lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20080229102209.GC15289@paradigm.rfc822.org>
Date:	Fri, 29 Feb 2008 11:22:09 +0100
From:	Florian Lohoff <flo@...822.org>
To:	Pavel Krauz <krauz@...z.cz>
Cc:	netdev@...r.kernel.org
Subject: Re: capturing VLAN

On Fri, Feb 29, 2008 at 09:56:18AM +0100, Pavel Krauz wrote:
> Hi guys
> as I see it, capturing packets with VLAN tag over PCAP is simply
> broken on 2.6 kernel with the HW acceleration. Applications that need
> unmodified packets over PCAP in promisc mode cannot work when VLAN
> is present in the traffic.

Older kernels (e.g. debian 2.6.18) had the problem that when you enable
802.1q VLAN support the acenic driver dropped the first vlan tag on a
packet regardless if you enable vlans or not. If you recompile a kernel
without 802.1q VLAN support all 802.1q tags should be in the pcap.

I was dumping 802.1qinq with 2 VLAN tags stacked and the outer tag
was gone ...

Without looking at all the drivers there is definitly something
driver and config option dependent when capturing 802.1q traffic.

Flo
-- 
Florian Lohoff                  flo@...822.org             +49-171-2280134
	Those who would give up a little freedom to get a little 
          security shall soon have neither - Benjamin Franklin

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