Peter Stuge schrieb: > Jan Just Keijser wrote: >> FYI: 802.1Q defines VLAN 1 as the 'native' LAN: all packets on VLAN 1 >> are *by definition* not encapsulated (according to my CCNA guide ;-)) [...] >> Perhaps we need to make sure that VID 1 means untagged ... > > Any VID can be untagged. While 1 is the default it can change and > OpenVPN shouldn't really care. > > One alternative approach to using tag 0 would be to introduce a > vlan-pvid (or vlan-default-tag) option to set the PVID.
So packets coming in on the tap device that aren't tagged would be assumed to have a vid == PVID. And packets going out on the tap device with a vid == PVID would go out untagged. (A vid of 0 would continue to be rejected as configuration option.) Not specifying --vlan-pvid would mean that only tagged packets are accepted (and sent). I'm still unsure what to do with incoming frames from clients who's vid matches the pvid and where the frames contain a full 802.1Q header with a non-zero vid. I'll probably just drop those packets. Maybe we should drop such packets regardless of the PVID value while in --vlan-tagging mode. (Tags in tags are apparently specified by 802.1ad and we don't support that anyway.) > But explicitly allowing tag 0 can also be useful. What would be the use-case? Packets with tag 0 are priority packets and we currently completely ignore / drop the priority values. We could of course add an option to specify whether the priority part of 802.1Q packets should be preserved. Instead of removing the 802.1Q packets when untagging, we would instead change the vid to 0 and leave the priority fields untouched. We'd probably want an option separate from the --vlan-tag option to specify that though ... And would this be a global setting or per-client? Per-client could make the broadcasting code a tad bit more difficult, as the packets would need to be modified for each client. (Stripping or not stripping the 802.1Q headers...) Cheers Fabian
signature.asc
Description: OpenPGP digital signature