Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NTop: Misc

PF_RING and VLAN tagged packets

 

 

NTop misc RSS feed   Index | Next | Previous | View Threaded


sjames at btisystems

Mar 27, 2012, 2:12 AM

Post #1 of 9 (1158 views)
Permalink
PF_RING and VLAN tagged packets

Hi

I want to use PF_RING to capture packets that are VLAN tagged, but it seems to me that the tag is getting stripped before the packets reach my application.

If I run a standard tcpdump, I see the tag:
listening on eth4, link-type EN10MB (Ethernet), capture size 65535 bytes
10:06:41.108489 ARP, Request who-has 172.27.8.1 tell 172.27.8.104, length 42
0x0000: ffff ffff ffff 001b 215c 6d60 8100 0008 <------- Tag: 8100 0008
0x0010: 0806 0001 0800 0604 0001 001b 215c 6d60
0x0020: ac1b 0868 0000 0000 0000 ac1b 0801 0000
0x0030: 0000 0000 0000 0000 0000 0000

But if I run the tcpdump from the userland directory, I don't see it:
listening on eth4, link-type EN10MB (Ethernet), capture size 8192 bytes
09:08:47.363752413 ARP, Request who-has 172.27.8.1 tell 172.27.8.104, length 42
0x0000: ffff ffff ffff 001b 215c 6d60 0806 0001 <------- Tag has been stripped
0x0010: 0800 0604 0001 001b 215c 6d60 ac1b 0868
0x0020: 0000 0000 0000 ac1b 0801 0000 0000 0000
0x0030: 0000 0000 0000 0000

Is this the expected behaviour?

I am using PF_RING SVN Revision 5271.

I am new to PF_RING so I apologize if I am missing something obvious (although I have checked the FAQ and the recent archives of this list).

Regards

Simon


cardigliano at ntop

Mar 27, 2012, 2:26 AM

Post #2 of 9 (1117 views)
Permalink
Re: PF_RING and VLAN tagged packets [In reply to]

Simon
which driver/mode are you using with PF_RING? Please give us some more details about your configuration

Regards
Alfredo

On Mar 27, 2012, at 11:12 AM, Simon James wrote:

> Hi
>
> I want to use PF_RING to capture packets that are VLAN tagged, but it seems to me that the tag is getting stripped before the packets reach my application.
>
> If I run a standard tcpdump, I see the tag:
> listening on eth4, link-type EN10MB (Ethernet), capture size 65535 bytes
> 10:06:41.108489 ARP, Request who-has 172.27.8.1 tell 172.27.8.104, length 42
> 0x0000: ffff ffff ffff 001b 215c 6d60 8100 0008 <------- Tag: 8100 0008
> 0x0010: 0806 0001 0800 0604 0001 001b 215c 6d60
> 0x0020: ac1b 0868 0000 0000 0000 ac1b 0801 0000
> 0x0030: 0000 0000 0000 0000 0000 0000
>
> But if I run the tcpdump from the userland directory, I donít see it:
> listening on eth4, link-type EN10MB (Ethernet), capture size 8192 bytes
> 09:08:47.363752413 ARP, Request who-has 172.27.8.1 tell 172.27.8.104, length 42
> 0x0000: ffff ffff ffff 001b 215c 6d60 0806 0001 <------- Tag has been stripped
> 0x0010: 0800 0604 0001 001b 215c 6d60 ac1b 0868
> 0x0020: 0000 0000 0000 ac1b 0801 0000 0000 0000
> 0x0030: 0000 0000 0000 0000
>
> Is this the expected behaviour?
>
> I am using PF_RING SVN Revision 5271.
>
> I am new to PF_RING so I apologize if I am missing something obvious (although I have checked the FAQ and the recent archives of this list).
>
> Regards
>
> Simon
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc


sjames at btisystems

Mar 27, 2012, 2:41 AM

Post #3 of 9 (1124 views)
Permalink
Re: PF_RING and VLAN tagged packets [In reply to]

Alfredo

Thank you for the prompt response!

