Sign in with
Sign up | Sign in
Your question

Promiscuous Mode on Sun BGE Network Driver Drops VLAN-tagg..

Last response: in Networking
Share
Anonymous
April 20, 2005 3:02:26 PM

Archived from groups: comp.dcom.lans.ethernet,comp.unix.solaris,comp.protocols.tcp-ip,comp.sys.sun.admin,comp.sys.sun.hardware (More info?)

Hi,

I've got a switch mirroring packets into a Sun V20Z with a BGE
interface running in promiscuous mode (using snoop to test this right
now). Some of the packets coming in have VLAN tags, and some do not. I
am only seeing packets without VLAN tags. I know the problem is not the
switch because I see all packets when I perform this test using BSD or
Linux.

I've done some reading on the subject and it appears that one way
around this is to create logical network interfaces, one for each VLAN
tag. The problem is, I don't know what VLAN tags I'm going to be
receiving ahead of time and I don't want to have to listen to 4094
logical interfaces just to be able to see all ethernet traffic!

Under Linux/BSD, setting the interface to promiscuous mode is
sufficient to get the kernel driver to forward all packets to the
listener. I'd like to know how I can do this with Solaris (I'm using
Solaris 9 presently). I've looked at the man pages for ifconfig, bge,
and ndd, and I have been unable to find any option that will set the
desired behaviour.

Did I miss something, or do I need to write my own device driver to get
this capability?
Anonymous
April 20, 2005 3:16:07 PM

Archived from groups: comp.dcom.lans.ethernet,comp.unix.solaris,comp.protocols.tcp-ip,comp.sys.sun.admin,comp.sys.sun.hardware (More info?)

Perhaps using tcpdump (presumably what you are using on linux) rather
than snoop would help confirm your observation and eliminate questions
about whether the traffic is present but unreported by snoop. tcpdump
can make use of a vlan filter...

vlan [vlan_id]
True if the packet is an IEEE 802.1Q VLAN packet. If
[vlan_id] is specified, only true is the packet has the
specified vlan_id. Note that the first vlan keyword
encountered in expression changes the decoding offsets
for the remainder of expression on the assumption that
the packet is a VLAN packet.

- Bob

Packet411 wrote:
> Hi,
>
> I've got a switch mirroring packets into a Sun V20Z with a BGE
> interface running in promiscuous mode (using snoop to test this right
> now). Some of the packets coming in have VLAN tags, and some do not. I
> am only seeing packets without VLAN tags. I know the problem is not the
> switch because I see all packets when I perform this test using BSD or
> Linux.
>
> I've done some reading on the subject and it appears that one way
> around this is to create logical network interfaces, one for each VLAN
> tag. The problem is, I don't know what VLAN tags I'm going to be
> receiving ahead of time and I don't want to have to listen to 4094
> logical interfaces just to be able to see all ethernet traffic!
>
> Under Linux/BSD, setting the interface to promiscuous mode is
> sufficient to get the kernel driver to forward all packets to the
> listener. I'd like to know how I can do this with Solaris (I'm using
> Solaris 9 presently). I've looked at the man pages for ifconfig, bge,
> and ndd, and I have been unable to find any option that will set the
> desired behaviour.
>
> Did I miss something, or do I need to write my own device driver to get
> this capability?
>
Anonymous
April 20, 2005 7:04:00 PM

Archived from groups: comp.dcom.lans.ethernet,comp.unix.solaris,comp.protocols.tcp-ip,comp.sys.sun.admin,comp.sys.sun.hardware (More info?)

Hi Bob,

Thanks for your reply.

Actually, I already tried both snoop and tcpdump under Solaris. Their
behavior is identical leading me to believe that the default packet
driver behavior is to not forward VLAN-tagged packets. :( 

I'm watching switch stats, and I see packets flowing to the bge device
while tcpdump is running. I then kill tcpdump after a few hundred or
more packets have been delivered, and this is all I see:

0 packets captured
0 packets received by filter
0 packets dropped by kernel

This is with tcpdump version 3.8.3. It does not have the vlan tagging
option you mention in your email. Unfortunately, according to the
output from tcpdump above, this is not a factor anyway as the device
driver itself has not captured any devices.

