Simple netgraph sniffer via ng_ether drops VLAN information.

PKraszewski

PKraszewski

Hello!

Im creating a software to sniff/inject packets by netgraph subsystem (test rig for some embedded device). Just a simple ng_socket attached to ng_ether's lower hook. A simple sudo nghook epair3a: lower | hexdump -C has the same behavior.

While I can inject even the wildest packets (including single and dual layer VLANs), and receive all packets, the receive side somewhere strips one layer of VLAN information:
  • for simple VLAN I get untagged packet (0x8100:VLAN>PROTO is read as bare PROTO)
  • for Q-in-Q I get single-tagged packet with internal VLAN only (0x88a8:OVLAN>0x8100:IVLAN>PROTO is read as 0x8100:IVLAN/PROTO)
Injection works correctly, tcpdump confirms all the necessary fields. It is just the receiving side that gets somehow de-tagged.

If that matters, current tests are performed on epair virtual Ethernet card pair (one card is injecting, the other is capturing).

Do I need to set some extra flags somewhere to allow VLAN passthrough?
 
VladiBG said:
Check ng_vlan / ng_bridge
Click to expand...
I need source/sink in userspace. I've already tested ng_vlan's nomatch hook - still no go...

Update:

libnetgraph's debug log looks like that:

For single layer VLAN:
Code: 
DATA EMITTED:
ether_tester: SOCKADDR: { fam=32 len=6 addr="ear" }
ether_tester: 0000:  fe ee ee 11 21 31 fe ee ee 12 22 32 81 00 01 23   ....!1...."2...#
                                                         ^^^^^^^^^^^
                                                         VLAN 123
ether_tester: 0010:  be ef 01 02 03 04 05 06 07 08 09                  ...........         
                     ^^^^^
                     Next proto
DATA RECEIVED
ether_tester: READ PACKET from hook "ear" (23 bytes)
ether_tester: 0000:  fe ee ee 11 21 31 fe ee ee 12 22 32 be ef 01 02   ....!1...."2....
                                                         ^^^^^
                                                         PROTO
ether_tester: 0010:  03 04 05 06 07 08 09                              .......

For QinQ VLAN:
Code: 
DATA EMITTED
ether_tester: WRITE PACKET to hook "ear" (31 bytes)
ether_tester: SOCKADDR: { fam=32 len=6 addr="ear" }
ether_tester: 0000:  fe ee ee 11 21 31 fe ee ee 12 22 32 88 a8 04 56   ....!1...."2...V
                                                         ^^^^^^^^^^^
                                                         Outer VLAN
ether_tester: 0010:  81 00 01 23 be ef 01 02 03 04 05 06 07 08 09      ...#........... 
                     ^^^^^^^^^^^ ^^^^^
                     Inner VLAN  Next Proto

DATA RECEIVED
ether_tester: READ PACKET from hook "ear" (27 bytes)
ether_tester: 0000:  fe ee ee 11 21 31 fe ee ee 12 22 32 81 00 01 23   ....!1...."2...#
                                                         ^^^^^^^^^^^
                                                         Inner VLAN
ether_tester: 0010:  be ef 01 02 03 04 05 06 07 08 09                  ...........         
                     ^^^^^
                     Next proto

I've been browsing through libnetgraph, ng_socket and ng_ether source, bub none seems to be interested in VLAN tags content...
 
You must log in or register to reply here.
Back
Top