I'm using the igb driver:
# modinfo igb
filename: /lib/modules/2.6.40.4-5.local.fc15.x86_64/kernel/drivers/net/igb/igb.ko
version: 3.0.6-k2

# dmesg | grep igb
[ 9.523397] igb 0000:0b:00.0: eth4: (PCIe:2.5Gb/s:Width x4) 00:1b:21:6e:c4:d6
[ 9.523477] igb 0000:0b:00.0: eth4: PBA No: E64750-004
[ 9.523480] igb 0000:0b:00.0: Using MSI-X interrupts. 8 rx queue(s), 8 tx queue(s)
[ 9.523515] igb 0000:0b:00.1: PCI INT B -> GSI 58 (level, low) -> IRQ 58
[ 9.523530] igb 0000:0b:00.1: setting latency timer to 64

I installed PF_RING, per the get-started/download page:

cd PF_RING/kernel

make

sudo insmod ./pf_ring.ko

Regards

Simon



On 27/03/2012 10:26, "Alfredo Cardigliano" <cardigliano [at] ntop> wrote:

Simon
which driver/mode are you using with PF_RING? Please give us some more details about your configuration

Regards
Alfredo

On Mar 27, 2012, at 11:12 AM, Simon James wrote:

PF_RING and VLAN tagged packets
Hi

I want to use PF_RING to capture packets that are VLAN tagged, but it seems to me that the tag is getting stripped before the packets reach my application.

If I run a standard tcpdump, I see the tag:
listening on eth4, link-type EN10MB (Ethernet), capture size 65535 bytes
10:06:41.108489 ARP, Request who-has 172.27.8.1 tell 172.27.8.104, length 42
0x0000: ffff ffff ffff 001b 215c 6d60 8100 0008 <------- Tag: 8100 0008
0x0010: 0806 0001 0800 0604 0001 001b 215c 6d60
0x0020: ac1b 0868 0000 0000 0000 ac1b 0801 0000
0x0030: 0000 0000 0000 0000 0000 0000

But if I run the tcpdump from the userland directory, I don't see it:
listening on eth4, link-type EN10MB (Ethernet), capture size 8192 bytes
09:08:47.363752413 ARP, Request who-has 172.27.8.1 tell 172.27.8.104, length 42
0x0000: ffff ffff ffff 001b 215c 6d60 0806 0001 <------- Tag has been stripped
0x0010: 0800 0604 0001 001b 215c 6d60 ac1b 0868
0x0020: 0000 0000 0000 ac1b 0801 0000 0000 0000
0x0030: 0000 0000 0000 0000

Is this the expected behaviour?

I am using PF_RING SVN Revision 5271.

I am new to PF_RING so I apologize if I am missing something obvious (although I have checked the FAQ and the recent archives of this list).

Regards

Simon
_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop-misc


cardigliano at ntop

Mar 27, 2012, 3:01 AM

Post #4 of 9 (1131 views)
Permalink
Re: PF_RING and VLAN tagged packets [In reply to]

Simon
please let me see the output of
ethtool -d eth4 | grep -i vlan

Alfredo

On Mar 27, 2012, at 11:41 AM, Simon James wrote:

