Hi there. I has recently realized it is unclear how does VLANs are processed according to netfilter packet flow. Mostly I'm using simplified packet flow diagram like this: http://www.chinalinuxpub.com/doc/www.siliconvalleyccie.com/images/iptables.gif But even more complicated diagram like this: http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg doesn't answer my question. I was believing processing VLANs is linear, like the job is beinf done at one point. Consider setup: eth0: physical interface eth0.11: VLAN 11 on eth0 eth0.12: VLAN 12 on eth0 eth0.13: VLAN 13 on eth0 br0: bridge of eth0.11, eth0.12, eth0.13 After seeing original incomming packet on eth0.11 and it already DNATed on br0 with tcpdump I understood I was wrong. It seems like the packet is being processed until some point, then unVLANed and reinjected. I'm suspecting that im this setup the packet could even make 3 rounds, one as it is from eth0, one unVLANed as it is from eth0.11 and one as it is from br0 (???). The later scheme covers bridge traffic. So the question is how does VLAN proceccing relates to the later scheme and where does tcpdump -i eth0, tcpdump -i eth0.11 and tcpdump br0 sees the packet relating to the later scheme? If you could also answer the same question about imq that would be perfect. -- Покотиленко Костик <casper@xxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
