Re: Disabling VLAN_HWTAGGING

From: Ruslan Ermilov (ru_at_freebsd.org)
Date: 03/30/04

  • Next message: Jacob S. Barrett: "Re: Disabling VLAN_HWTAGGING" 
    Date: Tue, 30 Mar 2004 22:48:21 +0300
To: "Jacob S. Barrett" <jbarrett@amduat.net>

    On Tue, Mar 30, 2004 at 11:19:00AM -0800, Jacob S. Barrett wrote:
    > Now what have I done wrong. I noticed this yesterday and I can't figure out
    > what I have done wrong. VLAN tagged ARP requests coming into if_nge are not
    > visible anymore (tcpdump). Non VLAN tagged ARP requests are visible. Debug
    > statements are showing the frame doesn't make it into the driver.
    >
    Like I said in another email in this thread, if NIC is doing VLAN
    stripping in firmware, you won't be able to see the original VLAN
    packet with tcpdump(8) in 5.x. Instead, it will be shown an inner
    Ethernet packet on the physical ("parentdev") interface. This can
    be fixed. But neither 4.x nor 5.x will show you the virgin VLAN
    packet on output if the NIC does VLAN insertion in firmware.

    > This is the request as it leaves the remote host.
    > 11:04:53.588726 0:90:27:f4:58:1d ff:ff:ff:ff:ff:ff 8100 46: 802.1Q vlan#2 P0
    > arp who-has 10.2.0.1 tell 10.2.0.2
    >
    > Strangely though, other broadcasts that are VLAN tagged get delivered to the
    > driver. With your patch they now correctly show up on the ng_vlan interface
    > too.
    >
    > This is the other broadcast as sent by remote host:
    > 0:90:27:f4:58:1d ff:ff:ff:ff:ff:ff 8100 257: 802.1Q vlan#2 P0 10.2.0.2.138 >
    > 10.2.0.255.138: NBT UDP PACKET(138)
    >
    > This is he above broadcast that was received by both if_nge and ng_vlan:
    > 0:90:27:f4:58:1d ff:ff:ff:ff:ff:ff 0800 246: 10.2.0.2.138 > 10.2.0.255.138:
    > NBT UDP PACKET(138)
    >
    > Any idea why the ARP packets would be filtered at the NIC?
    >
    Hmm, this shouldn't happen. Perhaps you have a firewall configured
    to run at layer2 that rejects them?

    > The same goes for
    > ARP replies. I can ARP request from the if_nge machine, but the replies get
    > dropped.
    >
    If you set ARP entries manually, can you ping each other?

    Cheers, 

    -- 
Ruslan Ermilov
ru@FreeBSD.org
FreeBSD committer

  • Next message: Jacob S. Barrett: "Re: Disabling VLAN_HWTAGGING"

    Relevant Pages

    • Re: FreeBSD 4.9 / VRRP / vlan
      ... |> ether & vlan managed by freevrrpd) .. ... ip address on the vlan subnet, ... vlan20, I see arp requests going out, on the tcpdump I launched on the ... host, the echo reply going back, but they're not received on the router. ...
      (freebsd-net)
    • Re: C6500 High Interrupt Load caused by ARP
      ... The most arp requests are sourced by the 6500's vlan ... The 6500 will ARP for packets it is trying to deliver onto a VLAN ... An IP scanner running thru your subnets would generate that type of ...
      (comp.dcom.sys.cisco)
    • Re: [was] addition to ipfw (read vlans from bridge)..
      ... into the packet as well as the packet, then yes I like that idea, ... At the moment I plan the ipfw code to be unaware of vlan headers. ... What we need to do is make a convention so that vlan tags are always ...
      (freebsd-net)
    • expected behavior of PF_PACKET on NETIF_F_HW_VLAN_RX device?
      ... the complete packet with vlan tag included as the driver simply calls ... thing vlan tag included and sends this through the socket. ... The packet socket gets everything including the vlan tag as I'd ...
      (Linux-Kernel)
    • Re: addition to ipfw..
      ... I would like to add something similar in the case where a vlan ... tag is also on the packet.. ... Then the vlan header is also held back so that the packet can be ... This allows me to filter packets that are traversing my bridge, ...
      (freebsd-net)