> Alfredo
>
> Thank you for the prompt response!
>
> Iím using the igb driver:
> # modinfo igb
> filename: /lib/modules/2.6.40.4-5.local.fc15.x86_64/kernel/drivers/net/igb/igb.ko
> version: 3.0.6-k2
>
> # dmesg | grep igb
> [ 9.523397] igb 0000:0b:00.0: eth4: (PCIe:2.5Gb/s:Width x4) 00:1b:21:6e:c4:d6
> [ 9.523477] igb 0000:0b:00.0: eth4: PBA No: E64750-004
> [ 9.523480] igb 0000:0b:00.0: Using MSI-X interrupts. 8 rx queue(s), 8 tx queue(s)
> [ 9.523515] igb 0000:0b:00.1: PCI INT B -> GSI 58 (level, low) -> IRQ 58
> [ 9.523530] igb 0000:0b:00.1: setting latency timer to 64
>
> I installed PF_RING, per the get-started/download page:
>
> cd PF_RING/kernel
>
> make
>
> sudo insmod ./pf_ring.ko
>
> Regards
>
> Simon
>
>
>
> On 27/03/2012 10:26, "Alfredo Cardigliano" <cardigliano [at] ntop> wrote:
>
> Simon
> which driver/mode are you using with PF_RING? Please give us some more details about your configuration
>
> Regards
> Alfredo
>
> On Mar 27, 2012, at 11:12 AM, Simon James wrote:
>
> PF_RING and VLAN tagged packets
> Hi
>
> I want to use PF_RING to capture packets that are VLAN tagged, but it seems to me that the tag is getting stripped before the packets reach my application.
>
> If I run a standard tcpdump, I see the tag:
> listening on eth4, link-type EN10MB (Ethernet), capture size 65535 bytes
> 10:06:41.108489 ARP, Request who-has 172.27.8.1 tell 172.27.8.104, length 42
> 0x0000: ffff ffff ffff 001b 215c 6d60 8100 0008 <------- Tag: 8100 0008
> 0x0010: 0806 0001 0800 0604 0001 001b 215c 6d60
> 0x0020: ac1b 0868 0000 0000 0000 ac1b 0801 0000
> 0x0030: 0000 0000 0000 0000 0000 0000
>
> But if I run the tcpdump from the userland directory, I donít see it:
> listening on eth4, link-type EN10MB (Ethernet), capture size 8192 bytes
> 09:08:47.363752413 ARP, Request who-has 172.27.8.1 tell 172.27.8.104, length 42
> 0x0000: ffff ffff ffff 001b 215c 6d60 0806 0001 <------- Tag has been stripped
> 0x0010: 0800 0604 0001 001b 215c 6d60 ac1b 0868
> 0x0020: 0000 0000 0000 ac1b 0801 0000 0000 0000
> 0x0030: 0000 0000 0000 0000
>
> Is this the expected behaviour?
>
> I am using PF_RING SVN Revision 5271.
>
> I am new to PF_RING so I apologize if I am missing something obvious (although I have checked the FAQ and the recent archives of this list).
>
> Regards
>
> Simon
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc


sjames at btisystems

Mar 27, 2012, 3:08 AM

Post #5 of 9 (1138 views)
Permalink
Re: PF_RING and VLAN tagged packets [In reply to]

Alfredo

As requested:
# ethtool -d eth4 | grep -i vlan
VLAN mode: disabled
VLAN filter: enabled
0x00038: VET (VLAN Ether type) 0x00008100
0x05AC0: IMIRVP (Immed interr rx VLAN priority) 0x00000000

Simon

On 27/03/2012 11:01, "Alfredo Cardigliano" <cardigliano [at] ntop> wrote:

Simon
please let me see the output of
ethtool -d eth4 | grep -i vlan

Alfredo

On Mar 27, 2012, at 11:41 AM, Simon James wrote:

Re: [Ntop-misc] PF_RING and VLAN tagged packets
Alfredo

Thank you for the prompt response!

I'm using the igb driver:
# modinfo igb
filename: /lib/modules/2.6.40.4-5.local.fc15.x86_64/kernel/drivers/net/igb/igb.ko
version: 3.0.6-k2

# dmesg | grep igb
[ 9.523397] igb 0000:0b:00.0: eth4: (PCIe:2.5Gb/s:Width x4) 00:1b:21:6e:c4:d6
[ 9.523477] igb 0000:0b:00.0: eth4: PBA No: E64750-004
[ 9.523480] igb 0000:0b:00.0: Using MSI-X interrupts. 8 rx queue(s), 8 tx queue(s)
[ 9.523515] igb 0000:0b:00.1: PCI INT B -> GSI 58 (level, low) -> IRQ 58
[ 9.523530] igb 0000:0b:00.1: setting latency timer to 64

I installed PF_RING, per the get-started/download page:

cd PF_RING/kernel

make

sudo insmod ./pf_ring.ko

Regards

Simon



On 27/03/2012 10:26, "Alfredo Cardigliano" <cardigliano [at] ntop <x-msg://100/cardigliano [at] ntop> > wrote:

Simon
which driver/mode are you using with PF_RING? Please give us some more details about your configuration

Regards
Alfredo

On Mar 27, 2012, at 11:12 AM, Simon James wrote:

PF_RING and VLAN tagged packets
Hi

I want to use PF_RING to capture packets that are VLAN tagged, but it seems to me that the tag is getting stripped before the packets reach my application.

