Created
June 30, 2023 13:25
-
-
Save tonusoo/28b79e999cc789b868d64d43116bd807 to your computer and use it in GitHub Desktop.
passing VLANs to guest in case of Linux bridge
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Setup below allows one guest to receive untagged frames while the other guest receives tagged traffic. | |
| # Mark the frames depending on the ingress interface. eth0 is facing the physical network. | |
| ebtables -A FORWARD -i eth0.173 -j mark --mark-set 173 --mark-target CONTINUE | |
| ebtables -A FORWARD -i eth0.174 -j mark --mark-set 174 --mark-target CONTINUE | |
| # vnet0 is a TAP device facing the virtual machine. | |
| # Switch to classful prio qdisc for egress traffic. | |
| tc qdisc add dev vnet0 handle fffe: root prio | |
| # Attach filters to qdisc handle which will perform the VLAN push. | |
| tc filter add dev vnet0 parent fffe: handle 173 fw action vlan push id 173 | |
| tc filter add dev vnet0 parent fffe: handle 174 fw action vlan push id 174 | |
| tc qdisc add dev vnet0 handle ffff: ingress | |
| # Attach filter to ingress qdisc handle which will perform the outermost VLAN pop for inbound traffic. | |
| tc filter add dev vnet0 parent ffff: u32 match u32 0 0 action vlan pop | |
| root@h2:~# bridge link | grep br-trunk | |
| 16: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-trunk state forwarding priority 32 cost 100 | |
| 35: eth0.173@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-trunk state forwarding priority 32 cost 4 | |
| 36: eth0.174@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-trunk state forwarding priority 32 cost 4 | |
| root@h2:~# | |
| root@h2:~# ebtables -L FORWARD | |
| Bridge table: filter | |
| Bridge chain: FORWARD, entries: 2, policy: ACCEPT | |
| -i eth0.173 -j mark --mark-set 0xad --mark-target CONTINUE | |
| -i eth0.174 -j mark --mark-set 0xae --mark-target CONTINUE | |
| root@h2:~# | |
| root@h2:~# tc -s qdisc show dev vnet0 | |
| qdisc prio fffe: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 | |
| Sent 1249620378 bytes 863848 pkt (dropped 0, overlimits 0 requeues 0) | |
| backlog 0b 0p requeues 0 | |
| qdisc ingress ffff: parent ffff:fff1 ---------------- | |
| Sent 113362208 bytes 87808 pkt (dropped 0, overlimits 0 requeues 0) | |
| backlog 0b 0p requeues 0 | |
| root@h2:~# | |
| root@h2:~# tc -s filter show dev vnet0 | |
| filter parent fffe: protocol all pref 49151 fw chain 0 | |
| filter parent fffe: protocol all pref 49151 fw chain 0 handle 0xae | |
| action order 1: vlan push id 174 protocol 802.1Q priority 0 pipe | |
| index 2 ref 1 bind 1 installed 3733 sec used 3111 sec | |
| Action statistics: | |
| Sent 244261162 bytes 174720 pkt (dropped 0, overlimits 0 requeues 0) | |
| backlog 0b 0p requeues 0 | |
| filter parent fffe: protocol all pref 49152 fw chain 0 | |
| filter parent fffe: protocol all pref 49152 fw chain 0 handle 0xad | |
| action order 1: vlan push id 173 protocol 802.1Q priority 0 pipe | |
| index 1 ref 1 bind 1 installed 3757 sec used 3125 sec | |
| Action statistics: | |
| Sent 1005356332 bytes 689098 pkt (dropped 0, overlimits 0 requeues 0) | |
| backlog 0b 0p requeues 0 | |
| root@h2:~# | |
| root@h2:~# tc -s filter show dev vnet0 ingress | |
| filter protocol all pref 49152 u32 chain 0 | |
| filter protocol all pref 49152 u32 chain 0 fh 800: ht divisor 1 | |
| filter protocol all pref 49152 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 terminal flowid ??? not_in_hw (rule hit 87808 success 87808) | |
| match 00000000/00000000 at 0 (success 87808 ) | |
| action order 1: vlan pop pipe | |
| index 3 ref 1 bind 1 installed 3644 sec used 839 sec | |
| Action statistics: | |
| Sent 113362208 bytes 87808 pkt (dropped 0, overlimits 0 requeues 0) | |
| backlog 0b 0p requeues 0 | |
| root@h2:~# |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment