Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 13 Oct 2002 18:04:25 -0700
From:      Luigi Rizzo <rizzo@icir.org>
To:        Andriy Gapon <agapon@excite.com>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: ip broadcast bridging
Message-ID:  <20021013180425.C3866@carp.icir.org>
In-Reply-To: <20021013194727.Q12422-100000@edge.foundation.invalid>; from agapon@excite.com on Sun, Oct 13, 2002 at 08:17:11PM -0400
References:  <20021013194727.Q12422-100000@edge.foundation.invalid>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Sun, Oct 13, 2002 at 08:17:11PM -0400, Andriy Gapon wrote:
> 
> It looks like broadcast packets are not always bridged correctly. I have a
...
> matches for the rules applicable only to the bridged interface without an
> ip address. Of course I wouldn't be surpised if I hadn't
> net.link.ether.bridge_ipfw: 0

What you see is perfectly normal.

Bridged interfaces in a cluster are considered as a single "interface",
so irrespective from where you get the traffic, it will be passed
up the stack if it has proper addresses, which is what normally happens for
multicast and broadcast IP packets.
The fact that the interface has no IP associated does not matter, it
is up and running for all practical purposes, and it will recognise
the same traffic as the one on the other interface(s) in the cluster
which have an IP address assigned.

This is true both for ipfw1 and ipfw2

	cheers
	luigi


> My understanding that in this situation bridging should happen before ipfw
> check and thus ipfw should not see any ip packets on the interface without
> ip address.
> After enabling logging for the rules in question it looks like only
> broadcast packets of the bridged subnet originating from LAN connected to
> ip-address-less interface get matched.
> Using tcpdump I see that there is nothing wrong with the packets i.e. they
> have correct ip and ether source addresses and correct destination:
> broadcast ip address of the subnet and ff:ff:ff:ff:ff:ff ethernet
> address.
> 
> I have 4.7-RELEASE and ipfw2 on the bridge/gateway.
> Sorry if this is not the most appropiate place to discuss this topic.
> 
> -- 
> Andriy Gapon
> *
> "I do not know myself, and God forbid that I should."
> Johann Wolfgang von Goethe
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20021013180425.C3866>