If I run a standard tcpdump, I see the tag:
listening on eth4, link-type EN10MB (Ethernet), capture size 65535 bytes
10:06:41.108489 ARP, Request who-has 172.27.8.1 tell 172.27.8.104, length 42
0x0000: ffff ffff ffff 001b 215c 6d60 8100 0008 <------- Tag: 8100 0008
0x0010: 0806 0001 0800 0604 0001 001b 215c 6d60
0x0020: ac1b 0868 0000 0000 0000 ac1b 0801 0000
0x0030: 0000 0000 0000 0000 0000 0000

But if I run the tcpdump from the userland directory, I don't see it:
listening on eth4, link-type EN10MB (Ethernet), capture size 8192 bytes
09:08:47.363752413 ARP, Request who-has 172.27.8.1 tell 172.27.8.104, length 42
0x0000: ffff ffff ffff 001b 215c 6d60 0806 0001 <------- Tag has been stripped
0x0010: 0800 0604 0001 001b 215c 6d60 ac1b 0868
0x0020: 0000 0000 0000 ac1b 0801 0000 0000 0000
0x0030: 0000 0000 0000 0000

Is this the expected behaviour?

I am using PF_RING SVN Revision 5271.

I am new to PF_RING so I apologize if I am missing something obvious (although I have checked the FAQ and the recent archives of this list).

Regards

Simon
_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway <x-msg://100/Ntop-misc [at] listgateway>
http://listgateway.unipi.it/mailman/listinfo/ntop-misc


_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop-misc


cardigliano at ntop

Mar 27, 2012, 3:17 AM

Post #6 of 9 (1140 views)
Permalink
Re: PF_RING and VLAN tagged packets [In reply to]

Simon
it looks like vlan stripping is set in your card, please try playing with
ethtool -K eth4 rxvlan on|off
and let me know

Regards
Alfredo

On Mar 27, 2012, at 12:08 PM, Simon James wrote:

