lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 21 Mar 2011 19:05:09 -0700
From:	Jesse Gross <jesse@...ira.com>
To:	Seblu <seblu@...lu.net>
Cc:	netdev <netdev@...r.kernel.org>
Subject: Re: bnx2 vlan issue

On Thu, Mar 17, 2011 at 4:22 PM, Seblu <seblu@...lu.net> wrote:
> On Thu, Mar 17, 2011 at 8:16 PM, Jesse Gross <jesse@...ira.com> wrote:
>> On Thu, Mar 17, 2011 at 11:02 AM, Seblu <seblu@...lu.net> wrote:
>>> On Thu, Mar 17, 2011 at 3:51 PM, Seblu <seblu@...lu.net> wrote:
>>
>> It was a bug that it worked at all and whether it worked depended on
>> the hardware/firmware/driver.  If an interface is attached to a
>> bridge, the bridge takes all the packets received on that interface,
>> including vlan packets.
> ok i see.
>
>>
>> There are a few ways to setup vlans and bridging that work on all
>> kernels and with all NICs:
>>
>> * vlans on interface, bridges contain vlan devices.  This gives you a
>> bridge for each vlan.
> Except for untagged isn't it? This is why i fail. I need to have a
> bridge with the untagged vlan from an interface.
> Before 2.6.37 (with most of drivers/firmware/hardware i use) when a
> vlan is defined on an interface, for example eth0, eth0.15 show vlan15
> frames and eth0 show untagged frames.
>
> I've tryed eth0.0, expecting to have untagged vlan, but this doesnt work.

eth0.0 will get packets that have a vlan tag with vid 0, some people
use it as just another vlan.

> How can I create a bridge with the untagged vlan from an interface?
>
>> * bridge on interface, vlans on bridge device.  This gives you a
>> bridge with all packets and vlan devices can give you specific vlans.
> I cannot use this schema, i used bridge to bring together vnet
> interface and vlan interface.

I'm not sure I understand why you say you can't use this.  You can
combine vlans and bridging pretty much arbitrarily, including stacking
multiple layers.

>
>> * Use ebtables rules in the bridge to accept/reject certain packets as desired.
> I don't see how use ebtables to push untagged frame to a dedicated
> iface which can be added in a bridge.

You could have a bridge on the raw interface and connect all of the
VMs that need untagged traffic.  If you add an ebtables rule to reject
tagged traffic then vlan devices on the interface will continue to
work as before.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