Programming interface MAC filter without enabling PROMISC on
an interface from user space.
Andrew Thompson
thompsa at FreeBSD.org
Tue Jan 15 12:00:46 PST 2008
On Tue, Jan 15, 2008 at 09:59:22AM +0000, Tom Judge wrote:
> Bruce M. Simpson wrote:
>> Tom Judge wrote:
> <SNIP>
>>> Personally I can't see why this approach would be a problem, but I am
>>> not a expert. The address is defined in IEEE Std 802.1D-2004 as to not
>>> be forwarded by bridges (which I interpret as it being link local in a
>>> sense as switches/bridges are not allowed to forward the frame), so I
>>> can't see it being a problem registered on multiple interfaces.
>> SIOCADDMULTI memberships are specific to the interface you request them
>> on. I can't speak for the bridging code -- I don't think it does any
>> special handling of multicast frames, however I'm not sure if it's smart
>> enough not to forward this group. Like IN_LOCALGROUP() it might need its
>> own 'don't forward this' clause.
>
>
> Just for the record it seems that if_bridge replaces the destination MAC of
> a Ethernet multicast packet with its own MAC therefore making sure that the
> packets are not forwarded. Andrew can you confirm this assumption? (Based
> on sys/net/if_bridge.c lines 2011-2018 on RELENG_6_2)
No, the only multicast address that the bridge does not forward is the
STP one (01:80:c2:00:00:00). It will pass LLDP frames.
Andrew
More information about the freebsd-net
mailing list