Re: only outbound traffic

[Andrej van der Zee <andrejvanderzee () gmail com>]

Hi,

> Why would an "offset" keyword be better in the filtering language than, say, the "vlan" keyword it already has?  
> You'd still have to do the same sort of special stuff, but it'd be a more manual operation.  (I.e., why would saying 
> "offset {length of VLAN tag}" be better than "vlan"?)

Its more explicit too me. It is not really intuitive that "port 80 and vlan" and " vlan and port 80" gives different 
results, until you realize that vlan increases the ether type offset. 


> The ideal would be a filtering language wherein having the filter code in the kernel skip past VLAN tags 
> automatically was cheap.  Perhaps a language (not a language for users to express filters, but a language into which 
> to compile the filters the user expresses) that makes it impossible to specify infinite loops, combined with a JIT to 
> make loops reasonably efficient (there already exist JITs for x86-32 and x86-64 on some platforms, e.g. Windows and 
> FreeBSD), would be the right way to handle VLANs and IPv6 protocol chains and perhaps even filters at higher protocol 
> levels.-

If you say so ;)

Arent there any special port mirroring NICS out there that remove those VLAN tags? 

Cheers,
Andrej-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.