| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Aug 2012 10:41:00 -0400 From: Vlad Yasevich <vyasevic@...hat.com> To: "Michael S. Tsirkin" <mst@...hat.com> CC: netdev@...r.kernel.org Subject: Re: [RFC PATCH bridge 0/5] Add basic VLAN support to bridges On 08/30/2012 10:34 AM, Michael S. Tsirkin wrote: > On Thu, Aug 30, 2012 at 09:37:17AM -0400, Vlad Yasevich wrote: >> On 08/30/2012 08:37 AM, Michael S. Tsirkin wrote: >>> On Thu, Aug 23, 2012 at 03:29:50PM -0400, Vlad Yasevich wrote: >>>> This series of patches provides an ability to add VLAN IDs to the bridge >>>> ports. This is similar to what can be found in most switches. The bridge >>>> port may have any number of VLANs added to it including vlan 0 for untagged >>>> traffic. When vlans are added to the port, only traffic tagged with particular >>>> vlan will forwarded over this port. Additionally, vlan ids are added to FDB >>>> entries and become part of the lookup. This way we correctly identify the FDB >>>> entry. >>>> >>>> There are still pieces missing. I don't yet support adding a static fdb entry >>>> with a particular vlan. There is no netlink support for carrying a vlan id. >>>> >>>> I'd like to hear thoughts of whether this is usufull and something we should >>>> persue. >>>> >>>> The default behavior ofthe bridge is unchanged if no vlans have been >>>> configured. >>> >>> Overall the feature looks good, I can think of some uses >>> for it - for example, it could become useful for VMs if >>> we add support to tap essentially stripping tags in Xmit but maybe you >>> could be more explicit about what you have in mind? >>> Do you plan to add tap support as well? >> >> Yes, this is something I've thought of. Not sure if it would be at tap >> or bridge itself. Need to work out where best to do it. > > It's certainly much easier to do in tap. > A 20 line patch should do it. > Does stripping tags seem like something bridge should do? I agree. It would be easier in tap. There also the other side of adding tags for outbound traffic. This would allow auto-access like functionality where the guest itself doesn't know anything about vlans, but the bridge port will add/remove vlans as appropriate. This is on the list of features I want to support. -vlad > >>> Also - what tool support do you plan? >> >> the patchset includes brctl to configure, but that seems to be >> getting deprecated. I am working on iproute2 to add capability to >> configure this. >> >>> >>> I also found some coding style issues and some bugs in >>> the patchset. Sent on list. >> >> Thanks >> -vlad >> >>> >>> Hope this helps. >>> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists