odd issue with Linux VLAN interface

[Denis Ovsienko <denis () ovsienko info>]

List,

some time ago I did troubleshooting on a Linux PC and that involved running tcpdump with the "not tcp" filter on a few 
network interfaces to put a number of background TCP connections out of scope (I was interested how other protocols' 
packets were making from one interface to the other). At some point I had realized that tcpdump was printing TCP 
packets _only_ and no other protocols (again, the filter was "not tcp"). Later I figured it out how to reproduce the 
problem but not the cause of it.

The host has an Ethernet interface with only an IPv6 link-local address (eth0). On top of it there is a VLAN interface 
with VID 75 (eth0.75), IPv6 link-local address and IPv4 address 10.0.75.254/24. The difference is, when tcpdump runs 
with "-i eth0.75", it works as expected and displays ARP and, for instance, UDP from/to the network 10.0.75.0/24. When 
run with "-i eth0", it displays only TCP from/to network 10.0.75.0. This looks wrong in two ways as the tagged packets 
should not appear on the bearing interface in the first place and even if they appear there the filter should exclude 
them, but instead of this it excludes all the other packets.

This is the latest build of tcpdump on kernel 3.13.0-44-generic #73-Ubuntu SMP. Not sure if I will get to find the 
reason myself, but if anybody sees this as a duplicate of or an additional input for one of the known bugs, please let 
me know.

-- 
 Denis Ovsienko

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers