lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <BANLkTinPQSB_Jc5xGL=pSLekun4LZjbGfA@mail.gmail.com>
Date:	Fri, 17 Jun 2011 09:47:27 -0700
From:	Jesse Gross <jesse@...ira.com>
To:	Dominique Martinet <rnfhrznznaq.tf@...lue.notk.org>
Cc:	netdev@...r.kernel.org
Subject: Re: bnx2 vlan issue

On Thu, Jun 16, 2011 at 11:10 PM, Dominique Martinet
<rnfhrznznaq.tf@...lue.notk.org> wrote:
> Hi,
>
> Jesse Gross <jesse <at> nicira.com> writes:
>> On Thu, Mar 24, 2011 at 5:26 PM, Seblu <seblu <at> seblu.net> wrote:
>> > Maybe i was not enough clear. It seems to me that new behaviour, with
>> > vlan on top of bridge rather than above interface in bridge is not
>> > functional.
>> > In other words, i cannot use vlan and bridge together in 2.6.38 (with
>> > e1000e).
>>
>> Sorry, I misunderstood what you were saying before.  Can you try and
>> see where the packets are getting lost or improperly handled by
>> running tcpdump on the various interfaces?  For example, check that
>> packets are coming in with tags on the physical interfaces, have tags
>> on the bridge interface, no tag on the vlan interface, etc.
>
> I think I ran into the same problem, and my workaround for this was to add
> a vlan do the bridge and then add the vlan'ed bridge to another bridge, i.e.
> (since I can't draw, commands will be better :P)
>
> brctl addbr br0
> brctl addif br0 eth0
> ip link add link br0 name br0.42 type vlan id 42
> ip link set br0.42 up
>
> brctl addbr br_42
> brctl addif br_42 br0.42
>
> and then I could put VMs in br_42 which got network "as expected"
> before, I used to have br_42 with eth0.42 in it, so it is just one more
> step..
> What bothers me is that I also want to put VMs in br0, and it does work,
> but this bridge also sees all the tagged data - isn't there a way to just
> "pick" the untagged network?

You are bridging the VMs to the physical network, so it is expected
that they will see all traffic.  That said, you could use ebtables to
only take vlan 0, similar to if you only wanted them to see packets to
their MAC address and not flooding.

> My other question is that I'm not certain if that's the expected way to
> use the new behaviour, if not I wouldn't mind light shining from above :)

Yes, that's the intended behavior and correct usage.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