Promiscuous Mode on Sun BGE Network Driver Drops VLAN-tagged Packets
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||
|
Posted by Packet411 on April 20, 2005, 2:02 pm
Please log in for more thread options
Hi, I've got a switch mirroring packets into a Sun V20Z with a BGE interface running in promiscuous mode (using snoop to test this right now). Some of the packets coming in have VLAN tags, and some do not. I am only seeing packets without VLAN tags. I know the problem is not the switch because I see all packets when I perform this test using BSD or Linux. I've done some reading on the subject and it appears that one way around this is to create logical network interfaces, one for each VLAN tag. The problem is, I don't know what VLAN tags I'm going to be receiving ahead of time and I don't want to have to listen to 4094 logical interfaces just to be able to see all ethernet traffic! Under Linux/BSD, setting the interface to promiscuous mode is sufficient to get the kernel driver to forward all packets to the listener. I'd like to know how I can do this with Solaris (I'm using Solaris 9 presently). I've looked at the man pages for ifconfig, bge, and ndd, and I have been unable to find any option that will set the desired behaviour. Did I miss something, or do I need to write my own device driver to get this capability? | ||||||||||
|
Posted by Robert Lawhead on April 20, 2005, 2:16 pm
Please log in for more thread options Perhaps using tcpdump (presumably what you are using on linux) rather than snoop would help confirm your observation and eliminate questions about whether the traffic is present but unreported by snoop. tcpdump can make use of a vlan filter... vlan [vlan_id] True if the packet is an IEEE 802.1Q VLAN packet. If [vlan_id] is specified, only true is the packet has the specified vlan_id. Note that the first vlan keyword encountered in expression changes the decoding offsets for the remainder of expression on the assumption that the packet is a VLAN packet. - Bob Packet411 wrote:  | ||||||||||
|
Posted by Packet411 on April 20, 2005, 6:04 pm
Please log in for more thread options Hi Bob, Thanks for your reply. Actually, I already tried both snoop and tcpdump under Solaris. Their behavior is identical leading me to believe that the default packet driver behavior is to not forward VLAN-tagged packets. :( I'm watching switch stats, and I see packets flowing to the bge device while tcpdump is running. I then kill tcpdump after a few hundred or more packets have been delivered, and this is all I see: 0 packets captured 0 packets received by filter 0 packets dropped by kernel This is with tcpdump version 3.8.3. It does not have the vlan tagging option you mention in your email. Unfortunately, according to the output from tcpdump above, this is not a factor anyway as the device driver itself has not captured any devices. As soon as I switch to non-VLAN-tagged packets, everything works perfectly. I'd like to get hold of the bge driver source code to get to the bottom of this. Richard Robert Lawhead wrote: questions tcpdump If the keyword offsets that right not. I the or VLAN using bge, the get | ||||||||||
|
Posted by Andrew Gabriel on April 21, 2005, 1:34 am
Please log in for more thread options I don't have a bge interface to verify this with, but I think the issue is that each VLAN is presented as a separate pseudo interface, so you would have to snoop the VLAN you are interested in. For VLAN id 1 on bge0, this would be snoop -d bge1000, for VLAN id 2 on bge0, this would be snoop -d bge2000, for VLAN id 6 on bge3, this would be snoop -d bge6003, etc. As I said, I can't actually check this out though -- just guessing. -- Andrew Gabriel | ||||||||||
|
Posted by Robert Lawhead on April 20, 2005, 7:11 pm
Please log in for more thread options I think you nailed it Andrew... I found a link that may also be helpful at: http://docs.sun.com/source/817-6337-05/install-apps.html#pgfId-1006448 - Bob Andrew Gabriel wrote: | ||||||||||
| Similar Threads | Posted |
| Promiscuous Mode on Sun BGE Network Driver Drops VLAN-tagged Packets | April 20, 2005, 2:02 pm |
| Promiscuous mode ether on WinXP | December 10, 2005, 8:47 pm |
| Fiber card in promiscuous mode under linux | June 13, 2007, 5:26 am |
| Connection to Switch Drops Packets But Hub Works | July 10, 2007, 1:36 am |
| arbitrary packets on an ethernet network | January 19, 2007, 5:11 am |
| MS-Dos 6.22 Packet Driver for 3COM 3C2000 ? | March 13, 2007, 10:53 am |
| hacking ethernet driver - advice needed | September 18, 2005, 5:28 am |
| Does DD-WRT include a Client Mode? | May 3, 2005, 8:44 pm |
| 1000BaseSX and Single Mode Fibre | April 8, 2005, 12:15 pm |
| Uplink drops intermittently... | April 20, 2006, 3:46 am |
| Ethereal Decoding 802.11 WEP Packets | December 8, 2004, 5:01 pm |
| ping corrupted packets | February 21, 2005, 12:19 pm |
| DVMRP report packets | September 24, 2006, 10:25 pm |
| Seeing Packets on an Ethernet Port That Should Not Be There | October 4, 2007, 11:54 pm |
| Using Jumbo packets in gigabit ethernet | July 19, 2004, 1:08 am |
|
Home Cabling Guide
Finally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Click Here to learn more |
>
> I've got a switch mirroring packets into a Sun V20Z with a BGE
> interface running in promiscuous mode (using snoop to test this right
> now). Some of the packets coming in have VLAN tags, and some do not. I
> am only seeing packets without VLAN tags. I know the problem is not the
> switch because I see all packets when I perform this test using BSD or
> Linux.
>
> I've done some reading on the subject and it appears that one way
> around this is to create logical network interfaces, one for each VLAN
> tag. The problem is, I don't know what VLAN tags I'm going to be
> receiving ahead of time and I don't want to have to listen to 4094
> logical interfaces just to be able to see all ethernet traffic!
>
> Under Linux/BSD, setting the interface to promiscuous mode is
> sufficient to get the kernel driver to forward all packets to the
> listener. I'd like to know how I can do this with Solaris (I'm using
> Solaris 9 presently). I've looked at the man pages for ifconfig, bge,
> and ndd, and I have been unable to find any option that will set the
> desired behaviour.
>
> Did I miss something, or do I need to write my own device driver to get
> this capability?
>