| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTik1JJO7mqxPzqfshMfH2JFUXn+yxbTqVdr4QDf6@mail.gmail.com> Date: Mon, 21 Mar 2011 19:05:09 -0700 From: Jesse Gross <jesse@...ira.com> To: Seblu <seblu@...lu.net> Cc: netdev <netdev@...r.kernel.org> Subject: Re: bnx2 vlan issue On Thu, Mar 17, 2011 at 4:22 PM, Seblu <seblu@...lu.net> wrote: > On Thu, Mar 17, 2011 at 8:16 PM, Jesse Gross <jesse@...ira.com> wrote: >> On Thu, Mar 17, 2011 at 11:02 AM, Seblu <seblu@...lu.net> wrote: >>> On Thu, Mar 17, 2011 at 3:51 PM, Seblu <seblu@...lu.net> wrote: >> >> It was a bug that it worked at all and whether it worked depended on >> the hardware/firmware/driver. If an interface is attached to a >> bridge, the bridge takes all the packets received on that interface, >> including vlan packets. > ok i see. > >> >> There are a few ways to setup vlans and bridging that work on all >> kernels and with all NICs: >> >> * vlans on interface, bridges contain vlan devices. This gives you a >> bridge for each vlan. > Except for untagged isn't it? This is why i fail. I need to have a > bridge with the untagged vlan from an interface. > Before 2.6.37 (with most of drivers/firmware/hardware i use) when a > vlan is defined on an interface, for example eth0, eth0.15 show vlan15 > frames and eth0 show untagged frames. > > I've tryed eth0.0, expecting to have untagged vlan, but this doesnt work. eth0.0 will get packets that have a vlan tag with vid 0, some people use it as just another vlan. > How can I create a bridge with the untagged vlan from an interface? > >> * bridge on interface, vlans on bridge device. This gives you a >> bridge with all packets and vlan devices can give you specific vlans. > I cannot use this schema, i used bridge to bring together vnet > interface and vlan interface. I'm not sure I understand why you say you can't use this. You can combine vlans and bridging pretty much arbitrarily, including stacking multiple layers. > >> * Use ebtables rules in the bridge to accept/reject certain packets as desired. > I don't see how use ebtables to push untagged frame to a dedicated > iface which can be added in a bridge. You could have a bridge on the raw interface and connect all of the VMs that need untagged traffic. If you add an ebtables rule to reject tagged traffic then vlan devices on the interface will continue to work as before. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists