From: Nathan Neulinger <nneul@neulinger.org>
To: Vlad Yasevich <vyasevich@gmail.com>, netdev@vger.kernel.org
Subject: Re: Any way to configure a vlan interface to grab ONLY untagged frames?
Date: Mon, 14 Sep 2015 13:35:28 -0500 [thread overview]
Message-ID: <55F71370.3000706@neulinger.org> (raw)
In-Reply-To: <55F711D1.9050605@gmail.com>
That is a quite elegant solution. I will give that a try!
-- Nathan
On 09/14/2015 01:28 PM, Vlad Yasevich wrote:
> On 09/13/2015 12:49 PM, Nathan Neulinger wrote:
>> It seems like running 'vconfig add IFACE 0' and using IFACE.0 would do this, but it
>> doesn't actually seem to work that way.
>>
>> If I capture on IFACE directly, I'd expect to get all traffic, including the tagged frames
>> (with the tag intact). Looking to be able to bridge/capture/etc. and specifically only
>> receive the untagged frames that haven't already been pulled out into a vlan specific
>> interface.
>>
>> Is there any way to accomplish this without using ebtables or other similar hacks?
>
> If you are dealing with a hw interface, any interface that supports vlan
> filtering will by default receive only untagged frames. Only when you put
> into promiscuous mode, will you receive all frames.
>
> With bridge, you could configure your vlans adjacent to you bridge:
>
> vlan0...N bridge
> | |
> +-- eth0 --+
>
> This way, configured vlan traffic will go to vlan devices, while all other
> traffic will got bridge. You can even limit this "all other traffic"
> further, by turning on vlan filtering on the bridge which will allow
> you to run eth0 in non-promiscuous mode thus enforcing HW vlan filters.
>
> -vlad
>
>>
>> -- Nathan
>>
>> ------------------------------------------------------------
>> Nathan Neulinger nneul@neulinger.org
>> Neulinger Consulting (573) 612-1412
>> --
>> To unsubscribe from this list: send the line "unsubscribe netdev" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
------------------------------------------------------------
Nathan Neulinger nneul@neulinger.org
Neulinger Consulting (573) 612-1412
prev parent reply other threads:[~2015-09-14 18:35 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-13 16:49 Any way to configure a vlan interface to grab ONLY untagged frames? Nathan Neulinger
2015-09-14 18:28 ` Vlad Yasevich
2015-09-14 18:35 ` Nathan Neulinger [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55F71370.3000706@neulinger.org \
--to=nneul@neulinger.org \
--cc=netdev@vger.kernel.org \
--cc=vyasevich@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).