[Bro] is vlan bpf broken in bro
erik clark
philosnef at gmail.com
Wed Mar 29 08:50:50 PDT 2017
Ive actually tried this with stock libpcap, and have the same results. I
just checked an ixgbe nic I have laying around, and I get the same results,
without any option to set rxvlan...
>From the various boxes I have tried so far (e1000e, ixgbe, vmxnet3), all of
these exhibit the same filtering problem with vlans. Maybe netmap can
handle it, but it doesnt appear that libpcap (pf_ring or not) can properly
handle vlan filtering... Since we are going with af_packet, netmap is
unfortunately off the table.
On Wed, Mar 29, 2017 at 11:31 AM, Seth Hall <seth at corelight.com> wrote:
>
> > On Mar 29, 2017, at 11:28 AM, erik clark <philosnef at gmail.com> wrote:
> >
> > Libpcap from ntop for pf_ring, on a vmxnet3 interface. ixgbe nics have
> rxvlan option in ethtool which disables acceleration, but these are all
> virtual nics; I cant set rx-vlan-offload (bad command, despite being listed
> in ethtool -k), so I think I am out of luck for filtering.
>
> Ah, that's a much more narrow case than I thought you were referring to.
> You might be out of luck without deeper changes to things (or you could use
> netmap, it might work there!).
>
> .Seth
>
> --
> Seth Hall * Corelight, Inc * seth at corelight.com * www.corelight.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170329/dd8af67f/attachment.html
More information about the Bro
mailing list