> Alfredo
>
> As requested:
> # ethtool -d eth4 | grep -i vlan
> VLAN mode: disabled
> VLAN filter: enabled
> 0x00038: VET (VLAN Ether type) 0x00008100
> 0x05AC0: IMIRVP (Immed interr rx VLAN priority) 0x00000000
>
> Simon
>
> On 27/03/2012 11:01, "Alfredo Cardigliano" <cardigliano [at] ntop> wrote:
>
> Simon
> please let me see the output of
> ethtool -d eth4 | grep -i vlan
>
> Alfredo
>
> On Mar 27, 2012, at 11:41 AM, Simon James wrote:
>
> Re: [Ntop-misc] PF_RING and VLAN tagged packets
> Alfredo
>
> Thank you for the prompt response!
>
> Iím using the igb driver:
> # modinfo igb
> filename: /lib/modules/2.6.40.4-5.local.fc15.x86_64/kernel/drivers/net/igb/igb.ko
> version: 3.0.6-k2
>
> # dmesg | grep igb
> [ 9.523397] igb 0000:0b:00.0: eth4: (PCIe:2.5Gb/s:Width x4) 00:1b:21:6e:c4:d6
> [ 9.523477] igb 0000:0b:00.0: eth4: PBA No: E64750-004
> [ 9.523480] igb 0000:0b:00.0: Using MSI-X interrupts. 8 rx queue(s), 8 tx queue(s)
> [ 9.523515] igb 0000:0b:00.1: PCI INT B -> GSI 58 (level, low) -> IRQ 58
> [ 9.523530] igb 0000:0b:00.1: setting latency timer to 64
>
> I installed PF_RING, per the get-started/download page:
>
> cd PF_RING/kernel
>
> make
>
> sudo insmod ./pf_ring.ko
>
> Regards
>
> Simon
>
>
>
> On 27/03/2012 10:26, "Alfredo Cardigliano" <cardigliano [at] ntop <x-msg://100/cardigliano [at] ntop> > wrote:
>
> Simon
> which driver/mode are you using with PF_RING? Please give us some more details about your configuration
>
> Regards
> Alfredo
>
> On Mar 27, 2012, at 11:12 AM, Simon James wrote:
>
> PF_RING and VLAN tagged packets
> Hi
>
> I want to use PF_RING to capture packets that are VLAN tagged, but it seems to me that the tag is getting stripped before the packets reach my application.
>
> If I run a standard tcpdump, I see the tag:
> listening on eth4, link-type EN10MB (Ethernet), capture size 65535 bytes
> 10:06:41.108489 ARP, Request who-has 172.27.8.1 tell 172.27.8.104, length 42
> 0x0000: ffff ffff ffff 001b 215c 6d60 8100 0008 <------- Tag: 8100 0008
> 0x0010: 0806 0001 0800 0604 0001 001b 215c 6d60
> 0x0020: ac1b 0868 0000 0000 0000 ac1b 0801 0000
> 0x0030: 0000 0000 0000 0000 0000 0000
>
> But if I run the tcpdump from the userland directory, I donít see it:
> listening on eth4, link-type EN10MB (Ethernet), capture size 8192 bytes
> 09:08:47.363752413 ARP, Request who-has 172.27.8.1 tell 172.27.8.104, length 42
> 0x0000: ffff ffff ffff 001b 215c 6d60 0806 0001 <------- Tag has been stripped
> 0x0010: 0800 0604 0001 001b 215c 6d60 ac1b 0868
> 0x0020: 0000 0000 0000 ac1b 0801 0000 0000 0000
> 0x0030: 0000 0000 0000 0000
>
> Is this the expected behaviour?
>
> I am using PF_RING SVN Revision 5271.
>
> I am new to PF_RING so I apologize if I am missing something obvious (although I have checked the FAQ and the recent archives of this list).
>
> Regards
>
> Simon
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc [at] listgateway <x-msg://100/Ntop-misc [at] listgateway>
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc


sjames at btisystems

Mar 27, 2012, 3:49 AM

Post #7 of 9 (1277 views)
Permalink
Re: PF_RING and VLAN tagged packets [In reply to]

Alfredo

FYI, I had to upgrade the igb driver - the previous driver did not allow me to switch rxvlan off:
# ethtool -K eth4 rxvlan off
Cannot set device flag settings: Operation not supported

I built and installed 3.3.6, which does allow me to switch it on/off, but it makes no difference.
In both cases, the tag is still being stripped.

# ethtool -k eth4
Offload parameters for eth4:
rx-checksumming: on
tx-checksumming: on
scatter-gather: on
tcp-segmentation-offload: on
udp-fragmentation-offload: off
generic-segmentation-offload: on
generic-receive-offload: on
large-receive-offload: off
rx-vlan-offload: off
tx-vlan-offload: off
ntuple-filters: off
receive-hashing: on

# ethtool -i eth4
driver: igb
version: 3.3.6
firmware-version: 1.2-1
bus-info: 0000:0b:00.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes

Regards

Simon

On 27/03/2012 11:17, "Alfredo Cardigliano" <cardigliano [at] ntop> wrote:

Simon
it looks like vlan stripping is set in your card, please try playing with
ethtool -K eth4 rxvlan on|off
and let me know

Regards
Alfredo

On Mar 27, 2012, at 12:08 PM, Simon James wrote:

Re: [Ntop-misc] PF_RING and VLAN tagged packets
Alfredo

As requested:
# ethtool -d eth4 | grep -i vlan
VLAN mode: disabled
VLAN filter: enabled
0x00038: VET (VLAN Ether type) 0x00008100
0x05AC0: IMIRVP (Immed interr rx VLAN priority) 0x00000000

Simon

On 27/03/2012 11:01, "Alfredo Cardigliano" <cardigliano [at] ntop <x-msg://106/cardigliano [at] ntop> > wrote:

Simon
please let me see the output of
ethtool -d eth4 | grep -i vlan

Alfredo

On Mar 27, 2012, at 11:41 AM, Simon James wrote:

Re: [Ntop-misc] PF_RING and VLAN tagged packets
Alfredo

Thank you for the prompt response!

