I am working with raw Ethernet frames. I have a Ethernet interface eth0 and a virtual VLAN interface eth0.100 on my Linux machine. My RAW socket is bound to the virtual interface eth0.100. The problem is that when a VLAN tagged (VLAN ID=100) frame is transmitted to this interface externally, my application gets two copies of the same Ethernet frame. From application I cannot see the difference between these frames, the content of the payload is exactly the same. My interface is NOT operating in promiscuous mode.
I used tcpdump to capture the frames and below is the result
If I bind to the eth0, I still get two copies of the frame. But if I delete eth0.100 and bind to eth0, I just get one copy. Is my application getting two copies of the frame, one from eth0 and one from eth0.100 even though I am bound ONLY to eth0.100 ?
I tried to use BPF, but I am not sure what filter to use on eth0.100.
I tried to use BPF, when I generated a filtering rule using tcpdump I could see that the byte code generated was the same for both eth0 and eth0.100 interfaces. So I dropped the idea. Below solution worked for me.
I deleted the virtual interface eth0.100 and bound my raw socket to the base interface eth0. When sending a frame I manually VLAN tagged the frame. I don't have do anything special on reception as the base interface gets all the frames. Now I don't see the duplicate frames I was seeing earlier.
This still does not explain why I saw duplicate frames. Will investigate further and post when I get an answer.