x68, 0x31, 0x2e, 0x31, 0x30, 0x30, 0x0, 0x0, 0x0,
>>     0x0, 0x0, 0x0, 0x0, 0x0},
>>   outdev_name = {0x0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x5, 0xf, 0x0,
>>     0x0, 0x5, 0xf, 0x0, 0x0},
>>   data_len = 0x40,
>>   prefix = {0x0, 0x0, 0x2, 0x0, 0x72, 0x60, 0x2f, 0x4e, 0xed, 0x6, 0x0, 0x0,
>>     0xa, 0x40, 0x80, 0xfd, 0x2, 0x0, 0x0, 0x0, 0x14, 0x0, 0x1, 0x0, 0xfe,
>>     0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
>>   mac_len = 0x12,
>>   mac = {0x0, 0xd, 0xb9, 0x15, 0x6d, 0x1, 0x0, 0xf, 0x30, 0x4, 0x35, 0x4f,
>>     0x8, 0x0, 0x45, 0x0, 0x0, 0x54, 0xff, 0x21, 0x12, 0x0, 0x0, 0x21, 0x12,
>>     0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x14, 0x0, 0x2, 0x0, 0x72, 0x60, 0x2f,
>>     0x4e, 0xed, 0x6, 0x0, 0x0, 0xa, 0x40, 0x80, 0xfd, 0x3, 0x0, 0x0, 0x0,
>>     0x14, 0x0, 0x1, 0x0, 0xfe, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xd,
>>     0xb9, 0xff, 0xfe, 0x15, 0x6d, 0x1, 0x14, 0x0, 0x6, 0x0, 0xff, 0xff, 0xff,
>>     0xff, 0xff},
>>   payload = 0x941cc35
>> }
>>
>>
>> If the vlan has been remove, shouldn't the mac_len be reduced to 14?
>
> Yes. How is your vlan device configured (ip -s link show vlanX)?

vyatta@vyatta:~$ ip -s link show eth1.100
4: eth1.100@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue stat
    link/ether 00:0d:b9:15:6d:01 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast
    296652     3372     0       0       0       0
    TX: bytes  packets  errors  dropped carrier collsns
    344216     3376     0       0       0       0

vyatta@vyatta:~$ iptables -V
iptables v1.4.10

vyatta@vyatta:~$ uname -a
Linux alix-vyatta 2.6.37-1-586-vyatta #1 SMP Mon Jun 13 14:41:41 PDT 2011 i586 x

stig
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html