From nobody Wed Jul 30 15:04:48 2025 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bsb9D311Zz63gk1 for ; Wed, 30 Jul 2025 15:04:48 +0000 (UTC) (envelope-from ivy@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bsb9D295Fz3hMp for ; Wed, 30 Jul 2025 15:04:48 +0000 (UTC) (envelope-from ivy@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1753887888; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=KIGE1/pmkVWy5cTGHrVGMRzt18Xlvf3YweZq/GSAY/E=; b=hbwbViHi7vOqnv6Cq25hidtuXk+w9M7rPinjAR57bRqJsS2WzttkFgo2Oy+Dv08he8PeaE DwLhGzoD2TGTzR5Fqhp/567NbobqT5j2UYALjxdfBmFdzcD3YR1VCoYNZQFMwHAE//+cfQ 6gVLrtu8Mi3RAEjNa5/JGKvzZqoymdDfixBGg2zVIN7NVuwMXlCWyyZYXsLBFJirFkcnSs Zhd6FJ5k/uAq5gbM3xVJ6Su5moP+eV+jdcxQsnOiBUl9PiwFuuGtuF6sMc0Oj17wiWePa8 uiOjjGUcE7gHFfK3IDMmUz6EgSs361BU4ao3r5j51lLiXQSGx94tK7mNTdOWFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1753887888; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=KIGE1/pmkVWy5cTGHrVGMRzt18Xlvf3YweZq/GSAY/E=; b=TJpG3qt79lguZtRpbWXfFcMDheuFeC+zG0ZriNanAQHio6h+pfXsRFPjkyYCODHCBdqQlP 0GHFktD+8ApfHKYYTdqNyE6n5TtlHzUrth/seTWWCRr3aSIkRAnlI6tL4/SQ/tG6zbgUs2 pSygNESaqxVQLsE788gm4JRvHAUH8isjXmRgPLfpoDMXF5WjIXVxg07qxUd2ZpteWDLSk0 WbsYCZJ5EdGftkIulPUEOaoxHUpH0iQ9PxRRslS99EdVKEm5CQO/cfgKZxQ1se8qcw9bjX E0dAN1lZzCCxWEEeMqHr4FemJKMzIKbLZkm5jbAiC3jHhUyUY8c3rEHF6pl8Hg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1753887888; a=rsa-sha256; cv=none; b=wOt4HE4re4nkT3TZ8rMpZ0sYdMyTyGx5gI5ej9aRsJ3FcAtFzXGo1MB/vUOgxPY0TnNdVm UDHGgCA1MdlWHq1KBDY8PaVNnAbZr+/Adld5aT2RyMbFEft5EmF/7XjukLcuI9lzIORy6A 2kAX2AYBz3PYMkNGZ5SkuR6qWS7uGC/PsfhE2itIMDOodOBvKPf+occupCDwVW6LcZQc/H jOAWMWp05PzI7enGo2qwlINYAN87TJ9cAPSkH6gJR/Hq50ndp7Ae7cwkDAGJYqE4s0Opn5 SK6kReh4uFKm4Z5PcnpgTtSfERD0Ujj4cs5Z0ZyK7Vf6jFwiKILpQkdUHdrLSw== Received: by freefall.freebsd.org (Postfix, from userid 1532) id 4364122E66; Wed, 30 Jul 2025 15:04:48 +0000 (UTC) Date: Wed, 30 Jul 2025 16:04:48 +0100 From: Lexi Winter To: net@freebsd.org Subject: vlan(4) and bridge(4) on same interface Message-ID: Mail-Followup-To: net@freebsd.org List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="WmmCT/xFlXyuJuSy" Content-Disposition: inline --WmmCT/xFlXyuJuSy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline hello, currently we allow users to create a vlan and a bridge on the same interface, like this: % ifconfig ix0.100 create % ifconfig bridge0 create addm ix0 i am aware that some people are using this in production, but because it doesn't work properly[0], i would like to forbid this configuration in 16.0, i.e. it would not be possible to add an interface to a bridge if vlans are present on that interface, and vice versa. i am looking for feedback from people who are currently using this: - can you switch your untagged traffic to tagged instead and use a vlan(4) in a bridge? e.g., % ifconfig ix0.100 create % ifconfig ix0.101 create % ifconfig bridge0 create addm ix0.101 - can you switch to a vlan filtering bridge instead? e.g., % ifconfig bridge0 create addm ix0 vlanfilter tagged ix0 100,101 % ifconfig bridge0.100 create % ifconfig bridge0.101 create if the answer to both these questions is no, it would be helpful if you could explain why. [0] specifically, because both bridge(4) and vlan(4) expect to handle tagged traffic, it is not clear how the tagged packets on the interface should be handled. currently, they are processed by bridge(4) unless they are destined for a local Ethernet address, in which case they processed by vlan(4), but this behaviour is somewhat non-obvious and breaks things that require promiscuous mode on the vlan interface (e.g., tcpdump). --WmmCT/xFlXyuJuSy Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQSyjTg96lp3RifySyn1nT63mIK/YAUCaIo0jAAKCRD1nT63mIK/ YKAYAP4/cm9p1jf7xAseN/7BEoZWeWipgys2fig0jJZIDBzXGQD9EWv2+pcdk7g6 PK472kLwJcYsCXoBP3DtnToJehBHKg0= =dc9G -----END PGP SIGNATURE----- --WmmCT/xFlXyuJuSy--