Tagging VLAN packets into packet

Hi,
I am writing ndis mini port driver 6.0. I want to handle the VLAN packets in that. How the windows OS will insert vlan tags into packet and at what condition miniport driver should add the vlan id to the packet. When enable vlan in my driver, vlan id is inserting into tag header but other side pc is unable to reply to my request (packet has a vlan id).

Also while receiving should i remove the vlan id from the packet and send to host or will i need to send as it is the packet to OS. What i observed is when i send the vlan id by inserting through the NDIS_PACKET_INFO for the received packets the OS is unable to reply for my request.

For basic VLAN support at miniport level, and if your NIC supports HW
tagging, do the following as illustrated in the pseudo code.

For any other value added fancy multi-tag VLAN, priority support, you need
an NDIS intermediate driver. After all, all participating stations,
switches, routers need to be configured consistently and correctly in order
for VLAN to work.

pseudo code for basic VLAN support at miniport level:
nic_init()
{
if (vlan_enabled && vlan_tag) /* both read from registry during
mp_init()*/
{
/* VLAN tag will be DMA’d to somewhere so that the driver will
find out*/
init_the_chip_to_strip_off_vlan_tag_on_rx_pkts_if_any();
}
}

send_nbl_down()
{
if (vlan_enabled && vlan_tag) /* both read from registry during
mp_init()*/
{
tell_hw_to_insert_vlan_tag_to_the_pkt();
}
xmit();
}
scan_rx_pkts()
{
if (vlan_enabled && vlan_tag) /* both read from registry during
mp_init()*/
{
/*VLAN tag should have been stripped off by hw, and DMA’d to
somewhere*/
read_vlan_tag_and_set_nbl_oob();
}
shoot_nbl_up();
}
Good luck,
Calvin

On Tue, Aug 28, 2012 at 8:46 AM, wrote:

> Hi,
> I am writing ndis mini port driver 6.0. I want to handle the VLAN
> packets in that. How the windows OS will insert vlan tags into packet and
> at what condition miniport driver should add the vlan id to the packet.
> When enable vlan in my driver, vlan id is inserting into tag header but
> other side pc is unable to reply to my request (packet has a vlan id).
>
> Also while receiving should i remove the vlan id from the packet and send
> to host or will i need to send as it is the packet to OS. What i observed
> is when i send the vlan id by inserting through the NDIS_PACKET_INFO for
> the received packets the OS is unable to reply for my request.
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

By default Windows will send its packets without a VLAN identifier (i.e., VLAN ID “0”). In Windows Server, the end-user can send/recv traffic on specific VLANs by creating a vSwitch, and assigning a VLAN ID to the vNIC. Alternatively, Windows Server 2012 allows you to accomplish the same with the NIC teaming feature (“Add-NetLbfoTeamNic -Team MyTeam -VlanID 42”).

Do not, er, use the “NDIS MUX driver” sample to test your miniport’s VLAN support, since it has some design issues with how it does VLAN. It’s better to test against Windows Server’s built-in features, although you can write your own IM driver if you need to.

The responsibilities of a physical Ethernet miniport driver are listed below.

Send path:

In the NDIS 6.x stack, a 802.1Q header is not inserted into the packet payload buffer. Instead, the VLAN tag and priority is stored in the NET_BUFFER_LIST out-of-band information field, NBL->NetBufferListInfo[Ieee8021QNetBufferListInfo].TagHeader.VlanId.

It’s the responsibility of the physical miniport driver to read this out-of-band field. If the VLAN tag or priority tag is present, the miniport driver should insert the 802.1Q header into the packet with the specified VLAN ID. (Ideally, this transformation is performed in hardware, although some clever MDL slicing can get you the header in software without too much overhead on the main CPU.)

Receive path:

Ethernet miniport drivers should consume the 802.1Q header, if present, and strip the 802.1Q header from the packet. Do not indicate packets with the 802.1Q header in the packet payload datastream. Instead, communicate the VLAN ID in the NBL OOB field mentioned above.

>Receive path:

Ethernet miniport drivers should consume the 802.1Q header, if present, and strip the 802.1Q header from the packet.
Do not indicate packets with the 802.1Q header in the packet payload datastream. Instead, communicate the
VLAN ID in the NBL OOB field mentioned above.

Also note this architecture makes it essentially impossible to see VLAN headers with a software packet sniffer, Some NICs have a registry option to not strip the VLAN header and pass it up the stack, which is useful if you are doing promiscuous mode sniffing on a specific NIC and have disabled the binding to the TCP stack.

Some NICs also will explicitly discard packets that have a non-zero VLAN id, and no upper IM driver to split out the tagged packets. This is useful because if you don’t do this, and there are tagged packets on your network segment, they would get the VLAN header stripped off and indicated to transports as if they didn’t have a VLAN header. Unicast packets will generally not pass the MAC address filter, but multicast/broadcast packets will make it to the transport, essentially leaking non-zero VLAN id packets into the default untagged interface. It would have been nice if the TCP transport simply ignored (or NDIS knew to filter them) any indicated packets with a non-zero VLAN id in the NLB OOB data, and requiring any VLAN IM filters always indicate a VLAB tag of 0 in the OOB data.

It’s a bit problematic to really do the right thing in a NIC, as you don’t want to leak packets from the wrong VLAN to an interface, yet for things like the vSwitch you have to indicate packets that had VLAN tags. Having an OID to tell the NIC what upper layers want would have been nice. Win 8 comes with a VLAN IM driver, but don’t know if this issue has been clarified.

Jan


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Because VLAN and 802.1p/q are very flexible. And the way to deploy VLAN is
too many. Server NIC vendors usually provide their own teaming
driver and/or helping OEM to develop their own that works with the NIC.
Don’t know the scenarios in win8. Msft always attempt to make things better
hopefully it does get better.

If you’re on a network where different VLANs are exposed to the endpoint, then the endpoint should be configured to know what to do with those VLANs. Granted, the stock OS doesn’t make that particularly intuitive or easy (you have to deploy Hyper-V and a vSwitch, or install 3rd party software). Otherwise, yes, all the packets get dumped onto TCPIP, and TCPIP probably won’t do the right thing - as you point out, it will receive broadcasts on VLAN x, but attempt to reply on VLAN 0.

But hopefully that situation will improve as Windows Server 2012’s NIC Teaming feature becomes more available. That makes it pretty easy to separate out each VLAN with just a couple lines of powershell.

> Also note this architecture makes it essentially impossible to see VLAN
headers with a software packet sniffer

I have long wished Wireshark & NetMon would provide this information (and
other OOB data) as additional frame data.

Oh well.

Cheers,
Dave Cattley

Hi Calvin, Thanks for your reply.
I am writing miniport driver for windows 7 OS. I understood your pseudo code. And my question is if the OS stack send the packet with some vlan id, is that indicated in NBL OOB data or tag header? If it is indicated in OOB data and my vlan_enabled, which vlan id should i consider in-order to tell to my HW.
If i enable Vlan packets through PackEth tool and my vlan_enabled is also present, the packets are tagging with two vlan id’s (Observed in Wireshark). Is this a correct way?

Thanks,
Shiva

For basic VLAN support at miniport level, and if your NIC supports HW
tagging, do the following as illustrated in the pseudo code.

For any other value added fancy multi-tag VLAN, priority support, you need
an NDIS intermediate driver. After all, all participating stations,
switches, routers need to be configured consistently and correctly in order
for VLAN to work.

pseudo code for basic VLAN support at miniport level:
nic_init()
{
if (vlan_enabled && vlan_tag) /* both read from registry during
mp_init()*/
{
/* VLAN tag will be DMA’d to somewhere so that the driver will
find out*/
init_the_chip_to_strip_off_vlan_tag_on_rx_pkts_if_any();
}
}

send_nbl_down()
{
if (vlan_enabled && vlan_tag) /* both read from registry during
mp_init()*/
{
tell_hw_to_insert_vlan_tag_to_the_pkt();
}
xmit();
}
scan_rx_pkts()
{
if (vlan_enabled && vlan_tag) /* both read from registry during
mp_init()*/
{
/*VLAN tag should have been stripped off by hw, and DMA’d to
somewhere*/
read_vlan_tag_and_set_nbl_oob();
}
shoot_nbl_up();
}
Good luck,
Calvin

On Tue, Aug 28, 2012 at 8:46 AM, wrote:

> Hi,
> I am writing ndis mini port driver 6.0. I want to handle the VLAN
> packets in that. How the windows OS will insert vlan tags into packet and
> at what condition miniport driver should add the vlan id to the packet.
> When enable vlan in my driver, vlan id is inserting into tag header but
> other side pc is unable to reply to my request (packet has a vlan id).
>
> Also while receiving should i remove the vlan id from the packet and send
> to host or will i need to send as it is the packet to OS. What i observed
> is when i send the vlan id by inserting through the NDIS_PACKET_INFO for
<…excess quoted lines suppressed…>

Shiva,

Short answer:
If VLAN or 802.1q header are specified in outgoing NBL’s OOB, use it
instead of the one statically configured in advanced page by user.

Long answer:
This is the case that the system has teaming driver who explicitly tells
the miniport to use this tag for given packet(s).

