1. Home
  2. Ethernet LAN
  3. Promiscuous Mode on Sun BGE Network Driver Drops VLAN-tagged Packets

Promiscuous Mode on Sun BGE Network Driver Drops VLAN-tagged Packets

Hi,

I've got a switch mirroring packets into a Sun V20Z with a BGE interface running in promiscuous mode (using snoop to test this right now). Some of the packets coming in have VLAN tags, and some do not. I am only seeing packets without VLAN tags. I know the problem is not the switch because I see all packets when I perform this test using BSD or Linux.

I've done some reading on the subject and it appears that one way around this is to create logical network interfaces, one for each VLAN tag. The problem is, I don't know what VLAN tags I'm going to be receiving ahead of time and I don't want to have to listen to 4094 logical interfaces just to be able to see all ethernet traffic!

Under Linux/BSD, setting the interface to promiscuous mode is sufficient to get the kernel driver to forward all packets to the listener. I'd like to know how I can do this with Solaris (I'm using Solaris 9 presently). I've looked at the man pages for ifconfig, bge, and ndd, and I have been unable to find any option that will set the desired behaviour.

Did I miss something, or do I need to write my own device driver to get this capability?

Reply to
Packet411
Loading thread data ...

Perhaps using tcpdump (presumably what you are using on linux) rather than snoop would help confirm your observation and eliminate questions about whether the traffic is present but unreported by snoop. tcpdump can make use of a vlan filter...

vlan [vlan_id] True if the packet is an IEEE 802.1Q VLAN packet. If [vlan_id] is specified, only true is the packet has the specified vlan_id. Note that the first vlan keyword encountered in expression changes the decoding offsets for the remainder of expression on the assumption that the packet is a VLAN packet.

- Bob

Packet411 wrote:

Reply to
Robert Lawhead

Hi Bob,

Thanks for your reply.

Actually, I already tried both snoop and tcpdump under Solaris. Their behavior is identical leading me to believe that the default packet driver behavior is to not forward VLAN-tagged packets. :(

I'm watching switch stats, and I see packets flowing to the bge device while tcpdump is running. I then kill tcpdump after a few hundred or more packets have been delivered, and this is all I see:

0 packets captured 0 packets received by filter 0 packets dropped by kernel

This is with tcpdump version 3.8.3. It does not have the vlan tagging option you mention in your email. Unfortunately, according to the output from tcpdump above, this is not a factor anyway as the device driver itself has not captured any devices.

As soon as I switch to non-VLAN-tagged packets, everything works perfectly.

I'd like to get hold of the bge driver source code to get to the bottom of this.

Richard

Robert Lawhead wrote:

questions

tcpdump

keyword

offsets

Reply to
Packet411

I think you nailed it Andrew... I found a link that may also be helpful at:

formatting link

- Bob

Andrew Gabriel wrote:

Reply to
Robert Lawhead

I don't have a bge interface to verify this with, but I think the issue is that each VLAN is presented as a separate pseudo interface, so you would have to snoop the VLAN you are interested in. For VLAN id 1 on bge0, this would be snoop -d bge1000, for VLAN id 2 on bge0, this would be snoop -d bge2000, for VLAN id 6 on bge3, this would be snoop -d bge6003, etc.

As I said, I can't actually check this out though -- just guessing.

Reply to
Andrew Gabriel

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.