From nobody Thu Sep 4 10:52:34 2025 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cHbsf54V5z65llW for ; Thu, 04 Sep 2025 10:52:38 +0000 (UTC) (envelope-from ivy@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cHbsf4Y2cz4940; Thu, 04 Sep 2025 10:52:38 +0000 (UTC) (envelope-from ivy@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1756983158; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Tf4A1kQqCZ+ge2EbD1/CoD94cVsnbIzoJEBEtMOTGWA=; b=QjKb/V0DomyLAHEKDldrJdMzOxBHve/jZ93bMq6uxl18FZ4z/a7toZCUXczmmj1I2f+f1Z IKtRHjNuLqvZ5FifpNxa24XonyN1Vvfe5Crm925zNB8vdtfdxeSWb1xnwLMQ2TtahRSk4e 4bV43Tr49kqIZuqv4LgfBkfM6Z2dRbn/Gwaq3NGXP6s0DFHb7pDVC4Q5IQrLTWqV+TQ1oh YU9dzanOQdXihPZmXdVY3tn7Zug9SBn8cWd3ealxMT+T6tW1zylnYe9PAaD7C8OL1WHfvq a+0lR6MJ19Lfh79hunsDkEs3bBmLsIiX+wWsmCX0MhndSDSzdiEpnQNTgOGl7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1756983158; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Tf4A1kQqCZ+ge2EbD1/CoD94cVsnbIzoJEBEtMOTGWA=; b=lx4q0nZiwmGiLslVL1KCcO0XF3+kOr7WuV5IzWANROz8Nhhoh2AH2LgBATxadJyU83bEY2 UFQHGjW7wLh9hvGZOtowPloE6j8BsVkB2gE4W+stPlg63PcaFC/GtzXhhAapdINSYpaDFl aYtGzod3vcV4FlWMRT3fcdQXv7v4Yv1GO3rgNAa40YSctozViwGMoXE4zkfHiZFl0jEjSf /tBNka4yIq9BI9Z6gZmdDh73F9SAOgQoctV8DJ3NlIx+mGaGkc9wPpG2hfTQ8ivoXFaA1Y sIaUr1Bq5ddeEn6jVt142Kv9w2dEJaOjyDATxopYwjAIrLKsrRoi2+Sa3EChmw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1756983158; a=rsa-sha256; cv=none; b=Mebxy36XI63sQiIbk8nEqAXFyWmD0+vOg9PyJ658DsCK6cr/22L9Gf/CqEk7zCzMwrqpQY fh+tuVjYDFE1c4H2LRzGI+nvbcwPR80gIefAX9NM+YoYsEGXb5OVgDbItIhELlE0YL8A++ KPdudE7/amu/po+Ie12jBVHT0MXrKN4edvxHNsnR/ggids5yOGQhBEumxJui57ykFsJ5BQ zbX8oYdlrvOvc0Qq+2Z6wvE7xcO5+1JTUXLgg9C0qz7byngog90t4N8edwk20jjCLPugSw WZQ/BJZSThwJb0hBFVQlMLq+vFvYEpO1jfhGYCk6qdZ9RTpZHeN6P+rJSMtxng== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from amaryllis.le-fay.org (amaryllis.le-fay.org [IPv6:2a00:1098:6b:400::9]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: ivy/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4cHbsf1ZvQz8s5; Thu, 04 Sep 2025 10:52:38 +0000 (UTC) (envelope-from ivy@freebsd.org) Date: Thu, 4 Sep 2025 11:52:34 +0100 From: Lexi Winter To: Ronald Klop Cc: net@freebsd.org Subject: Re: bridge new vlan and iftagged "none" Message-ID: Mail-Followup-To: Ronald Klop , net@freebsd.org References: <481902534.1074.1756977663370@localhost> List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="2TvblzbOFWlg7FoV" Content-Disposition: inline In-Reply-To: <481902534.1074.1756977663370@localhost> --2TvblzbOFWlg7FoV Content-Type: multipart/mixed; boundary="ayt0ni7SbeveW9E2" Content-Disposition: inline --ayt0ni7SbeveW9E2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline hi Roland, Ronald Klop: > member: epair4a flags=143 > port 15 priority 128 path cost 2000 vlan protocol 802.1q based on this configuration, epair4a should neither accept nor send any traffic. > epair4a still receives all traffic, so also traffic for vlan 3. however, it seems like there's an issue filtering outgoing traffic from the host itself. could you please try the attached patch and see if it makes any difference? --ayt0ni7SbeveW9E2 Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename=bridge-enqueue-filter.diff Content-Transfer-Encoding: quoted-printable diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index a854bbb96394..212c8622a1c8 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -2398,6 +2398,12 @@ bridge_enqueue(struct bridge_softc *sc, struct ifnet= *dst_ifp, struct mbuf *m, return (EINVAL); } =20 + /* Do VLAN filtering. */ + if (!bridge_vfilter_out(bif, m)) { + m_freem(m); + return (0); + } + /* We may be sending a fragment so traverse the mbuf */ for (; m; m =3D m0) { m0 =3D m->m_nextpkt; --ayt0ni7SbeveW9E2-- --2TvblzbOFWlg7FoV Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQSyjTg96lp3RifySyn1nT63mIK/YAUCaLlvbgAKCRD1nT63mIK/ YMhWAQD/38PJ+my7iupuMFohQz6S9krVrbd34W7w1QvSfgxjrwEA7AXnnjq+8SOe orzXeSI+EG8uOvENDCIZR0rBHAStqQM= =Qsay -----END PGP SIGNATURE----- --2TvblzbOFWlg7FoV--