Broadcom bge and 802.1Q vlan tags

Ruslan Ermilov ru at
Wed Oct 13 09:23:27 PDT 2004

On Wed, Oct 13, 2004 at 08:51:02AM -0700, Sam Leffler wrote:
> Ruslan Ermilov wrote:
> >Hi Sam,
> >
> >On Tue, Oct 12, 2004 at 01:20:07PM -0700, Sam Leffler wrote:
> >
> >>>>This pessimizes normal traffic.
> >>>
> >>>m_tag_locate() doesn't look like a very expensive function.  And
> >>>with the "normal traffic", I don't expect to be more than one tag,
> >>>no?  Also, if if_nvlans > 0, this is already "pessimized".
> >>>
> >>>
> >>>
> >>>>We should look for a solution in the 
> >>>>driver(s) to avoid sending packets up with tags when no vlans are 
> >>>>configured.
> >>>>
> >>>
> >>>I'd be opposed to such a change in behavior.  The VLAN consumer can
> >>>be not only vlan(4), it can equally be the ng_vlan(4) node, etc.
> >>
> >>I'm not sure what you are opposed to or why.  The issue I have is that 
> >>m_tag_locate can be expensive if many packets have tags.  The check for 
> >>the existence of vlans configured on the interface short-circuits this 
> >>work.  That vlan-tagged packets may be generated when no vlans are 
> >>configured seems wrong to me and breaks the assumption used to write the 
> >>code.  Changing the driver to drop the frame if ifp->if_nvlans is zero 
> >>seems straightforward and could probably be hidden in the existing macro.
> >>
> >
> >Please take a moment and re-read what I've already said: vlan(4) is not
> >the only consumer of VLAN frames: ng_vlan(4) is another such one, and I
> >have a proprietary Netgraph node here that demultiplexes VLANs.  If you
> >start dropping VLAN frames in drivers when if_nvlans == 0, this will be
> >a problem for me.  Is that clear now?
> >
> >
> >Cheers,
> I've read what you've written but you also haven't explained why you 
> can't signal the presence of these other entities in some way.
Because these other entities don't have an access to "ifp", and can
even exist on remote host (please see below).

> The 
> current mechanism to signal the presence of "interested parties" for 
> vlan-tagged frames is ifp->if_nvlans. You are saying you have new 
> (proprietary) code that is interested in vlans but will not use the 
> existing mechanism. My reaction is fix your code, don't pessimize the 
> code everyone else uses without netgraph.
But ng_vlan(4) is part of the standard FreeBSD distribution, and you
don't have access to "ifp" inside ng_vlan(4), because it's connected
to the interface indirectly, through the ng_ether(4) node.  Even worse,
ng_vlan(4) may not even be connected to a local interface, for example,
you can capture and tunnel all Ethernet traffic to another host, and
do the VLAN processing there, FWIW.

So while ifp->if_nvlans seems to be a good signalling mechamism for
vlan(4), it's not suitable for ng_vlan(4) and other Netgraph code
that works with VLAN.  This code works now, and I'm afraid it will
break if we change drivers to drop VLAN frames if if_nvlans == 0,
and I fail to see how I can make it work again after that.

In other words, I want that ng_ether(4) continues to see VLAN frames
even if no vlan(4) interfaces are configured, like it does now: the
ng_ether processing is done in ether_input() before ether_demux()
that checks for ifp->if_nvlans.

OTOH, you may be right that one option would be to make ng_ether(4)
increment ifp->if_nvlans, but I'm a little worried about the effect
of doing this on the VLAN_OUTPUT_TAG macro (it looks safe, but I'm
not sure).

Ruslan Ermilov
ru at
FreeBSD committer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-current mailing list