Project

General

Profile

Actions

Feature #13094

closed

Allow packet capture filtering in tagged packets

Added by Steve Wheeler almost 2 years ago. Updated 12 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Packet Capture
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
23.05
Release Notes:
Force Exclusion

Description

Currently the host filtering options in the webgui packet capture do not match VLAN or QinQ tagged traffic.

It would be very useful to be able to filter for that when looking for VLAN traffic on an interface carrying untagged traffic.

Currently 'Host Address' field is used as a host or subnet only:

/usr/sbin/tcpdump -i ix3 -c 1000 -s 0 -w /root/packetcapture.cap ( host 10.229.0.1)

/usr/sbin/tcpdump -i ix3 -c 1000 -s 0 -w /root/packetcapture.cap ( net 10.229.0.0/24)

To match tagged traffic that command needs to be:

/usr/sbin/tcpdump -i ix3 -c 1000 -s 0 -w /root/packetcapture.cap ( vlan and net 10.229.0.0/24)

Or tagged and untagged traffic:

/usr/sbin/tcpdump -i ix3 -c 1000 -s 0 -w /root/packetcapture.cap ( net 10.229.0.0/24) or (vlan and net 10.229.0.0/24)


Related issues

Related to Feature #13382: Packet Capture GUI with granular controlResolvedMarcos M

Actions
Actions #1

Updated by Marcos M almost 2 years ago

  • Assignee set to Marcos M
Actions #2

Updated by Marcos M almost 2 years ago

  • Status changed from New to Pull Request Review

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/741

Old behavior:
  • No filter specified: vlan packets included.
  • Filter specified: no vlan packets included.
New behavior:
  • No filter specified: vlan packets included.
  • Filter specified: vlan packets included.
  • Filter specified or not, with exclude vlan checked: no vlan packets included.
Actions #3

Updated by Steve Wheeler almost 2 years ago

That works for me in all tested cases.

Actions #4

Updated by Marcos M over 1 year ago

  • Status changed from Pull Request Review to In Progress
  • Target version changed from CE-Next to 2.7.0
  • Plus Target Version changed from Plus-Next to 22.11

I'm closing this in favor of a new Packet Capture page; see #13382

For reference, the old patch is below:

diff --git a/src/usr/local/www/diag_packet_capture.php b/src/usr/local/www/diag_packet_capture.php
index b6d2fecc97508aff4dd8f1f39f073693a23ff607..d115c3e0f89886e56407d1708200124009f954d4 100755
--- a/src/usr/local/www/diag_packet_capture.php
+++ b/src/usr/local/www/diag_packet_capture.php
@@ -367,6 +367,13 @@ $section->addInput(new Form_Checkbox(
     '</span></p>'
 );

+$section->addInput(new Form_Checkbox(
+    'excludevlan',
+    'Exclude VLAN',
+    'Exclude VLAN when filtering packets',
+    $_POST['excludevlan']
+))->setHelp('Only filter on untagged packets, otherwise filter on both untagged and tagged packets (including QinQ).');
+
 $section->addInput(new Form_Select(
     'fam',
     '*Address Family',
@@ -554,8 +561,21 @@ if ($do_tcpdump) :
     $selectedif = convert_friendly_interface_to_real_interface_name($selectedif);

     if ($action == gettext("Start")) {
-        $matchstr = implode(" and ", $matches);
-        $cmd = "/usr/sbin/tcpdump -i {$selectedif} {$disablepromiscuous} {$searchcount} -s {$snaplen} -w {$fp}{$fn} " . escapeshellarg($matchstr);
+        if (empty($matches)) {
+            if ($_POST['excludevlan']) {
+                $filterstr = "'not vlan'";
+            } else {
+                $filterstr = null;
+            }
+        } else {
+            $matchstr = implode(" and ", $matches);
+            if ($_POST['excludevlan']) {
+                $filterstr = escapeshellarg("{$matchstr} and not vlan");
+            } else {
+                $filterstr = escapeshellarg("{$matchstr} or (vlan and ({$matchstr})) or (vlan and ({$matchstr}))");
+            }
+        }
+        $cmd = "/usr/sbin/tcpdump -i {$selectedif} {$disablepromiscuous} {$searchcount} -s {$snaplen} -w {$fp}{$fn} " . $filterstr;
         print_info_box(gettext('Packet capture is running'), 'info');
         ?>
         <div class="infoblock">

Actions #5

Updated by Marcos M over 1 year ago

  • Related to Feature #13382: Packet Capture GUI with granular control added
Actions #6

Updated by Jim Pingle over 1 year ago

  • Plus Target Version changed from 22.11 to 23.01
Actions #7

Updated by Jim Pingle over 1 year ago

  • Plus Target Version changed from 23.01 to 23.05
Actions #8

Updated by Marcos M about 1 year ago

  • Status changed from In Progress to Pull Request Review
Actions #9

Updated by Marcos M 12 months ago

  • Status changed from Pull Request Review to Resolved
Actions #10

Updated by Marcos M 12 months ago

  • Status changed from Resolved to Closed
  • Release Notes changed from Default to Force Exclusion
Actions

Also available in: Atom PDF