Re: ULOG and vlans

Patrick McHardy <kaber@xxxxxxxxx> · Fri, 29 Jul 2011 16:23:24 +0200



On 28.07.2011 19:00, Stig wrote:
> On Thu, Jul 28, 2011 at 4:15 AM, Patrick McHardy <kaber@xxxxxxxxx> wrote:
>> On 27.07.2011 20:59, Stig wrote:
>>> I'm using ULOG iptables target to capture packets for pmacct (a
>>> netflow exporter).  I noticed when ulog gets a packet from a vlan
>>> interface that the ulog header shows a mac_len of 18 bytes, but it
>>> appears that the vlan tag has already been stripped from the packet
>>> header:
>>>
>>> (gdb) p/x *ulog_pkt
>>> $7 = {
>>>   mark = 0x0,
>>>   timestamp_sec = 0x4e2f6077,
>>>   timestamp_usec = 0x222f3,
>>>   hook = 0x0,
>>>   indev_name = {0x65, 0x74, 0x68, 0x31, 0x2e, 0x31, 0x30, 0x30, 0x0, 0x0, 0x0,
>>>     0x0, 0x0, 0x0, 0x0, 0x0},
>>>   outdev_name = {0x0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x5, 0xf, 0x0,
>>>     0x0, 0x5, 0xf, 0x0, 0x0},
>>>   data_len = 0x40,
>>>   prefix = {0x0, 0x0, 0x2, 0x0, 0x72, 0x60, 0x2f, 0x4e, 0xed, 0x6, 0x0, 0x0,
>>>     0xa, 0x40, 0x80, 0xfd, 0x2, 0x0, 0x0, 0x0, 0x14, 0x0, 0x1, 0x0, 0xfe,
>>>     0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
>>>   mac_len = 0x12,
>>>   mac = {0x0, 0xd, 0xb9, 0x15, 0x6d, 0x1, 0x0, 0xf, 0x30, 0x4, 0x35, 0x4f,
>>>     0x8, 0x0, 0x45, 0x0, 0x0, 0x54, 0xff, 0x21, 0x12, 0x0, 0x0, 0x21, 0x12,
>>>     0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x14, 0x0, 0x2, 0x0, 0x72, 0x60, 0x2f,
>>>     0x4e, 0xed, 0x6, 0x0, 0x0, 0xa, 0x40, 0x80, 0xfd, 0x3, 0x0, 0x0, 0x0,
>>>     0x14, 0x0, 0x1, 0x0, 0xfe, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xd,
>>>     0xb9, 0xff, 0xfe, 0x15, 0x6d, 0x1, 0x14, 0x0, 0x6, 0x0, 0xff, 0xff, 0xff,
>>>     0xff, 0xff},
>>>   payload = 0x941cc35
>>> }
>>>
>>>
>>> If the vlan has been remove, shouldn't the mac_len be reduced to 14?
>>
>> Yes. How is your vlan device configured (ip -s link show vlanX)?
> 
> vyatta@vyatta:~$ ip -s link show eth1.100
> 4: eth1.100@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue stat
>     link/ether 00:0d:b9:15:6d:01 brd ff:ff:ff:ff:ff:ff
>     RX: bytes  packets  errors  dropped overrun mcast
>     296652     3372     0       0       0       0
>     TX: bytes  packets  errors  dropped carrier collsns
>     344216     3376     0       0       0       0

Sorry, I actually meant ip -d link show vlanX. Also, what driver are
you using?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html