Linux Bridging of Tagged-VLAN (802.1q) Ethernet Traffic

[shimi]

Hi all,

I'm trying to run a Linux Bridge in order to manipulate traffic
running between trunk ports on two switches.

The ports on both ends pass all their traffic with VLAN tagging to
both ends (i.e. both switches has the port set to 802.1q/trunk, and
the traffic flow between the switches encapsulates many subnets on
different VLANs)

I have set up the bridge the following way:

0. Create bridge br0
1. Add both NICs to the same bridge;
2. Put the bridge interface up.
3. Put the physical NICs and the bridge interface in promisc mode. (as
I've seen mentions for this, but I think this is a redundant stage
given that it's a bridge?)

If I pass regular traffic through this setup, it works correctly -
i.e. the Linux box acts as if it was a switch.

If I pass VLAN-tagged traffic the very same way, it doesn't pass to
the other side...

Upon scanning the net a bit, I've also decided to put 0 on the
following kernel options:

net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-filter-vlan-tagged = 0

... which didn't seem to have any effect.

I also tried intercepting VLAN traffic by creating VLANs on the
physical interfaces with vconfig, then adding them to the br0 and also
tried setting them up in promisc mode. This also didn't seem to have
any effect.

Setting an IPv4 address on br0 also did not seem to have any effect.

It is to be noted the traffic do pass correctly if I take both
Ethernet cables from the machine and connect them to each other using
a plastic Coupler :)

Any ideas? What did I miss? Is what I am trying even possible with the
kernel Bridging code? :)

Thanks in advance,

-- Shimi