Hi,
I am using Linux 2.6.9-55.ELsmp and Intel(R) PRO/1000 Network e1000 driver
(version 7.2.12). I find, this driver does not pass VLAN 802.1Q tags to pcap
library, hence wireshark (Version 1.2.4 or version: 0.99.5) or tcpdump can’t
see them. Then I reviewed at Intel’s e1000 driver (version: 7.6.12) source code
and VLAN 802.1Q kernel module source code, pinpointed the root cause and its
appropriate solution. Afterward I changed the driver source code (on the top
of e1000 driver version: 7.6.12 and rebuild the e1000.ko used the same. Using
this patch, now the VLAN 802.1Q tag visible to sniffers (i.e., wireshark,
tcpdump). I have written Root Cause Analysis, modification done in driver
source code and test results as stated below. Please have a look into the same
and give your valuable feedback.
Root Cause:
Wireshark supports capturing VLAN packet but it depends upon the NIC and
driver. In ATCA GPU (NetHawk Image Version: 1.0.4r1), wireshark does not
capture the VLAN packets because of driver not due to wireshark. I mean, the
e1000 driver strips off the VLAN 802.1Q tag during reception before wireshark
captures them.
Many hours of googling, looking at the e1000 driver code and VLAN 802.1Q code,
has led us to believe that VLAN hardware acceleration is stripping the VLAN tag
from the Ethernet frame, so we can't actually see the VLAN ID. VLAN hardware
acceleration was the issue; as of kernel 2.6.9-55.ELsmp, thus we can’t see the
VLAN tags on real physical interface (i.e., eth0). It shows all the traffic,
but the packets are all untagged.
Note: The VLAN acceleration works (with e1000 driver) by enabling HW header
striping and using the VLAN ID for an immediate lookup in the VLAN devices
configured on that device.
Solution:
We need to make a patch which disables all HW vlan acceleration features (rx,
tx,
filter) for netdevice. The net_device structure (defined in
"include/linux/netdevice.h"), which is filled-in by a net driver at
initialization time, includes a field called "features". The features field
inside the structure net_device reports the card's capabilities. As of e1000
driver (version 7.6.12), by setting NETIF_F_HW_VLAN_TX, NETIF_F_HW_VLAN_RX, and
NETIF_F_HW_VLAN_FILTER bits in features field, the driver informs the
networking stack of it's capabilities for all HW vlan acceleration features. We
need to unset those bits in bitmap of flags used to store device capabilities.
This does the followings
a) It disables all HW vlan acceleration features.
b) It makes e1000 driver to not strip off the VLAN header.
c) Then, the packets will be received by the networking stack with the
vlan header intact.
d) It makes automatically VLAN 802.1Q tag visible to sniffers by sniffing
on the physical device.
Note: We can find the list of NETIF_F_XXX features, along with some comments,
inside the net_device data structure definition.
Modified Source Code i.e., drivers/net/e1000/e1000_main.c
Convention Used : The blue colored statements signifies the modification
static int __devinit e1000_probe(struct pci_dev *pdev,
const struct pci_device_id *ent)
{
----------------- ;
----------------- ;
netdev->features = NETIF_F_SG |
NETIF_F_HW_CSUM; /* |
NETIF_F_HW_VLAN_TX |
NETIF_F_HW_VLAN_RX |
NETIF_F_HW_VLAN_FILTER;*/
----------------- ;
----------------- ;
}
Results:
In two Linux box created the VLAN device (i.e. eth5.7) associated with eth5
with the vconfig command and added the IP address thru IP utility. Then did
pinging from both the ends and captured the packets (by selecting eth5
interface) and wireshark could able to capture these packets and displays all
the fields as per 802.1Q specification.
Regards,
ChinmayaD
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
E1000-devel mailing list
E1000-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/e1000-devel
To learn more about Intel® Ethernet, visit
http://communities.intel.com/community/wired
