[Bug 2076398] Re: Tcpdump utility captures incorrect packets on VLAN interface when using SLL2

Andreas Hasenack 2076398 at bugs.launchpad.net
Thu Aug 29 18:14:26 UTC 2024 

Marking devel task as fix released according to comment #3 (and I
confirmed the patch is applied in pkg/applied/ubuntu/devel:pcap-
linux.c).

** Changed in: libpcap (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2076398

Title:
  Tcpdump utility captures incorrect packets on VLAN interface when
  using SLL2

Status in libpcap package in Ubuntu:
  Fix Released
Status in libpcap source package in Focal:
  In Progress
Status in libpcap source package in Jammy:
  In Progress

Bug description:
  [Impact]
  When using the `tcpdump -i any` command with SLL2, bogus packets may be captured.
  This issue arises due to differing offsets used for inserting VLAN tags across various data link types.

  [Fix]
  An upstream commit has been made to address and fix this issue.
  commit 4bfca3682e5aeabe05b4406daf00c9abcc36c571
  Author:     Guy Harris <gharris at sonic.net>
  Date: Sat Apr 9 16:55:20 2022 -0700

      linux: set handlep->vlan_offset if the linktype is changed.

      The change to the linktype might change the offset at which to insert
      VLAN tags (or change it to -1, meaning "don't insert VLAN tags").

      This should fix issue #1105.

  [Test Plan]
  1. Set up a VLAN interface:
  # ip link add link eth0 eth0.24 type vlan id 24
  # ifconfig eth0.24 1.0.24.1/24
  2. Generate traffic for packet sniffing:
  # ping -n 1.0.24.3 > /dev/null 2>&1 &
  3. Use tcpdump to capture packets and verify that the error does not occur.
  # tcpdump -nn -i any -Q out not tcp and not udp
  tcpdump: data link type LINUX_SLL2
  tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
  listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
  06:43:28.360947 eth0.24 Out ARP, Request who-has 1.0.24.3 tell 1.0.24.1, length 28
  06:43:28.360949 eth0  Out ARP, Unknown Hardware (12318) (len 0), Unknown Protocol (0x0000) (len 1), length 32

  [Where problems could occur]
  The patch introduced a step to set the VLAN offset when configuring the data link type.
  This change primarily affects the handling of SLL2 and should not impact other data link types.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpcap/+bug/2076398/+subscriptions

More information about the Ubuntu-sponsors mailing list