I'm using the igb driver:
# modinfo igb
filename: /lib/modules/2.6.40.4-5.local.fc15.x86_64/kernel/drivers/net/igb/igb.ko
version: 3.0.6-k2

# dmesg | grep igb
[ 9.523397] igb 0000:0b:00.0: eth4: (PCIe:2.5Gb/s:Width x4) 00:1b:21:6e:c4:d6
[ 9.523477] igb 0000:0b:00.0: eth4: PBA No: E64750-004
[ 9.523480] igb 0000:0b:00.0: Using MSI-X interrupts. 8 rx queue(s), 8 tx queue(s)
[ 9.523515] igb 0000:0b:00.1: PCI INT B -> GSI 58 (level, low) -> IRQ 58
[ 9.523530] igb 0000:0b:00.1: setting latency timer to 64

I installed PF_RING, per the get-started/download page:

cd PF_RING/kernel

make

sudo insmod ./pf_ring.ko

Regards

Simon



On 27/03/2012 10:26, "Alfredo Cardigliano" <cardigliano [at] ntop <x-msg://106/cardigliano [at] ntop> <x-msg://100/cardigliano [at] ntop <x-msg://100/cardigliano [at] ntop> > > wrote:

Simon
which driver/mode are you using with PF_RING? Please give us some more details about your configuration

Regards
Alfredo

On Mar 27, 2012, at 11:12 AM, Simon James wrote:

PF_RING and VLAN tagged packets
Hi

I want to use PF_RING to capture packets that are VLAN tagged, but it seems to me that the tag is getting stripped before the packets reach my application.

If I run a standard tcpdump, I see the tag:
listening on eth4, link-type EN10MB (Ethernet), capture size 65535 bytes
10:06:41.108489 ARP, Request who-has 172.27.8.1 tell 172.27.8.104, length 42
0x0000: ffff ffff ffff 001b 215c 6d60 8100 0008 <------- Tag: 8100 0008
0x0010: 0806 0001 0800 0604 0001 001b 215c 6d60
0x0020: ac1b 0868 0000 0000 0000 ac1b 0801 0000
0x0030: 0000 0000 0000 0000 0000 0000

But if I run the tcpdump from the userland directory, I don't see it:
listening on eth4, link-type EN10MB (Ethernet), capture size 8192 bytes
09:08:47.363752413 ARP, Request who-has 172.27.8.1 tell 172.27.8.104, length 42
0x0000: ffff ffff ffff 001b 215c 6d60 0806 0001 <------- Tag has been stripped
0x0010: 0800 0604 0001 001b 215c 6d60 ac1b 0868
0x0020: 0000 0000 0000 ac1b 0801 0000 0000 0000
0x0030: 0000 0000 0000 0000

Is this the expected behaviour?

I am using PF_RING SVN Revision 5271.

I am new to PF_RING so I apologize if I am missing something obvious (although I have checked the FAQ and the recent archives of this list).

Regards

Simon
_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway <x-msg://106/Ntop-misc [at] listgateway> <x-msg://100/Ntop-misc [at] listgateway <x-msg://100/Ntop-misc [at] listgateway> >
http://listgateway.unipi.it/mailman/listinfo/ntop-misc


_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway <x-msg://106/Ntop-misc [at] listgateway>
http://listgateway.unipi.it/mailman/listinfo/ntop-misc


_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop-misc


chl at uga

Mar 27, 2012, 4:11 AM

Post #8 of 9 (1137 views)
Permalink
Re: PF_RING and VLAN tagged packets [In reply to]

Simon et al.,

I am also interested in how/if PF_RING can capture packets with VLAN tags.

