From owner-freebsd-bugs@FreeBSD.ORG Wed Oct 28 15:50:03 2009 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A8461065693 for ; Wed, 28 Oct 2009 15:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 2D0928FC21 for ; Wed, 28 Oct 2009 15:50:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n9SFo3pq055934 for ; Wed, 28 Oct 2009 15:50:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n9SFo20T055933; Wed, 28 Oct 2009 15:50:02 GMT (envelope-from gnats) Resent-Date: Wed, 28 Oct 2009 15:50:02 GMT Resent-Message-Id: <200910281550.n9SFo20T055933@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Jean Aumont Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DE7DD1065693 for ; Wed, 28 Oct 2009 15:48:02 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id CD89E8FC47 for ; Wed, 28 Oct 2009 15:48:02 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n9SFm2eC000648 for ; Wed, 28 Oct 2009 15:48:02 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id n9SFm2Gd000647; Wed, 28 Oct 2009 15:48:02 GMT (envelope-from nobody) Message-Id: <200910281548.n9SFm2Gd000647@www.freebsd.org> Date: Wed, 28 Oct 2009 15:48:02 GMT From: Jean Aumont To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/140051: ARP not sent through Bridge Firewall with BCE network dirver X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2009 15:50:03 -0000 >Number: 140051 >Category: kern >Synopsis: ARP not sent through Bridge Firewall with BCE network dirver >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Oct 28 15:50:02 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Jean Aumont >Release: Production Release: 7.2 >Organization: Mediagrif Technologie Interactive >Environment: FreeBSD FW1 7.2-RELEASE FreeBSD 7.2-RELEASE #0: Tue Oct 28 11:45:32 EDT 2009 root@FW1:/usr/obj/usr/src/GENERIC i386 >Description: ARP request are not sent through Bridge Firewall with the BCE network dirver. I was trying to set up a PF bridge fireall when I discover the problem. I set-up 2 pc and make sure that they could ping each other. Then I set-up the bridge firewall using the 2 onboard network card of my HP Proliant DL360 G6. The onboard card uses the BCE network driver. I connected the 2 PC to the firewall as follow: PC-A ...... BCE0 (Bridge Firewall) BCE1 ...... PC-B I started to ping from PC-A to PC-B snooping the network everywhere. On PC-A, the tcpdump was showing ARP request being sent to the BCE0 interface of the firewall. On the Bridge Firewall, using tcpdump, I could see the ARP request arriving to the BCE0 interface. Again on the firewall, using tcpdump, I could see the ARP request leaving the BCE1 interface.... it seem good !!! At PC-B, using tcpdump, NO arp request were arriving. The tcpdump done on the BCE1 interface of the firewall is indicating that it is sending the ARP, but it does not do it. The BCE driver must be causing the problem. Also note that this test was done on the stock Production Release: 7.2 witch no patch and PF disable. I finally added a 4 ports Intel network card to the server and move the bridge to EM0 and EM1 and everything worked the first time I tried it. No arp problem. Conclusion ... the BCE driver is broken. >How-To-Repeat: Follow instruction above. >Fix: Did not look at the code ... >Release-Note: >Audit-Trail: >Unformatted: