From nobody Sat Apr 23 09:01:05 2022
X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 046D81A8E430
	for <freebsd-net@mlmmj.nyi.freebsd.org>; Sat, 23 Apr 2022 09:01:18 +0000 (UTC)
	(envelope-from ozkan.kirik@gmail.com)
Received: from mail-vs1-xe2b.google.com (mail-vs1-xe2b.google.com [IPv6:2607:f8b0:4864:20::e2b])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Kllcr4jvhz3msB
	for <freebsd-net@freebsd.org>; Sat, 23 Apr 2022 09:01:16 +0000 (UTC)
	(envelope-from ozkan.kirik@gmail.com)
Received: by mail-vs1-xe2b.google.com with SMTP id z144so70567vsz.13
        for <freebsd-net@freebsd.org>; Sat, 23 Apr 2022 02:01:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=OHxh49n4+m5JgYsx1l733ONA8iAdjeDFy2neffHeblI=;
        b=LUCiH5og3q4YLSN08fpmswp9IKOc48P1RxM4U2SnT1Xvotv77Ony2RkH6uYQSpwFol
         zAvF95ImggZ34ow6ve1X5zUYTgPDXpwODUqnsMjnh4m4nC7DRQwhZ6JL5jvXCZHZtDaW
         F7YF3IbDG//60p5RqDTsRxtMmYR27awOW5QuyZ0nsPUernpPN+iupaba1V0bb7RmcH59
         qrb0XfMYTNpXBELwOOA1Ab2JsWZcl5cDzVaSsUs07ErqXKku6vzTnGAPbOfqyi8mQJsh
         UiIsdOIQsSE2YYur8WBcOpBCiHuf4StGJSNBshq/BY3AaIDSiT3FuACTg6bVenTab0/+
         0F3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=OHxh49n4+m5JgYsx1l733ONA8iAdjeDFy2neffHeblI=;
        b=tQ4K1UuirsZmH3Yj3rKWz8pUB8+gkpCx/ldonN8qpvcBtsNIzqZ969VJWY0Wse+2Qk
         f1hviDmLsuGreCzfOgGMwabbfQm3rksp7E4iIZgDOsWl05FSQrUhy8myGVQ+r4wf8ocM
         3aXBAw7fkD1PccRuiFBcJyq+RkvZidZJl4nRRuLB32TKxAtOY9ATL5CIdei17USZ/L/8
         gRce0z75oInXX+TrtxaEZPueJr1TCsJllYF7ZiuCp83kyTvV3kA3/YCxkrvqrXxaYb2K
         sSsC7VSXXSTfIBLeXjYslUi/aJR1L7nCTIOI0tGADJjrFrzBToWXW+M8vlHHSqIO9S6A
         QT5A==
X-Gm-Message-State: AOAM5302ppCG3/Mj3DcAe29HOCbJhbWO6vdcYsB3/XNtJ7AEhC60edn0
	/6Ain+h/0bmeEDlDiMCEPPNIHazWMLTbEx/eHXzt0Ljua6U=
X-Google-Smtp-Source: ABdhPJx0Qxgbl0soPKcdpI1DgU1CkFMoxXpl9uc2d/aQYONshDZVt86PvOqKnN4226wbjZm5wCbsqpOPlFs6VB4Bvl0=
X-Received: by 2002:a67:dc0b:0:b0:32a:6c84:56a2 with SMTP id
 x11-20020a67dc0b000000b0032a6c8456a2mr2819473vsj.61.1650704476158; Sat, 23
 Apr 2022 02:01:16 -0700 (PDT)
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-net
List-Help: <mailto:freebsd-net+help@freebsd.org>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Subscribe: <mailto:freebsd-net+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-net+unsubscribe@freebsd.org>
Sender: owner-freebsd-net@freebsd.org
MIME-Version: 1.0
References: <mOEoiwDtLyUdBfav7_Ygz5qfW3nQuT7KM1CnKoXN4haHc-j3gQIYC5GK-eIsCWScLlBhntQNZr42XD-2txcOpHG1rykfrb8CbWvcP84iXxs=@enki-multimedia.eu>
 <8E5C5DFB-B029-4B32-A67B-D09042ACCEE3@punkt.de> <lB8crsuE_Iwma8ZvmlxOtSLtaSZLZ5SK0IqeQPpJG5xNn47yK5U3n30tYHMNUoiMNOxzGl6GN8psoJOmcHRZEaMqr6aWvKz5BkNtaxFyBqE=@enki-multimedia.eu>
In-Reply-To: <lB8crsuE_Iwma8ZvmlxOtSLtaSZLZ5SK0IqeQPpJG5xNn47yK5U3n30tYHMNUoiMNOxzGl6GN8psoJOmcHRZEaMqr6aWvKz5BkNtaxFyBqE=@enki-multimedia.eu>
From: =?UTF-8?B?w5Z6a2FuIEtJUklL?= <ozkan.kirik@gmail.com>
Date: Sat, 23 Apr 2022 12:01:05 +0300
Message-ID: <CAAcX-AEvfFLEOyKL3CJLvoSzJjKUvOwh4oqXPvZDbHBthOv+aA@mail.gmail.com>
Subject: Re: how to bridge "native" vlan?
To: Benoit Chesneau <benoitc@enki-multimedia.eu>
Cc: "Patrick M. Hausen" <hausen@punkt.de>, "freebsd-net@FreeBSD.org" <freebsd-net@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: 4Kllcr4jvhz3msB
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=LUCiH5og;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (mx1.freebsd.org: domain of ozkankirik@gmail.com designates 2607:f8b0:4864:20::e2b as permitted sender) smtp.mailfrom=ozkankirik@gmail.com
X-Spamd-Result: default: False [-0.35 / 15.00];
	 TO_DN_EQ_ADDR_SOME(0.00)[];
	 TO_DN_SOME(0.00)[];
	 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c];
	 FREEMAIL_FROM(0.00)[gmail.com];
	 MID_RHS_MATCH_FROMTLD(0.00)[];
	 DKIM_TRACE(0.00)[gmail.com:+];
	 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	 FROM_EQ_ENVFROM(0.00)[];
	 SUBJECT_ENDS_QUESTION(1.00)[];
	 MIME_TRACE(0.00)[0:+];
	 FREEMAIL_ENVFROM(0.00)[gmail.com];
	 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
	 TAGGED_FROM(0.00)[];
	 DWL_DNSWL_NONE(0.00)[gmail.com:dkim];
	 ARC_NA(0.00)[];
	 R_MIXED_CHARSET(0.62)[subject];
	 R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112];
	 NEURAL_HAM_MEDIUM(-0.98)[-0.978];
	 FROM_HAS_DN(0.00)[];
	 RCPT_COUNT_THREE(0.00)[3];
	 NEURAL_SPAM_SHORT(1.00)[1.000];
	 NEURAL_HAM_LONG(-1.00)[-1.000];
	 MIME_GOOD(-0.10)[text/plain];
	 PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org];
	 TO_MATCH_ENVRCPT_SOME(0.00)[];
	 RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::e2b:from];
	 MLMMJ_DEST(0.00)[freebsd-net];
	 RCVD_COUNT_TWO(0.00)[2];
	 RCVD_TLS_ALL(0.00)[]
X-ThisMailContainsUnwantedMimeParts: N

