Date: Wed, 19 Oct 2011 15:18:13 -0700 From: Juli Mallett <jmallett@FreeBSD.org> To: Ryan Stone <rysto32@gmail.com> Cc: freebsd-net <freebsd-net@freebsd.org>, Rozhuk.IM@gmail.com Subject: Re: ether_demux does not handle frames with embedded vlan tags Message-ID: <CACVs6=8Q6bAGSZ1O87G7x%2BaHq1hwf%2B-gFASCbWXpGB%2B%2BNvN_NQ@mail.gmail.com> In-Reply-To: <CAFMmRNxeiQF=iBDAQT4fQjvmmTA6=ygsEJQfAJW=Go1tSTtQSg@mail.gmail.com> References: <CAFMmRNz2Gqmk7wmiA83eQZfR9Rkcro9seD5ORYRHxKhZV%2BaR9Q@mail.gmail.com> <4e9e0de3.4364cc0a.38b5.ffffc94f@mx.google.com> <CAFMmRNxMPh9SOwXHR8uWqNMR=ns5HfFzb2OiB=wC2Kn%2B61PKbQ@mail.gmail.com> <4e9e6ba6.c972cd0a.3d45.ffffd504@mx.google.com> <CAFMmRNxoJafz9kz66sQXVYcsvd-tr8wqkh_-BbfhHD8RqRygKA@mail.gmail.com> <CACVs6=_6gHDay96a=pSw6Un_6fh=fuAew=DWYvWokBnyA=Y7Lg@mail.gmail.com> <CAFMmRNxeiQF=iBDAQT4fQjvmmTA6=ygsEJQfAJW=Go1tSTtQSg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 19, 2011 at 14:47, Ryan Stone <rysto32@gmail.com> wrote: > On Wed, Oct 19, 2011 at 3:30 PM, Juli Mallett <jmallett@freebsd.org> wrot= e: >> Why should the requirements for the Netgraph path be any different to >> the non-Netgraph path? =C2=A0If drivers must ensure that frames that rea= ch >> ether_demux have had their VLAN tags stripped, so should Netgraph >> things that act like drivers. =C2=A0So why don't you move that logic int= o >> ether_demux from the ether_input path, or have Netgraph use the >> ether_input path? > > Netgraph can't use the ether_input path because ether_input passes the > packet to the lower hook. =C2=A0It also passes the packet to things like > carp or if_bridge if necessary. =C2=A0I'm not sure whether it is intended > behaviour that the upper hook bypasses carp and if_bridge. > > if_bridge also depends on the vlan stripping behaviour, so vlan > stripping cannot be moved to ether_demux without re-implementing it in > bridge_input. This seems like a good argument for a flag like M_SKIPFIREWALL (or whatever it's called these days) that says that the packet was injected by an upper layer (in general, not just netgraph), which in the netgraph case could skip the lower filter. That would be considerably more consistent with how other Ethernet devices work, which would be an improvement over the current short-circuit to ether_demux.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACVs6=8Q6bAGSZ1O87G7x%2BaHq1hwf%2B-gFASCbWXpGB%2B%2BNvN_NQ>