ISL patch, VLAN tag hash question
slif at bellsouth.net
slif at bellsouth.net
Wed Mar 2 20:01:43 EST 2005
We've run into a problem here with the decoding of ISL encapsulated
802.3 packets. Attached please find a patch that improves the decoding.
Reference: http://www.cisco.com/warp/public/473/741_4.pdf
Improved :
Handles both type of DA -- "01−00−0C−00−00" or "03−00−0C−00−00."
These ISL fields are not considered:
USER SA AAAA03(SNAP) HSA VLAN BPDU INDEX RES
Suggestion for further improvement:
1. Verify SNAP is AA-AA-03
2. If BPDU is set, consider encapsulated packet may be a bridge PDU or CDP packet.
3. Support other types besides Ethernet
(e.g., TokenRing, FDDI, and ATM)
Impact:
192.168.1.3 in any VLAN is treated the same as
192.168.1.3 in other VLANs
Question:
> Old-Subject: RE: Monitoring two interfaces
On Thu, 5 Sep 2002, Carter Bullard wrote:
> [SNIP]
> Argus handles a lot of encapsulations, and so it should deal with
> VLAN tags well. It preserves 802.1Q vlan tags in its output, so when
> you read the Argus output with ra(), if the "ind" field has a 'q' in
> it, that's where an 802.1Q tag was seen on the flow.
Does the 802.1q processing use the VLAN identifier when hashing
the addresses ? If not, the impact of decoding 802.1q may be
suspect ?
All the Best,
-Mike Slifcak
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch-server-isl-decode
Type: application/octet-stream
Size: 919 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20050302/2f282e08/attachment.obj>
More information about the argus
mailing list