Comment 15 for bug 1884341

Thanks Brian,
as you have a working bridge setup, can you create a second VM (preferably ubuntu 20.04 to have a recent scapy) and run my scapy script on it ? And if it's not working play with "tcpdump -nnpe -i tapXYZ not port 22" to try to understand where it stops.

The idea is pretty simple, the packets start with 2 VLAN 0 headers, thus the ebtables rules apply, but none of the {ip,ip6}tables rules apply (even with bridge-nf-filter-vlan-tagged=1), as it's a VLAN packet after all. Net net we cannot spoof our source MAC, everything else is allowed inside the VLAN 0 headers.

Except if there is a special setting that I missed, the bridge should let this VLAN 0 packet go to the other VM, and the Linux VM on the INPUT path will happily strip the VLAN 0 headers.

If it's not working maybe show me
cat /sys/devices/virtual/net/*/bridge/vlan_filtering
bridge vlan show

Thanks
Etienne