David Sommerseth wrote:
> I'll admit I don't understand too much how the VLAN's really work in
> core network code.
There's a prefix, and a wrapper to create virtual interfaces. And
there's the vconfig tool to do configuration. NIC drivers need to
support oversize frames.
vconfig add eth0 4 # VL
Fabian Knittel wrote:
> + if (ntohs (vlanhdr.tpid) != OPENVPN_ETH_P_8021Q)
> +{
> + /* Drop untagged frames */
> + goto err;
> +}
It would be nice to be able to use VID 0 to mean untagged packets.
//Peter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 31/03/10 23:58, Fabian Knittel wrote:
> Hi,
>
> The patch-set is now based on Davide Guerri's --passtos patch, as it directly
> falls with-in the functionality of my original version and looked like a
> candidate for integration.
>
> The patches a
Fabian Knittel wrote:
> + if (options->vlan_tag < OPENVPN_8021Q_MIN_VID || options->vlan_tag >
> OPENVPN_8021Q_MAX_VID)
..
> +#define OPENVPN_8021Q_MIN_VID 1
This looks like --vlan-tag 0 will not work.
> +#define OPENVPN_8021Q_MAX_VID 0xFFFE
The max VID in 802.1q is 4095 = 0xfff.
//Pet
This patch adds the new "--vlan-tagging" boolean option. The option is valid
in server mode. It is off by default.
The flag indicates whether openvpn should assume the tap device
to be in tagged mode, i.e. packets coming in on the device are tagged via
IEEE 802.1Q and packets going out through t
This patch adds the new "--vlan-tag" integer option. The option is valid
in server mode and can be set in a client context (e.g. from the client-connect
hook). It defaults to 0.
The value indicates which VID (VLAN identifier) to associate with a client.
The client will only receive packets which
This patch adds parsing of the IEEE 802.1Q headers for incoming and outgoing
ethernet frames.
For frames coming in from the tap interface, the 802.1Q header is parsed and
translated into a regular Ethernet II header. Note that the Priority Code
Point (PCP) and Canonical Format Indicator (CFI) fie
---
multi.c |6 ++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/multi.c b/multi.c
index 822ae29..661fd98 100644
--- a/multi.c
+++ b/multi.c
@@ -2143,11 +2143,15 @@ remove_vlan_identifier (struct buffer *buf)
if (ntohs (vlanhdr.tpid) != OPENVPN_ETH_P_8021Q)
{
Hi,
we're currently attempting to use OpenVPN in an environment where potentially
several hundred users connect to a cluster of OpenVPN instances and gain
access to several different internal networks.
The different networks are internally managed using VLANs (based on IEEE
802.1Q). (The packets
To allow openvpn's PF code to inspect IP packets contained within 802.1Q
packets, this patch enhances mroute_extract_addr_ether() to properly
skip over the 802.1Q header.
---
mroute.c | 10 +-
1 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/mroute.c b/mroute.c
index 1040b8
This patch enhances openvpn's internal packet routing to restrict broadcast
packets to destinations with a matching VID.
I.e. broadcasts from client to client or from tap interface to clients are now
filtered based on whether the client belongs to the correct VLAN id.
---
multi.c | 15 +
---
multi.c | 16 +++-
1 files changed, 15 insertions(+), 1 deletions(-)
diff --git a/multi.c b/multi.c
index 661fd98..641d464 100644
--- a/multi.c
+++ b/multi.c
@@ -1806,7 +1806,21 @@ multi_bcast (struct multi_context *m,
}
#endif
if (vid != 0 && vid
This patch appends the VID to the ethernet address in mroute_addr.
By including the VID in mroute_addr, the routing space is divided by VLAN.
This means:
- duplicate MAC addresses on different VLANs no longer conflict and
- all unicast-traffic is constrained to whatever VLAN the traffic came
This patch adds an additional length check to is_ipv4().
Currently is_ipv4() only checks whether the frame is large enough for struct
openvpn_ethhdr. In case of an 802.1Q packet the function now also checks
whether the frame is large enough for struct openvpn_8021qhdr, which is 4 bytes
larger than
14 matches
Mail list logo