You can bridge both untagged frames (native vlan 1) and tagged frames
so basically "ALL" frames using if_bridge.
don't forget to put both interfaces to promiscuous mode.
If you don't enable the promiscuous mode, you can not receive VLAN
tagged frames because of "vlanhwfilter" feature of NIC.

ifconfig em0 promisc up
ifconfig em1 promisc up
ifconfig bridge0 create
ifconfig bridge0 addm em0 addm em1 up

thats all

Regards,
=C3=96zkan KIRIK
ePati Cyber Security

Benoit Chesneau <benoitc@enki-multimedia.eu>, 23 Nis 2022 Cmt, 11:13
tarihinde =C5=9Funu yazd=C4=B1:
>
> I've found this old ticket that let think it could be supported by ng_vla=
n :
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224961#c3
>
> But I'm not sure if it really works without some work around: regarding n=
ext comment :
>
> "Ethernet frames received without vlan tag will be dropped by this comple=
 schema but it is possible to process them too by inserting ng_tee node int=
o the graph"
>
> Does anyone have experience with it?
>
>
> Beno=C3=AEt Chesneau
> Sent with ProtonMail secure email.
> ------- Original Message -------
> On Thursday, April 21st, 2022 at 14:11, Patrick M. Hausen <hausen@punkt.d=
e> wrote:
>
>
> > Hello,
> >
> > > Am 21.04.2022 um 11:29 schrieb Benoit Chesneau benoitc@enki-multimedi=
a.eu:
> > > I have an interface on which multiple vlans are connected. I would li=
ke to bridge the vlan 100 and 200 but also have a bridge for the "native" v=
lan 1. I Can setup a bridge for vlan 100 and 200 the way below I think but =
how to create a bridge for the "native" vlan?
> >
> >
> > I don't have any experience with netgraph but I do know that
> > you cannot do that with if_bridge(4). If you make the physical
> > interface the member of a bridge, you cannot use additional
> > VLANs on that interface, anymore.
> >
> > Does anybody know if the same restriction applies to ng_bridge(4)?
> >
> > Kind regards,
> > Patrick
> > --
> > punkt.de GmbH
> > Patrick M. Hausen
> > .infrastructure
> >
> > Kaiserallee 13a
> > 76133 Karlsruhe
> >
> > Tel. +49 721 9109500
> >
> > https://infrastructure.punkt.de
> > info@punkt.de
> >
> > AG Mannheim 108285
> > Gesch=C3=A4ftsf=C3=BChrer: J=C3=BCrgen Egeling, Daniel Lienert, Fabian =
Stein
>