1 | initial version |
Cliffs Notes version:
The Linux networking stack pulls VLAN tags out of the body of packets and puts it into metadata in the "socket buffer. If you're reading from a PF_PACKET/SOCK_RAW socket - whether using a socket system call or a memory-mapped buffer - the data you read will have the VLAN tags stripped out, so, to reconstruct the packet as it appeared on the wire, you'll need to get the VLAN tag information from the metadata and reconstruct it.
Libpcap will do that for you. If you really want to do the capturing yourself, see how libpcap does it. If you want to do it on non-memory-mapped sockets, you'll have to look at the libpcap 1.9 code; the master branch only uses memory-mapped sockets.
2 | No.2 Revision |
Cliffs Notes version:
The Linux networking stack pulls VLAN tags out of the body of packets a packet and puts it into metadata in the "socket buffer. " structure for the packet. If you're reading from a PF_PACKET/SOCK_RAW socket - whether using a socket system call or a memory-mapped buffer - the data you read will have the VLAN tags stripped out, so, to reconstruct the packet as it appeared on the wire, you'll need to get the VLAN tag information from the metadata and reconstruct it.
Libpcap will do that for you. If you really want to do the capturing yourself, see how libpcap does it. If you want to do it on non-memory-mapped sockets, you'll have to look at the libpcap 1.9 code; the master branch only uses memory-mapped sockets.