passivedns icon indicating copy to clipboard operation
passivedns copied to clipboard

Published 20 hours ago verified publisher icon gamelinux

VLAN friendly BPF

Open TheNoButton opened this issue 11 years ago • 4 comments

I wasn't able to log 802.1q tagged packets until I updated the packet filter:

--- a/src/passivedns.c
+++ b/src/passivedns.c
@@ -1066,7 +1066,7 @@ int main(int argc, char *argv[])
     config.inpacket = config.intr_flag = 0;
     config.dnslastchk = 0;
     //char *pconfile;
-#define BPFF "port 53"
+#define BPFF "(vlan and port 53) or (not vlan and port 53)"
     config.bpff = BPFF;
     config.logfile = "/var/log/passivedns.log";
     config.logfile_nxd = "/var/log/passivedns.log";

TheNoButton avatar Oct 23 '14 00:10 TheNoButton

Probably better to include a note in the doc or README, rather than changing the default behaviour for all users.

frsk avatar Oct 24 '14 20:10 frsk

I agree with frsk. This is an issue that the user of this software should address themselves.

maxtors avatar Oct 24 '14 21:10 maxtors

Reading here, it'd be cleaner to write port 53 or (vlan and port 53). I just felt a complied-in BPF should work for both untagged and tagged packets, especially on something like this which could very well be hanging off of a fiber tap.

http://www.christian-rossow.de/articles/tcpdump_filter_mixed_tagged_and_untagged_VLAN_traffic.php

TheNoButton avatar Oct 25 '14 05:10 TheNoButton

Sorry for entering the discussion so late. I like the idea of having one BPF to rule them all. Some users are probably missing VLAN traffic in passivedns without even knowing it. However, I feel that more testing should be done to see if this has any performance impact, before forcing this change on all the users. Thanks for pointing this out, TheNoButton!

thus avatar Nov 11 '14 21:11 thus