On 4/4/25 13:47, Lexi Winter wrote:
hello,over the last few days i have been doing a bit of work on VLAN filtering for bridge(4), which i thought i'd mention here in case anyone is interested. the purpose of this is to extend the existing bridge VLAN support to make it more generally useful. the full changeset / diff is available at [0], including documentation and basic ATF tests. a summary of the new features: - a bridge member's PVID may be configured using ifpvid: ifconfig bridge0 ifpvid ix0 20 setting a PVID enables VLAN filtering on the member interface and restricts it to only send/receives frames on that specific VLAN. untagged incoming frames will be assigned to the correct VLAN. - a bridge member's port type may be configured using iftype: ifconfig bridge0 iftype ix0 <access|trunk|hybrid> access ports may only send/receive untagged frames; trunk ports may only send/receive frames with a non-zero .1q tag; hybrid ports may send/receive either type of frame. - for trunk and hybrid ports, the list of permitted VLANs may be set using +ifvlans/-ifvlans: ifconfig bridge0 +ifvlans ix0 100-599 ifconfig bridge0 -ifvlans ix0 105,300 the port will only be allowed to communicate on the VLANs in its access list (plus its PVID). - the VLAN configuration for a port is displayed in ifconfig: member: test2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 5 priority 128 path cost 2000 pvid 1 type trunk vlans 20 - when bridging between different port types (e.g. an access port and a trunk port), the bridge will add or remove .1q tags as required. - an SVI for a particular vlan may be created on the bridge using vlan(4): ifconfig vlan20 create vlan 20 vlandev bridge0 the SVI interface will send/receive traffic for that particular VLAN. to make review a bit easier, my plan is to submit this as smaller changesets of self-contained features. to start with that's two minor bug fixes: https://github.com/freebsd/freebsd-src/pull/1639 https://github.com/freebsd/freebsd-src/pull/1637 and the first actual feature which is the ifconfig 'ifpvid' option: https://github.com/freebsd/freebsd-src/pull/1634 if anyone has any comments/questions or would like to review this (or even commit it!) do feel free - obviously, this requires a fair amount of testing and i certainly wouldn't recommend using it in production yet. this is my first time writing any non-trivial kernel code, so it's quite possible everything is completely wrong. [0] https://github.com/freebsd/freebsd-src/compare/main...llfw:freebsd-src:lf/dev/bridge-1q
Looks awesome. Thanks for working on this. Any idea what the overhead is wrt packet forwarding rate? Any performance numbers comparing your bridge access port feature vs vlan + bridge?
-Matthew
