hello,
over the last few days i have been doing a bit of work on VLAN filtering
for bridge(4), which i thought i'd mention here in case anyone is
interested. the purpose of this is to extend the existing bridge VLAN
support to make it more generally useful.
the full changeset / diff is available at [0], including documentation
and basic ATF tests.
a summary of the new features:
- a bridge member's PVID may be configured using ifpvid:
ifconfig bridge0 ifpvid ix0 20
setting a PVID enables VLAN filtering on the member interface and
restricts it to only send/receives frames on that specific VLAN.
untagged incoming frames will be assigned to the correct VLAN.
- a bridge member's port type may be configured using iftype:
ifconfig bridge0 iftype ix0 <access|trunk|hybrid>
access ports may only send/receive untagged frames; trunk ports may
only send/receive frames with a non-zero .1q tag; hybrid ports may
send/receive either type of frame.
- for trunk and hybrid ports, the list of permitted VLANs may be set
using +ifvlans/-ifvlans:
ifconfig bridge0 +ifvlans ix0 100-599
ifconfig bridge0 -ifvlans ix0 105,300
the port will only be allowed to communicate on the VLANs in its
access list (plus its PVID).
- the VLAN configuration for a port is displayed in ifconfig:
member: test2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 5 priority 128 path cost 2000 pvid 1 type
trunk vlans 20
- when bridging between different port types (e.g. an access port and a
trunk port), the bridge will add or remove .1q tags as required.
- an SVI for a particular vlan may be created on the bridge using
vlan(4):
ifconfig vlan20 create vlan 20 vlandev bridge0
the SVI interface will send/receive traffic for that particular VLAN.
to make review a bit easier, my plan is to submit this as smaller
changesets of self-contained features. to start with that's two minor
bug fixes:
https://github.com/freebsd/freebsd-src/pull/1639
https://github.com/freebsd/freebsd-src/pull/1637
and the first actual feature which is the ifconfig 'ifpvid' option:
https://github.com/freebsd/freebsd-src/pull/1634
if anyone has any comments/questions or would like to review this (or
even commit it!) do feel free - obviously, this requires a fair amount
of testing and i certainly wouldn't recommend using it in production
yet. this is my first time writing any non-trivial kernel code, so it's
quite possible everything is completely wrong.
[0]
https://github.com/freebsd/freebsd-src/compare/main...llfw:freebsd-src:lf/dev/bridge-1q
