Hi,
We often trace VLAN tagged frames (802.1Q) and noticed that the TCP
stream analysis not is working (it says: "selected packet is not a TCP segment").
I guess it "forgets" to skip the VLAN tag when checking the contents of the packet.
Also the capture filter seems no longer to support "vlan" keyword (maybe somewhere in the BPF engine).
Previously (some versions ago) it was possible to write "vlan ..." to force it to jump over any
VLAN header. I guess this actually could have build into the BPF programs - but will probably slow
down the programs a little (in non VLAN case).
Our interfaces can contain a mix of untagged and tagged frames - so the above could be nice anyway...
I seem to remember that the Berkeley Packet Filter in vxworks contained "something" that allows
to make LOADs relative to headerLen+k, e.g.:
case BPF_LD|BPF_B|BPF_ABS|BPF_HLEN:
return "LD_B:a=[hlen+k]";
Anybody else using VLAN tagged frames??
Anyway Ethereal is really a great tool (Sniffer Pro from Network Associates also have some fancy features -
but our version is only for NT4 - not win2000;-)
Regards,
Mads Bligaard Nielsen
System Engineer, Product Development Ethernet Access
Attachment:
tcp_vlan_tagged.cap
Description: Binary data