[Bro] is vlan bpf broken in bro
erik clark
philosnef at gmail.com
Wed Mar 29 08:28:59 PDT 2017
Libpcap from ntop for pf_ring, on a vmxnet3 interface. ixgbe nics have
rxvlan option in ethtool which disables acceleration, but these are all
virtual nics; I cant set rx-vlan-offload (bad command, despite being listed
in ethtool -k), so I think I am out of luck for filtering.
On Wed, Mar 29, 2017 at 11:14 AM, Seth Hall <seth at corelight.com> wrote:
>
> > On Mar 29, 2017, at 10:17 AM, erik clark <philosnef at gmail.com> wrote:
> >
> > The short of it: Will bro respect vlan filters, or does it have the same
> issue that tcpdump and libpcap seem to have?
>
> If it's acquiring packets through straight libpcap on linux and linux has
> an issue with vlan handling, then yes, you will have the same problem. If
> you are using some alternate packet handling mechanism then the problem
> with likely not be there. Are you using the default libpcap on your distro?
>
> .Seth
>
> --
> Seth Hall * Corelight, Inc * seth at corelight.com * www.corelight.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170329/5c13a840/attachment.html
More information about the Bro
mailing list