Linux Ethernet Bridging - Jul 2007 - [Bridge] VLAN header accounting for packets leaving bridge

I have been working on an ebtables module to insert an 802.1Q (VLAN) 
tags into network packets leaving the bridge, via the POSTROUTING NAT 
chain.  To insert the VLAN tag the ethernet header size needs to be 
increased by 4 bytes.  I noticed that after increasing the size of the 
ethernet header that the ethernet header in packets on the wire was 
incorrect.

I think it is because the br_dev_queue_push_xmit function does not take 
the VLAN header into account when it moves the data pointer in the skb 
to the start of the ethernet header.  The following patch corrects this.

Does this make sense to do?  I plan to do more extensive testing passing 
vlan and non-vlan traffic across a bridge, and will report back with the 
results.

diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
index ada7f49..f30dc56 100644
--- a/net/bridge/br_forward.c
+++ b/net/bridge/br_forward.c
@@ -43,6 +43,8 @@ int br_dev_queue_push_xmit(struct sk_buff *skb)
                       kfree_skb(skb);
               else {
                       skb_push(skb, ETH_HLEN);
+                       if(skb->protocol == htons(ETH_P_8021Q))
+                         skb_push(skb, VLAN_HLEN);

                       dev_queue_xmit(skb);
               }

On Mon, 30 Jul 2007 10:48:40 -0600
Cameron Schaus <cam@schaus.ca> wrote:
> I have been working on an ebtables module to insert an 802.1Q (VLAN) 
> tags into network packets leaving the bridge, via the POSTROUTING NAT 
> chain.  To insert the VLAN tag the ethernet header size needs to be 
> increased by 4 bytes.  I noticed that after increasing the size of the 
> ethernet header that the ethernet header in packets on the wire was 
> incorrect.
> 
> I think it is because the br_dev_queue_push_xmit function does not take 
> the VLAN header into account when it moves the data pointer in the skb 
> to the start of the ethernet header.  The following patch corrects this.
> 
> Does this make sense to do?  I plan to do more extensive testing passing 
> vlan and non-vlan traffic across a bridge, and will report back with the 
> results.
> 
> diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
> index ada7f49..f30dc56 100644
> --- a/net/bridge/br_forward.c
> +++ b/net/bridge/br_forward.c
> @@ -43,6 +43,8 @@ int br_dev_queue_push_xmit(struct sk_buff *skb)
>                        kfree_skb(skb);
>                else {
>                        skb_push(skb, ETH_HLEN);
> +                       if(skb->protocol == htons(ETH_P_8021Q))
> +                         skb_push(skb, VLAN_HLEN);
> 
>                        dev_queue_xmit(skb);
>                }
>
This might break VLAN transparent bridging (ie. when eth0 is bridged to eth1
and the bridge doesn't know or care about vlan's). There is also the
case
where packet comes in over VLAN and goes out without tag.