lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1388132917.8290.22.camel@ubuntu-vm-makita>
Date:	Fri, 27 Dec 2013 17:28:37 +0900
From:	Toshiaki Makita <makita.toshiaki@....ntt.co.jp>
To:	Alexandre DERUMIER <aderumier@...so.com>
Cc:	netdev@...r.kernel.org, Vlad Yasevich <vyasevic@...hat.com>
Subject: Re: bridge vlan_filtering don't work with tap devices (qemu guests)

2013-12-26 (木) の 14:57 +0100 に Alexandre DERUMIER さんは書きました:
> Hello Again,
> 
> One more question :
> 
> If I use tcpdump on br0, I don't see any tagged vlan10 packets on the bridge.
> with 
> # bridge vlan add dev tap0 vid 10 pvid untagged 
> # bridge vlan add dev tap1 vid 10 pvid untagged 

With these settings, you should be able to see tagged frames on bridge
device with promisc mode.
Are you sure you enabled vlan_filtering by sysfs?
Or didn't you set br0 in the same way as other ports like below?
# bridge vlan add dev br0 vid 10 pvid untagged self

> 
> 
> What I would like to do, is tagging vlan10, incoming (untagged) packets from tap0 and tap1.
> 
> Is it possible ?

If you set pvid, incoming frames from the port will be tagged with the
vlan.
If you set untagged, outgoing frames with the vlan from the port will be
untagged.

So, if you want to send frames tagged with vlan 10, please don't set vid
10 untagged on outgoing ports you want.


BTW:
(CC: Vlad)
I tested to execute tcpdump on br0 with vlan_filtering enabled, but
kernel panic occurred with upstream net-tree kernel. br_handle_vlan()
seems to have a bug that it doesn't check pv is NULL or not.
br_pass_frame_up() calls br_handle_vlan() even if br->vlan_info is NULL
when bridge device is promisc mode.
This will occur if we don't add any vlan on the bridge device.
I'm going to make a patch to fix it.

Thanks,
Toshiaki Makita

> 
> With openvswitch, I can do it simply with "ovs-vsctl set port tap0 tag=10"
> 


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