[Bro-Dev] #264: topic/seth/mpls - Experimental MPLS support.

Bro Tracker bro at tracker.icir.org
Thu Apr 28 06:31:03 PDT 2011 

#264: topic/seth/mpls - Experimental MPLS support.
----------------------------+----------------------
  Reporter:  robin          |      Owner:  seth
      Type:  Merge Request  |     Status:  assigned
  Priority:  Normal         |  Milestone:  Bro1.6
 Component:  Bro            |    Version:  1.5.1
Resolution:                 |   Keywords:  sprint
----------------------------+----------------------

Comment (by seth):

 > - not sure what the part is that you "*think*" will happen. Are you
 > wondering whether "ip or not ip" will let vlan/mpls through? or whether
 we
 > have indeed decided to make that the default filter?

 It does pass through vlan&mpls and I've been thinking that's what we'd
 move to as the default filter.  I tried a lot of combinations and giving
 it an always true filter seems to be the only way to always pass through
 packets (like not having a filter at all).

 > - seems the code no longer needs the `mpls_link` option, correct?

 Correct, I think I removed that didn't I?

 > - do we have small test trace with mixed MPLS/VLAN traffic?

 I actually have one I grabbed from pcapr.net, I'll attach it to this
 ticket.

 > - one of the above questions doesn't seem answered: can there be VLAN
 over
 > MPLS, and/or MPLS over VLAN? The code currently doesn't handle
 > combinations.

 I have no clue.  I haven't heard of anyone encountering traffic like this
 and I haven't seen a trace showing it.

 > - to double-check my MPLS knowledge: is it right that with MPLS there's
 no
 > way to find out whether the packets are actually of transport-layer type
 > IP4/6?

 That's a good question, but I don't have a clue.

 > - the patch removes `vlan.bro` and some code in `pcap.bro` to handle
 that.
 > Isn't the ``vlan`` keyword  still needed for BPF for doing more
 > restrictive filters?

 Hm, yes.  I think we still need to figure out how we are going to handle
 choosing between the default "wide open" filter and accepting the filter
 set by the chosen scripts.  I removed vlan.bro because it won't normally
 be necessary with the open filter.  I'm of the opinion that people should
 just have to choose the correct filter for their traffic if they want to
 apply a filter since it's already like that with tcpdump (no filter you
 see vlan packets, but apply a filter without "vlan" you don't see them).

-- 
Ticket URL: <http://tracker.icir.org/bro/ticket/264#comment:19>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list