[dnscap-users] interpretation of VLAN 0 on command line

Daniel Stirnimann daniel.stirnimann at switch.ch
Thu Aug 27 09:21:54 UTC 2015


Thank you Duane. Change works for me.

Daniel

On 27.08.15 00:51, Wessels, Duane wrote:
> I didn't see any responses to this so I have committed a change to the
> dnscap source repository:
> 
> https://github.com/verisign/dnscap/commit/727d0a3a37e3967d1941fa02a8d6ee7382f40523
> 
> Now users should specify 4095 to mean all VLANs.  dnscap will print a warning
> when users specify -l 0 or -L 0 to remind them of the change.
> 
> DW
> 
> 
>> On Aug 24, 2015, at 10:28 AM, Duane Wessels <dwessels at verisign.com> wrote:
>>
>> Greetings dnscap users!
>>
>> dnscap has the ability to filter on VLAN with the -l and -L command line
>> options.
>>
>> Currently "-l 0" is taken as instruction to add "vlan and" to the BPF
>> program so that VLAN-tagged packets will be received, but to NOT otherwise
>> filter by VLAN ID.  In other words, VLAN 0 is treated as a wildcard.
>>
>> Although VLAN 0 is reserved (meaning you can't configure it I suppose),
>> it seems that it can appear on the wire.  Currently dnscap is not able to
>> process VLAN 0 packets because of the above and also because it assumes
>> VLAN 0 wouldn't ever appear on the wire.
>>
>> VLAN 0xFFF is also reserved and appears to have the meaning which dnscap
>> gives to 0 -- namely that of a wildcard.  If my understanding is correct,
>> 0xFFF should not be configurable on a device and should never appear on
>> the wire.
>>
>> Therefore, I may propose that the dnscap command line interpretation be
>> changed so that "-l 4095" is taken to mean that dnscap should capture all
>> VLANs.
>>
>> Before doing that, however, I wonder if many users have scripts and processes
>> built around the current meaning of "-l 0"?
>>
>> DW
>>
> 


More information about the dnscap-users mailing list