[VLAN] disable tag stripping on Intel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Unbelievable, it *does* work !

While testing yesterday, I had found that even traffic counters placed 
on eth1 in iptables, do not count the vlan-traffic on eth1. So even 
iptables seems to be broken by the hardware vlan insertion as well.

Since I could not (and actually still cannot) understand the traffic 
flow anymore, I didn't even bother to test tc, because tc shaping occurs 
after iptables, at the very end of the line. But it works anyway!

Can anyone explain to me how this is possible?

Thank a lot for your help Catalin!

=====

Catalin BOIE wrote:

>Zoilo Gomez wrote:
>  
>
>>Hi Joe, and others on this group,
>>
>>I found your messages from March 2005 in this VLAN candelatech.com
>>mailing list, concerning VLAN stripping on Intel. Have you ever been
>>able to get this working?
>>
>>I have the following setup on a router (gentoo / linux-2.6.16.20):
>>=> eth0: external DSL link
>>=> eth1: internal e1000 gigabit nic, connected to hp2626 vlan-switch.
>>
>>On eth1, I have created several VLANs, say vlan1 - vlan9, to separate
>>different groups of clients / traffic.
>>
>>As pointed out by you and others, the hardware vlan insertion/stripping
>>makes that, if a ping is performed through eg. vlan2, then:
>>=> tcpdump -n -i vlan2: will reveal both icmp-request en icmp-reply
>>packets (untagged), however
>>=> tcpdump -n -i eth1: will reveal only the icmp-request packets, and in
>>untagged format.
>>
>>WYSINWYG!
>>
>>What I need to do is traffic-shaping (http://www.lartc.org) based on
>>VLAN. I want to use iptables/ebtables to mark packets on different
>>vlans, so I can use 'tc filter' on eth1 to sort them into different
>>classes for my qdisc. DSL (eth0) download shaping must occur on eth1
>>(egress interface). It cannot be done on individual vlan interfaces,
>>since then there would be no way to have them use each others unused
>>bandwidth.
>>
>>But if I understand things correctly, then this is in fact impossible,
>>because I cannot seem to match/mark these packets in any way on eth1 (in
>>spite of the spooky egress vlan traffic on eth1 / tcpdump !?! You can
>>see it, but you cannot match it).
>>
>>So besides it being a nuisance that tcpdump is in fact broken (showing
>>things that are not there, and not showing things that are there) it
>>seems impossible to do proper traffic shaping, because of the hardware
>>vlan tagging. When I try this on a e100 (no hardware vlan tagging) then
>>tcpdump works as expected (I see all tagged packets on eth1, and I see
>>all untagged packets on vlanX) and I can also match the packets as
>>expected.
>>
>>AFAICS there is no easy way to disable hardware tagging on e1000, so I
>>would need to hack the driver.
>>
>>Is there another way to work around this?
>>
>>Or perhaps does someone know another Gigabit NIC where hardware vlan
>>tagging can easily be disabled (or is absent)?
>>
>>Any suggestions / experiences will be greatly appreciated !
>>    
>>
>
>You not see the packets with tcpdump on eth1, but they are there.
>Just attach tc filters on eth1 and use marking.
>I have also this situation and works perfectly.
>
>  
>
>>Z.
>>
>>_______________________________________________
>>Vlan mailing list
>>Vlan@xxxxxxxxxxxxxxx
>>http://www.candelatech.com/mailman/listinfo/vlan
>>
>>
>>    
>>
>
>
>
>  
>


[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]

  Powered by Linux