From owner-freebsd-ipfw Sun Oct 13 18: 4:39 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A951137B401 for ; Sun, 13 Oct 2002 18:04:37 -0700 (PDT) Received: from carp.icir.org (carp.icir.org [192.150.187.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53C1343EB7 for ; Sun, 13 Oct 2002 18:04:37 -0700 (PDT) (envelope-from rizzo@carp.icir.org) Received: from carp.icir.org (localhost [127.0.0.1]) by carp.icir.org (8.12.3/8.12.3) with ESMTP id g9E14PpJ004038; Sun, 13 Oct 2002 18:04:25 -0700 (PDT) (envelope-from rizzo@carp.icir.org) Received: (from rizzo@localhost) by carp.icir.org (8.12.3/8.12.3/Submit) id g9E14PTX004037; Sun, 13 Oct 2002 18:04:25 -0700 (PDT) (envelope-from rizzo) Date: Sun, 13 Oct 2002 18:04:25 -0700 From: Luigi Rizzo To: Andriy Gapon Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: ip broadcast bridging Message-ID: <20021013180425.C3866@carp.icir.org> References: <20021013194727.Q12422-100000@edge.foundation.invalid> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20021013194727.Q12422-100000@edge.foundation.invalid>; from agapon@excite.com on Sun, Oct 13, 2002 at 08:17:11PM -0400 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Oct 13, 2002 at 08:17:11PM -0400, Andriy Gapon wrote: > > It looks like broadcast packets are not always bridged correctly. I have a ... > matches for the rules applicable only to the bridged interface without an > ip address. Of course I wouldn't be surpised if I hadn't > net.link.ether.bridge_ipfw: 0 What you see is perfectly normal. Bridged interfaces in a cluster are considered as a single "interface", so irrespective from where you get the traffic, it will be passed up the stack if it has proper addresses, which is what normally happens for multicast and broadcast IP packets. The fact that the interface has no IP associated does not matter, it is up and running for all practical purposes, and it will recognise the same traffic as the one on the other interface(s) in the cluster which have an IP address assigned. This is true both for ipfw1 and ipfw2 cheers luigi > My understanding that in this situation bridging should happen before ipfw > check and thus ipfw should not see any ip packets on the interface without > ip address. > After enabling logging for the rules in question it looks like only > broadcast packets of the bridged subnet originating from LAN connected to > ip-address-less interface get matched. > Using tcpdump I see that there is nothing wrong with the packets i.e. they > have correct ip and ether source addresses and correct destination: > broadcast ip address of the subnet and ff:ff:ff:ff:ff:ff ethernet > address. > > I have 4.7-RELEASE and ipfw2 on the bridge/gateway. > Sorry if this is not the most appropiate place to discuss this topic. > > -- > Andriy Gapon > * > "I do not know myself, and God forbid that I should." > Johann Wolfgang von Goethe > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message