salcock
commented
1 month ago One of the quirks with the BPF filter language is that a filter will never match a packet with VLAN tags unless you explicitly include vlan and at the start of your filter string.
So in your case, your filter needs to become not (vlan and tcp). If there are also untagged TCP packets being captured that you want to remove, then you'll need something like: not tcp and not (vlan and tcp)
Crazycuo
hi,
i install libtrace with latest src code. i tried to use tracepktdump toool to capture and filter packets. Here are my steps:
[root@10-6-239-90 ~]# dpdk-devbind -s
Network devices using DPDK-compatible driver
0000:3b:00.1 'Ethernet Controller X710 for 10GbE SFP+ 1572' drv=vfio-pci unused=i40e
Network devices using kernel driver
0000:04:00.0 'NetXtreme BCM5720 2-port Gigabit Ethernet PCIe 165f' if=em1 drv=tg3 unused=vfio-pci Active 0000:04:00.1 'NetXtreme BCM5720 2-port Gigabit Ethernet PCIe 165f' if=em2 drv=tg3 unused=vfio-pci Active 0000:3b:00.0 'Ethernet Controller X710 for 10GbE SFP+ 1572' if=p2p1 drv=i40e unused=vfio-pci 0000:5e:00.0 'NetXtreme BCM5720 2-port Gigabit Ethernet PCIe 165f' if=p1p1 drv=tg3 unused=vfio-pci Active 0000:5e:00.1 'NetXtreme BCM5720 2-port Gigabit Ethernet PCIe 165f' if=p1p2 drv=tg3 unused=vfio-pci
[root@10-6-239-90 ~]# tracepktdump -c 100000 -f "not tcp" dpdk:0000:3b:00.1 > log
[root@10-6-239-90 ~]# head -n 100 log
Mon Oct 14 18:04:15 2024 Capture: Packet Length: 70/74 Direction Value: 0 Ethernet: Dest: f0:d4:e2:e7:90:3c Source: c4:b2:39:41:eb:a7 Ethertype: 0x8100 VLAN: User Priority: 0 VLAN: Format Indicator: 0 VLAN: ID: 12 VLAN: EtherType: 0x0800 IP: Header Len 20 Ver 4 DSCP 00 ECN 0 Total Length 52 IP: Id 31631 Fragoff 0 DONT_FRAG IP: TTL 62 Proto 6 (tcp) Checksum 25776 IP: Source 10.5.60.100 Destination 10.5.12.23 TCP: Source 59200 Dest 10050 (zabbix-agent) TCP: Seq 1891763547 TCP: Ack 2085530246 TCP: DOFF 8 Flags: ACK Window 229 TCP: Checksum 22063 Urgent 0 TCP: NOP TCP: NOP TCP: Timestamp 4227040201 1964909267 unknown protocol tcp/10050 Unknown Protocol: 10050
Mon Oct 14 18:04:15 2024 Capture: Packet Length: 70/74 Direction Value: 0 Ethernet: Dest: f0:d4:e2:e7:90:3c Source: c4:b2:39:41:eb:a7 Ethertype: 0x8100 VLAN: User Priority: 0 VLAN: Format Indicator: 0 VLAN: ID: 12 VLAN: EtherType: 0x0800 IP: Header Len 20 Ver 4 DSCP 00 ECN 0 Total Length 52 IP: Id 31632 Fragoff 0 DONT_FRAG IP: TTL 62 Proto 6 (tcp) Checksum 25775 IP: Source 10.5.60.100 Destination 10.5.12.23 TCP: Source 59200 Dest 10050 (zabbix-agent) TCP: Seq 1891763547 TCP: Ack 2085530246 TCP: DOFF 8 Flags: FIN ACK Window 229 TCP: Checksum 22062 Urgent 0 TCP: NOP TCP: NOP TCP: Timestamp 4227040201 1964909267 unknown protocol tcp/10050 Unknown Protocol: 10050
Mon Oct 14 18:04:15 2024 Capture: Packet Length: 70/74 Direction Value: 0 Ethernet: Dest: f0:d4:e2:e7:90:3c Source: c4:b2:39:41:eb:a7 Ethertype: 0x8100 VLAN: User Priority: 0 VLAN: Format Indicator: 0 VLAN: ID: 12 VLAN: EtherType: 0x0800 IP: Header Len 20 Ver 4 DSCP 00 ECN 0 Total Length 52 IP: Id 31633 Fragoff 0 DONT_FRAG IP: TTL 62 Proto 6 (tcp) Checksum 25774 IP: Source 10.5.60.100 Destination 10.5.12.23 TCP: Source 59200 Dest 10050 (zabbix-agent) TCP: Seq 1891763548 TCP: Ack 2085530247 TCP: DOFF 8 Flags: ACK Window 229 TCP: Checksum 22061 Urgent 0 TCP: NOP TCP: NOP TCP: Timestamp 4227040201 1964909267 unknown protocol tcp/10050 Unknown Protocol: 10050
as we can see, when i use "not tcp" filter, tracepktdump still filters tcp packets. Not sure if my BPF filter is correct. Any ideas are appreciated.