As soon as I switch to non-VLAN-tagged packets, everything works
perfectly.

I'd like to get hold of the bge driver source code to get to the bottom
of this.

Richard

Robert Lawhead wrote:
> Perhaps using tcpdump (presumably what you are using on linux) rather
> than snoop would help confirm your observation and eliminate
questions
> about whether the traffic is present but unreported by snoop.
tcpdump
> can make use of a vlan filter...
>
> vlan [vlan_id]
> True if the packet is an IEEE 802.1Q VLAN packet.
If
> [vlan_id] is specified, only true is the packet has
the
> specified vlan_id. Note that the first vlan
keyword
> encountered in expression changes the decoding
offsets
> for the remainder of expression on the assumption
that
> the packet is a VLAN packet.
>
> - Bob
>
> Packet411 wrote:
> > Hi,
> >
> > I've got a switch mirroring packets into a Sun V20Z with a BGE
> > interface running in promiscuous mode (using snoop to test this
right
> > now). Some of the packets coming in have VLAN tags, and some do
not. I
> > am only seeing packets without VLAN tags. I know the problem is not
the
> > switch because I see all packets when I perform this test using BSD
or
> > Linux.
> >
> > I've done some reading on the subject and it appears that one way
> > around this is to create logical network interfaces, one for each
VLAN
> > tag. The problem is, I don't know what VLAN tags I'm going to be
> > receiving ahead of time and I don't want to have to listen to 4094
> > logical interfaces just to be able to see all ethernet traffic!
> >
> > Under Linux/BSD, setting the interface to promiscuous mode is
> > sufficient to get the kernel driver to forward all packets to the
> > listener. I'd like to know how I can do this with Solaris (I'm
using
> > Solaris 9 presently). I've looked at the man pages for ifconfig,
bge,
> > and ndd, and I have been unable to find any option that will set
the
> > desired behaviour.
> >
> > Did I miss something, or do I need to write my own device driver to
get
> > this capability?
> >
Related resources
Anonymous
April 21, 2005 2:34:00 AM

Archived from groups: comp.dcom.lans.ethernet,comp.unix.solaris,comp.protocols.tcp-ip,comp.sys.sun.admin,comp.sys.sun.hardware (More info?)

In article <1114018497.139480.227440@f14g2000cwb.googlegroups.com>,
"Packet411" <packet411@gmail.com> writes:
> Hi,
>
> I've got a switch mirroring packets into a Sun V20Z with a BGE
> interface running in promiscuous mode (using snoop to test this right
> now). Some of the packets coming in have VLAN tags, and some do not. I
> am only seeing packets without VLAN tags. I know the problem is not the
> switch because I see all packets when I perform this test using BSD or
> Linux.

I don't have a bge interface to verify this with, but I think the
issue is that each VLAN is presented as a separate pseudo interface,
so you would have to snoop the VLAN you are interested in.
For VLAN id 1 on bge0, this would be snoop -d bge1000,
for VLAN id 2 on bge0, this would be snoop -d bge2000,
for VLAN id 6 on bge3, this would be snoop -d bge6003,
etc.

As I said, I can't actually check this out though -- just guessing.

--
Andrew Gabriel
Anonymous
April 21, 2005 2:34:01 AM

Archived from groups: comp.dcom.lans.ethernet,comp.unix.solaris,comp.protocols.tcp-ip,comp.sys.sun.admin,comp.sys.sun.hardware (More info?)

I think you nailed it Andrew...
I found a link that may also be helpful at:

http://docs.sun.com/source/817-6337-05/install-apps.htm...

- Bob

Andrew Gabriel wrote:

> I don't have a bge interface to verify this with, but I think the
> issue is that each VLAN is presented as a separate pseudo interface,
> so you would have to snoop the VLAN you are interested in.
> For VLAN id 1 on bge0, this would be snoop -d bge1000,
> for VLAN id 2 on bge0, this would be snoop -d bge2000,
> for VLAN id 6 on bge3, this would be snoop -d bge6003,
> etc.
>
> As I said, I can't actually check this out though -- just guessing.
>
!