Suggesting for fixing VLAN bridging the right way

Doug Ambrisko ambrisko at ambrisko.com
Thu Jul 3 15:01:11 PDT 2003 

Julian Elischer writes:
| how does netgraph bridging do?

I'm actually using netgraph bridging sort-of, kind-of.  Since I don't
care about loops and I'm only connecting to interfaces together
I just doing
	ngctl connect vlan0: rl0: lower lower
with the setpromisc, setautosrc etc.  Luigi's bridging had the 
same issue.

This is actually a simple test case.  What I'm doing it actually more
complicated for our product VLAN testing.  With this hack now my test 
stuff works (I do a IP re-map to do a poor man's virtualization of the
network stack ... which by the way I tried out the latest virtual
network stuff.  It sort-of worked but ran into some bugs and quirks).

So this is a fundamental bug, in which the packets from the NIC
don't make it to the vlan SW layer and things break.  I guess
I didn't explain that part well based on some other questions I got.
You also have to set the NIC in promiscous mode as well.  Seems like
if you configure a VLAN and modes those things should get enabled
on the base NIC.  Granted it could get funky with HW VLAN support.
It strange since I don't ifconfig the NIC but I always have to do
an 'ifconfig <nic> up' to make the VLAN work at all.  That's a little
odd.

Also you can see the bug via tcpdumps.  You see the packets come in
on the NIC but never make to the vlan iface.

Doug A.

| On Thu, 3 Jul 2003, Doug Ambrisko wrote:
| 
| > I'm trying to bridge VLAN traffic to network that doesn't have that VLAN,
| > something like:
| > 	(vlan network) -> fxp0 -> vlan0 <- FreeBSD bridge -> rl0 (no tag)
| > 
| > Both of the networks are the same except one side is tagged the other
| > has no tag.
| > 
| > It works fine in the "no tag" -> "tag" direction.  It fails in the
| > "tag" -> "no tag" direction since ether_demux we bail out on this
| > check:
| > 	if (!(BDG_ACTIVE(ifp))) {
| > 		/*
| > 		 * Discard packet if upper layers shouldn't see it because it
| > 		 * was unicast to a different Ethernet address. If the driver
| > 		 * is working properly, then this situation can only happen 
| > 		 * when the interface is in promiscuous mode.
| > 		 */
| > 		if ((ifp->if_flags & IFF_PROMISC) != 0
| > 		    && (eh->ether_dhost[0] & 1) == 0
| > 		    && bcmp(eh->ether_dhost,
| > 		      IFP2AC(ifp)->ac_enaddr, ETHER_ADDR_LEN) != 0
| > 		    && (ifp->if_flags & IFF_PPROMISC) == 0) {
| > 			m_freem(m);
| > 			return;
| > 		}
| > 	}
| > 
| > since it doesn't consider VLAN tagged packets coming in the headers
| > won't match this paradigm so the packets get through out.  I did a quick 
| > hack and changed it to:
| > 	if (!(BDG_ACTIVE(ifp))) {
| > 		/*
| > 		 * Discard packet if upper layers shouldn't see it because it
| > 		 * was unicast to a different Ethernet address. If the driver
| > 		 * is working properly, then this situation can only happen 
| > 		 * when the interface is in promiscuous mode.
| > 		 */
| > 		if ((ifp->if_flags & IFF_PROMISC) != 0
| > 		    && (eh->ether_dhost[0] & 1) == 0
| > 		    && bcmp(eh->ether_dhost,
| > 		      IFP2AC(ifp)->ac_enaddr, ETHER_ADDR_LEN) != 0
| > 		    && (ifp->if_flags & IFF_PPROMISC) == 0) {
| > 			/*
| > 			 * Let VLAN packets go to the SW VLAN node needed for
| > 			 * bridging
| > 			 */
| > 			if (! (vlan_input_p != NULL
| > 			    && ntohs(eh->ether_type) == ETHERTYPE_VLAN )) {
| > 				m_freem(m);
| > 				return;
| > 			}
| > 		}
| > 	}
| > 
| > That makes it work.  I rather doubt this is the right solution.
| > 
| > Suggestions greatly appreciated.  This issue is in -current and -stable.
| > 
| > Thanks,
| > 
| > Doug A.
| > _______________________________________________
| > freebsd-net at freebsd.org mailing list
| > http://lists.freebsd.org/mailman/listinfo/freebsd-net
| > To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
| > 
|

More information about the freebsd-net mailing list