From owner-freebsd-net@FreeBSD.ORG Thu Jul 3 13:11:32 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2CA9637B401 for ; Thu, 3 Jul 2003 13:11:32 -0700 (PDT) Received: from www.ambrisko.com (adsl-64-174-51-42.dsl.snfc21.pacbell.net [64.174.51.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52D6643F85 for ; Thu, 3 Jul 2003 13:11:31 -0700 (PDT) (envelope-from ambrisko@www.ambrisko.com) Received: from www.ambrisko.com (localhost [127.0.0.1]) by www.ambrisko.com (8.12.8p1/8.12.8) with ESMTP id h63KBUO7082546 for ; Thu, 3 Jul 2003 13:11:30 -0700 (PDT) (envelope-from ambrisko@www.ambrisko.com) Received: (from ambrisko@localhost) by www.ambrisko.com (8.12.8p1/8.12.8/Submit) id h63KBUds082545 for freebsd-net@freebsd.org; Thu, 3 Jul 2003 13:11:30 -0700 (PDT) (envelope-from ambrisko) From: Doug Ambrisko Message-Id: <200307032011.h63KBUds082545@www.ambrisko.com> To: freebsd-net@freebsd.org Date: Thu, 3 Jul 2003 13:11:30 -0700 (PDT) X-Mailer: ELM [version 2.4ME+ PL94b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Subject: Suggesting for fixing VLAN bridging the right way X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2003 20:11:32 -0000 I'm trying to bridge VLAN traffic to network that doesn't have that VLAN, something like: (vlan network) -> fxp0 -> vlan0 <- FreeBSD bridge -> rl0 (no tag) Both of the networks are the same except one side is tagged the other has no tag. It works fine in the "no tag" -> "tag" direction. It fails in the "tag" -> "no tag" direction since ether_demux we bail out on this check: if (!(BDG_ACTIVE(ifp))) { /* * Discard packet if upper layers shouldn't see it because it * was unicast to a different Ethernet address. If the driver * is working properly, then this situation can only happen * when the interface is in promiscuous mode. */ if ((ifp->if_flags & IFF_PROMISC) != 0 && (eh->ether_dhost[0] & 1) == 0 && bcmp(eh->ether_dhost, IFP2AC(ifp)->ac_enaddr, ETHER_ADDR_LEN) != 0 && (ifp->if_flags & IFF_PPROMISC) == 0) { m_freem(m); return; } } since it doesn't consider VLAN tagged packets coming in the headers won't match this paradigm so the packets get through out. I did a quick hack and changed it to: if (!(BDG_ACTIVE(ifp))) { /* * Discard packet if upper layers shouldn't see it because it * was unicast to a different Ethernet address. If the driver * is working properly, then this situation can only happen * when the interface is in promiscuous mode. */ if ((ifp->if_flags & IFF_PROMISC) != 0 && (eh->ether_dhost[0] & 1) == 0 && bcmp(eh->ether_dhost, IFP2AC(ifp)->ac_enaddr, ETHER_ADDR_LEN) != 0 && (ifp->if_flags & IFF_PPROMISC) == 0) { /* * Let VLAN packets go to the SW VLAN node needed for * bridging */ if (! (vlan_input_p != NULL && ntohs(eh->ether_type) == ETHERTYPE_VLAN )) { m_freem(m); return; } } } That makes it work. I rather doubt this is the right solution. Suggestions greatly appreciated. This issue is in -current and -stable. Thanks, Doug A.