[dnscap-users] interpretation of VLAN 0 on command line
dwessels at verisign.com
Wed Aug 26 22:51:29 UTC 2015
I didn't see any responses to this so I have committed a change to the
dnscap source repository:
Now users should specify 4095 to mean all VLANs. dnscap will print a warning
when users specify -l 0 or -L 0 to remind them of the change.
> On Aug 24, 2015, at 10:28 AM, Duane Wessels <dwessels at verisign.com> wrote:
> Greetings dnscap users!
> dnscap has the ability to filter on VLAN with the -l and -L command line
> Currently "-l 0" is taken as instruction to add "vlan and" to the BPF
> program so that VLAN-tagged packets will be received, but to NOT otherwise
> filter by VLAN ID. In other words, VLAN 0 is treated as a wildcard.
> Although VLAN 0 is reserved (meaning you can't configure it I suppose),
> it seems that it can appear on the wire. Currently dnscap is not able to
> process VLAN 0 packets because of the above and also because it assumes
> VLAN 0 wouldn't ever appear on the wire.
> VLAN 0xFFF is also reserved and appears to have the meaning which dnscap
> gives to 0 -- namely that of a wildcard. If my understanding is correct,
> 0xFFF should not be configurable on a device and should never appear on
> the wire.
> Therefore, I may propose that the dnscap command line interpretation be
> changed so that "-l 4095" is taken to mean that dnscap should capture all
> Before doing that, however, I wonder if many users have scripts and processes
> built around the current meaning of "-l 0"?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4676 bytes
Desc: not available
More information about the dnscap-users