Am 14.07.2018 um 14:13 schrieb Baldur Norddahl <baldur.norddahl@gmail.com>:
I am considering writing a small program or kernel module. This would create two TAP devices (tap0 and tap1). Traffic received on tap0 with VLAN tagging, will be stripped of VLAN tagging and delivered on tap1. Traffic received on tap1 without VLAN tagging, will be tagged according to a lookup table using the destination IP address and then delivered on tap0. ARP and DHCP would need some special handling.
As a proof of concept, a userland implementation using tap is likely the easiest to implement. But it won’t give you the throughput you’re looking for. I’d look at https://www.dpdk.org if you want to stay in userland. If FreeBSD ist an option, netgraph(4) is designed to allow packet filtering, manipulation and distribution in a set of small processing modules. In either case, Ethernet frames would be processed outside the regular network stack, but could be handed over to the kernel for further processing, i.e. DHCP or SLAAC. Stefan -- Stefan Bethke <stb@lassitu.de> Fon +49 151 14070811