collector: skb: handle VLAN in the payload

Collecting packets with one or more VLAN header(s) in their payload resulted in packets we could not parse. Fix this by skipping the VLAN headers if we found them. The VLAN information is reported in the event but is coming from the BPF part directly (to support h/w acceleration). Signed-off-by: Antoine Tenart <[email protected]>
retis-org · Jan 22, 2025 · f6cc21c · f6cc21c
1 parent 2430ad7
commit f6cc21c
Showing 1 changed file with 17 additions and 5 deletions.
diff --git a/retis/src/module/skb/bpf.rs b/retis/src/module/skb/bpf.rs
@@ -10,7 +10,7 @@ use std::str;
 use anyhow::{anyhow, Result};
 use pnet_packet::{
     arp::ArpPacket, ethernet::*, icmp::IcmpPacket, icmpv6::Icmpv6Packet, ip::*, ipv4::*, ipv6::*,
-    tcp::TcpPacket, udp::UdpPacket, Packet,
+    tcp::TcpPacket, udp::UdpPacket, vlan::VlanPacket, Packet,
 };
 
 use crate::{
@@ -235,20 +235,32 @@ pub(super) fn unmarshal_packet(
         event.eth = Some(unmarshal_eth(&eth)?);
     }
 
-    match eth.get_ethertype() {
+    // Handle VLANs.
+    fn get_payload(etype: EtherType, payload: &[u8]) -> Result<(EtherType, &[u8])> {
+        match etype {
+            EtherTypes::Vlan | EtherTypes::PBridge => match VlanPacket::new(payload) {
+                Some(vlan) => get_payload(vlan.get_ethertype(), &payload[4..]),
+                None => bail!("Cannot parse VLAN header"),
+            },
+            _ => Ok((etype, payload)),
+        }
+    }
+    let (etype, payload) = get_payload(eth.get_ethertype(), eth.payload())?;
+
+    match etype {
         EtherTypes::Arp => {
-            if let Some(eth) = ArpPacket::new(eth.payload()) {
+            if let Some(eth) = ArpPacket::new(payload) {
                 event.arp = unmarshal_arp(&eth)?;
             };
         }
         EtherTypes::Ipv4 => {
-            if let Some(ip) = Ipv4Packet::new(eth.payload()) {
+            if let Some(ip) = Ipv4Packet::new(payload) {
                 event.ip = Some(unmarshal_ipv4(&ip)?);
                 unmarshal_l4(event, ip.get_next_level_protocol(), ip.payload())?;
             };
         }
         EtherTypes::Ipv6 => {
-            if let Some(ip) = Ipv6Packet::new(eth.payload()) {
+            if let Some(ip) = Ipv6Packet::new(payload) {
                 event.ip = Some(unmarshal_ipv6(&ip)?);
                 unmarshal_l4(event, ip.get_next_header(), ip.payload())?;
             };