Re: [Bridge] how to block STP bpdus on a particular port?
On Fri, 18 Apr 2008 09:21:21 + saurav barik [EMAIL PROTECTED] wrote: Hi, Can I refrain a particular port/interface on my linux bridge, to send and receive STP BPDUs? Is there any filter available for the same or should I customize linux bridge code? I googled and browsed through the mailing list archives but could not find any solution. Please share some pointers. Thanks for your time. Regards, Saurav ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge ebtables has an stp module. ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] default values
On Mon, 14 Apr 2008 14:43:38 +1000 Leigh Sharpe [EMAIL PROTECTED] wrote: Hi all, Can anybody tell me what the default values for setageingtimer and setgcint are? Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 Helpdesk 1300 300 616 email [EMAIL PROTECTED] blocked::mailto:[EMAIL PROTECTED] web www.pacificwireless.com.au blocked::http://www.pacificwireless.com.au/ ageing_time = 300 sec (5min) GC interval in recent kernels is not constant, but goes off as soon as the next entry would expire. This is done to avoid getting large forwarding table build up during a DoS attack. ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] RSTP in http://git.kernel.org/?p=linux/kernel/git/shemminger/rstp.git; a=summary problems
Joakim Tjernlund wrote: On Tue, 2008-04-01 at 15:27 +0530, Srinivas M.A. wrote: Curious, why is RSTP in user space? Lots of protocols are in the kernel, why not RSTP too? For one thing it is easier from a development standpoint. The kernel just needs to provide hooks for allowing userspace programs to send and receive BPDUs and to change port states. The STP logic can then be moved to userspace and it is easier to develop and debug. Yes, but this cannot the only reason to move xSTP to user space? I bet that is true for lots of stuff currently in kernel, i.e one could move ARP to user space too. You can probably get better performance with an in kernel xSTP and possible more robust as you don't depend on a external process that could get killed by OOM or by user mistake. Are any known issues with the in kernel STP? I haven't read 802.1D-2004 but I know RSTP is in there, does RSTP replace the old STP protocol? If not, is there any reason to prefer STP before RSTP in some cases? In 802.1D-2004, RSTP replaces the old STP. RSTP provides additional mechanisms to give faster convergence when the network involves only point-to-point links. It is backward compatible with STP, i.e., it will interoperate correctly when there are other STP bridges, though you lose the fast convergence then. So, in general, there is no reason to prefer STP to RSTP. Currently, the main reason would be that the STP implementation has been around much longer and that this RSTP implementation is new. Thanks you for the info, much appreciated. I guess the reason why in kernel STP hasn't been converted to RSTP is the user space approach? Sorry for all the questions/criticism, this is all fairly new to me and I wanted share my initial feelings about RSTP and how it works. Once I get used to how it all works I generally stop asking myself why/how things work and just get on with it. Jocke PS. I really think you need publish the RSTP work somewhere on the bride home page, I had a hard time finding this and I am sure others too have problems finding it. There are several motivations for moving it to user space: 1. As a userspace application it is less vulnerable to being used for remote exploits. Buffer overflows etc in kernel are more damaging. 2. Rstplib is pre-existing code, and can be incorporated easier into user application 3. The real reason is that there are many flavors of STP and and configuration and research are more easily managed in userspace. Note: performance is not an issue for STP. But: 1. Robustness is harder in userspace 2. Close coupling of kernel and daemons is maintance pain 3. Backwards compatibility problems. Maybe RSTP in userspace is a bad idea, it is possible to go back. ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] RSTP in http://git.kernel.org/?p=linux/kernel/git/shemminger/rstp.git; a=summary problems
On Mon, 31 Mar 2008 19:06:14 +0200 Joakim Tjernlund [EMAIL PROTECTED] wrote: On Mon, 2008-03-31 at 09:06 -0700, Stephen Hemminger wrote: On Sat, 29 Mar 2008 18:10:24 +0100 Joakim Tjernlund [EMAIL PROTECTED] wrote: -Original Message- From: Joakim Tjernlund [mailto:[EMAIL PROTECTED] Sent: den 29 mars 2008 17:22 To: 'Bridge@lists.linux-foundation.org' Subject: RSTP in http://git.kernel.org/?p=linux/kernel/git/shemminger/rstp.git;a=summary problems Hi List I cloned the above RSTP imp. and cross-compiled it to powerpc and tried in on my 2.6.23 kernel, but didn't get very far: Created a bridge, br0, with brctl and added two interfaces. started rstpd without args and ran rstpctl rstpctl showbridge br0 and all I get is CTL_get_bridge_state: Got return code 0, 1003 Failed to get bridge state: Err_Bridge_is_down The br0 i/f is UP amd RUNNING and so is the interfaces I added. I probably forgot to do something I suppose, but what? Jocke Never mind, user error on my part. I do wonder though if rstpd is production ready or still needs more testing/fixes? Jocke The rstpd stuff isn't widely used, more because of the administration, packaging, startup issues etc. It is kind of a chicken/egg problem, no one uses it so no one reports bugs.The RSTP code library has been around for a long while and doesn't have any known issues. I see, what do you think of Srinivas rewrite? I looks much cleaner, have you had a chance to test it? He did most of the original rstp code, just haven't had chance to merge it. Dirty secret, I don't use bridging normally, and have to go out of my way to setup tests so that is part of the reason I don't merge things until they have settled. ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] Bridge sysfs port_no overflow
On Mon, 31 Mar 2008 09:11:31 +0200 Osama Abu Elsorour [EMAIL PROTECTED] wrote: All We are running a setup with a large number of bridge ports that reaches the 900 ports. After switching to recent kernel and brctl- utils that uses the sysfs interface, we started noticing that the port numbers are mis-reported when issues the command: brctl showmacs br1 After tracing the code, we found that the problem lies in the sysfs structure called __fdb_entry. The port_no is declared as a u8 while it is u16 in the rest of the bridge structure. This causes the port_no to overflow when the bridge port number exceeds 255. The overflow line is in file br_fdb.c function br_fdb_fillbuf: fe-port_no = f-dst-port_no; where left hand port_no is _u8 and right hand is _u16. Even if it is unusual to have this number of ports on a single bridge it should be changed to the sake of consistency. This patch shows the change: @@ -94,7 +94,7 @@ struct __port_info struct __fdb_entry { __u8 mac_addr[6]; - __u8 port_no; + __u16 port_no; __u8 is_local; __u32 ageing_timer_value; __u32 unused; The problem is that this changes the size of the binary data structure and therefore changes the API. Better to do something with the unused field and maintain binary compatibility. Like this: --- a/include/linux/if_bridge.h 2008-03-31 08:37:57.0 -0700 +++ b/include/linux/if_bridge.h 2008-03-31 08:39:02.0 -0700 @@ -94,10 +94,11 @@ struct __port_info struct __fdb_entry { __u8 mac_addr[6]; - __u8 port_no; + __u8 old_port_no; __u8 is_local; __u32 ageing_timer_value; - __u32 unused; + __u16 port_no; + __u16 unused; }; #ifdef __KERNEL__ --- a/net/bridge/br_fdb.c 2008-03-31 08:39:23.0 -0700 +++ b/net/bridge/br_fdb.c 2008-03-31 08:41:32.0 -0700 @@ -285,6 +285,7 @@ int br_fdb_fillbuf(struct net_bridge *br /* convert from internal format to API */ memcpy(fe-mac_addr, f-addr.addr, ETH_ALEN); + fe-old_port_no = f-dst-port_no; fe-port_no = f-dst-port_no; fe-is_local = f-is_local; if (!f-is_static) ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] [PATCH] Add vlan id to bridge forward database
On Mon, 28 Jan 2008 16:39:14 +0100 Jaime Medrano [EMAIL PROTECTED] wrote: I'm resending this mail since I got no answer. Is there any major problem in this? Stephen Hemminger wrote: What about the nested vlan case? Below is a new patch that handles the double-tagging case. I'm not sure if it is worth a more generic case. ¿Are triple-tagging and so really used? This is a user/kernel ABI change. Does it break old tools? New patch gets rid of the unused field but it still doesn't break old tools. Anyway, the user part is not really needed. I just think it could be useful. Regards, Jaime. Minor stuff: 1. Please use shorter variable names, rather than: unsigned short vlan_first_id; I would choose: u16 vlan1; 2. You probably can use skb-protocol rather than having to look at the packet contents to check for 8021Q. 3. Don't use __constant_htons(), just use htons(). The macro is smart enough to handle the constant case, and it reads better, without the __constant_prefix. Major stuff: 1. This won't work with hardware accel VLAN receive. The tag is not put in the skb? ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] Question about using brctl and changing MAC addresses
On Mon, 10 Mar 2008 11:05:53 -0700 Philip Prindeville [EMAIL PROTECTED] wrote: I'm using Linux 2.6.20 (yes, I'll be upgrading to 2.6.24 as soon as it's stable). I have 4 VIA rhine ethernet controllers on my Soekris net5501, plus an ADSL PCI card (a Sangoma S-518) that runs in AAL5-SNAP mode, so it looks like an Ethernet controller. I'm trying to bridge eth0 and w1ad (the ADSL interface) into br0. And I'm trying to force the traffic on br0 to have the MAC address that my ISP insists I use (i.e. that of the crappy little Westell 6100 modem they sent me). The issue is the following. If I do: ifconfig w1ad down hw ether x:x:x:x:x:x up followed by either: brctl addbr br0 brctl addif br0 eth0 brctl addif br0 w1ad or: brctl addbr br0 brctl addif br0 w1ad brctl addif br0 eth0 the bridge ends up taking the MAC address of eth0 either way, which I don't get (how does it decide which to use?). I can clone the same MAC address to both eth0 and w1ad, but I don't know if that would cause me any problems or not (I haven't read the STP spec in about 15 years). Having the same mac address on both just is going to be problematic (impossible to do STP), so don't if you don't have to. But you can set address of bridge and eth0 to any address you want. So set these to the ISP assigned address. You probably will have to do it after bridge is created. brctl addbr br0 brctl addif br0 w1ad br0 ifconfig eth0 hw ether x:x:x:x:x:x up ifconfig w1ad up ifconfig br0 hw ether x:x:x:x:x:x up ifconfig br0 A.B.C.D netmask 255.255.255.0 ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] bridge-utils and ppp
On Sun, 09 Mar 2008 09:58:57 -0400 Lou Steinberg [EMAIL PROTECTED] wrote: Hi Richard- [snip] Does a bridge test exist? What is the output of brctl show? [snip] Yes, the bridge exists. brctl shows: [EMAIL PROTECTED]:~$ brctl addif test ppp0 can't add ppp0 to bridge test: Invalid argument [EMAIL PROTECTED]:~$ echo $? 1 [EMAIL PROTECTED]:~$ brctl show bridge name bridge id STP enabled interfaces test8000. no The bridging code only works for devices that have Ethernet headers. That is the way the bridging 802.2 standard works, it is a Layer 2 bridge and it uses the address information from Ethernet to do routing. PPP does not use Ethernet level framing so it can't be bridged. What were you trying to do? there are plenty of other ways to get the same effect. ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] span/monitor port
On Fri, 7 Mar 2008 20:10:46 -0500 Gabriel Somlo [EMAIL PROTECTED] wrote: Hi, I was wondering if there's an established way to set up one or more ports of a bridge as 'span' or 'monitor' ports. I.e., once a port is in this state, it discards any packets it receives, and gets a copy of any other packet the bridge is forwarding out any other port. Kind-of like cisco's span monitor session. If not, I'd be interested in having a go at it, but wanted to see if there's anything already there that I'm missing... It isn't really a bridge function, the way to do this is to use other facilities like the mirred action (see tc action). ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] Bridging troubles
On Wed, 27 Feb 2008 19:07:37 + George - [EMAIL PROTECTED] wrote: Hallo. I am trying to establish a bridge on my debian linux box between an ethernet and a wireless interface, in order to be able to connect to the bridge via my laptop's wireless. My laptop has WinXP. Well, i have a bridge which i created by brctl addbr br0 brctl addif eth1 (Ethernet controller: Intel Corporation 82562ET/EZ/GT/GZ - PRO/100 VE (LOM) Ethernet Controller (rev 03)) brctl addif eth4 (Network controller: RaLink RT2500 802.11g Cardbus/mini-PCI (rev 01)) I am connected through eth1 to a router and I want to bridge this two connections in order to connect remotely from my laptop's wireless card which is an Intel(R) Wireless WiFi Link 4965 AGN. My last steps are to dhclient br0 echo 0 /proc/sys/net/ipv4/ip_forward iptables -P FORWARD ACCEPT I was able to connect from my laptop, and router's dhcp worked fine. But here my problems start. I tried to ping my linux box and i was successful. I captured arp, dhcp packets. But when I am trying to ping my router (from my laptop), I fail. I try to catch packets with tcpdump -i br0 -|grep laptop_ip but it seems as if packets never get to my linux box. I found out about some kind of shapping so i also tried the following for f in `ls /proc/sys/net/bridge/`; do echo 0 /proc/sys/net/bridge/$f ;cat /proc/sys/net/bridge/$f;done but no good. My linux box can access Internet with no problem. My cards are ok, since the same configuration with a WinXP box (instead of debian) works. Are there any ideas? Giwrgos _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge Forget the /proc futzing that isn't your problem. http://www.linux-foundation.org/en/Net:Bridge#FAQ The problem is that wireless is not the same as Ethernet as far as bridging. ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] bridge-utils-1.4 unknown symbols
On Fri, 22 Feb 2008 15:31:30 -0500 [EMAIL PROTECTED] wrote: Greetings, I'm on a Gentoo vanilla-sources-2.6.24.2 kernel, with bridge-utils-1.4installed. When I try to modprobe bridge dmesg shows: Feb 22 15:22:51 indigo bridge: Unknown symbol br_handle_frame_hook Feb 22 15:22:51 indigo bridge: Unknown symbol nf_register_hooks Feb 22 15:22:51 indigo bridge: Unknown symbol br_fdb_put_hook Feb 22 15:22:51 indigo bridge: Unknown symbol nf_unregister_hooks Feb 22 15:22:51 indigo bridge: Unknown symbol nf_hook_slow Feb 22 15:22:51 indigo bridge: Unknown symbol br_fdb_get_hook Your kernel wasn't built with bridging enabled. You can't just build the bridge module standalone, the kernel itself needs to include bridging. Save your kernel config and then rebuild: cp .config config.sav make mrproper make ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
[Bridge] Re: unidirectional traffic and flooding
On Thu, 7 Feb 2008 15:19:06 +0200 Alexander (Sasha) Sirotkin [EMAIL PROTECTED] wrote: Suppose there is a unidirectional traffic only (for instance UDP) to one of the devices connected to a bridge. At the beginning, the bridge will learn the location of this device from gracious ARP. However, after the timeout the bridge will forget this information and since there is no traffic from that device (remember, the traffic is unidirectional, i.e. to the device only) it will start flooding... and will continue to do so forever. I have a feeling that I must be not the first person to encounter this problem. Any ideas ? You should check the 802.1d standard. -- Stephen Hemminger [EMAIL PROTECTED] ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] Bridge not functional after disconnect / connect
There were some fixes to carrier handling that went into 2.6.24. commit 21d7f67700ad7a4523d35d43ce95755e40eae5b7 Author: Stephen Hemminger [EMAIL PROTECTED] Date: Mon Nov 26 11:54:51 2007 -0800 skge: fiber link up/down fix The driver would not work over fibre if other end when down then came back up (would require reloading driver). The correct way to manage the link the same way for both TP and fibre. Resloves problem described in: http://lkml.org/lkml/2007/11/6/395 Signed-off-by: Stephen Hemminger [EMAIL PROTECTED] Signed-off-by: Jeff Garzik [EMAIL PROTECTED] diff --git a/drivers/net/skge.c b/drivers/net/skge.c index b680cb0..73a4246 100644 --- a/drivers/net/skge.c +++ b/drivers/net/skge.c @@ -1095,16 +1095,9 @@ static void xm_link_down(struct skge_hw *hw, int port) { struct net_device *dev = hw-dev[port]; struct skge_port *skge = netdev_priv(dev); - u16 cmd = xm_read16(hw, port, XM_MMU_CMD); xm_write16(hw, port, XM_IMSK, XM_IMSK_DISABLE); - cmd = ~(XM_MMU_ENA_RX | XM_MMU_ENA_TX); - xm_write16(hw, port, XM_MMU_CMD, cmd); - - /* dummy read to ensure writing */ - xm_read16(hw, port, XM_MMU_CMD); - if (netif_carrier_ok(dev)) skge_link_down(skge); } @@ -1194,6 +1187,7 @@ static void genesis_init(struct skge_hw *hw) static void genesis_reset(struct skge_hw *hw, int port) { const u8 zero[8] = { 0 }; + u32 reg; skge_write8(hw, SK_REG(port, GMAC_IRQ_MSK), 0); @@ -1209,6 +1203,11 @@ static void genesis_reset(struct skge_hw *hw, int port) xm_write16(hw, port, PHY_BCOM_INT_MASK, 0x); xm_outhash(hw, port, XM_HSM, zero); + + /* Flush TX and RX fifo */ + reg = xm_read32(hw, port, XM_MODE); + xm_write32(hw, port, XM_MODE, reg | XM_MD_FTF); + xm_write32(hw, port, XM_MODE, reg | XM_MD_FRF); } @@ -1714,6 +1713,12 @@ static void genesis_stop(struct skge_port *skge) struct skge_hw *hw = skge-hw; int port = skge-port; unsigned retries = 1000; + u16 cmd; + + /* Disable Tx and Rx */ + cmd = xm_read16(hw, port, XM_MMU_CMD); + cmd = ~(XM_MMU_ENA_RX | XM_MMU_ENA_TX); + xm_write16(hw, port, XM_MMU_CMD, cmd); genesis_reset(hw, port); ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] Learning BPDU source MACs in BLOCKING state = loss of IP connectivity
On Sat, 26 Jan 2008 22:56:22 +0600 Oleg Serditov [EMAIL PROTECTED] wrote: Hello to all. I'm running 2.6.12, uClinux distribution for the Blackfin processor. I am experiencing a problem which prevents two boxes connected by a pair of links from being able to ping each other. Fixed in 2.6.23. commit df1c0b8468b34628ed12b103804a4576cd9af8bb Author: Stephen Hemminger [EMAIL PROTECTED] Date: Thu Aug 30 22:15:35 2007 -0700 [BRIDGE]: Packets leaking out of disabled/blocked ports. This patch fixes some packet leakage in bridge. The bridging code was allowing forward table entries to be generated even if a device was being blocked. The fix is to not add forwarding database entries unless the port is active. The bug arose as part of the conversion to processing STP frames through normal receive path (in 2.6.17). Signed-off-by: Stephen Hemminger [EMAIL PROTECTED] Acked-by: John W. Linville [EMAIL PROTECTED] Signed-off-by: David S. Miller [EMAIL PROTECTED] diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c index 69b7097..eb57502 100644 --- a/net/bridge/br_fdb.c +++ b/net/bridge/br_fdb.c @@ -384,6 +384,11 @@ void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source, if (hold_time(br) == 0) return; + /* ignore packets unless we are using this port */ + if (!(source-state == BR_STATE_LEARNING || + source-state == BR_STATE_FORWARDING)) + return; + fdb = fdb_find(head, addr); if (likely(fdb)) { /* attempt to update an entry for a local interface */ diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index 5c18595..6f468fc 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c @@ -101,9 +101,8 @@ static int br_handle_local_finish(struct sk_buff *skb) { struct net_bridge_port *p = rcu_dereference(skb-dev-br_port); - if (p p-state != BR_STATE_DISABLED) + if (p) br_fdb_update(p-br, p, eth_hdr(skb)-h_source); - return 0;/* process further */ } -- Stephen Hemminger [EMAIL PROTECTED] ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] trying to bridge eth0 usb0 but arp requests go to the wrong network
On Fri, 18 Jan 2008 22:35:59 +0100 (CET) [EMAIL PROTECTED] wrote: Hello, I'm trying to get bridging to work between eth0 and usb0: 192.168.13.2 --- br0:192.168.13.47 --- 192.168.13.1 usb0 eth0 192.168.13.2:~ # ping 192.168.13.1 ... 100 % packet loss On 192.168.13.1 I do see the arp requests but no icmp packet :-/ Just like No traffic gets trough (except ARP and STP) in the FAQ on http://www.linux-foundation.org/en/Net:Bridge Except ... I can ping 192.168.13.1 from the bridge (192.168.13.47) Trying to ping 192.168.13.2 from the bridge does not work I do see the arp requests for 192.168.13.2 on 192.168.13.1 (!) I get the same result if if enable STP on the bridge. What is going wrong here? :-/ Any hint appreciated! Regards, andreas PS: The bridge system is a SUSE 10.2 with kernel 2.6.18.8-0.7-default (incl. suse patches) usb0 is a MosChip usb nic using the mcs7830 driver and eth0 is an on board intel nic. both work fine in non bridging mode. my routing table (just ignore the vmnet stuff): bibo:/proc/sys/net/ipv4 # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8 192.168.13.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 10.0.10.00.0.0.0 255.255.255.0 U 0 0 0 vmnet1 127.0.0.00.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.13.1 0.0.0.0 UG0 0 0 br0 Please reproduce without the interference of the proprietary VMware network. Since VM networking does it's own bridging, I suspect interference. Or go bug SUSE support -- Stephen Hemminger [EMAIL PROTECTED] ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] MAC addresses on ports
On Wed, 16 Jan 2008 15:09:48 +0100 Marian Jancar [EMAIL PROTECTED] wrote: Hi, I need some explanation/help with a probably bit uncommon bridge setup. I have devices that come with their manufacturer MAC addresses, and I need to create a bridge that uses my MAC address instead and has to look about like this: br0:unique MAC address from my range wlan0: same MAC as br0 (madwifi supports 4 MAC frames in STA mode so the actual bridging works, just if you are curious :p) eth0: any MAC address higher than the br0 MAC, and as long as the assumptions below hold, unique in just this bridge, eth1: ditto ... ethN: ditto Now, the only reason I can think about from my naive point of view, why the bridge cares about port MAC address at all, is maintaining a reliable and persistent connection between the logical port and the actual physical device for STP purposes. So if I'm right, I can assign any MAC addresses to the ethernet ports, as long as they are higher than the wlan0 address, to ensure that the bridge selects the wlan0 MAC as its own, and as long as they are locally unique. The MAC addresses of the ethernet ports will not appear in any non-STP packets and don't have to be globally unique, because they identify ports in just this bridge and STP handles that, just a port has always to have the same address and not a random one. Is this correct? If not, is there any other way to create a bridge and not to have to allocate a unique MAC to each port? Any comments and/or pointers to relevant documentation are highly appreciated. Latest version of code allows bridge to have any mac address. You do HAVE to make sure device in bridge has a unique mac address. ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] Conflict between net/if.h and linux/if.h
I fixed the problem differently because I don't want more conditional compilation. The ideal fix would be to get glibc to the headers fixed to be compatible. Use linux/if.h rather than net/if.h for compatiablity with other headers. Signed-off-by: Stephen Hemminger [EMAIL PROTECTED] --- libbridge/libbridge.h |8 +++- 1 files changed, 7 insertions(+), 1 deletions(-) diff --git a/libbridge/libbridge.h b/libbridge/libbridge.h index 20d5bb5..016acea 100644 --- a/libbridge/libbridge.h +++ b/libbridge/libbridge.h @@ -19,9 +19,15 @@ #ifndef _LIBBRIDGE_H #define _LIBBRIDGE_H -#include net/if.h +#include sys/socket.h +#include linux/if.h #include linux/if_bridge.h +/* defined in net/if.h but that conflicts with linux/if.h... */ +extern unsigned int if_nametoindex (const char *__ifname); +extern char *if_indextoname (unsigned int __ifindex, char *__ifname); + + struct bridge_id { unsigned char prio[2]; -- 1.5.3.4 ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] NFS over bridged interface
On Wed, 14 Nov 2007 09:45:17 -0600 Vivek Shrivastava [EMAIL PROTECTED] wrote: Hi, I am running NFS over my soekris boxes, with eth0 as the primary wired interface (that gets dhcp ip address from the server and loads the entire NFS filesystem). Now I want to bridge traffic from (some traffic) eth0 to eth1 (another interface). But as soon as I add eth0 to the bridge, the box stops responding. I have waited more than 30 sec (the default bridging fwd delay), but still see no response. I am a new to this community so I am not sure if this has been already discussed. Any help will be greatly appreciated. Thanks Vivek You need to use dhcp on the bridge interface. # brctl addbr br0 # ifconfig eth0 0.0.0.0# mark up with no address # ifconfig eth1 0.0.0.0 # brctl setfd br0 0# turn off forwarding delay # brctl addif br0 eth0 eth1 # dhclient br0 -- Stephen Hemminger [EMAIL PROTECTED] ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] Rx Buffer sizes on e1000
On Tue, 13 Nov 2007 10:12:03 +0100 Marek Kierdelewicz [EMAIL PROTECTED] wrote: Hi All, Hi, I have a box with 24 e1000 cards in it. They are configured as 12 bridges, each with 2 ports. 24 ports of e1000 nics means 24 interrupts used (or shared). Maybe thats the source of the problem. Did you notice anything unusual in your logs concerning e1000 nics? ... CPU utilisation is hovering around 50%, and load average is consistently under 0.1, so I don't beleive I'm looking at a CPU bottleneck. Is your box is multi-core (or HT-enabled)? Is your kernel SMP? If thats the case then check per core CPU utilisation (press 1 when watching top). You may be hitting roof only on one of the cores while avg. utilisation is around 50%. If you're not familiar with smp_affinity, then you should read the following: http://bcr2.uwaterloo.ca/~brecht/servers/apic/SMP-affinity.txt cheers, Marek Kierdelewicz KoBa ISP ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge First, make sure you have enough bus bandwidth! What kind of box, you really need PCI-express to get better bus throughput. MSI will also help. Memory speeds also matter. And the dual-port e1000's add a layer of PCI bridge that also hurts latency/bandwidth. Don't use kernel irq balancing, user space irqbalance daemon is smart enough to recognize network device's and do the right thing (assign them directly to processors). It would be useful to see what the kernel profiling (oprofile) shows. How are you measuring CPU utilization? The only accurate way is to measure time with an idle soaker program versus, time under load. Andrew Morton wrote a cyclesoaker to do this, if you want it, I'll dig it up. -- Stephen Hemminger [EMAIL PROTECTED] ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] Lowering CPU utilisation
On Wed, 7 Nov 2007 08:51:41 +1100 Leigh Sharpe [EMAIL PROTECTED] wrote: I'm using e1000 cards. According to oprofile, around 50% of the time is spent in the e1000 driver. Given that my load average is still under 0.5, I suspect I've got plenty of room for the driver to handle more traffic before I need to worry too much. Did you remember to configure NAPI for the e1000 driver (it is optional). -- Stephen Hemminger [EMAIL PROTECTED] ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] Lowering CPU utilisation
On Thu, 1 Nov 2007 09:00:07 +1100 Leigh Sharpe [EMAIL PROTECTED] wrote: Hi All, I have a box with 12 bridges on it, each of which has 2 ports. When the traffic level on the box reaches around 15-20Mbps on each bridge, my CPU utilisation gets to about 90-95%. I would like to avoid working the CPU that hard. Is there anything which can be done to get the CPU utlilisation down a bit? I have plans for an even bigger bridge, but these results indicate that it may not scale quite that well. Regards, Leigh Learn how to use oprofile and figure out where the time is going. You might be getting hit by the choice of network interface. -- Stephen Hemminger [EMAIL PROTECTED] ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] [PATCH 2.6.23.1] Kill STP hello timer if STP is not enabled
On Mon, 15 Oct 2007 23:48:12 +0200 Michał Mirosław [EMAIL PROTECTED] wrote: Quick CPU eater kill. This might be not the best fix possible. Without this patch, hello_timer is firing 250 times/sec and eating about 8% CPU time on my an otherwise idle system (dynticks enabled). 2.6.21.5 was even worse - 20% (HZ=1000). (br-hello_time was supposedly 0 when STP was disabled). Signed-off-by: Michał Mirosław [EMAIL PROTECTED] Good idea, but patch needs work. The default hello_time is 2 seconds, so if it is going up to 250/sec then maybe other root bridge is updating it. I don't see where hello_time gets set to 0 if STP disabled? My preference would be to have hello_time set to zero if not running STP and not start timer if it is zero. Also, the check for not sending config BPDU is separate. We do was time deciding to send BPDU when STP is disabled, the existing test could just be moved up the call chain. -- Stephen Hemminger [EMAIL PROTECTED] ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] Simple bridge, something's wrong
On Mon, 8 Oct 2007 02:50:42 -0500 Michael Jinks [EMAIL PROTECTED] wrote: Hi, list. I'm trying to set up a bridging VPN and having trouble. The VPN part seems to be working well, but for some reason bridging doesn't. To make things as simple as possible for tracking down what I'm doing wrong, I've set up a test network with three Linux machines connected to two ethernet segments, no VPN stuff involved: Host AHost B Host C 10.1.1.15--[segment 1]--[br0, no IP]--[segment 2]--10.1.1.16 (eth1, eth2) Does Host B have an IP address or is it a pure bridge? On Host B: $ /sbin/brctl show bridge name bridge id STP enabled interfaces br0 8000.000c299eefe7 no eth1 eth2 Did you wait for the forwarding delay (30 sec) to expire after setting up bridge? /sbin/brctl showstp br0 If I try to ping Host C from Host A, I get Destination host unreachable. Watching tcpdump on Host B at the same time, I see who-has arp requests coming in, but nothing going back out and no replies. brctl shows that the bridge has learned the MAC of Host A, but not Host C. $ sudo tcpdump -n -i br0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on br0, link-type EN10MB (Ethernet), capture size 96 bytes 01:46:37.542316 arp who-has 10.1.1.15 tell 10.1.1.16 01:46:38.543744 arp who-has 10.1.1.15 tell 10.1.1.16 01:46:39.544740 arp who-has 10.1.1.15 tell 10.1.1.16 $ /sbin/brctl showmacs br0 port no mac addris local? ageing timer 1 00:0c:29:9e:ef:e7 yes0.00 2 00:0c:29:9e:ef:f1 yes0.00 1 00:0c:29:d9:59:d8 no 1.83 (00:0c:29:d9:59:d8 is correct for Host A.) If I try to ping the other direction at the same time -- to Host A from Host C -- ping on host C doesn't produce any output at all, I don't see any arp traffic from Host C on Host B, and brctl doesn't show anything new. But, a few seconds after I stop pinging from Host A, Host B starts to produce host unreachable messages, Host B sees C's arp requests, and for a short while brctl shows both systems' MAC addresses, until the record for A eventually times out: $ /sbin/brctl showmacs br0 port no mac addris local? ageing timer 2 00:0c:29:25:1a:00 no 0.74 1 00:0c:29:9e:ef:e7 yes0.00 2 00:0c:29:9e:ef:f1 yes0.00 1 00:0c:29:d9:59:d8 no10.85 So, traffic is reaching the bridge, but it seems that nothing is ever repeated onto the other segment, and whichever host pings the bridge first squashes any traffic from the other. I've tried various combinations of settings under /proc. ip_forward set to both 1 and 0; /proc/sys/net/bridge/bridge-nf-* all set to 0 or all set to 1. That doesn't seem to make any difference. Have you setup filter rules?? or just plan to in future. -- Stephen Hemminger [EMAIL PROTECTED] ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] bridge-utils-1.2 doesn't include configure?
On Fri, 5 Oct 2007 11:42:19 -0400 [EMAIL PROTECTED] wrote: I downloaded bridge-utils-1.2.tar.gz (from http://sourceforge.net/project/showfiles.php?group_id=26089), but it doesn't include a ./configure script. Was this an oversight? Did I miss something? I perused the mail list archive, and this https://lists.linux-foundation.org/pipermail/bridge/2006-December/005187.html post seems to suggest someone else may have encountered the problem. ___ You need to run autoconf. -- Stephen Hemminger [EMAIL PROTECTED] ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] Arp Bridge
On Wed, 19 Sep 2007 16:32:26 +0200 David Martin [EMAIL PROTECTED] wrote: here is my bridge config : Let say br0 containing eth0 and eth1, with br0 IP adress is 192.168.0.10 For some reasons, I would like to be able to send packet from the bridge machine, only via a specific device. Thus, I set IP adress for eth0 and eth1 (let's say 192.168.0.11 and 192.168.0.12). I know a bridge is not supposed to have IP adress on the interfaces.. ___ | br0 (192.168.0.10)| | +--- eth0 (192.168.0.11) --- ethernet wire - 192.168.0.1 | +--- eth1 (192.168.0.12) ethernet wire - 192.168.0.254 |___| But when I try to send packet's from only one device, it does not work. ie : ping -I eth0 192.168.0.1 gives no response. I noticed that arp are sent and received by eth1, but they are of course received by br0 too. So the arp table is completed for br0 but not for eth1... The question is : Why does br0 update the arp table, but eth1 doesnt? how is the arp table are updated? eth1 is the one sending the request! Is there any mean to solve that? If you need to limit arp responses checkout arp_filter sysctl and stop doing the wierdness with IP addresses. If you are trying to do some form of security (or ISP workarounds) investigate using filtering (ebtables) to do it. -- Stephen Hemminger [EMAIL PROTECTED] ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] Jumbo frames support?
On Wed, 1 Aug 2007 14:09:45 +0200 Luca Lesinigo [EMAIL PROTECTED] wrote: The documentation says the bridge will work as far as all interfaces have the same MTU, but I also read on this and other mailing lists people having problems when using jumbo frames. What is the current status of jumbo frames support in the bridge? It could also be useful to have the same info on the wiki page. Thanks. -- Luca Lesinigo Bridge ignores frame size. The devices have to have same MTU to work. ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] My bridge is broken
On Fri, 25 May 2007 09:05:11 -0700 (PDT) Swedo Rama [EMAIL PROTECTED] wrote: Hi, I'm not sure if requests for help are appropriate for this list. If not, I apologize. My ISP (bredbandsbolaget) here in Sweden delivers my broadband by ethernet. I get up to five IP:s through DHCP. I figured it would be a good idea to actually use these IP:s instead of going for a NAT/PAT/masquerading thing. So, bridging firewall, right? Are you trying to do bridging or routing. If you want separate IP's you probably need to route not using bridging. I can't seem to get it to work. Worse, I'm too much of a newbie to even diagnose the problem. Here's my setup: |ISP|| firewall | |DHCP||eth1 eth2||switch||computers| The switch is a cheapo 3com 3CGSU05-ME gigabit thing. Here's the firewall box: aker:~# lspci | grep Eth 00:12.0 Ethernet controller: VIA Technologies, Inc. VT6102 [Rhine-II] (rev 7c) 04:04.0 Ethernet Controller: Intel Corporation 82541PI Gigabit Ethernet Controller (rev 05) 04:05:0 Ethernet Controller: Intel Corporation 82541PI Gigabit Ethernet Controller I want to use the two Intel PRO/1000 GT NICs for the bridge. aker:~# uname -sr Linux 2.6.18-4-486 It's Debian Etch with a standard kernel. aker:~# brctl --version bridge-utils, 1.2 I did this: aker:~# ifconfig eth1 promisc up device eth1 entered promiscuous mode audit(1180131751.392.2): dev=eth1 prom=256 old_prom=0 auid=4294967295 e1000: eth1: e1000_watchdog: NIC Link is Up 1000 Mbps Full Duplex aker:~# ifconfig eth2 promisc up device eth2 entered promiscuous mode audit(1180131923.963.3): dev=eth2 prom=256 old_prom=0 auid=4294967295 e1000: eth2: e1000_watchdog: NIC Link is Up 100 Mbps Full Duplex Don't set promisc. I don't where people get the idea you need to do this with bridging, but you don't! The bridge code enables promiscuous on the device as needed. aker:~# brctl addbr br0 Bridge firewalling registered aker:~# brctl addif br0 eth1 aker:~# brctl addif br0 eth2 aker:~# brctl setfd br0 0 aker:~# echo 1 /proc/sys/net/ipv4/ip_forward If you are pure bridging, then you don't need this. aker:~# brctl show br0 bridge namebridge idSTP enabled interfaces br0 8000.000e0cdd3b12 no eth1 eth2 Both NICs have links. eth2 has a 100 mbit FD link to ISP. eth1 a gig FD link to the switch. Now I figure I should be ready to run my DHCP client on one of the computers, but that doesn't work. if I run brctl showmacs br0 afterwards it only lists the MACs of the two NICs in the bridge. Seems like no traffic has gone through. Did the startup scripts assign IP addresses to eth devices on bridge? I tried setting all the /proc/sys/net/bridge/bridge-nf* values to 0. No difference. I'm pretty new to linux, and to networking, and I don't really know how to figure out what I'm doing wrong. Any help would be greatly appreciated. And again, sorry if this is off-topic (is there somewhere else more appropriate for this kind of question?) /Swedo - Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos more. -- Stephen Hemminger [EMAIL PROTECTED] ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] Performance and limitations of virtual bridges
On Mon, 7 May 2007 20:32:17 +0200 Fermín Galán Márquez [EMAIL PROTECTED] wrote: Hi, Is there a limit in the number of interfaces a virtual bridge (created with brctl) can support without having a severe impact in performance? The problem with lots of interfaces is that if destination address is not known (or multicast/broadcast) the packet has to be copied and sent N times. I guess that there is no absolute answer for that question :), but maybe there is some kind of procedure/tool to know the stress or load that a virtual bridge is supporting in a given moment (in a similar way that a top can show you the CPU load). Worst case is the flooding problem. My question is due to I'm using a virtual bridge with 14 interfaces (each interface correspond to a Xen virtual machine in the same physical host) and, given that I'm experiencing transmission delays in the network supported by the bridge, I'm suspecting about a loss of performance of it. Probably when flooding it has to wake up all the guest machines and that is sucking your performance on hypervisor switches. Thanks in advance! Best regards, Fermín Galán Márquez CTTC - Centre Tecnològic de Telecomunicacions de Catalunya Parc Mediterrani de la Tecnologia, Av. del Canal Olímpic s/n, 08860 Castelldefels, Spain Room 1.02 Tel : +34 93 645 29 12 Fax : +34 93 645 29 01 Email address: fermin dot galan at cttc dot es ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge -- Stephen Hemminger [EMAIL PROTECTED] ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] Linux Bridge + NAT + firewall
On Mon, 30 Apr 2007 06:23:03 -0700 (PDT) Sebastian Tabarce [EMAIL PROTECTED] wrote: Hello everybody! I'm trying to setup at home a linux router for me and my 3 friends. Basically I had some spare network cards around and that is why I have not bought a switch or a router. Also all of us are rarely at home at the same time so bandwidth will not be a problem. And I thought it would be fun to try to make this work in linux. However, I've hit a dead end. This is my problem: - I have a spare computer running CentOS 5 (RHEL 5 clone) with 5 network cards - we have an internet connection via a cable modem. The cable modem is linked at eth4 to the above computer that will be setup as router. - all the computers in the house are linked to the same above computer to eth0...eth3. I did the following: - I'm using dhclient to obtain an IP for eth4 via DHCP. The internet connection works on this computer, I am able to navigate, etc. I had to spoof the MAC address of eth4 since the MAC of one of the other computers was registered at our ISP. (Yes, I could have exchanged the network cards, if it wouldn't have been a laptop) - I used bridge-utils to configure a bridge composed of eth0...eth3 my rc.local: #create bridge brctl addbr br0 brctl stp br0 off brctl addif br0 eth0 brctl addif br0 eth3 ifconfig eth0 0.0.0.0 ... ifconfig eth3 0.0.0.0 ifconfig br0 192.168.0.1 netmask 255.255.255.0 up #spoof MAC and get DHCP IP addres on eth4 ifconfig eth4 down ifconfig eth4 hw ehter addr xx:xx:xx:xx:xx:xx:xx:xx ifconfig eth4 up dhclient eth4 #iptables iptables -t nat -A POSTROUTING -o eth4 -j MASQUERADE iptables -A INPUT -i eth4 -o br0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth0 -o eth4 -j ACCEPT - the other computers also have IPs in the 192.168.0.xxx range with 192.168.0.1 set as gateway and DNS and are running Windows and linux. My question is how do I masquerade all 4 computers linked to br0 and make them connect to the internet using my cable modem connection on eth4? I tried using iptables but could not obtained so far a result. IP forwarding is enabled in /etc/sysctl.conf. I'm thinking of refining afterwards the rules to have a true firewall, but first I need a working NAT. You need to setup NAT ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] PVST
On Fri, 27 Apr 2007 10:47:42 +1000 Leigh Sharpe [EMAIL PROTECTED] wrote: Hi All, Does the current bridging code handle PVST properly, or just ordinary STP? Ordinary, STP. The 2.6.22 kernel will have all the bits to run STP in user mode, and there is a version of RSTP in userspace see: git://git.kernel.org/pub/scm/linux/kernel/shemminger/git/rstp.git The RSTP code uses the rstplib and it knows about VLAN's, but the hooks aren't there yet. Eventually, full MSTP 802.Q seems like a good idea. Someone had sent some patches to do PVST, but PVST seems to be Cisco centric. and the patched version was too inflexible, so I didn't put it in mainline. ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
[Bridge] [PATCH 3/4] bridge: if no STP then forward all BPDUs
If a bridge is not running STP, then it has no way to detect a cycle in the network. But if it is not running STP and some other machine or device is running STP, then if STP BPDU's get forwarded to it can detect the cycle. This is how the old 2.4 and early 2.6 code worked. Signed-off-by: Stephen Hemminger [EMAIL PROTECTED] --- net/bridge/br_input.c | 12 ++-- 1 file changed, 10 insertions(+), 2 deletions(-) --- bridge-2.6.22.orig/net/bridge/br_input.c +++ bridge-2.6.22/net/bridge/br_input.c @@ -136,8 +136,14 @@ struct sk_buff *br_handle_frame(struct n if (skb-protocol == htons(ETH_P_PAUSE)) goto drop; - return (NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_IN, skb, skb-dev, - NULL, br_handle_local_finish) == 0) ? skb : NULL; + /* Process STP BPDU's through normal netif_receive_skb() path */ + if (p-br-stp_enabled != BR_NO_STP) { + if (NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_IN, skb, skb-dev, + NULL, br_handle_local_finish)) + return NULL; + else + return skb; + } } switch (p-state) { -- ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] linux bridge does not bridge bpdu packets
this makes my stealth bridge not stealphy anymore! because you can see in bptu packets its mac. That is what i want to prevent. I want it to be completely transparent and not seen in the network traffic. So should i patch the kernel for it ? Hmm.. My first priority is to make sure that the bridge code is stable for users, ie it doesn't cause network disasters. Second, is following the standard, and third is making it useful for all the wierd tricks (like being fully transparent) that everyone seems to want the code to do. But in this case, I think if STP is disabled, the bridge would be more stable if it just forwarded the spanning tree packets. The rationale is that if someone leaves STP off on one bridge, but there are multiple paths from a bridge that is using spanning tree; then the bridge that is doing STP will see and break the potentially disastrous network loop. Therefore, I suggest the following (probably not until 2.6.22) change: From 6188ced799c07054c64b0e15a645c674b0d256b8 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger [EMAIL PROTECTED] Date: Mon, 23 Apr 2007 16:54:20 -0700 Subject: [PATCH] bridge: forward STP BPDU's if not doing spanning tree If not doing spanning tree protocol than it is safer to just forward any STP BPDU's received. This allows any device using STP to still detect loops if there is a misconnected transparent bridge. Signed-off-by: Stephen Hemminger [EMAIL PROTECTED] --- net/bridge/br_input.c |5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index 8a55276..85605bd 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c @@ -131,8 +131,9 @@ struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb) if (!is_valid_ether_addr(eth_hdr(skb)-h_source)) goto drop; - if (unlikely(is_link_local(dest))) { - skb-pkt_type = PACKET_HOST; + /* Don't forward 802.1x packets */ + if (p-br-stp_enabled != BR_NO_STP is_link_local(dest)) { + skb-pkt_type = PACKET_MULTICAST; return (NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_IN, skb, skb-dev, NULL, br_handle_local_finish) == 0) ? skb : NULL; -- 1.5.0.6 ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] linux bridge does not bridge bpdu packets
Roman Glebov wrote: Hallo, i have here transparent linux based bridge. The problem is : all stp packets which come to one side of the Bridge are not forwarded to the other side. Which distrubs stp when this device is put inbetween of two stp capable devices. It forwards all traffik through it. Normal udp/tcp traffik is forwarded. I switched stp on it off so it does not participate in Spanning tree communications. It is a very simple setup : br0 with eth0 and eht1 as ports. without any additional firewall rules. I am using 2.6.18-4-686 debian kernel(testing). i even did setfd br0 0. What am i doing wrong ? Do i need to use ebtables to explicitely forward the traffic? Turn on STP in the bridge, it will then receive process and send it's own STP BPDU's. ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] [BRIDGE] Unaligned access on IA64 when comparing ethernet addresses
David Miller wrote: From: Pavel Emelianov [EMAIL PROTECTED] Date: Tue, 17 Apr 2007 15:49:30 +0400 From: Evgeny Kravtsunov [EMAIL PROTECTED] compare_ether_addr() implicitly requires that the addresses passed are 2-bytes aligned in memory. This is not true for br_stp_change_bridge_id() and br_stp_recalculate_bridge_id() in which one of the addresses is unsigned char *, and thus may not be 2-bytes aligned. Signed-off-by: Evgeny Kravtsunov [EMAIL PROTECTED] Signed-off-by: Kirill Korotaev [EMAIL PROTECTED] Signed-off-by: Pavel Emelianov [EMAIL PROTECTED] Patch applied, thank you. I had a better way, I'll fix. ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] [BRIDGE] Unaligned access on IA64 when comparing ethernet addresses
The previous patch relied on the bridge id being aligned by the compiler (which happens as a side effect). So please use this instead. compare_ether_addr() implicitly requires that the addresses passed are 2-bytes aligned in memory. This is not true for br_stp_change_bridge_id() and br_stp_recalculate_bridge_id() in which one of the addresses is unsigned char *, and thus may not be 2-bytes aligned. Signed-off-by: Evgeny Kravtsunov [EMAIL PROTECTED] Signed-off-by: Kirill Korotaev [EMAIL PROTECTED] Signed-off-by: Pavel Emelianov [EMAIL PROTECTED] Signed-off-by: Stephen Hemminger [EMAIL PROTECTED] --- --- linux-2.6.orig/net/bridge/br_stp_if.c 2007-04-16 20:03:04.0 -0700 +++ linux-2.6/net/bridge/br_stp_if.c 2007-04-17 13:25:52.0 -0700 @@ -126,23 +126,22 @@ /* called under bridge lock */ void br_stp_change_bridge_id(struct net_bridge *br, const unsigned char *addr) { - unsigned char oldaddr[6]; + bridge_id old_id; struct net_bridge_port *p; int wasroot; wasroot = br_is_root_bridge(br); - memcpy(oldaddr, br-bridge_id.addr, ETH_ALEN); + old_id = br-bridge_id; memcpy(br-bridge_id.addr, addr, ETH_ALEN); memcpy(br-dev-dev_addr, addr, ETH_ALEN); list_for_each_entry(p, br-port_list, list) { - if (!compare_ether_addr(p-designated_bridge.addr, oldaddr)) + if (!compare_ether_addr(p-designated_bridge.addr, old_id.addr)) memcpy(p-designated_bridge.addr, addr, ETH_ALEN); - if (!compare_ether_addr(p-designated_root.addr, oldaddr)) + if (!compare_ether_addr(p-designated_root.addr, old_id.addr)) memcpy(p-designated_root.addr, addr, ETH_ALEN); - } br_configuration_update(br); @@ -151,19 +150,17 @@ br_become_root_bridge(br); } -static const unsigned char br_mac_zero[6]; - /* called under bridge lock */ void br_stp_recalculate_bridge_id(struct net_bridge *br) { - const unsigned char *addr = br_mac_zero; + static const bridge_id id_zero; + const unsigned char *addr = id_zero.addr; struct net_bridge_port *p; list_for_each_entry(p, br-port_list, list) { - if (addr == br_mac_zero || + if (addr == id_zero.addr || memcmp(p-dev-dev_addr, addr, ETH_ALEN) 0) addr = p-dev-dev_addr; - } if (compare_ether_addr(br-bridge_id.addr, addr)) --- linux-2.6.orig/net/bridge/br_private.h 2007-04-17 13:26:48.0 -0700 +++ linux-2.6/net/bridge/br_private.h 2007-04-17 13:30:29.0 -0700 @@ -36,7 +36,7 @@ { unsigned char prio[2]; unsigned char addr[6]; -}; +} __attribute__((aligned(8))); struct mac_addr { ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] Bridging over a bonded interface?
On Mon, 16 Apr 2007 17:10:37 -0400 Ravi Ramamirtham [EMAIL PROTECTED] wrote: Hi, This may sound crazy but I will go ahead anyway. Here's my scenario: ifconfig bond0 10.10.10.1 netmask 255.0.0.0 ifenslave bond0 eth0 ifenslave bond0 eth1 brctl addbr stp0 brctl addif stp0 bond0 brctl stp stp0 on Is this a valid scenario? I am trying to bond two interfaces and run STP over the bonded interface..The problem I am trying to solve is to run STP over aggregated links between two nodes. Any suggestions/pointers would be much appreciated. Thanks The Linux code won't mind, but if you are bonding into another vendor's switch, it is probably going to get horribly confused. ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] UDP Framgment
On Mon, 16 Apr 2007 18:54:04 -0500 Fernando Rodriguez [EMAIL PROTECTED] wrote: Hello, I currently run a bridge with mastershaper but I im having somme issues regarding the udp packets that are fragmented is seems that they are unable to cross the bridge as they should they reach the other side of the network unusable, I have been trying to read regarding this issue on internet but couldn't find any answers. Bridges don't fragment themselves. They drop packets if MTU is different. That is part of the standard. Those udp packets are sent via multicast on the network Im currently running Kernel 2.6.18.3 and bridge utils bridge-utils-1.0.4-4. There maybe issues with checksum offload with some drivers in that kernel Try turning it off in the ethernet driver (see ethtool) driver. ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
Re: [Bridge] RSTP implementation
On Wed, 11 Apr 2007 10:27:17 +0200 [EMAIL PROTECTED] wrote: Hi, for a universitary project, RSTP (802.1D-2004, Ch. 17) shall be implemented on an embedded linux device. My questions: were there any further developments since the version from Marco Goetze, which was available for download on http://linux-net.osdl.org/index.php/Talk:Bridge ? On the site is announced that it is unusable and that some pieces are missing. Is there any documentation about 'why' it's unusable and 'what' is missing so somebody (like me) might be able to finish the work? thanks in advance for any info! Mario Gartner We are close to having a user level RSTP.. Aji Srinivas did a version, but it had a number of things I wanted to fix before releasing. The kernel pieces are in the pre 2.6.22 tree. And the user-level code is in git tree: git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/rstp.git IT DOESN'T WORK YET. -- Stephen Hemminger [EMAIL PROTECTED] ___ Bridge mailing list Bridge@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge