Date: Fri, 15 Mar 2019 12:02:28 +0100 From: Harry Schmalzbauer <freebsd@omnilan.de> To: Eric Bautsch <eric.bautsch@pobox.com>, net@freebsd.org Subject: Re: Bridges on VLAN-tagged interfaces. Message-ID: <050a68a3-7581-4985-e54a-e045259e8cfd@omnilan.de> In-Reply-To: <716a2edd-96f5-c263-2bd4-38a30808f241@omnilan.de> References: <c3bbab99-1612-2f65-644f-a380f8233e11@pobox.com> <716a2edd-96f5-c263-2bd4-38a30808f241@omnilan.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 15.03.2019 um 11:21 schrieb Harry Schmalzbauer: > Am 11.03.2019 um 11:48 schrieb Eric Bautsch: > … >> |ifconfig bridge create ifconfig bridge1 addm re0.33| >> >> If I now put an IP on that bridge instead of re0.33, it does not ping. >> >> If I do a broadcast ping from another host on that network thus >> (Solaris system issuing the ping): >> ping -sn 192.168.33.255 >> >> I can see packets arriving if I |tcpdump -i re0.33| and if I |tcpdump >> -i bridge1| >> However, on neither interface do I see any pings coming in when I >> ping it's own address (in this case 192.168.33.20). > > IP stack processes them without passing it to the interface(s), so > that's not unusual. > > >> The Solaris system issuing the pings has learned the arp address of >> the bridge though: >> Code: >> >> |root@gaspra # arp -an | grep 192.168.33.20 net1 192.168.33.20 >> 255.255.255.255 02:a7:91:b6:3a:01| >> >> If I |tcpdump -i bridge1|, I do get some packets, but not any echo >> requests: >> Code: >> >> |root@bianca # tcpdump -i bridge1 tcpdump: verbose output suppressed, >> use -v or -vv for full protocol decode listening on bridge1, >> link-type EN10MB (Ethernet), capture size 262144 bytes >> 11:05:26.081185 ARP, Request who-has 192.168.33.20 (Broadcast) tell >> juliet-punchin.swangage.co.uk, length 46 11:05:26.081197 ARP, Reply >> 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28 >> 11:05:38.201079 IP6 fe80::7285:c2ff:fea6:583c > ff02::2: ICMP6, >> router solicitation, length 16 11:06:04.079441 ARP, Request who-has >> 192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length >> 46 11:06:04.079464 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 >> (oui Unknown), length 28 11:06:17.588644 ARP, Request who-has >> 192.168.33.20 (Broadcast) tell gaspra-punchin.swangage.co.uk, length >> 46 11:06:17.588665 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 >> (oui Unknown), length 28| > > If I read it corretcly, all you get are ethernet broadcast frames. > (Hard) Reading next: > … >> |root@bianca # ifconfig -a re0: >> flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 >> mtu 1500 >> options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> >> ether 80🇪🇪73:63:5c:48 media: Ethernet autoselect (1000baseT >> <full-duplex,master>) status: active nd6 >> options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> lo0: >> flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 >> options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 >> ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet >> 127.0.0.1 netmask 0xff000000 groups: lo nd6 >> options=21<PERFORMNUD,AUTO_LINKLOCAL> bridge0: >> flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 >> ether 02:a7:91:b6:3a:00 inet 192.168.140.85 netmask 0xffffff00 >> broadcast 192.168.140.255 id 00:00:00:00:00:00 priority 32768 >> hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 >> timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 >> member: re0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 >> port 1 priority 128 path cost 55 groups: bridge nd6 >> options=9<PERFORMNUD,IFDISABLED> re0.33: >> flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 >> mtu 1500 options=80003<RXCSUM,TXCSUM,LINKSTATE> ether >> 80🇪🇪73:63:5c:48 inet6 fe80::82ee:73ff:fe63:5c48%re0.33 prefixlen 64 >> scopeid 0x4 groups: vlan vlan: 33 vlanpcp: 0 parent interface: re0 >> media: Ethernet autoselect (1000baseT <full-duplex,master>) status: >> active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> bridge1: >> flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 >> ether 02:a7:91:b6:3a:01 inet 192.168.33.20 netmask 0xffffff00 >> broadcast 192.168.33.255 id 00:00:00:00:00:00 priority 32768 >> hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 >> timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 >> member: re0.33 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> >> ifmaxaddr 0 port 4 priority 128 path cost 20000 groups: bridge nd6 >> options=9<PERFORMNUD,IFDISABLED> root@bianca #| > > Here you have a universally administered addresses (UAA) on the parent > interface re0, which is the same for the vlan clone re0.33, and a > locally administered addresses (LAA) on if_bridge(4), which was > verified to be announced. > In order to get through the MAC filter of the ethernet interface, > re0.33 must be in PROMISC mode. > I remember having seen two different PROMISC interface status – never > tracked it down. But issuing 'ifconfig re0.33 promisc' might result > in a second PROMISC status report on re0.33 and a working setup... Should have read man page before posting, sorry. This is supposed to be done by ifconfig(8)'s "addm" command. But like mentioned, I can see PROMISC _two_ times in the interface status line of ifconfig(8), after putting the interface manually in permanent promisc mode (stable/12). Don't know how the filter of the parent interface is involved in the vlan clone and I have no idea if "addm" respects it, in case it is involved. Before code inspection, I'd try and put the parent re0 manually into permanent promisc mode and see if you can see unicast frames afterwards. -Harry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?050a68a3-7581-4985-e54a-e045259e8cfd>