Using the simple Layer-2 bridge setup below, an ICMP Ping 172.17.1.5 from HostA does not get to HostB while using EtherIP encapsulation with gif(4) at its tunnel end points.
The Ping's initial Ethernet broadcasts with the ARP Requests make it through the gif tunnel to BridgeB, to both its bridge0 and vio2 interfaces (check with tcpdump, tshark). However, vio2 never re-broadcasts those ARP Requests on the wire to HostB!? E.g. the physical egress interface vio2, which is member of a bridge(4) on BridgeB, receives the ARP Requests, but it fails re-broadcast them to HostB so that Host could answer with ARP Reponses. Also, BridgeB does not learn the source MAC from HostA (and of course it can not learn the MAC of HostB, because ARP Requests never get there). However, pinging the (numbered) vio2 on BridgeB succeeds (Ping 172.17.1.2 from HostA), e.g. the gif tunnel is OK. Also, HostA can ping HostB after removal of the gif tunnel, e.g. after deleting gif0 from bridge0 on both BridgeA and BridgeB, and adding vio1 to them instead. Testing conditions: - default installs of OpenBSD i386 snapshot from yesterday - pf is disabled - no L2 filter rules on the bridge member interfaces - set sysctl net.inet.etherip.allow=1 to enable EtherIP on gif() - the observation is the same on both VirtualBox with vio() interfaces, as well as on a real hardware with APU2 that have em() interfaces. Currently, experimenting with pf enabled on BridgeB, I found that ARP Requests apparently do not generate state with a very basic rule-set, such as 'pass log all'. What did I miss? Or, is there "just a bug" in the gif/bridge combo that is haunting me? Would it be worthwhile to try with -stable or an older version of OpenBSD? Years ago, I had such a setup working with 4.3, and I can make configuration files available (although they are very minimal, mostly running default install) ... Thanks for any hints and suggestions! Rolf *HostA* vio1 172.16.0.5/22 | v vio2 172.16.0.2/22 *BridgeA* bridge0 add vio2 add gif0 gif0 tunnel 10.10.1.2 10.10.1.3 vio1 10.10.1.2/24 | v vio1 10.10.1.3/24 gif0 tunnel 10.10.1.3 10.10.1.2 bridge0 add vio2 add gif0 *BridgeB* vio2 172.16.1.2/22 | v vio1 172.16.1.5/22 *HostB*
