[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <50CB58EB.9050302@redhat.com>
Date: Fri, 14 Dec 2012 11:50:51 -0500
From: Vlad Yasevich <vyasevic@...hat.com>
To: Jamal Hadi Salim <jhs@...atatu.com>
CC: Stephen Hemminger <shemminger@...tta.com>,
David Miller <davem@...emloft.net>, or.gerlitz@...il.com,
netdev@...r.kernel.org, mst@...hat.com, john.r.fastabend@...el.com
Subject: Re: [PATCH 00/11] Add basic VLAN support to bridges
On 12/13/2012 05:56 PM, Jamal Hadi Salim wrote:
> On 12-12-13 05:37 PM, Stephen Hemminger wrote:
>
>>
>> You can, run any action before it hits the bridge.
>
> I think you and I have had this discussion before ;->
> It works just fine on ingress.
>
>
> #Add ingress qdisc on br0
> tc qdisc add dev br0 ingress
> #Add a filter to accept all and count
> tc filter add dev br0 parent ffff: protocol ip prio 6 u32 match ip dst
> 0/0 flowid 1:16 action ok
> #show the stats
> root@...12:~# tc -s filter show parent ffff: dev br0
> filter protocol ip pref 6 u32
> filter protocol ip pref 6 u32 fh 800: ht divisor 1
> filter protocol ip pref 6 u32 fh 800::800 order 2048 key ht 800 bkt 0
> flowid 1:16
> match 00000000/00000000 at 16
> action order 1: gact action pass
> random type none pass val 0
> index 2 ref 1 bind 1 installed 269 sec used 74 sec
> Action statistics:
> Sent 1210 bytes 15 pkt (dropped 0, overlimits 0 requeues 0)
> backlog 0b 0p requeues 0
> ------
>
> Look at those packets ...
Interesting. But, but how complex would be be to configure a vlan
filter for say 10 different vlans, each one of them only permitted
to be forwarded to their respective VM. Oh, and Vlan tags should
be stripped when they are being forwarded.
config:
+- eth0
|
br0-+- vnet0 (vlan10) - VM1
|
+- vnet1 (vlan20) - VM2
|
+- vnet3 (vlan30) - VM3
... etc...
-vlad
>
> cheers,
> jamal
>
> cheers,
> jamal
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists