On Fri, Aug 19, 2011 at 09:07:42AM +0200, Peter Hallin wrote: > Hello, > > I have a question. > > We use bridging firewalls at Lund University with different vlan tags on > respective sides of the bridges. The frames are therefore "retagged" > when passing through the bridge and unforunatley the priority flag gets > reset and always ends up as 0 on the other side. > > We would love to be able to let the priority flag pass the bridge and I > wonder if this could be possible in a not so distant future. > > In if_vlan.c, there is a comment regarding the prio flag: > > /* > * if_vlan.c - pseudo-device driver for IEEE 802.1Q virtual LANs. > * Might be extended some day to also handle IEEE 802.1p priority > * tagging. This is sort of sneaky in the implementation, since > * we need to pretend to be enough of an Ethernet implementation > * to make arp work. The way we do this is by telling everyone > * that we are an Ethernet, and then catch the packets that > * ether_output() left on our output queue when it calls > * if_start(), rewrite them for use by the real outgoing > * interface, > * and ask it to send them. > * > * Some devices support 802.1Q tag insertion in firmware. The > * vlan interface behavior changes when the > * IFCAP_VLAN_HWTAGGING > * capability is set on the parent. In this case, > * vlan_start() > * will not modify the ethernet header. > */ >
I have a partial diff for this. Unfortunately I couldn't test so I'll need more time. The idea is to flag the incoming packet with a new flag M_VLANPRIO which signals vlan(4) to not touch the vlanprio in vlan_start(). It's a proof-of-concept only, having something like this will probably involve a lot of talk. Sorry my diff is not showable at this time.
