[Bug 294666] VLAN packets through bridge and dummynet gets VLAN ID set to 0
Date: Mon, 20 Apr 2026 14:35:27 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294666
Bug ID: 294666
Summary: VLAN packets through bridge and dummynet gets VLAN ID
set to 0
Product: Base System
Version: 15.0-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: bugs@FreeBSD.org
Reporter: groos@xiplink.com
Simple bridge setup with ipfw and dummynet:
root@satsim:~ # ifconfig bridge0
bridge0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric
0 mtu 9000
options=10<VLAN_HWTAGGING>
ether 58:9c:fc:10:9f:8e
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
bridge flags=0<>
member: em2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 3 priority 128 path cost 2000 vlan protocol 802.1q
member: em1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
port 2 priority 128 path cost 2000 vlan protocol 802.1q
groups: bridge
nd6 options=9<PERFORMNUD,IFDISABLED>
root@satsim:~ # ipfw show
00100 363624 43841638 pipe 1 ip from any to any out via em1
00100 363630 43842757 pipe 1 ip from any to any out via em2
65535 0 0 count ip from any to any not // orphaned dynamic states
counter
65535 766733 89810147 allow ip from any to any
root@satsim:~ # ipfw pipe 1 show
00001: 300.000 Mbit/s 300 ms burst 0
q131073 1000 KB 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 droptail
sched 65537 type FIFO flags 0x0 0 buckets 1 active
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
0 ip 0.0.0.0/0 0.0.0.0/0 730004 98236299 0 0
0
VLAN packets egressing have their VLAN ID's incorrectly set to 0:
10:20:29.755829 02:f8:36:ad:3c:e2 > 02:64:f0:31:29:45, ethertype 802.1Q
(0x8100), length 114: vlan 0, p 0, ethertype IPv4 (0x0800), 10.98.252.204 >
10.98.252.205: ESP(spi=0xc6a48616,seq=0x634), length 76
Removing the ipfw pipe rules result in the original, correct VLAN ID on the
egressing packets.
The following seems to fix it:
diff --git a/sys/netpfil/ipfw/ip_dn_io.c b/sys/netpfil/ipfw/ip_dn_io.c
index 03116cb0641c..af256b1a76a7 100644
--- a/sys/netpfil/ipfw/ip_dn_io.c
+++ b/sys/netpfil/ipfw/ip_dn_io.c
@@ -848,6 +848,22 @@ dummynet_send(struct mbuf *m)
case DIR_OUT | PROTO_LAYER2 | PROTO_IPV6:
case DIR_OUT | PROTO_LAYER2: /* DN_TO_ETH_OUT: */
MPASS(ifp != NULL);
+ /*
+ * If the packet carries a VLAN tag in M_VLANTAG,
+ * encode it into the Ethernet header before passing
+ * to ether_output_frame(). ether_set_pcp() (called
+ * from ether_output_frame) would otherwise re-insert
+ * a VLAN tag with VID 0, discarding the original VID.
+ */
+ if (m->m_flags & M_VLANTAG) {
+ m = ether_vlanencap_proto(m,
+ m->m_pkthdr.ether_vtag, ETHERTYPE_VLAN);
+ if (m == NULL)
+ break;
+ m->m_flags &= ~M_VLANTAG;
+ }
+
ether_output_frame(ifp, m);
break;
--
You are receiving this mail because:
You are the assignee for the bug.