2 .\" SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 .\" Copyright (c) 2019-2021 IKS Service GmbH
6 .\" Redistribution and use in source and binary forms, with or without
7 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in the
13 .\" documentation and/or other materials provided with the distribution.
15 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 .\" Author: Lutz Donnerhacke <lutz@donnerhacke.de>
36 .Nd IEEE 802.1ad VLAN manipulation netgraph node type
40 .In netgraph/ng_vlan_rotate.h
44 node type manipulates the order of VLAN tags of frames tagged
45 according to the IEEE 802.1ad (an extension of IEEE 802.1Q) standard
46 between different hooks.
48 Each node has four special hooks,
55 A frame tagged with an arbitrary number of
62 hook will be rearranged to a new order of those tags and is sent out
66 After successful processing the
68 counter for the observed stack size increments.
70 If it contains fewer VLANs in the stack than the configured
72 limit, the frame is sent out to the
78 If there are more VLANs in the stack than the configured
80 limit, the frame is sent out to the
86 If the destination hook is not connected, the frame is dropped and the
90 For Ethernet frames received on the
92 hook, the transformation is reversed and is passed to the
95 Please note that this process is identical to the one described
96 above, besides the ordered/original hooks are swapped and the
97 transformation is reversed.
99 An Ethernet frame received on the
103 hook is forwarded to the
105 hook without any modification.
107 This node supports only one operation at the moment: Rotation of the
109 Setting the configuration parameter
111 to a positive value, the stack will roll up by this amount.
112 Negative values will roll down.
113 A typical scenario is setting the value to 1 in order to bring the
114 innermost VLAN tag to the outmost level.
115 Rotation includes the VLAN id, the ether type, and the QOS parameters
117 Typical QOS handling refers to the outmost setting, so be careful to
118 keep your QOS intact.
120 This node type supports the following hooks:
121 .Bl -tag -width incomplete
123 Typically this hook would be connected to a
127 hook connected to a carrier network.
129 Typically this hook would be connected to a
133 hook in order to separate services.
137 Typically those hooks would be attached to a
141 hook for anomaly monitoring purposes.
144 This node type supports the generic control messages, plus the following:
146 .It Dv NGM_VLANROTATE_GET_CONF Pq Ic getconf
147 Read the current configuration.
148 .It Dv NGM_VLANROTATE_SET_CONF Pq Ic setconf
149 Set the current configuration.
150 .It Dv NGM_VLANROTATE_GET_STAT Pq Ic getstat
151 Read the current statistics.
152 .It Dv NGM_VLANROTATE_CLR_STAT Pq Ic clrstat
153 Zeroize the statistics.
154 .It Dv NGM_VLANROTATE_GETCLR_STAT Pq Ic getclrstat
155 Read the current statistics and zeroize it in one step.
158 The first example demonstrates how to rotate double or triple tagged
159 frames so that the innermost C-VLAN can be used as service
161 The single or double tagged frames (C-VLAN removed) are sent out to an
162 interface pointing to different infrastucture.
170 mkpeer ${BNG_IF}: vlan_rotate lower original
171 name ${BNG_IF}:lower rotate
172 msg rotate: setconf { min=2 max=3 rot=1 }
173 mkpeer rotate: vlan ordered downstream
174 name rotate:ordered services
175 connect services: ${VOIP_IF} voip lower
176 msg services: addfilter { vlan=123 hook="voip" }
180 Now inject the following sample frame on the
184 00:00:00:00:01:01 > 00:01:02:03:04:05,
185 ethertype 802.1Q-9100 (0x9100), length 110: vlan 2, p 1,
186 ethertype 802.1Q-QinQ, vlan 101, p 0,
187 ethertype 802.1Q, vlan 123, p 7,
188 ethertype IPv4, (tos 0x0, ttl 64, id 15994, offset 0, flags [none],
189 proto ICMP (1), length 84) 192.168.140.101 > 192.168.140.1:
190 ICMP echo request, id 40234, seq 0, length 64
193 The frame ejected on the
195 hook will look like this:
197 00:00:00:00:01:01 > 00:01:02:03:04:05,
198 ethertype 802.1Q (0x8100), length 110: vlan 123, p 7,
199 ethertype 802.1Q-9100, vlan 2, p 1,
200 ethertype 802.1Q-QinQ, vlan 101, p 0,
201 ethertype IPv4, (tos 0x0, ttl 64, id 15994, offset 0, flags [none],
202 proto ICMP (1), length 84) 192.168.140.101 > 192.168.140.1:
203 ICMP echo request, id 40234, seq 0, length 64
206 Hence, the frame pushed out to the
210 00:00:00:00:01:01 > 00:01:02:03:04:05,
211 ethertype 802.1Q-9100, vlan 2, p 1,
212 ethertype 802.1Q-QinQ, vlan 101, p 0,
213 ethertype IPv4, (tos 0x0, ttl 64, id 15994, offset 0, flags [none],
214 proto ICMP (1), length 84) 192.168.140.101 > 192.168.140.1:
215 ICMP echo request, id 40234, seq 0, length 64
218 The second example distinguishes between double tagged and single
226 mkpeer ${IN_IF}: vlan_rotate lower original
227 name ${IN_IF}:lower separate
228 msg separate: setconf { min=1 max=1 rot=0 }
229 mkpeer separate: eiface incomplete ether
230 name separate:incomplete untagged
231 mkpeer separate: eiface ordered ether
232 name separate:ordered tagged
238 parameter to zero (or omitting it) does not change
239 the order of the tags within the frame.
240 Frames with more VLAN tags are dropped.
242 This node shuts down upon receipt of a
244 control message, or when all hooks have been disconnected.
252 .An Lutz Donnerhacke Aq Mt lutz@donnerhacke.de