vlan tag missing in packets captured using custom socket but visible in wireshark
I am using
Code:
read_socket = socket( PF_PACKET, SOCK_RAW, htons(ETH_P_ALL) );
and for writing as well
Code:
write_socket = socket( PF_PACKET, SOCK_RAW, htons(ETH_P_ALL) );
while writing packet, I am writing entire packet ( i.e., ethernet header, ip header, udp header, application data and finally ethernet checksum )
but while capturing on other side using read_socket I am seeing, if it is just ethernet packet, entire packet is visible. But however, if I am sending packet with vlan tag, read_socket is capturing entire packet excluding vlan tag. As it is vlan 1ad packet, the four bytes in ethernet header are missing.
But entire packet is visible in wireshark capture. Tried identifying the socket used by wireshark, but not able to succeed. I downloaded the wireshark source code, kept logs where ever socket function call is there, compiled and used that executable to capture the packets without installing. Because I already have the one installed using "sudo apt", probably installed libraries are being used even though I am running the locally compiled executable.
To my surprise, if I open the read socket after started sending the vlan packets, I am seeing the entire packet is getting captured(i.e., including vlan tag). But If I open the read / write sockets, then start sending the packets, I am seeing vlan tag is missing....!!!
But I can't afford opening read socket after started sending packets, as I will be loosing some packets. Can someone help me in always capturing the entire packet including vlan tag
Note: Both the network cards are existing in same machine and are connected B2B. Project requirement is to send / receive packets via Tx/Rx queues.
Seems to me to be off-topic as it's a programming question, not a Wireshark one.
One thing to be aware of is that as both NIC's are on the same machine the OS might take a short circuit and not generate the Ethernet\VLAN part of the packet as it never leaves the machine.