From: Willy Tarreau <w@1wt.eu>
To: David Miller <davem@davemloft.net>
Cc: auke-jan.h.kok@intel.com, e1000-devel@lists.sourceforge.net,
netdev@vger.kernel.org,
djohnson+linux-kernel@sw.starentnetworks.com,
linux-kernel@vger.kernel.org, joonwpark81@gmail.com,
cfriesen@nortel.com, kaber@trash.net
Subject: Re: [PATCH 2/2] [e1000 VLAN] Disable vlan hw accel when promiscuous mode
Date: Tue, 13 Nov 2007 00:15:16 +0100 [thread overview]
Message-ID: <20071112231516.GA15227@1wt.eu> (raw)
In-Reply-To: <20071112.145716.06352378.davem@davemloft.net>
On Mon, Nov 12, 2007 at 02:57:16PM -0800, David Miller wrote:
> From: "Chris Friesen" <cfriesen@nortel.com>
> Date: Mon, 12 Nov 2007 16:43:24 -0600
>
> > David Miller wrote:
> >
> > > When you select VLAN, you by definition are asking for non-VLAN
> > > traffic to be elided. It is like plugging the ethernet cable
> > > into one switch or another.
> >
> > For max functionality it seems like the raw eth device should show
> > everything on the wire in promiscuous mode.
> >
> > If we want to sniff only the traffic for a specific vlan, we can sniff
> > the vlan device.
>
> VLAN settings are a filter of sorts, much like plugging into
> one switch or another filters traffic physically.
>
> If you don't want that filter, turn the VLAN settings off.
I don't really agree with that view. Having spent a lot of time with
tcpdump on production systems, I can say that sometimes you'd like to
be aware that one of your VLANs is wrong and you'd simply like to
sniff the wire to guess the correct tag. And on production, you simply
cannot remove other VLANs, otherwise you disrupt the service.
Basically, what generally happens is that the guy responsible for the
switch tells you "it's OK now", but for you it isn't and you cannot
access the switch.
If the solution is to disable VLAN hardware acceleration, I agree that
it is very risky to do that without the user being aware of it. But at
least we should be able to do this by any means (eg: ethtool) without
disabling what's running.
And since you made the parallel with a switch, when you receive tagged
traffic on a switch port, you generally can mirror that port to another
one and catch all VLANs at once. A new feature that is starting to appear
is the ability to mirror tagged traffic to a VLAN on another port (which
means you get a double 802.1q tag). This is useful for inter-site links
between data-centers for instance.
Regards,
Willy
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
next prev parent reply other threads:[~2007-11-12 23:15 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-11 0:51 [PATCH 2/2] [e1000 VLAN] Disable vlan hw accel when promiscuous mode Joonwoo Park
2007-11-12 17:12 ` Kok, Auke
2007-11-12 17:21 ` Patrick McHardy
2007-11-12 18:01 ` Kok, Auke
2007-11-12 22:33 ` David Miller
2007-11-12 22:43 ` Chris Friesen
2007-11-12 22:54 ` Kok, Auke
2007-11-14 11:48 ` Benny Amorsen
2007-11-12 22:57 ` David Miller
2007-11-12 23:15 ` Willy Tarreau [this message]
2007-11-12 23:19 ` David Miller
2007-11-12 23:32 ` Willy Tarreau
2007-11-12 23:38 ` Kok, Auke
2007-11-12 23:40 ` David Miller
2007-11-13 1:21 ` Joonwoo Park
2007-11-13 10:21 ` Patrick McHardy
2007-11-13 11:09 ` Herbert Xu
2007-11-13 11:36 ` David Miller
2007-11-13 12:03 ` Herbert Xu
2007-11-13 12:06 ` David Miller
2007-11-13 12:16 ` Herbert Xu
2007-11-13 12:18 ` Patrick McHardy
2007-11-13 16:41 ` Kok, Auke
2007-11-13 17:26 ` Patrick McHardy
2007-11-13 17:30 ` Kok, Auke
2007-11-14 9:42 ` Patrick McHardy
2007-11-14 23:30 ` Kok, Auke
2007-11-13 19:59 ` Kok, Auke
2007-11-13 12:32 ` David Miller
2007-11-13 1:21 ` Joonwoo Park
2007-11-12 22:28 ` David Miller
2007-11-13 20:43 ` Stephen Hemminger
-- strict thread matches above, loose matches on Subject: below --
2007-11-14 4:47 Joonwoo Park
2007-11-14 5:12 ` Kok, Auke
2007-11-14 6:15 ` Joonwoo Park
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071112231516.GA15227@1wt.eu \
--to=w@1wt.eu \
--cc=auke-jan.h.kok@intel.com \
--cc=cfriesen@nortel.com \
--cc=davem@davemloft.net \
--cc=djohnson+linux-kernel@sw.starentnetworks.com \
--cc=e1000-devel@lists.sourceforge.net \
--cc=joonwpark81@gmail.com \
--cc=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).