Date: Thu, 21 Aug 2003 13:44:38 -0300 From: "Daniel C. Sobral" <dcs@tcoip.com.br> To: Doug Ambrisko <ambrisko@ambrisko.com> Cc: freebsd-net@freebsd.org Subject: Re: CFR: bridge locking Message-ID: <3F44F6F6.9090606@tcoip.com.br> In-Reply-To: <200308210336.h7L3adqP091151@ambrisko.com> References: <200308210336.h7L3adqP091151@ambrisko.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug Ambrisko wrote:
> Daniel C. Sobral writes:
> | If you get bridge to send/receive packets to/from vlan interfaces
> | attached to them, I'll be forever grateful.
> |
> | I've been trying to configure a setup where a firewall is connected to
> | redundant switches, but no solution I found could handle the vlan
> | attachments. :-(
>
> I assuming you are using SW VLANs then you need this. There is supposed
> to be work to fix this correctly in progress but this works for
> me when bridging VLANs.
This didn't work for me. I don't know if I'm using SW or HW vlans. But
since I can see the vlan packets with tcpdump, I tend to believe it
would be SW vlans.
The test I'm doing is the following:
kldload bridge
sysctl net.link.ether.bridge=1
sysctl net.link.ether.bridge_cfg="fxp1 fxp3"
ifconfig fxp1 up
ifconfig fxp3 up
ifconfig vlan0 create
ifconfig vlan0 vlan 999 vlandev fxp1
ifconfig vlan0 200.220.254.190/26
On the switch side, the port connected to fxp1 is down and the one
connected to fxp3 is up. Next, I ping all around. What I see with your
patch is:
ARP packets received on fxp3 go to fxp1 but not vlan0.
ARP packets sent through vlan0 go to fxp1 but not fxp3.
This is 4.7-RELEASE. The patch did not apply cleanly, but I went through
it and fixed all failed chunks.
(yes, this is pretty much like the other message I sent -- the results
were the same, but then I wondered if I hadn't made an error in one of
the above steps and went back to test it again, so, in the mean time, I
copied the above to the other message, adjusted, and set that reply. :)
>
> Doug A.
>
> Index: net/if_ethersubr.c
> ===================================================================
> RCS file: /cvs/src/sys/net/if_ethersubr.c,v
> retrieving revision 1.70.2.33
> diff -c -r1.70.2.33 if_ethersubr.c
> *** net/if_ethersubr.c 28 Apr 2003 15:45:53 -0000 1.70.2.33
> --- net/if_ethersubr.c 21 Aug 2003 03:31:09 -0000
> ***************
> *** 667,674 ****
> && bcmp(eh->ether_dhost,
> IFP2AC(ifp)->ac_enaddr, ETHER_ADDR_LEN) != 0
> && (ifp->if_ipending & IFF_PPROMISC) == 0) {
> ! m_freem(m);
> ! return;
> }
>
> /* Discard packet if interface is not up */
> --- 667,681 ----
> && bcmp(eh->ether_dhost,
> IFP2AC(ifp)->ac_enaddr, ETHER_ADDR_LEN) != 0
> && (ifp->if_ipending & IFF_PPROMISC) == 0) {
> ! /*
> ! * Let VLAN packets go to the SW VLAN node needed for
> ! * bridging
> ! */
> ! if (! (ntohs(eh->ether_type) == ETHERTYPE_VLAN
> ! && vlan_input_p != NULL)) {
> ! m_freem(m);
> ! return;
> ! }
> }
>
> /* Discard packet if interface is not up */
--
Daniel C. Sobral (8-DCS)
Gerencia de Operacoes
Divisao de Comunicacao de Dados
Coordenacao de Seguranca
VIVO Centro Oeste Norte
Fones: 55-61-313-7654/Cel: 55-61-9618-0904
E-mail: Daniel.Capo@tco.net.br
Daniel.Sobral@tcoip.com.br
dcs@tcoip.com.br
Outros:
dcs@newsguy.com
dcs@freebsd.org
capo@notorious.bsdconspiracy.net
"man hier" will explain the way FreeBSD filesystems are normally laid out.
-- David Scheidt <dscheidt@tumbolia.com>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F44F6F6.9090606>