Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VLAN packets are dropped by default #49

Open
olivier-matz-6wind opened this issue Nov 22, 2023 · 1 comment
Open

VLAN packets are dropped by default #49

olivier-matz-6wind opened this issue Nov 22, 2023 · 1 comment

Comments

@olivier-matz-6wind
Copy link

Hello,

In vde_switch, VLAN tagged packets are dropped by default, i.e. when the port VLAN is set to 0.

From what I see in the code, packets are only accepted if their VLAN is enabled for the port. But it seems not possible for a port to be in several VLANs at the same time (i.e. act as a trunk). See portsetvlan().

To me, the default behavior for a switch should be to ignore VLANs in packets. Am I wrong?

To reproduce the issue:

# start vde switch
vde_switch
# plug 2 tap interfaces
sudo vde_plug2tap tap0 &
sudo vde_plug2tap tap1 &
# configure tap0
sudo ip link set tap0 up
sudo ip addr add 192.168.50.1/24 dev tap0
# configure tap1 in another netns, so we can ping
sudo ip netns add temp
sudo ip link set tap1 netns temp
sudo ip netns exec temp ip link set tap1 up
sudo ip netns exec temp ip addr add 192.168.50.2/24 dev tap1
# in a dedicated terminal, dump traffic on tap1
sudo ip netns exec temp tcpdump -i tap1 -n -N -l -e
# check ping
ping -c 1 192.168.50.2

# using scapy, forge an ethernet packet, it passes the switch
p = Ether()/IP(dst='192.168.50.2')/UDP()
sendp(p, iface='tap0')
# a VLAN packet is dropped
p = Ether()/Dot1Q(vlan=1)/IP(dst='192.168.50.2')/UDP()
sendp(p, iface='tap0')

# remove temporary netns when test is done
sudo ip netns delete temp

Here is a draft patch, please let me know if I should submit a PR:

From 416538eb4fff1f7c685e8c9303abfafcdfbbeba0 Mon Sep 17 00:00:00 2001
From: Olivier Matz <[email protected]>
Date: Fri, 17 Nov 2023 12:07:55 +0100
Subject: [PATCH] vde_switch/port: ignore VLAN by default

Currently, VLAN tagged packets are dropped by default, i.e. when the
port VLAN is set to 0.

Packets are only accepted if their VLAN is enabled for the port. But it
is not possible for a port to be in several VLANs at the same
time (i.e. act as a trunk). See portsetvlan() to be convinced.

When port VLAN is set to 0, do not read the VLAN header, always accept
the packet as-is (as if it is not tagged). In other words, these ports
will act as trunks that are active for all VLANs.

Signed-off-by: Olivier Matz <[email protected]>
---
 src/vde_switch/port.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/vde_switch/port.c b/src/vde_switch/port.c
index 016fbf1..a5c3449 100644
--- a/src/vde_switch/port.c
+++ b/src/vde_switch/port.c
@@ -608,7 +608,10 @@ void handle_in_packet(struct endpoint *ep,  struct packet *packet, int len)
 					SEND_PACKET_PORT(portv[i],i,packet,len,&tmpbuf);
 #endif
 		} else { /* This is a switch, not a HUB! */
-			if (packet->header.proto[0] == 0x81 && packet->header.proto[1] == 0x00) {
+			if (portv[port]->vlanuntag == 0) {
+				tagged = 0;
+				vlan = 0;
+			} else if (packet->header.proto[0] == 0x81 && packet->header.proto[1] == 0x00) {
 				tagged=1;
 				vlan=((packet->data[0] << 8) + packet->data[1]) & 0xfff;
 				if (! ba_check(vlant[vlan].table,port))
-- 
2.30.2

@MagicRB
Copy link

MagicRB commented Aug 4, 2024

Ran into this myself, attempting to simulate PPPoE exactly the way KPN in the Netherlands does it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants