netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Vlad Yasevich <vyasevic@redhat.com>
To: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Stephen Hemminger <shemminger@vyatta.com>,
	David Miller <davem@davemloft.net>,
	or.gerlitz@gmail.com, netdev@vger.kernel.org, mst@redhat.com,
	john.r.fastabend@intel.com
Subject: Re: [PATCH 00/11] Add basic VLAN support to bridges
Date: Fri, 14 Dec 2012 11:50:51 -0500	[thread overview]
Message-ID: <50CB58EB.9050302@redhat.com> (raw)
In-Reply-To: <50CA5D39.5060003@mojatatu.com>

On 12/13/2012 05:56 PM, Jamal Hadi Salim wrote:
> On 12-12-13 05:37 PM, Stephen Hemminger wrote:
>
>>
>> You can, run any action before it hits the bridge.
>
> I think you and I have had this discussion before ;->
> It works just fine on ingress.
>
>
> #Add ingress qdisc on br0
> tc qdisc add dev br0 ingress
> #Add a filter to accept all and count
> tc filter add dev br0 parent ffff: protocol ip prio 6 u32 match ip dst
> 0/0 flowid 1:16 action ok
> #show the stats
> root@jhs12:~# tc -s filter show parent ffff: dev br0
> filter protocol ip pref 6 u32
> filter protocol ip pref 6 u32 fh 800: ht divisor 1
> filter protocol ip pref 6 u32 fh 800::800 order 2048 key ht 800 bkt 0
> flowid 1:16
>    match 00000000/00000000 at 16
>      action order 1: gact action pass
>       random type none pass val 0
>       index 2 ref 1 bind 1 installed 269 sec used 74 sec
>       Action statistics:
>      Sent 1210 bytes 15 pkt (dropped 0, overlimits 0 requeues 0)
>      backlog 0b 0p requeues 0
> ------
>
> Look at those packets ...

Interesting.  But, but how complex would be be to configure a vlan 
filter for say 10 different vlans, each one of them only permitted
to be forwarded to their respective VM.  Oh, and Vlan tags should
be stripped when they are being forwarded.

config:
       +- eth0
       |
   br0-+- vnet0 (vlan10) - VM1
       |
       +- vnet1 (vlan20) - VM2
       |
       +- vnet3 (vlan30) - VM3
... etc...

-vlad
>
> cheers,
> jamal
>
> cheers,
> jamal
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

  reply	other threads:[~2012-12-14 16:50 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-12-12 20:01 [PATCH 00/11] Add basic VLAN support to bridges Vlad Yasevich
2012-12-12 20:01 ` [PATCH 01/11] bridge: Add vlan filtering infrastructure Vlad Yasevich
2012-12-12 20:01 ` [PATCH 02/11] bridge: Validate that vlan is permitted on ingress Vlad Yasevich
2012-12-12 20:01 ` [PATCH 03/11] bridge: Verify that a vlan is allowed to egress on give port Vlad Yasevich
2012-12-12 20:01 ` [PATCH 04/11] bridge: Cache vlan in the cb for faster egress lookup Vlad Yasevich
2012-12-18 17:04   ` Stephen Hemminger
2012-12-18 17:50     ` Vlad Yasevich
2012-12-12 20:01 ` [PATCH 05/11] bridge: Add vlan to unicast fdb entries Vlad Yasevich
2012-12-12 20:01 ` [PATCH 06/11] bridge: Add vlan id to multicast groups Vlad Yasevich
2012-12-12 20:01 ` [PATCH 07/11] bridge: Add netlink interface to configure vlans on bridge ports Vlad Yasevich
2012-12-12 20:01 ` [PATCH 08/11] bridge: Add vlan support to static neighbors Vlad Yasevich
2012-12-12 20:01 ` [PATCH 09/11] bridge: Add the ability to configure untagged vlans Vlad Yasevich
2012-12-12 20:01 ` [PATCH 10/11] bridge: Implement untagged vlan handling Vlad Yasevich
2012-12-12 20:01 ` [PATCH 11/11] bridge: Dump vlan information from a bridge port Vlad Yasevich
2012-12-18 17:03   ` Stephen Hemminger
2012-12-18 17:51     ` Vlad Yasevich
2012-12-12 20:05 ` [PATCH 00/11] Add basic VLAN support to bridges Stephen Hemminger
2012-12-12 20:12   ` Vlad Yasevich
2012-12-12 22:54 ` Or Gerlitz
2012-12-12 23:36   ` Vlad Yasevich
2012-12-13 17:47     ` Stephen Hemminger
2012-12-13 18:53       ` Vlad Yasevich
2012-12-13 19:00       ` David Miller
2012-12-13 19:04         ` Stephen Hemminger
2012-12-13 20:17           ` Jamal Hadi Salim
2012-12-13 22:02             ` Stephen Hemminger
2012-12-13 22:37               ` Jamal Hadi Salim
2012-12-13 22:37                 ` Stephen Hemminger
2012-12-13 22:56                   ` Jamal Hadi Salim
2012-12-14 16:50                     ` Vlad Yasevich [this message]
2012-12-14 21:59                       ` Jamal Hadi Salim
2012-12-15 20:52                         ` Vlad Yasevich
2012-12-15 21:04                           ` Jamal Hadi Salim
2012-12-13 20:28 ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=50CB58EB.9050302@redhat.com \
    --to=vyasevic@redhat.com \
    --cc=davem@davemloft.net \
    --cc=jhs@mojatatu.com \
    --cc=john.r.fastabend@intel.com \
    --cc=mst@redhat.com \
    --cc=netdev@vger.kernel.org \
    --cc=or.gerlitz@gmail.com \
    --cc=shemminger@vyatta.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).