From owner-freebsd-net@freebsd.org Sat Mar 16 20:10:25 2019 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E5B7C153B55D for ; Sat, 16 Mar 2019 20:10:24 +0000 (UTC) (envelope-from eric.bautsch@pobox.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 4E20E72A43 for ; Sat, 16 Mar 2019 20:10:24 +0000 (UTC) (envelope-from eric.bautsch@pobox.com) Received: by mailman.ysv.freebsd.org (Postfix) id 0EB8C153B556; Sat, 16 Mar 2019 20:10:24 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CFCB1153B553 for ; Sat, 16 Mar 2019 20:10:23 +0000 (UTC) (envelope-from eric.bautsch@pobox.com) Received: from heisenberg.zycomm.uk.net (mxrelay.zycomm.uk.net [80.247.17.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D046A72A0B for ; Sat, 16 Mar 2019 20:10:20 +0000 (UTC) (envelope-from eric.bautsch@pobox.com) Received: from swangage.co.uk (80-247-22-25.cust.zycomm.uk.net [80.247.22.25]) by heisenberg.zycomm.uk.net (Postfix) with ESMTPS id 65E281902C95; Sat, 16 Mar 2019 20:09:48 +0000 (GMT) Received: from puck.swangage.co.uk (mailhost [192.168.140.23]) by juliet.swangage.co.uk (8.14.7/8.14.7) with ESMTP id x2GK9kbk028912; Sat, 16 Mar 2019 20:09:46 GMT Received: from [127.0.0.1] (ntp0 [192.168.140.170]) by puck.swangage.co.uk (8.15.2/8.15.2) with ESMTP id x2GK9d5C003346; Sat, 16 Mar 2019 20:09:39 GMT Subject: Re: Bridges on VLAN-tagged interfaces. To: Harry Schmalzbauer , net@freebsd.org References: <716a2edd-96f5-c263-2bd4-38a30808f241@omnilan.de> <050a68a3-7581-4985-e54a-e045259e8cfd@omnilan.de> From: Eric Bautsch Message-ID: Date: Sat, 16 Mar 2019 20:09:34 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <050a68a3-7581-4985-e54a-e045259e8cfd@omnilan.de> Content-Language: en-US X-Rspamd-Queue-Id: D046A72A0B X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dmarc=fail reason="" header.from=pobox.com (policy=none); spf=neutral (mx1.freebsd.org: 80.247.17.37 is neither permitted nor denied by domain of eric.bautsch@pobox.com) smtp.mailfrom=eric.bautsch@pobox.com X-Spamd-Result: default: False [-1.52 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.55)[-0.552,0]; R_SPF_NEUTRAL(0.00)[?all]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-0.94)[-0.936,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[pb-mx11.pobox.com,pb-mx10.pobox.com,pb-mx22.pobox.com,pb-mx9.pobox.com,pb-mx14.pobox.com,pb-mx21.pobox.com,pb-mx23.pobox.com,pb-mx20.pobox.com]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.01)[-0.006,0]; IP_SCORE(-0.02)[country: GB(-0.09)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; ASN(0.00)[asn:39875, ipnet:80.247.16.0/20, country:GB]; MID_RHS_MATCH_FROM(0.00)[]; DMARC_POLICY_SOFTFAIL(0.10)[pobox.com : No valid SPF, No valid DKIM,none] Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Mar 2019 20:10:25 -0000 Thanks, Harry. I'll hopefully get a chance to try this tomorrow.... I'll let the list know the outcome. Eric P.S. Sorry for the formatting, no idea why that got re-formatted on the list..... On 15/03/19 11:02, Harry Schmalzbauer wrote: > Am 15.03.2019 um 11:21 schrieb Harry Schmalzbauer: >> Am 11.03.2019 um 11:48 schrieb Eric Bautsch: >> … >>> |ifconfig bridge create ifconfig bridge1 addm re0.33| >>> >>> If I now put an IP on that bridge instead of re0.33, it does not ping. >>> >>> If I do a broadcast ping from another host on that network thus (Solaris >>> system issuing the ping): >>> ping -sn 192.168.33.255 >>> >>> I can see packets arriving if I |tcpdump -i re0.33| and if I |tcpdump -i >>> bridge1| >>> However, on neither interface do I see any pings coming in when I ping it's >>> own address (in this case 192.168.33.20). >> >> IP stack processes them without passing it to the interface(s), so that's not >> unusual. >> >> >>> The Solaris system issuing the pings has learned the arp address of the >>> bridge though: >>> Code: >>> >>> |root@gaspra # arp -an | grep 192.168.33.20 net1 192.168.33.20 >>> 255.255.255.255 