On Thursday 04 September 2003 02:03, Bassem Armanyous wrote: > Hello, > > This patch performs the same functionality of the patch I posted earlier > in the BRIDGE and VLAN mailing lists on Apr 5th, 2003. The earlier patch > reportedly caused an oops when running a kernel with vlan support compiled > as a module but not loaded. > > I tested it against a 2.4.20 kernel patched with > ebtables-v2.0.003_vs_2.4.20.diff and bridge-nf-0.0.10-against-2.4.20.diff. > I'll try to create another patch against 2.4.22 patched with the latest > ebtables-brnf patch as soon as I can.
Hi, sorry for the late response. I've finally found time to play around with vlans :) What your patch does can also be done with ebtables, without any other patches. Since your patch is quite intrusive, I think it's better to use ebtables. Also, with the ebtables approach the user has the choice to give tagged frames to the vlan code or not (in the situation as described below). Let me first restate the problem, for convenience: Suppose we have this situation: The following devices exist: eth0, eth1, eth0.1000, eth1.1000, br0, br1 br0 has ports eth0 and eth1 br1 has ports eth0.1000 and eth1.1000 In this scheme, br0 will deal with all bridged traffic. What some people want is that br1 deals with vlan-1000 tagged traffic and br0 with the rest. This is how to do it with ebtables: ebtables -t broute -A BROUTING -i eth0 --logical-in br0 -p 802_1q --vlan-id 1000 -j DROP ebtables -t broute -A BROUTING -i eth0.1000 --logical-in br1 -p ipv4 -j CONTINUE The second rule is just to show some counters. Also note that in the first rule --logical-in br0 isn't necessary. The first rule says to broute all vlan-1000 tagged traffic. In this specific case this means that the vlan code will receive the tagged frames on eth0 and from then on the frames entered on eth0.1000. Then the packet is queued again and later the bridge code gets a hold of it because br1 has port eth0.1000. So the brouting chain will be traversed twice by the frame. The first time it will match the first rule, the second time it will match the second rule. It's kinda complex inside, but the ebtables rule is quite simple :) Note that you can see here that the vlan code changed the Ethernet header: the protocol changed from 802_1q to IPv4. Also note that DROP inside the brouting table means the packet needs to be brouted. cheers, Bart _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
