From owner-freebsd-questions@FreeBSD.ORG Mon Apr 27 13:57:03 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DBCC29EF for ; Mon, 27 Apr 2015 13:57:03 +0000 (UTC) Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6FB4117E3 for ; Mon, 27 Apr 2015 13:57:03 +0000 (UTC) Received: from moby.local ([88.65.182.178]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MN748-1Yg9xN0SRU-006jSk; Mon, 27 Apr 2015 15:57:01 +0200 Message-ID: <553E400F.2040906@gmx.com> Date: Mon, 27 Apr 2015 15:56:31 +0200 From: Nikos Vassiliadis User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Victor Sudakov , freebsd-questions@freebsd.org Subject: Re: tunneling L2 tagged traffic over IP References: <20150425174935.GA48023@admin.sibptus.tomsk.ru> <553C1F66.4060901@gmx.com> <20150426123629.GA48916@admin.sibptus.tomsk.ru> <20150427093355.GA86151@admin.sibptus.tomsk.ru> In-Reply-To: <20150427093355.GA86151@admin.sibptus.tomsk.ru> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:OB2iLIFXEuFsebwKDMoGeTy3CyRJKgBI1MEF3aR8N/+oP7bmm6L PfMHbVlwJskDcBybWiqHTJUJfMru4PPINUfmnsHfDVeVa5c0eBOw+sRTVS+RpvPaYaCnWIq dAZsAKi+U3eKEljIR4Qr0K+UBo1W+f4f0RzJel8CnCnxIzW/afm092NvHFViFBV9zaqFfdI t1Onq+KIy9LMQMAkaIrLA== X-UI-Out-Filterresults: notjunk:1; X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Apr 2015 13:57:03 -0000 On 04/27/15 11:33, Victor Sudakov wrote: > Victor Sudakov wrote: >> Nikos Vassiliadis wrote: >>>> >>>> Could you advise a solution for tunneling L2 (Ethernet) traffic over IP? >>>> >>>> There is a solution in bridge(4) using the EtherIP protocol, but it >>>> works with untagged frames only. I need to tunnel 802.1q tagged frames >>>> as well. >>>> >>>> Any ideas? >>>> >>>> >>> You can do this with netgraph. Check this post: >>> >>> http://lists.freebsd.org/pipermail/freebsd-net/2005-October/008861.html >>> >> >> It's a modification of the /usr/share/examples/netgraph/ether.bridge >> script. How do you know that it would pass 802.1q tagged frames? It >> references a "fxp0" interface which passes untagged traffic unless a >> vlan(4) interface is configured on top thereof. > > The script does not work. It prints error messages like > > + LINKNUM=1 > + ngctl mkpeer bnet0: ksocket link1 inet/dgram/udp > + ngctl msg ng0:inet bind inet/10.14.143.136:4028 > ngctl: send msg: No such file or directory > + ngctl msg ng0:inet connect inet/10.14.140.125:4028 > ngctl: send msg: No such file or directory > + expr 1 + 1 > + LINKNUM=2 > > and does not generate any traffic. Perhaps it needs some debugging. I > am still looking for a solution, thanks in advance to all who has > anything to say. > > In the meanwhile, I have tried bridging ethernet NICs and tap(4), and > connected two tap(4) devices with net/vtun. It works, but again, only > for untagged frames. > > Hi, I just checked and remembered that there is a sysctl that controls forwarding of non-IP traffic > sysctl net.link.bridge.pfil_onlyip > net.link.bridge.pfil_onlyip: 1 That means that only IP is allowed to be forwarded by the bridge. Change this to 0 and it will be hopefully ok. HTH, Nikos