02:a7:91:b6:3a:01| >>> >>> If I |tcpdump -i bridge1|, I do get some packets, but not any echo requests: >>> Code: >>> >>> |root@bianca # tcpdump -i bridge1 tcpdump: verbose output suppressed, use -v >>> or -vv for full protocol decode listening on bridge1, link-type EN10MB >>> (Ethernet), capture size 262144 bytes 11:05:26.081185 ARP, Request who-has >>> 192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length 46 >>> 11:05:26.081197 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui >>> Unknown), length 28 11:05:38.201079 IP6 fe80::7285:c2ff:fea6:583c > ff02::2: >>> ICMP6, router solicitation, length 16 11:06:04.079441 ARP, Request who-has >>> 192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length 46 >>> 11:06:04.079464 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui >>> Unknown), length 28 11:06:17.588644 ARP, Request who-has 192.168.33.20 >>> (Broadcast) tell gaspra-punchin.swangage.co.uk, length 46 11:06:17.588665 >>> ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28| >> >> If I read it corretcly, all you get are ethernet broadcast frames. >> (Hard) Reading next: >> … >>> |root@bianca # ifconfig -a re0: >>> flags=8943 metric 0 mtu 1500 >>> options=8209b >>> ether 80🇪🇪73:63:5c:48 media: Ethernet autoselect (1000baseT >>> ) status: active nd6 >>> options=29 lo0: >>> flags=8049 metric 0 mtu 16384 >>> options=680003 inet6 ::1 >>> prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 >>> netmask 0xff000000 groups: lo nd6 options=21 >>> bridge0: flags=8843 metric 0 mtu >>> 1500 ether 02:a7:91:b6:3a:00 inet 192.168.140.85 netmask 0xffffff00 >>> broadcast 192.168.140.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 >>> fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id >>> 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: re0 >>> flags=143 ifmaxaddr 0 port 1 priority >>> 128 path cost 55 groups: bridge nd6 options=9 re0.33: >>> flags=8943 metric 0 mtu 1500 >>> options=80003 ether 80🇪🇪73:63:5c:48 inet6 >>> fe80::82ee:73ff:fe63:5c48%re0.33 prefixlen 64 scopeid 0x4 groups: vlan vlan: >>> 33 vlanpcp: 0 parent interface: re0 media: Ethernet autoselect (1000baseT >>> ) status: active nd6 >>> options=21 bridge1: >>> flags=8843 metric 0 mtu 1500 ether >>> 02:a7:91:b6:3a:01 inet 192.168.33.20 netmask 0xffffff00 broadcast >>> 192.168.33.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 >>> maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id >>> 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: re0.33 >>> flags=143 ifmaxaddr 0 port 4 priority >>> 128 path cost 20000 groups: bridge nd6 options=9 >>> root@bianca #| >> >> Here you have a universally administered addresses (UAA) on the parent >> interface re0, which is the same for the vlan clone re0.33, and a locally >> administered addresses (LAA) on if_bridge(4), which was verified to be >> announced. >> In order to get through the MAC filter of the ethernet interface, re0.33 must >> be in PROMISC mode. >> I remember having seen two different PROMISC interface status – never tracked >> it down.  But issuing 'ifconfig re0.33 promisc' might result in a second >> PROMISC status report on re0.33 and a working setup... > > Should have read man page before posting, sorry.  This is supposed to be done > by ifconfig(8)'s "addm" command. > But like mentioned, I can see PROMISC _two_ times in the interface status line > of ifconfig(8), after putting the interface manually in permanent promisc mode > (stable/12). > > Don't know how the filter of the parent interface is involved in the vlan > clone and I have no idea if "addm" respects it, in case it is involved. > Before code inspection, I'd try and put the parent re0 manually into permanent > promisc mode and see if you can see unicast frames afterwards. > > -Harry > > -- ____ / . Eric A. Bautsch /-- __ ___ ______________________________________ / / / / / (_____/____(___(__________________/ email: eric.bautsch@pobox.com