The outgoing VLAN IDs come from 3 sources if I recall correctly 1) OOB, 2)
OID_GEN_VLAN_ID and 3) Registry.
They are valid if they are non-zero. In the event you have too many of them
at a time, the #1 wins.

Don’t tag the packet with both. Yes, there are networking technologies
that make use of multiple VLAN tags, but certainly not this case. I
personally found the static VLAN ID configuration useless, annoying and
confusing.

Good luck!
Calvin

On Tue, Aug 28, 2012 at 9:00 PM, wrote:

> Hi Calvin, Thanks for your reply.
> I am writing miniport driver for windows 7 OS. I understood your pseudo
> code. And my question is if the OS stack send the packet with some vlan id,
> is that indicated in NBL OOB data or tag header? If it is indicated in OOB
> data and my vlan_enabled, which vlan id should i consider in-order to tell
> to my HW.
> If i enable Vlan packets through PackEth tool and my vlan_enabled is also
> present, the packets are tagging with two vlan id’s (Observed in
> Wireshark). Is this a correct way?
>
> Thanks,
> Shiva
>
> For basic VLAN support at miniport level, and if your NIC supports HW
> tagging, do the following as illustrated in the pseudo code.
>
> For any other value added fancy multi-tag VLAN, priority support, you need
> an NDIS intermediate driver. After all, all participating stations,
> switches, routers need to be configured consistently and correctly in order
> for VLAN to work.
>
> pseudo code for basic VLAN support at miniport level:
> nic_init()
> {
> if (vlan_enabled && vlan_tag) /* both read from registry during
> mp_init()/
> {
> /
VLAN tag will be DMA’d to somewhere so that the driver will
> find out*/
> init_the_chip_to_strip_off_vlan_tag_on_rx_pkts_if_any();
> }
> }
>
> send_nbl_down()
> {
> if (vlan_enabled && vlan_tag) /* both read from registry during
> mp_init()/
> {
> tell_hw_to_insert_vlan_tag_to_the_pkt();
> }
> xmit();
> }
> scan_rx_pkts()
> {
> if (vlan_enabled && vlan_tag) /
both read from registry during
> mp_init()*/
> {
> /VLAN tag should have been stripped off by hw, and DMA’d to
> somewhere
/
> read_vlan_tag_and_set_nbl_oob();
> }
> shoot_nbl_up();
> }
> Good luck,
> Calvin
>
> On Tue, Aug 28, 2012 at 8:46 AM, wrote:
>
> > Hi,
> > I am writing ndis mini port driver 6.0. I want to handle the VLAN
> > packets in that. How the windows OS will insert vlan tags into packet and
> > at what condition miniport driver should add the vlan id to the packet.
> > When enable vlan in my driver, vlan id is inserting into tag header but
> > other side pc is unable to reply to my request (packet has a vlan id).
> >
> > Also while receiving should i remove the vlan id from the packet and send
> > to host or will i need to send as it is the packet to OS. What i observed
> > is when i send the vlan id by inserting through the NDIS_PACKET_INFO for
> <…excess quoted lines suppressed…>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

Thanks Calvin.

Hi Calvin,
I handled the vlan tagged packets as you said. Now I want to test it. How we can test it in windows. I tried connecting two PCs with cross cable. Communication between them is happening when vlan is disabled but with vlan enabling it is not working even though i gave same vlan id to both PCs. Is this a correct way to test it or any other way can we test the vlan functionality of windows driver.

Regards,
Shiva

For basic functional test, run NDIStest (part of WLK – windows logo kit, I
heard they renamed it to WHACK or something like that). I would usually
extract the NDIStest6.5 and NDIS6.0 from a WLK installation. The whole kit
is huge. I’ll leave it to our WHQL/DTM folks. There are some test items for
VLAN and 802.1q and the registry setting test.

If you don’t trust the MSFT test, you can write your own test. i.e. enable
VLAN through registry, set a BP at you send handler, step over, then watch
the sent packet captured on the wire to see if the it was tagged with
correct VLAN tag. For OOB test, you need to write a small protocol driver
to setup VLAN in OOB.

Good luck!
Calvin

On Tue, Sep 4, 2012 at 9:17 AM, wrote:

> Hi Calvin,
> I handled the vlan tagged packets as you said. Now I want to test it.
> How we can test it in windows. I tried connecting two PCs with cross cable.
> Communication between them is happening when vlan is disabled but with vlan
> enabling it is not working even though i gave same vlan id to both PCs. Is
> this a correct way to test it or any other way can we test the vlan
> functionality of windows driver.
>
> Regards,
> Shiva
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>