Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 27 Apr 2015 15:56:31 +0200
From:      Nikos Vassiliadis <nvass@gmx.com>
To:        Victor Sudakov <vas@mpeks.tomsk.su>, freebsd-questions@freebsd.org
Subject:   Re: tunneling L2 tagged traffic over IP
Message-ID:  <553E400F.2040906@gmx.com>
In-Reply-To: <20150427093355.GA86151@admin.sibptus.tomsk.ru>
References:  <20150425174935.GA48023@admin.sibptus.tomsk.ru> <553C1F66.4060901@gmx.com> <20150426123629.GA48916@admin.sibptus.tomsk.ru> <20150427093355.GA86151@admin.sibptus.tomsk.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 


On 04/27/15 11:33, Victor Sudakov wrote:
> Victor Sudakov wrote:
>> Nikos Vassiliadis wrote:
>>>>
>>>> Could you advise a solution for tunneling L2 (Ethernet) traffic over IP?
>>>>
>>>> There is a solution in bridge(4) using the EtherIP protocol, but it
>>>> works with untagged frames only. I need to tunnel 802.1q tagged frames
>>>> as well.
>>>>
>>>> Any ideas?
>>>>
>>>>
>>> You can do this with netgraph. Check this post:
>>>
>>> http://lists.freebsd.org/pipermail/freebsd-net/2005-October/008861.html
>>>
>>
>> It's a modification of the /usr/share/examples/netgraph/ether.bridge
>> script. How do you know that it would pass 802.1q tagged frames? It
>> references a "fxp0" interface which passes untagged traffic unless a
>> vlan(4) interface is configured on top thereof.
>
> The script does not work. It prints error messages like
>
> + LINKNUM=1
> + ngctl mkpeer bnet0: ksocket link1 inet/dgram/udp
> + ngctl msg ng0:inet bind inet/10.14.143.136:4028
> ngctl: send msg: No such file or directory
> + ngctl msg ng0:inet connect inet/10.14.140.125:4028
> ngctl: send msg: No such file or directory
> + expr 1 + 1
> + LINKNUM=2
>
> and does not generate any traffic. Perhaps it needs some debugging. I
> am still looking for a solution, thanks in advance to all who has
> anything to say.
>
> In the meanwhile, I have tried bridging ethernet NICs and tap(4), and
> connected two tap(4) devices with net/vtun. It works, but again, only
> for untagged frames.
>
>


Hi,

I just checked and remembered that there is a sysctl
that controls forwarding of non-IP traffic

> sysctl net.link.bridge.pfil_onlyip
> net.link.bridge.pfil_onlyip: 1

That means that only IP is allowed to be forwarded by the bridge.
Change this to 0 and it will be hopefully ok.

HTH,
Nikos

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?553E400F.2040906>