From: Eric Leblond <eric@regit.org>
Date: Thu, 6 Feb 2014 12:54:10 +0000 (+0100)
Subject: af-packet: improve VLAN detection
X-Git-Tag: suricata-2.0rc1~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e871f7132b08e41f28e0b5763393bd5453e402d9;p=thirdparty%2Fsuricata.git

af-packet: improve VLAN detection

Since commit in kernel
  commit a3bcc23e890a6d49d6763d9eb073d711de2e0469
  Author: Ben Greear <greearb@candelatech.com>
  Date:   Wed Jun 1 06:49:10 2011 +0000

      af-packet: Add flag to distinguish VID 0 from no-vlan.
a flag is set to indicate VLAN has been set in packet header.

As suggested in commit message, using a test of the flag followed
by a check on vci value ensure backward compatibility of the test.
---

diff --git a/src/source-af-packet.c b/src/source-af-packet.c
index 0a3c5f00ed..5f31b42987 100644
--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@@ -790,7 +790,8 @@ int AFPReadFromRing(AFPThreadVars *ptv)
         }
 
         /* get vlan id from header */
-        if ((!ptv->vlan_disabled) &&  h.h2->tp_vlan_tci) {
+        if ((!ptv->vlan_disabled) &&
+            (h.h2->tp_status & TP_STATUS_VLAN_VALID || h.h2->tp_vlan_tci)) {
             p->vlan_id[0] = h.h2->tp_vlan_tci;
             p->vlan_idx = 1;
             p->vlanh[0] = NULL;