You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In vde_switch, VLAN tagged packets are dropped by default, i.e. when the port VLAN is set to 0.
From what I see in the code, packets are only accepted if their VLAN is enabled for the port. But it seems not possible for a port to be in several VLANs at the same time (i.e. act as a trunk). See portsetvlan().
To me, the default behavior for a switch should be to ignore VLANs in packets. Am I wrong?
To reproduce the issue:
# start vde switch
vde_switch
# plug 2 tap interfaces
sudo vde_plug2tap tap0 &
sudo vde_plug2tap tap1 &
# configure tap0
sudo ip link set tap0 up
sudo ip addr add 192.168.50.1/24 dev tap0
# configure tap1 in another netns, so we can ping
sudo ip netns add temp
sudo ip link set tap1 netns temp
sudo ip netns exec temp ip link set tap1 up
sudo ip netns exec temp ip addr add 192.168.50.2/24 dev tap1
# in a dedicated terminal, dump traffic on tap1
sudo ip netns exec temp tcpdump -i tap1 -n -N -l -e
# check ping
ping -c 1 192.168.50.2
# using scapy, forge an ethernet packet, it passes the switch
p = Ether()/IP(dst='192.168.50.2')/UDP()
sendp(p, iface='tap0')
# a VLAN packet is dropped
p = Ether()/Dot1Q(vlan=1)/IP(dst='192.168.50.2')/UDP()
sendp(p, iface='tap0')
# remove temporary netns when test is done
sudo ip netns delete temp
Here is a draft patch, please let me know if I should submit a PR:
From 416538eb4fff1f7c685e8c9303abfafcdfbbeba0 Mon Sep 17 00:00:00 2001
From: Olivier Matz <[email protected]>
Date: Fri, 17 Nov 2023 12:07:55 +0100
Subject: [PATCH] vde_switch/port: ignore VLAN by default
Currently, VLAN tagged packets are dropped by default, i.e. when the
port VLAN is set to 0.
Packets are only accepted if their VLAN is enabled for the port. But it
is not possible for a port to be in several VLANs at the same
time (i.e. act as a trunk). See portsetvlan() to be convinced.
When port VLAN is set to 0, do not read the VLAN header, always accept
the packet as-is (as if it is not tagged). In other words, these ports
will act as trunks that are active for all VLANs.
Signed-off-by: Olivier Matz <[email protected]>
---
src/vde_switch/port.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/vde_switch/port.c b/src/vde_switch/port.c
index 016fbf1..a5c3449 100644
--- a/src/vde_switch/port.c
+++ b/src/vde_switch/port.c
@@ -608,7 +608,10 @@ void handle_in_packet(struct endpoint *ep, struct packet *packet, int len)
SEND_PACKET_PORT(portv[i],i,packet,len,&tmpbuf);
#endif
} else { /* This is a switch, not a HUB! */
- if (packet->header.proto[0] == 0x81 && packet->header.proto[1] == 0x00) {
+ if (portv[port]->vlanuntag == 0) {
+ tagged = 0;
+ vlan = 0;
+ } else if (packet->header.proto[0] == 0x81 && packet->header.proto[1] == 0x00) {
tagged=1;
vlan=((packet->data[0] << 8) + packet->data[1]) & 0xfff;
if (! ba_check(vlant[vlan].table,port))
--
2.30.2
The text was updated successfully, but these errors were encountered:
Hello,
In vde_switch, VLAN tagged packets are dropped by default, i.e. when the port VLAN is set to 0.
From what I see in the code, packets are only accepted if their VLAN is enabled for the port. But it seems not possible for a port to be in several VLANs at the same time (i.e. act as a trunk). See portsetvlan().
To me, the default behavior for a switch should be to ignore VLANs in packets. Am I wrong?
To reproduce the issue:
Here is a draft patch, please let me know if I should submit a PR:
The text was updated successfully, but these errors were encountered: