Cameron Schaus
2007-Jul-30 09:49 UTC
[Bridge] VLAN header accounting for packets leaving bridge
I have been working on an ebtables module to insert an 802.1Q (VLAN) tags into network packets leaving the bridge, via the POSTROUTING NAT chain. To insert the VLAN tag the ethernet header size needs to be increased by 4 bytes. I noticed that after increasing the size of the ethernet header that the ethernet header in packets on the wire was incorrect. I think it is because the br_dev_queue_push_xmit function does not take the VLAN header into account when it moves the data pointer in the skb to the start of the ethernet header. The following patch corrects this. Does this make sense to do? I plan to do more extensive testing passing vlan and non-vlan traffic across a bridge, and will report back with the results. diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c index ada7f49..f30dc56 100644 --- a/net/bridge/br_forward.c +++ b/net/bridge/br_forward.c @@ -43,6 +43,8 @@ int br_dev_queue_push_xmit(struct sk_buff *skb) kfree_skb(skb); else { skb_push(skb, ETH_HLEN); + if(skb->protocol == htons(ETH_P_8021Q)) + skb_push(skb, VLAN_HLEN); dev_queue_xmit(skb); }
Stephen Hemminger
2007-Jul-30 10:11 UTC
[Bridge] VLAN header accounting for packets leaving bridge
On Mon, 30 Jul 2007 10:48:40 -0600 Cameron Schaus <cam@schaus.ca> wrote:> I have been working on an ebtables module to insert an 802.1Q (VLAN) > tags into network packets leaving the bridge, via the POSTROUTING NAT > chain. To insert the VLAN tag the ethernet header size needs to be > increased by 4 bytes. I noticed that after increasing the size of the > ethernet header that the ethernet header in packets on the wire was > incorrect. > > I think it is because the br_dev_queue_push_xmit function does not take > the VLAN header into account when it moves the data pointer in the skb > to the start of the ethernet header. The following patch corrects this. > > Does this make sense to do? I plan to do more extensive testing passing > vlan and non-vlan traffic across a bridge, and will report back with the > results. > > diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c > index ada7f49..f30dc56 100644 > --- a/net/bridge/br_forward.c > +++ b/net/bridge/br_forward.c > @@ -43,6 +43,8 @@ int br_dev_queue_push_xmit(struct sk_buff *skb) > kfree_skb(skb); > else { > skb_push(skb, ETH_HLEN); > + if(skb->protocol == htons(ETH_P_8021Q)) > + skb_push(skb, VLAN_HLEN); > > dev_queue_xmit(skb); > } >This might break VLAN transparent bridging (ie. when eth0 is bridged to eth1 and the bridge doesn't know or care about vlan's). There is also the case where packet comes in over VLAN and goes out without tag.