From nobody Thu Sep 4 11:44:45 2025 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cHd1r177vz65rYm for ; Thu, 04 Sep 2025 11:44:48 +0000 (UTC) (envelope-from ivy@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cHd1r0M2Gz4Jfc; Thu, 04 Sep 2025 11:44:48 +0000 (UTC) (envelope-from ivy@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1756986288; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Szdvno+5FaAzI5mzwCyhLe0oejkYYEiJp4kt36+DcvI=; b=hNPOSZNIx5Rx1yvsURE5QrechwvGrLWOWSqRiw4jvBOe9aQGEzkFOdhDvNiN0iQBf9CvYE FZ5rYurQjfkxY+O+PJ6YMAyeuoP0N5eefWdA90yJz5A/Vp/tly0GeHy1oZipeVruDc1IVC xsm3kjKb5PgjVrrLKN3qV5qQphekWx6n8I245QYDBj26w+qYh8+t/KNNJDAew8dcc2vPd6 mGxEjim4Zm22BxBMbif1uflTwFc1WBfWLEnMoCSRsLfAQA7MUI0D2h4xHThYVC6/pY5vZH PgPDlAFvH9/U8qN7/B8Buxr/wc9hUFNHm/JWVlGxf5FhUoem6a3Vncu6fhcabA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1756986288; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Szdvno+5FaAzI5mzwCyhLe0oejkYYEiJp4kt36+DcvI=; b=fmxhdkEIcp1DBLXBVarZxz68upKzLh1/cfSpb9448tPZEMpuScsP2h+WjVzaHr7c1re3U9 CSIUcWdNtx3rMR3KyzAcO6Py6nuMDcS6ZcNfRKVsWaxcX/7ATmNiPhFZVgbtTimdkju/js O8jCsaQNhnZKOAmUXs6b442jvZRximWyl3ZrH1bnZwCCn4yy6ATzMdmgFJUkoaax1ZeR/N +FOfOQUsPwYr0FRAC9tq5646SBvrmtGj5ivPd4L3yTDOek9Eua8SuM3B+3gAXi9iBAfEDJ UaepGyje1/QhJFjuUhkh0rQuzLCdYgw2+Wx9k5LEgiEeNLpNI/18hHeyYLrMig== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1756986288; a=rsa-sha256; cv=none; b=w3YiXwr3V2HaCquO4AorKI8mfKpaxLX1AiTlu8vqNikC4+Dlflkp/MRJyeIsPR6h1GGbWK VfYXGcCdHAWY/xJz+BLREUCibVC61v3Cj1lKGX/+LS+zqRJR3vKXwhH8KyWnzJ1Fr8NLgp r7jjFWTXks0harkxqFukzKqRGXi1hFYBEgrEAQ1XLhy4Z1xCbIK5wVxNE5NK2nPrEma+97 YSLu2KxY1IwtUMaKYsUrsLl25lMJ7FIlgxU3y2mnz89cV+nXTyaj0adxEFL+RZgiDZNY4O XShuiM/C2Le4D+YeIHzhVLdYojr+EC1OBOTchKlJG8hy2zP+9y/DCLBYiol4eQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from amaryllis.le-fay.org (amaryllis.le-fay.org [IPv6:2a00:1098:6b:400::9]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: ivy/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4cHd1q4g9Zz9W2; Thu, 04 Sep 2025 11:44:47 +0000 (UTC) (envelope-from ivy@freebsd.org) Date: Thu, 4 Sep 2025 12:44:45 +0100 From: Lexi Winter To: Ronald Klop Cc: net@freebsd.org Subject: Re: bridge new vlan and iftagged "none" Message-ID: Mail-Followup-To: Ronald Klop , net@freebsd.org References: <481902534.1074.1756977663370@localhost> <1a91faca-69ef-410d-95ad-2d371c84f759@klop.ws> List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="DuVNuMVTUNKVGsYi" Content-Disposition: inline In-Reply-To: <1a91faca-69ef-410d-95ad-2d371c84f759@klop.ws> --DuVNuMVTUNKVGsYi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline hi Roland, Ronald Klop: > With VLANFILTER disabled epair4a did receive traffic and also > broadcasts on vlan 3. I don't know if this is expected. > Interestingly, with VLANFILTER disabled the "untagged 3" interfaces > also saw broadcast traffic which was not destined for vlan 3. with vlanfilter disabled, all interfaces will receive traffic on all vlans. the vlan tag may be added/removed based on the interface's untagged setting, but no filtering will be done. so the "untagged 3" interface should see broadcast traffic for (e.g.) vlan 1, but that traffic should have a .1q tag attached with the vlan id set to 1. note that bridge always behaved like this, that hasn't changed with the vlan filtering feature except for the new 'untagged' behaviour. the bug i noticed here (which the patch is meant to fix) is that when vlanfilter is enabled, traffic originated from the host, rather than a bridge interface, might be sent to a bridge port when it should have been filtered. this mostly affects BUM traffic since the incoming filtering prevents ND/ARP from working. > With the story above is the patch still needed? I will test anyway to > see what happens. It is a RPI4, so compiling is a bit slow. i was able to reproduce the problem here so it's not too important to test that if it's a hassle. to answer your other question: > I realize that I can now configure this to sent "tagged 1" traffic > between genet0 and the switch and even further into my network. Would > that have /any/ influence on performance? there is overhead on the wire of 4 bytes per frame for the .1q tag. the actual impact of this depends on your average frame size, but in most cases it's so small it's negligible. there is also some overhead involved in processing the tag itself. on the switch side, and on modern host network interfaces, this is done in hardware so there should be no impact on performance, but i don't think genet(4) supports this, meaning the kernel has to do tag processing in software. however, even on the sort of hardware that uses genet (i.e., slow CPUs), i don't think you'd notice this overhead in practice on a 1Gbps interface. --DuVNuMVTUNKVGsYi Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQSyjTg96lp3RifySyn1nT63mIK/YAUCaLl7qQAKCRD1nT63mIK/ YCRCAQD6RDckEw6UsmRnJAX/ohSkxUpDEe9Nwa2Hb5e4JTnA9AD+PBFF1F3hLIcP PEf5+aRaZ2gJfxJ35ukXDG9ONAODigM= =A5XO -----END PGP SIGNATURE----- --DuVNuMVTUNKVGsYi--