From owner-freebsd-questions@FreeBSD.ORG Mon Apr 27 14:39:59 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7732EBFD for ; Mon, 27 Apr 2015 14:39:59 +0000 (UTC) Received: from relay2.tomsk.ru (mail.sibptus.tomsk.ru [212.73.124.5]) by mx1.freebsd.org (Postfix) with ESMTP id D855C1CF1 for ; Mon, 27 Apr 2015 14:39:57 +0000 (UTC) X-Virus-Scanned: by clamd daemon 0.98.5_1 for FreeBSD at relay2.tomsk.ru Received: from admin.sibptus.tomsk.ru ([212.73.125.240] verified) by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.16) with ESMTPS id 38653404 for freebsd-questions@freebsd.org; Mon, 27 Apr 2015 20:39:55 +0600 Received: from admin.sibptus.TOMSK.ru (sudakov@localhost [127.0.0.1]) by admin.sibptus.tomsk.ru (8.14.9/8.14.7) with ESMTP id t3REdqZw094279 for ; Mon, 27 Apr 2015 20:39:55 +0600 (NOVT) (envelope-from vas@mpeks.tomsk.su) Received: (from sudakov@localhost) by admin.sibptus.TOMSK.ru (8.14.9/8.14.7/Submit) id t3REdqR6094278 for freebsd-questions@freebsd.org; Mon, 27 Apr 2015 20:39:52 +0600 (NOVT) (envelope-from vas@mpeks.tomsk.su) X-Authentication-Warning: admin.sibptus.TOMSK.ru: sudakov set sender to vas@mpeks.tomsk.su using -f Date: Mon, 27 Apr 2015 20:39:52 +0600 From: Victor Sudakov To: freebsd-questions@freebsd.org Subject: Re: tunneling L2 tagged traffic over IP Message-ID: <20150427143952.GA94033@admin.sibptus.tomsk.ru> References: <20150425174935.GA48023@admin.sibptus.tomsk.ru> <553C1F66.4060901@gmx.com> <20150426123629.GA48916@admin.sibptus.tomsk.ru> <20150427093355.GA86151@admin.sibptus.tomsk.ru> <553E400F.2040906@gmx.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <553E400F.2040906@gmx.com> Organization: OAO "Svyaztransneft", SibPTUS X-PGP-Key: http://www.dreamwidth.org/pubkey?user=victor_sudakov X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Apr 2015 14:39:59 -0000 Nikos Vassiliadis wrote: [dd] > > > > In the meanwhile, I have tried bridging ethernet NICs and tap(4), and > > connected two tap(4) devices with net/vtun. It works, but again, only > > for untagged frames. > > > > > > I just checked and remembered that there is a sysctl > that controls forwarding of non-IP traffic > > > sysctl net.link.bridge.pfil_onlyip > > net.link.bridge.pfil_onlyip: 1 > > That means that only IP is allowed to be forwarded by the bridge. > Change this to 0 and it will be hopefully ok. Nikos, I have two interfaces in a bridge: # ifconfig bridge0 bridge0: flags=8843 metric 0 mtu 1500 ether 02:d7:d7:0d:ff:00 inet 10.14.133.20 netmask 0xffffffc0 broadcast 10.14.133.63 nd6 options=9 id 00:00:00:00:00:00 priority 61440 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 61440 ifcost 0 port 0 member: vr0 flags=1c3 ifmaxaddr 0 port 6 priority 128 path cost 200000 member: tap0 flags=143 ifmaxaddr 0 port 11 priority 128 path cost 2000000 # "tcpdump -i vr0 stp" sees incoming STP traffic while "tcpdump -i tap0 stp" sees none no matter if net.link.bridge.pfil_onlyip is "1" or "0". I see however some IP6, IPX (!) and CDP frames. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:sudakov@sibptus.tomsk.ru