Sake Blok wrote:
On Tue, May 01, 2007 at 11:38:26PM -0700, Guy Harris wrote:
Sake Blok wrote:
Might this be a WinPcap bug?
Does it count as a bug if it's documented to work that way? :-)
Most definitely not :-)
I'm not saying that's necessarily the *right* behavior, or the *best*
behavior - although to have the "obvious" behavior wherein "host
x.x.x.x" checks for that host address in all packets, you'd need to
check for VLAN packets even if your network isn't using VLANs, which
might be considered inefficient - and, as the BPF engine doesn't support
loops (at least not in the kernel), to avoid handing code to the kernel
that could loop infinitely, there's no way to handle arbitrary numbers
of layers of VLAN encapsulation.
So I'm not sure what the "right" behavior would be (short of a hack in
the BPF interpreter giving it an instruction to let it look for
Ethertypes with an arbitrary number of layers of VLAN encapsulation -
which might be the right answer, along the lines of the instructions the
BSD/OS people added for chaining through IPv6 headers).
