From owner-freebsd-bugs@FreeBSD.ORG Mon Mar 13 11:30:48 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F04616A41F for ; Mon, 13 Mar 2006 11:30:47 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C661143D49 for ; Mon, 13 Mar 2006 11:30:46 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2DBUk4o002981 for ; Mon, 13 Mar 2006 11:30:46 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2DBUkZd002980; Mon, 13 Mar 2006 11:30:46 GMT (envelope-from gnats) Resent-Date: Mon, 13 Mar 2006 11:30:46 GMT Resent-Message-Id: <200603131130.k2DBUkZd002980@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Eygene A.Ryabinkin" Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B6DCA16A41F; Mon, 13 Mar 2006 11:21:47 +0000 (UTC) (envelope-from rea@rea.mbslab.kiae.ru) Received: from rea.mbslab.kiae.ru (rea.mbslab.kiae.ru [144.206.177.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8298343D46; Mon, 13 Mar 2006 11:21:47 +0000 (GMT) (envelope-from rea@rea.mbslab.kiae.ru) Received: from rea.mbslab.kiae.ru (localhost [127.0.0.1]) by rea.mbslab.kiae.ru (Postfix) with ESMTP id 7F423BC24; Mon, 13 Mar 2006 14:21:45 +0300 (MSK) Received: by rea.mbslab.kiae.ru (Postfix, from userid 1000) id 50D28BBD8; Mon, 13 Mar 2006 14:21:45 +0300 (MSK) Message-Id: <20060313112145.50D28BBD8@rea.mbslab.kiae.ru> Date: Mon, 13 Mar 2006 14:21:45 +0300 (MSK) From: "Eygene A.Ryabinkin" To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: glebius@FreeBSD.org Subject: kern/94408: if_bridge breaks proxy ARP functionality X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Eygene A.Ryabinkin" List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Mar 2006 11:30:48 -0000 >Number: 94408 >Category: kern >Synopsis: if_bridge breaks proxy ARP functionality >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Mar 13 11:30:45 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Eygene A. Ryabinkin >Release: FreeBSD 6.1-PRERELEASE i386 >Organization: Code Labs >Environment: System: FreeBSD XXXX 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #X: Tue Mar 7 20:15:22 MSK 2006 root@XXXX:/usr/obj/usr/src/sys/XXXX i386 >Description: When many interfaces are bridged together via if_bridge (or old-style BRIDGE) the proxy ARP functionality will not work for some interfaces of the bridge: kern/75634 modified the source code of netinet/if_ether.c to send proxied replies only if original ARP request came from the interface proxy ARP entry belongs to. This is correct for the standalone interface, but if many interfaces are bridged I expect (but it is only my expectations) to get the proxied reply on any of the bridged interfaces if the proxy ARP entry exist for at least one interface from that bridge. Another way to explain the problem: suppose we have the proxy ARP entry for IP NN and MAC MM on the interface fxp0. And interfaces fxp0 and fxp1 are bridged via if_bridge. Then all ARP requests for NN coming via fxp0 will answered with MAC MM, but none of the ARP requests for NN coming via fxp1 will be answered, because the proxy ARP entry have fxp0 as the interface, not the fxp1. >How-To-Repeat: Make two bridged interfaces. Make the proxy arp entry for one of them. Do the ARP request from the subnet part that is behind another interface. You will get no answer. Do the ARP request from the subnet part that is behind the first interface: you will get the correct answer. >Fix: The obvious way to fix the problem is to enable the proxy ARP answers on any of the bridged interfaces if proxy record belongs to any of the bridged interfaces. The following patch inhibits such behaviour for if_bridge. I'm not using the old-style BRIDGE now, but I beleive that the problem can be fixed for BRIDGE as well. The patch itself: ----- --- if_ether.c.orig Sun Mar 12 11:37:42 2006 +++ if_ether.c Mon Mar 13 10:18:20 2006 @@ -863,10 +863,13 @@ } else { /* * Return proxied ARP replies only on the interface - * where this network resides. Otherwise we may - * conflict with the host we are proxying for. + * or bridge cluster where this network resides. + * Otherwise we may conflict with the host we are + * proxying for. */ - if (rt->rt_ifp != ifp) { + if (rt->rt_ifp != ifp && + (rt->rt_ifp->if_bridge != ifp->if_bridge || + ifp->if_bridge == NULL)) { RT_UNLOCK(rt); goto drop; } ----- I am almost sure that the behaviour my patch enables is the correct one: this is bridge and ARP queries are broadcasts, so we should answer such queries on any bridge interface. But someone who is better skilled with the networking can correct me: please, do it if I am wrong. >Release-Note: >Audit-Trail: >Unformatted: