问题一: scapy发送vlan报文，tcpdump过滤抓包未抓到包的问题

发包

sendp([Ether(src="11:22:33:44:55:00")/Dot1Q(vlan=1001)/IP()/UDP()/"Hello, VLAN!"], iface="ens9")

vlan过滤抓包，不OK。

# tcpdump -i ens9 -nnvve -Q out vlan

关闭tx-vlan-offload也不OK。

# ethtool -K ens9 txvlan off

增加过滤条件ether proto 0x8100，能抓到包

# tcpdump -i ens9 -nnvve -Q out ether proto 0x8100
tcpdump: listening on ens9, link-type EN10MB (Ethernet), capture size 262144 bytes
20:52:28.445275 11:22:33:44:55:00 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 58: vlan 1001, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 40)127.0.0.1.65535 > 127.0.0.1.65535: [udp sum ok] UDP, length 12

问题二: 收vlan报文，tcpdump过滤抓包未抓到包的问题

vlan 过滤条件可以抓到包

# tcpdump -i ens9 -nnvve -Q in vlan
tcpdump: listening on ens9, link-type EN10MB (Ethernet), capture size 262144 bytes
20:53:23.525317 11:22:33:44:55:00 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 1001, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 40)127.0.0.1.65535 > 127.0.0.1.65535: [udp sum ok] UDP, length 12

但是，过滤条件ether proto 0x8100，抓不到包

# tcpdump -i ens9 -nnvve -Q in ether proto 0x8100

过滤条件ether proto 0x0800，却可以抓到包

# tcpdump -i ens9 -nnvve -Q in ether proto 0x0800
tcpdump: listening on ens9, link-type EN10MB (Ethernet), capture size 262144 bytes
21:02:31.332599 11:22:33:44:55:00 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 1001, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 40)127.0.0.1.65535 > 127.0.0.1.65535: [udp sum ok] UDP, length 12

说明入向的时候，以太协议被赋值为了 0x0800。

总结

抓包条件	0x8100	vlan	0x0800
tx	Y	N	N
rx	N	Y	Y

待分析，为什么会出现这样的一种情况呢？