VLAN friendly BPF

[TheNoButton]

I wasn't able to log 802.1q tagged packets until I updated the packet filter:

--- a/src/passivedns.c
+++ b/src/passivedns.c
@@ -1066,7 +1066,7 @@ int main(int argc, char *argv[])
     config.inpacket = config.intr_flag = 0;
     config.dnslastchk = 0;
     //char *pconfile;
-#define BPFF "port 53"
+#define BPFF "(vlan and port 53) or (not vlan and port 53)"
     config.bpff = BPFF;
     config.logfile = "/var/log/passivedns.log";
     config.logfile_nxd = "/var/log/passivedns.log";

[frsk]

Probably better to include a note in the doc or README, rather than changing the default behaviour for all users.

[maxtors]

I agree with frsk. This is an issue that the user of this software should address themselves.

[TheNoButton]

Reading here, it'd be cleaner to write port 53 or (vlan and port 53). I just felt a complied-in BPF should work for both untagged and tagged packets, especially on something like this which could very well be hanging off of a fiber tap.

http://www.christian-rossow.de/articles/tcpdump_filter_mixed_tagged_and_untagged_VLAN_traffic.php

[thus]

Sorry for entering the discussion so late. I like the idea of having one BPF to rule them all. Some users are probably missing VLAN traffic in passivedns without even knowing it. However, I feel that more testing should be done to see if this has any performance impact, before forcing this change on all the users. Thanks for pointing this out, TheNoButton!