Re: CFR: bridge locking

From: Daniel C. Sobral (dcs_at_tcoip.com.br)
Date: 08/21/03

  • Next message: Doug Ambrisko: "Re: CFR: bridge locking" 
    Date: Thu, 21 Aug 2003 13:44:38 -0300
To: Doug Ambrisko <ambrisko@ambrisko.com>

    Doug Ambrisko wrote:
    > Daniel C. Sobral writes:
    > | If you get bridge to send/receive packets to/from vlan interfaces
    > | attached to them, I'll be forever grateful.
    > |
    > | I've been trying to configure a setup where a firewall is connected to
    > | redundant switches, but no solution I found could handle the vlan
    > | attachments. :-(
    >
    > I assuming you are using SW VLANs then you need this. There is supposed
    > to be work to fix this correctly in progress but this works for
    > me when bridging VLANs.

    This didn't work for me. I don't know if I'm using SW or HW vlans. But
    since I can see the vlan packets with tcpdump, I tend to believe it
    would be SW vlans.

    The test I'm doing is the following:

    kldload bridge
    sysctl net.link.ether.bridge=1
    sysctl net.link.ether.bridge_cfg="fxp1 fxp3"
    ifconfig fxp1 up
    ifconfig fxp3 up
    ifconfig vlan0 create
    ifconfig vlan0 vlan 999 vlandev fxp1
    ifconfig vlan0 200.220.254.190/26

    On the switch side, the port connected to fxp1 is down and the one
    connected to fxp3 is up. Next, I ping all around. What I see with your
    patch is:

    ARP packets received on fxp3 go to fxp1 but not vlan0.
    ARP packets sent through vlan0 go to fxp1 but not fxp3.

    This is 4.7-RELEASE. The patch did not apply cleanly, but I went through
    it and fixed all failed chunks.

    (yes, this is pretty much like the other message I sent -- the results
    were the same, but then I wondered if I hadn't made an error in one of
    the above steps and went back to test it again, so, in the mean time, I
    copied the above to the other message, adjusted, and set that reply. :)

    >
    > Doug A.
    >
    > Index: net/if_ethersubr.c
    > ===================================================================
    > RCS file: /cvs/src/sys/net/if_ethersubr.c,v
    > retrieving revision 1.70.2.33
    > diff -c -r1.70.2.33 if_ethersubr.c
    > *** net/if_ethersubr.c 28 Apr 2003 15:45:53 -0000 1.70.2.33
    > --- net/if_ethersubr.c 21 Aug 2003 03:31:09 -0000
    > ***************
    > *** 667,674 ****
    > && bcmp(eh->ether_dhost,
    > IFP2AC(ifp)->ac_enaddr, ETHER_ADDR_LEN) != 0
    > && (ifp->if_ipending & IFF_PPROMISC) == 0) {
    > ! m_freem(m);
    > ! return;
    > }
    >
    > /* Discard packet if interface is not up */
    > --- 667,681 ----
    > && bcmp(eh->ether_dhost,
    > IFP2AC(ifp)->ac_enaddr, ETHER_ADDR_LEN) != 0
    > && (ifp->if_ipending & IFF_PPROMISC) == 0) {
    > ! /*
    > ! * Let VLAN packets go to the SW VLAN node needed for
    > ! * bridging
    > ! */
    > ! if (! (ntohs(eh->ether_type) == ETHERTYPE_VLAN
    > ! && vlan_input_p != NULL)) {
    > ! m_freem(m);
    > ! return;
    > ! }
    > }
    >
    > /* Discard packet if interface is not up */ 

    -- 
Daniel C. Sobral                   (8-DCS)
Gerencia de Operacoes
Divisao de Comunicacao de Dados
Coordenacao de Seguranca
VIVO Centro Oeste Norte
Fones: 55-61-313-7654/Cel: 55-61-9618-0904
E-mail: Daniel.Capo@tco.net.br
         Daniel.Sobral@tcoip.com.br
         dcs@tcoip.com.br
Outros:
	dcs@newsguy.com
	dcs@freebsd.org
	capo@notorious.bsdconspiracy.net
"man hier" will explain the way FreeBSD filesystems are normally laid out.
		-- David Scheidt <dscheidt@tumbolia.com>
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
  • Next message: Doug Ambrisko: "Re: CFR: bridge locking"