Project

General

Profile

Actions

Optimization #4805

closed

af-packet: move vlan hdr insert logic to capture/decode

Added by Victor Julien about 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

In af-packet we get the vlan header from the kernel as meta data, while the raw data doesn't contain the (first) vlan header. In IPS mode we reconstruct it in AFPWritePacket just before we push the packet back out on to the wire.

This leads to fairly complex code in AFPWritePacket for the "autofp" case, with a lock that is being held as the raw data is updated.

An additional issue with doing this only while sending the packet is that during logging the vlan header is missing from the raw log output.

The packet could probably be updated just after packet decoding is complete. This makes sure don't decode the header we just added, but makes the header available to logging. It would also mean we don't need to update data from a different thread (in autofp), so we can reconsider the locking logic.

Actions

Also available in: Atom PDF