Complicating things further, I am also trying to use a bonded interface which PF_RING aware tools don't seem to like in transparent modes 1 or 2.

--
Charles H. Leggett

On Mar 27, 2012, at 5:12 AM, "Simon James" <sjames [at] btisystems<mailto:sjames [at] btisystems>> wrote:
Hi

I want to use PF_RING to capture packets that are VLAN tagged, but it seems to me that the tag is getting stripped before the packets reach my application.

If I run a standard tcpdump, I see the tag:
listening on eth4, link-type EN10MB (Ethernet), capture size 65535 bytes
10:06:41.108489 ARP, Request who-has 172.27.8.1 tell 172.27.8.104, length 42
0x0000: ffff ffff ffff 001b 215c 6d60 8100 0008 <------- Tag: 8100 0008
0x0010: 0806 0001 0800 0604 0001 001b 215c 6d60
0x0020: ac1b 0868 0000 0000 0000 ac1b 0801 0000
0x0030: 0000 0000 0000 0000 0000 0000

But if I run the tcpdump from the userland directory, I donít see it:
listening on eth4, link-type EN10MB (Ethernet), capture size 8192 bytes
09:08:47.363752413 ARP, Request who-has 172.27.8.1 tell 172.27.8.104, length 42
0x0000: ffff ffff ffff 001b 215c 6d60 0806 0001 <------- Tag has been stripped
0x0010: 0800 0604 0001 001b 215c 6d60 ac1b 0868
0x0020: 0000 0000 0000 ac1b 0801 0000 0000 0000
0x0030: 0000 0000 0000 0000

Is this the expected behaviour?

I am using PF_RING SVN Revision 5271.

I am new to PF_RING so I apologize if I am missing something obvious (although I have checked the FAQ and the recent archives of this list).

Regards

Simon
_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway<mailto:Ntop-misc [at] listgateway>
http://listgateway.unipi.it/mailman/listinfo/ntop-misc


sjames at btisystems

May 28, 2012, 1:34 PM

Post #9 of 9 (1082 views)
Permalink
Re: PF_RING and VLAN tagged packets [In reply to]

Alfredo

I have been revisiting this issue today.

For the record, I think it might be an issue with the version of Linux.
When I reported the issues, I was using Fedora 3.3.0.

When I tried the same version of PF_RING on Fedora 2.6.35, it worked as expected - the packets were passed to userspace with the vlan tag intact.

As far as I can see, the driver configurations are equivalent.

I am able to proceed using Fedorea 2.6.35, so I will not be pursuing this any further at present.

Thanks.

Simon


On 27/03/2012 11:49, "Simon James" <sjames [at] btisystems> wrote:

Alfredo

FYI, I had to upgrade the igb driver - the previous driver did not allow me to switch rxvlan off:
# ethtool -K eth4 rxvlan off
Cannot set device flag settings: Operation not supported

I built and installed 3.3.6, which does allow me to switch it on/off, but it makes no difference.
In both cases, the tag is still being stripped.

# ethtool -k eth4
Offload parameters for eth4:
rx-checksumming: on
tx-checksumming: on
scatter-gather: on
tcp-segmentation-offload: on
udp-fragmentation-offload: off
generic-segmentation-offload: on
generic-receive-offload: on
large-receive-offload: off
rx-vlan-offload: off
tx-vlan-offload: off
ntuple-filters: off
receive-hashing: on

# ethtool -i eth4
driver: igb
version: 3.3.6
firmware-version: 1.2-1
bus-info: 0000:0b:00.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes

Regards

Simon

On 27/03/2012 11:17, "Alfredo Cardigliano" <cardigliano [at] ntop> wrote:

Simon
it looks like vlan stripping is set in your card, please try playing with
ethtool -K eth4 rxvlan on|off
and let me know

Regards
Alfredo

On Mar 27, 2012, at 12:08 PM, Simon James wrote:

