Re: Can libpcap filter on vlan tags when vlans are hardware-accelerated?

2017-09-26 Thread Ben Greear 

On 09/12/2017 01:26 PM, Michal Kubecek wrote:

On Tue, Sep 12, 2017 at 11:54:43AM -0700, Ben Greear wrote:

It does not appear to work on Fedora-26, and I'm curious if someone
knows what needs doing to get this support working?


It's rather complicated. The "vlan" and "vlan " filters didn't
handle the case when vlan information is passed in metadata until commit
04660eb1e561 ("Use BPF extensions in compiled filters"), i.e. libpcap
1.7.0. Unfortunately that commit made libpcap always check only metadata
for the first outermost vlan tag so that it broke the case when vlan
information is passed in packet itself (which is less frequent today).

To handle both cases correctly, you would need libpcap with commits
d739b068ac29 ("Make VLAN filter handle both metadata and inline tags")
and 7c7a19fbd9af ("Fix logic of combined VLAN test") and also the
optimizer fix from

  https://github.com/the-tcpdump-group/libpcap/pull/582/commits/075015a3d17a

(without it the filters generate incorrect BPF in some cases unless the
optimizer is disabled). As far as I can see, these commits are not in
any release yet.

   Michal Kubecek



So, I cloned the latest libpcap, and I'm going to start poking at this.

Do you happen to know if I need to do anything special other than
'pcap_compile()'?  I'm curious how the library would know if it can use
newer kernel API or not...or maybe it is somehow magically backwards/forward
compatible?

Thanks,
Ben

--
Ben Greear 
Candela Technologies Inc  http://www.candelatech.com

Re: Can libpcap filter on vlan tags when vlans are hardware-accelerated?

2017-09-12 Thread Michal Kubecek 
On Tue, Sep 12, 2017 at 11:54:43AM -0700, Ben Greear wrote:
> It does not appear to work on Fedora-26, and I'm curious if someone
> knows what needs doing to get this support working?

It's rather complicated. The "vlan" and "vlan " filters didn't
handle the case when vlan information is passed in metadata until commit
04660eb1e561 ("Use BPF extensions in compiled filters"), i.e. libpcap
1.7.0. Unfortunately that commit made libpcap always check only metadata
for the first outermost vlan tag so that it broke the case when vlan
information is passed in packet itself (which is less frequent today).

To handle both cases correctly, you would need libpcap with commits
d739b068ac29 ("Make VLAN filter handle both metadata and inline tags")
and 7c7a19fbd9af ("Fix logic of combined VLAN test") and also the
optimizer fix from

  https://github.com/the-tcpdump-group/libpcap/pull/582/commits/075015a3d17a

(without it the filters generate incorrect BPF in some cases unless the
optimizer is disabled). As far as I can see, these commits are not in
any release yet.

   Michal Kubecek

Re: Can libpcap filter on vlan tags when vlans are hardware-accelerated?

2017-09-12 Thread Ben Greear 

On 09/12/2017 11:54 AM, Ben Greear wrote:

It does not appear to work on Fedora-26, and I'm curious if someone knows what 
needs
doing to get this support working?

Thanks,
Ben




Gah, I spoke too soon.  system-test guy says it works on cmd-line, but
not when we try to make it work in another way...could be local bug,
I'll poke at this more.

Thanks,
Ben

--
Ben Greear 
Candela Technologies Inc  http://www.candelatech.com