From owner-freebsd-net@FreeBSD.ORG Thu Aug 21 10:13:17 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3EBA616A4BF for ; Thu, 21 Aug 2003 10:13:17 -0700 (PDT) Received: from www.ambrisko.com (adsl-64-174-51-42.dsl.snfc21.pacbell.net [64.174.51.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 63D6A43FCB for ; Thu, 21 Aug 2003 10:13:16 -0700 (PDT) (envelope-from ambrisko@ambrisko.com) Received: from ambrisko.com (localhost [127.0.0.1]) by www.ambrisko.com (8.12.8p1/8.12.8) with ESMTP id h7LHDEf8034711; Thu, 21 Aug 2003 10:13:14 -0700 (PDT) (envelope-from ambrisko@ambrisko.com) Received: (from ambrisko@localhost) by ambrisko.com (8.12.8p1/8.12.8/Submit) id h7LHDEwn034710; Thu, 21 Aug 2003 10:13:14 -0700 (PDT) (envelope-from ambrisko) From: Doug Ambrisko Message-Id: <200308211713.h7LHDEwn034710@ambrisko.com> In-Reply-To: <3F44F6F6.9090606@tcoip.com.br> To: "Daniel C. Sobral" Date: Thu, 21 Aug 2003 10:13:14 -0700 (PDT) X-Mailer: ELM [version 2.4ME+ PL94b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org cc: larse@ISI.EDU Subject: Re: CFR: bridge locking X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Aug 2003 17:13:17 -0000 Daniel C. Sobral writes: | Doug Ambrisko wrote: | > Daniel C. Sobral writes: | > | If you get bridge to send/receive packets to/from vlan interfaces | > | attached to them, I'll be forever grateful. | > | | > | I've been trying to configure a setup where a firewall is connected to | > | redundant switches, but no solution I found could handle the vlan | > | attachments. :-( | > | > I assuming you are using SW VLANs then you need this. There is supposed | > to be work to fix this correctly in progress but this works for | > me when bridging VLANs. | | This didn't work for me. I don't know if I'm using SW or HW vlans. But | since I can see the vlan packets with tcpdump, I tend to believe it | would be SW vlans. | | The test I'm doing is the following: | | kldload bridge | sysctl net.link.ether.bridge=1 | sysctl net.link.ether.bridge_cfg="fxp1 fxp3" | ifconfig fxp1 up | ifconfig fxp3 up | ifconfig vlan0 create | ifconfig vlan0 vlan 999 vlandev fxp1 | ifconfig vlan0 200.220.254.190/26 | | On the switch side, the port connected to fxp1 is down and the one | connected to fxp3 is up. Next, I ping all around. What I see with your | patch is: | | ARP packets received on fxp3 go to fxp1 but not vlan0. | ARP packets sent through vlan0 go to fxp1 but not fxp3. | | This is 4.7-RELEASE. The patch did not apply cleanly, but I went through | it and fixed all failed chunks. | | (yes, this is pretty much like the other message I sent -- the results | were the same, but then I wondered if I hadn't made an error in one of | the above steps and went back to test it again, so, in the mean time, I | copied the above to the other message, adjusted, and set that reply. :) No my mistake ... I was thinking you were trying to bridge the traffic out of the FreeBSD vlan device. That is what my patch fixes. Sorry. For kicks you could try netgraph bridging. I found it sometimes works better. Tweak the script in /usr/share/example/netgraph. For some purposes I use bridge others I use the netgraph version. Depends on the need. FWIW I have created a vmnet iface then bridged to it. However, for it to work with netgraph you need to make it work. I use vmnet since it is persistant and I can just do an echo -n > /dev/vmnet1 to create it. Then I can do various things to it. So you could run the vlan off vmnet1 and then bridge it to the others. Doug A. Index: if_tap.c =================================================================== RCS file: /cvs/src/sys/net/if_tap.c,v retrieving revision 1.3.2.3 diff -c -r1.3.2.3 if_tap.c *** if_tap.c 14 Apr 2002 21:41:48 -0000 1.3.2.3 --- if_tap.c 22 Aug 2003 00:08:45 -0000 *************** *** 426,431 **** --- 426,432 ---- return (dummy); case SIOCSIFFLAGS: /* XXX -- just like vmnet does */ + tapifinit(tp); case SIOCADDMULTI: case SIOCDELMULTI: break;