From nobody Wed Jul 30 22:52:16 2025 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bsnXr5j2cz63831 for ; Wed, 30 Jul 2025 22:52:28 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx-01.divo.sbone.de (mx-01.divo.sbone.de [IPv6:2003:a:140a:2200:6:594:fffe:19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (prime256v1) client-digest SHA256) (Client CN "mx-01.divo.sbone.de", Issuer "E5" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bsnXr1XgBz3lcB; Wed, 30 Jul 2025 22:52:27 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Authentication-Results: mx1.freebsd.org; none Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:1025]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by mx-01.divo.sbone.de (Postfix) with ESMTPS id 460E4A64805; Wed, 30 Jul 2025 22:52:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=zabbadoz.net; s=20240622; t=1753915935; bh=Q6m805Ku7bvPD4CwEfMczidUvH9O2l0fKbQhTqo/94A=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=C6VU8asZ9HNb9GkLZ1SUj7vgpBJn1WjVDyECn/1Lygz8TX5ZgX99QKsF8sl46EZJS 9XjGTljg1Eayef1gnQySS67gSj/xpU4vYQdLtUuBoKCgc8r6Vl5PkoXl9AlHVG556X MILeAWqY4LaLSchZMdomSJHqeqOci2Vo32Jo0GkYplcRWO7DR+MbzL3Da21PA2pNY3 HURmNiYwXWXKCp53vZyX9ENJwR+aPglwhO+iVq8bUcdAl3BVAV2oHyA66Bt7hQD7ZC YxJ0U/avnOUu53+OeqzvmIGF26Ty6RgY2I38rYwok6+mdBdQvZAHZeP/5z14fLKL// p2H4gO7UiWKNMPJKpNLOL2/3ZO1RehuXp07IK68+/FcINTHEokw8TZN79GVbWN3G5r y3ihmQig3MnFxD+9DCEaw1bnSa70N4QXRcIN9U4gNyh0hhHmfWbpHpygpcD4QcSurO KLN3WtRj10BnTfrZU7t377G1kF8CWQVqA7GO7OHtf5/MrntYmU4yASHUPTKPyy4Mqk 9l97/y7Ubrhu1SdPeeJzIQwxcpMAND6wcFfHIUxSMnvWZsWTfr9i2ZQd4Gs+4hb9Eq RHEJWW+bJtLAuExo97EXWd967JqP8GEKIp6GaDZCq6jLhU6rHq9PM8WY5ZTtpP1Mmm VBvbL5yLiYXT68/o3A5xSVyo= Received: from content-filter.t4-02.sbone.de (content-filter.t4-02.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:2742]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 2BA662D029E1; Wed, 30 Jul 2025 22:52:20 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:4902:0:7404:2:1025]) by content-filter.t4-02.sbone.de (content-filter.t4-02.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:2742]) (amavisd-new, port 10024) with ESMTP id cu1XII1z4Mbn; Wed, 30 Jul 2025 22:52:19 +0000 (UTC) Received: from strong-iwl0.sbone.de (strong-iwl0.sbone.de [IPv6:fde9:577b:c1a9:4902:a66b:b6ff:fe40:39a9]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 1D6C32D029D8; Wed, 30 Jul 2025 22:52:19 +0000 (UTC) Date: Wed, 30 Jul 2025 22:52:16 +0000 (UTC) From: "Bjoern A. Zeeb" To: Lexi Winter cc: net@freebsd.org Subject: Re: vlan(4) and bridge(4) on same interface In-Reply-To: Message-ID: <187902p9-2p89-2684-2639-85prs4o57n42@yvfgf.mnoonqbm.arg> References: X-OpenPGP-Key-Id: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Rspamd-Queue-Id: 4bsnXr1XgBz3lcB X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:3320, ipnet:2003::/19, country:DE] On Wed, 30 Jul 2025, Lexi Winter wrote: > i think bridge is the right solution here, but with vlan filtering, you > could do it this way instead: > > ifconfig bridge0 create vlanfilter addm dwc0 tagged dwc0 100-399 You are missing the inet6 on bridge0 or an "untagged" on dwc0 from my original example as I also had a Host IP on that for untagged packets which needs to become accessible again -- see questions below. > ifconfig bridge0 addm epair0a untagged epair0a 100 # epair0b in a jail > ifconfig bridge0 addm epair1a untagged epair1a 200 # epair1b in a jail > ifconfig bridge0 addm epair2a untagged epair2a 300 # epair2b in a jail I realised this is possible and I start to understand "untagged" a bit more after I read through the code earlier. nice :) My initial understanding was that you use "untagged" to lift the unttaged packets of a physical port into a vlan so you could configure a vlan access interface on top of the bridge for the host IP. I think this was all the examples I saw so far. And that did not make sense to me and was one thing I wanted to ask (see below). So now my brain currently translates the ifconfig vlanfilter keyword "untagged" into "access" to avoid confusion somehow. I think being more descriptive in the ifconfig man page will help here. Am I correct that if I do want to leave the untagged packets of a trunk connected to the bridge "untagged" I would still be able to configure the host IP on bridge0 without any need for "untagged" if no vlanfilter is in place? But the moment vlanfilter is in place these untagged packets would be dropped and I will always need a spare VLAN ID to sacrifice (even though only internally to that bridge and not visible outside -- unless that pvid matches the vlan ID on a differnt trunk connected to the bridge) and need to use the 'untagged' keyword? Or is it still possible to directly configure the Host IP on bridge0 and leave untagged packets as such? /bz -- Bjoern A. Zeeb r15:7