Hello, I have a question.
We use bridging firewalls at Lund University with different vlan tags on respective sides of the bridges. The frames are therefore "retagged" when passing through the bridge and unforunatley the priority flag gets reset and always ends up as 0 on the other side. We would love to be able to let the priority flag pass the bridge and I wonder if this could be possible in a not so distant future. In if_vlan.c, there is a comment regarding the prio flag: /* * if_vlan.c - pseudo-device driver for IEEE 802.1Q virtual LANs. * Might be extended some day to also handle IEEE 802.1p priority * tagging. This is sort of sneaky in the implementation, since * we need to pretend to be enough of an Ethernet implementation * to make arp work. The way we do this is by telling everyone * that we are an Ethernet, and then catch the packets that * ether_output() left on our output queue when it calls * if_start(), rewrite them for use by the real outgoing * interface, * and ask it to send them. * * Some devices support 802.1Q tag insertion in firmware. The * vlan interface behavior changes when the * IFCAP_VLAN_HWTAGGING * capability is set on the parent. In this case, * vlan_start() * will not modify the ethernet header. */ Sounds tricky, but can it be done? Any feedback highly appreciated. Brgds, Peter -- -- Peter Hallin IT-Security and firewalls LDC, Lunds Universitet Margaretav. 1A, 222 40, LUND http://www.ldc.lu.se
