lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 22 Jan 2010 20:34:56 +0000
From:	Ben Hutchings <bhutchings@...arflare.com>
To:	Herbert Xu <herbert@...dor.apana.org.au>
Cc:	netdev@...r.kernel.org
Subject: Re: VLAN vs bridging receive precedence

On Sat, 2010-01-23 at 09:13 +1300, Herbert Xu wrote:
> On Fri, Jan 22, 2010 at 05:11:42PM +0000, Ben Hutchings wrote:
> .
> > The administrator might just be trying to bridge a VLAN to a guest.
> > 
> > XenCenter attaches a bridge interface ('Network') to each NIC.  The
> > administrator can define additional Networks which are associated with
> > VLANs on specific NICs; for each of these it attaches a VLAN interface
> > to the physical interface and a bridge interface to the VLAN interface.
> 
> But that should work perfectly.  The problem here is that the
> bridge is being attached to the physical interface, no?

As I said, it attaches a bridge interface to each NIC (physical
interface) to start with - whether or not the administrator chooses to
bridge the NIC to any guest interfaces.  So it doesn't work without VLAN
receive acceleration.

> > Ideally people wouldn't mix tagged and untagged traffic, and then
> > XenCenter could refuse to bridge both a physical interface and a VLAN
> > attached to it.  In practice, people do mix them, and I think we need to
> > work out what the proper semantics are.
> 
> Mixing should work as well, as long as you don't attach both
> bridging and VLAN to the physical interface.

And if you are going to mix them, on a virtualised server you may want
to bridge them both to guests, separately.  That seems to require either
that a VLAN interface and a bridge interface can be attached to the
physical interface, with the VLAN interface taking precedence on
receive; or that a virtual interface accepting only untagged traffic can
be attached to the physical interface.

Ben.

-- 
Ben Hutchings, Senior Software Engineer, Solarflare Communications
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