lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+h21hr4KsDCzEeLD5CtcdXMtY5pOoHGi7-Oig0-gmRKThG30A@mail.gmail.com>
Date:   Thu, 6 Feb 2020 11:02:57 +0200
From:   Vladimir Oltean <olteanv@...il.com>
To:     netdev <netdev@...r.kernel.org>
Subject: VLAN retagging for packets switched between 2 certain ports

Hi netdev,

I am interested in modeling the following classifier/action with tc filters:
- Match packets with VID N received on port A and going towards port B
- Replace VID with M

Some hardware (DSA switch) I am working on supports this, so it would
be good if I could model this with tc in a way that can be offloaded.
In man tc-flower I found the following matches:
       indev ifname
              Match on incoming interface name. Obviously this makes
sense only for forwarded flows.  ifname is the name of an interface
which must exist at the time of tc invocation.
       vlan_id VID
              Match on vlan tag id.  VID is an unsigned 12bit value in
decimal format.

And there is a generic "vlan" action (man tc-vlan) that supports the
"modify" command.

Judging from this syntax, I would need to add a tc-flower rule on the
egress qdisc of swpB, with indev swpA and vlan_id N.
But what should I do if I need to do VLAN retagging towards the CPU
(where DSA does not give me a hook for attaching tc filters)?

Thanks,
-Vladimir

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