Re: [Ntop-misc] PF_RING and VLAN tagged packets
Alfredo

As requested:
# ethtool -d eth4 | grep -i vlan
VLAN mode: disabled
VLAN filter: enabled
0x00038: VET (VLAN Ether type) 0x00008100
0x05AC0: IMIRVP (Immed interr rx VLAN priority) 0x00000000

Simon

On 27/03/2012 11:01, "Alfredo Cardigliano" <cardigliano [at] ntop <x-msg://106/cardigliano [at] ntop> > wrote:

Simon
please let me see the output of
ethtool -d eth4 | grep -i vlan

Alfredo

On Mar 27, 2012, at 11:41 AM, Simon James wrote:

Re: [Ntop-misc] PF_RING and VLAN tagged packets
Alfredo

Thank you for the prompt response!

I'm using the igb driver:
# modinfo igb
filename: /lib/modules/2.6.40.4-5.local.fc15.x86_64/kernel/drivers/net/igb/igb.ko
version: 3.0.6-k2

# dmesg | grep igb
[ 9.523397] igb 0000:0b:00.0: eth4: (PCIe:2.5Gb/s:Width x4) 00:1b:21:6e:c4:d6
[ 9.523477] igb 0000:0b:00.0: eth4: PBA No: E64750-004
[ 9.523480] igb 0000:0b:00.0: Using MSI-X interrupts. 8 rx queue(s), 8 tx queue(s)
[ 9.523515] igb 0000:0b:00.1: PCI INT B -> GSI 58 (level, low) -> IRQ 58
[ 9.523530] igb 0000:0b:00.1: setting latency timer to 64

I installed PF_RING, per the get-started/download page:

cd PF_RING/kernel

make

sudo insmod ./pf_ring.ko

Regards

Simon



On 27/03/2012 10:26, "Alfredo Cardigliano" <cardigliano [at] ntop <x-msg://106/cardigliano [at] ntop> <x-msg://100/cardigliano [at] ntop <x-msg://100/cardigliano [at] ntop> > > wrote:

Simon
which driver/mode are you using with PF_RING? Please give us some more details about your configuration

Regards
Alfredo

On Mar 27, 2012, at 11:12 AM, Simon James wrote:

PF_RING and VLAN tagged packets
Hi

I want to use PF_RING to capture packets that are VLAN tagged, but it seems to me that the tag is getting stripped before the packets reach my application.

If I run a standard tcpdump, I see the tag:
listening on eth4, link-type EN10MB (Ethernet), capture size 65535 bytes
10:06:41.108489 ARP, Request who-has 172.27.8.1 tell 172.27.8.104, length 42
0x0000: ffff ffff ffff 001b 215c 6d60 8100 0008 <------- Tag: 8100 0008
0x0010: 0806 0001 0800 0604 0001 001b 215c 6d60
0x0020: ac1b 0868 0000 0000 0000 ac1b 0801 0000
0x0030: 0000 0000 0000 0000 0000 0000

But if I run the tcpdump from the userland directory, I don't see it:
listening on eth4, link-type EN10MB (Ethernet), capture size 8192 bytes
09:08:47.363752413 ARP, Request who-has 172.27.8.1 tell 172.27.8.104, length 42
0x0000: ffff ffff ffff 001b 215c 6d60 0806 0001 <------- Tag has been stripped
0x0010: 0800 0604 0001 001b 215c 6d60 ac1b 0868
0x0020: 0000 0000 0000 ac1b 0801 0000 0000 0000
0x0030: 0000 0000 0000 0000

Is this the expected behaviour?

I am using PF_RING SVN Revision 5271.

I am new to PF_RING so I apologize if I am missing something obvious (although I have checked the FAQ and the recent archives of this list).

Regards

Simon
_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway <x-msg://106/Ntop-misc [at] listgateway> <x-msg://100/Ntop-misc [at] listgateway <x-msg://100/Ntop-misc [at] listgateway> >
http://listgateway.unipi.it/mailman/listinfo/ntop-misc


_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway <x-msg://106/Ntop-misc [at] listgateway>
http://listgateway.unipi.it/mailman/listinfo/ntop-misc


_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

NTop misc RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.