[dnscap-users] interpretation of VLAN 0 on command line
Wessels, Duane
dwessels at verisign.com
Mon Aug 24 17:28:40 UTC 2015
Greetings dnscap users!
dnscap has the ability to filter on VLAN with the -l and -L command line
options.
Currently "-l 0" is taken as instruction to add "vlan and" to the BPF
program so that VLAN-tagged packets will be received, but to NOT otherwise
filter by VLAN ID. In other words, VLAN 0 is treated as a wildcard.
Although VLAN 0 is reserved (meaning you can't configure it I suppose),
it seems that it can appear on the wire. Currently dnscap is not able to
process VLAN 0 packets because of the above and also because it assumes
VLAN 0 wouldn't ever appear on the wire.
VLAN 0xFFF is also reserved and appears to have the meaning which dnscap
gives to 0 -- namely that of a wildcard. If my understanding is correct,
0xFFF should not be configurable on a device and should never appear on
the wire.
Therefore, I may propose that the dnscap command line interpretation be
changed so that "-l 4095" is taken to mean that dnscap should capture all
VLANs.
Before doing that, however, I wonder if many users have scripts and processes
built around the current meaning of "-l 0"?
DW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4676 bytes
Desc: not available
URL: <http://lists.dns-oarc.net/pipermail/dnscap-users/attachments/20150824/3734461a/attachment.bin>
More information about the dnscap-users
mailing list