The Tcpdump Group git mirrors

author	Michal Kubecek <[email protected]>
	Mon, 22 May 2017 12:25:06 +0000 (14:25 +0200)
committer	Michal Kubecek <[email protected]>
	Mon, 22 May 2017 12:25:06 +0000 (14:25 +0200)
commit	7c7a19fbd9af93b4ad655356daa0b35f8ca8d046
tree	840d9e7ae2e6da11ba67d21521817dcc9381befe	tree
parent	89180a8f0d17af09abfe1b8f45bd4dad505db4a8	commit \| diff

Fix logic of combined VLAN test

The fallback to checking vlan tag in packet data in case of negative
metadata test (introduced by commit d739b068ac29) must be done whenever
VLAN_TAG_PRESENT test is false but current code does it for "vlan <id>"
filter whenever (VLAN_TAG_PRESENT && VLAN_TAG == vlan_num) is false.
As a result, "vlan 33" filter matches e.g a packet with (TPID=0x88a8,
VID=22) in metadata and (TPID=0x8100, VID=33) in packet data.

Natural logic for correct "vlan <id>" test would be

  ([SKF_AD_VLAN_TAG_PRESENT] == 1) ?
      ([SKF_AD_VLAN_TAG] == vlan_num) :
      ([off_linktype] is vlan && [off_linktype + 2] == vlan_num)

but this couldn't be easily implemented in the model libpcap uses to
generate block flow graph. The alternative solution used here does

  (([SKF_AD_VLAN_TAG_PRESENT] == 1) || ([off_linktype] is vlan)) &&
  ((([SKF_AD_VLAN_TAG_PRESENT] == 1) ? [off_linktype + 2] :
                                       SKF_AD_VLAN_TAG) == vlan_num)

Checking VLAN_TAG_PRESENT twice is a bit unfortunate but this logic is
easier to implement.

Fixes: d739b068ac29 ("Make VLAN filter handle both metadata and inline tags")