Re: [Openvpn-devel] [PATCH applied] Re: maddr: export VLAN ID from client context to maddr object
Hi, On Wed, Nov 06, 2019 at 10:11:58PM +0100, Gert Doering wrote: > As a side note: it seems that whoever did the IPv6 payload patches was > a bit sloppy (it was me, so I am allowed to say that). MAC learning is > only done on IPv4 and ARP packets, but not on IPv6 packets - so I expect > "ipv6 only mode on tap" to be a bit wacky... this needs re-testing > before we can declare "ipv6-only works reliably". I was wrong here. This part is only for the extraction of the "inner" addresses in an tap/ethernet packet, which are then subsequently used for ENABLE_PF filtering. Since *that* only has IPv4 (because nobody reviewed and ACKed Antonio's "make PF support IPv6" patches yet) it makes sense that the code only extract IPv4 addresses. Now, I see a slight merge conflict with the PF/IPv6 patch set... :-) gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH applied] Re: maddr: export VLAN ID from client context to maddr object
Acked-by: Gert Doering Stared at the code, ran client side tests, full set of server side tests, and compiled (+client tested) on FreeBSD 7.4 to give the "anonymous union explosion" bits a good checking :-) (it does not explode anymore, thanks for fixing that). Similar to 2/9, this patch does not actually change behaviour yet - it adds the 2-byte vid to the hashed ethernet address for per-client learning, but as all callers set it to "0", there is no "vlan separation" effect yet (I know it's coming in a future patch, just pointing out why this patch does not change visible behaviour yet). It shows up in the "MULTI: Learn" lines already, though Nov 6 22:04:51 gentoo tap-udp-p2mp[11510]: freebsd-11-amd64/2001:608:0:814::f000:16 MULTI: Learn: 00:bd:b5:63:b5:04@0 -> freebsd-11-amd64/2001:608:0:814::f000:16 .. the "@0" bit after the MAC address is the PVID. As a side note: it seems that whoever did the IPv6 payload patches was a bit sloppy (it was me, so I am allowed to say that). MAC learning is only done on IPv4 and ARP packets, but not on IPv6 packets - so I expect "ipv6 only mode on tap" to be a bit wacky... this needs re-testing before we can declare "ipv6-only works reliably". Your patch has been applied to the master branch. commit a2b7230712dbc8cfab85d5bd59605f58fc5fe5f8 Author: Antonio Quartulli Date: Wed Oct 9 16:34:16 2019 +0200 maddr: export VLAN ID from client context to maddr object Signed-off-by: Fabian Knittel Signed-off-by: Antonio Quartulli Acked-by: Gert Doering Message-Id: <20191009143422.9419-...@unstable.cc> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18917.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel