From owner-freebsd-net@freebsd.org  Mon Oct  7 06:22:07 2019
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 23FCA13FEBF
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Mon,  7 Oct 2019 06:22:07 +0000 (UTC) (envelope-from lan@zato.ru)
Received: from mail.zato.ru (mail.zato.ru [178.255.248.12])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mail.zato.ru", Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 46mr3x4wvrz4Kr1
 for <freebsd-net@freebsd.org>; Mon,  7 Oct 2019 06:22:05 +0000 (UTC)
 (envelope-from lan@zato.ru)
Received: from startsnto.ru ([81.200.243.105] helo=[192.168.175.30])
 by mail.zato.ru with esmtpsa (TLSv1.2:AES128-SHA:128)
 (Exim 4.84 (FreeBSD)) (envelope-from <lan@zato.ru>)
 id 1iHMPC-0006k8-H4
 for freebsd-net@freebsd.org; Mon, 07 Oct 2019 09:22:03 +0300
To: freebsd-net@freebsd.org
References: <213f9284-5ddd-4dbc-6631-f8592efa2995@zato.ru>
 <4A3381ED-7C78-48E2-BD1F-45B7A4A930CE@lists.zabbadoz.net>
From: "Alexander N. Lunev" <lan@zato.ru>
Message-ID: <a7872f80-5ae6-7ed0-494e-f7472190fe6c@zato.ru>
Date: Mon, 7 Oct 2019 09:21:53 +0300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <4A3381ED-7C78-48E2-BD1F-45B7A4A930CE@lists.zabbadoz.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: ru
Content-Transfer-Encoding: 8bit
X-SA-Exim-Connect-IP: 81.200.243.105
X-SA-Exim-Mail-From: lan@zato.ru
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.zato.local
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED
 autolearn=unavailable autolearn_force=no version=3.4.2
Subject: Re: VLAN+bridge problem [was: no network between jails and host with
 VNET on same interface]
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail.zato.ru)
X-Rspamd-Queue-Id: 46mr3x4wvrz4Kr1
X-Spamd-Bar: ------
X-Spamd-Result: default: False [-6.72 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[];
 R_DKIM_ALLOW(-0.20)[zato.ru:s=mailserverdkimkey];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:178.255.248.12];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 RCPT_COUNT_ONE(0.00)[1];
 IP_SCORE(-3.72)[ip: (-9.79), ipnet: 178.255.248.0/24(-4.90), asn:
 56868(-3.92), country: RU(0.01)]; DKIM_TRACE(0.00)[zato.ru:+];
 DMARC_POLICY_ALLOW(-0.50)[zato.ru,reject];
 RECEIVED_SPAMHAUS_PBL(0.00)[105.243.200.81.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net
 : 127.0.0.11]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:56868, ipnet:178.255.248.0/24, country:RU];
 MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[];
 RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2019 06:22:07 -0000

02.10.2019 12:21, Bjoern A. Zeeb пишет:
> My best guess would be to try to create the VLAN interface on the host 
> upon the bridge and not upon the physical interface.  Can you try that 
> and see if that works?

I've tested with tcpdump, and here's what i found:

Host interfaces:
em0 up
vlan22 10.15.15.1/24 vlandev em0 vlan22
epair0a - part of epair for jail foo
bridge0 addm epair0 addm em0

Jail foo interfaces:
epair0b up (vnet interface)
vlan22 10.15.15.2/24 vlandev epair0b vlan22

While pinging from jail IP 10.15.15.1 tcpdump see ARP packets all way 
through to em0:

# tcpdump -i em0 -e | grep 10.15.
18:18:37.194891 02:62:bb:b6:19:0b (oui Unknown) > Broadcast, ethertype 
802.1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 
10.15.15.1 tell 10.15.15.2, length 28
18:18:38.222494 02:62:bb:b6:19:0b (oui Unknown) > Broadcast, ethertype 
802.1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 
10.15.15.1 tell 10.15.15.2, length 28

But for some reason they're not reaching host's vlan22 interface which 
have "vlandev em0 vlan 22" config. How could it be?

Ipfw is not enabled.

# uname -a
FreeBSD virt 12.1-PRERELEASE FreeBSD 12.1-PRERELEASE r352266 GENERIC  amd64

# kldstat
Id Refs Address                Size Name
  1   20 0xffffffff80200000  2448b88 kernel
  2    1 0xffffffff8281a000     2668 intpm.ko
  3    1 0xffffffff8281d000      b50 smbus.ko
  4    1 0xffffffff8281e000     18a0 uhid.ko
  5    1 0xffffffff82820000     1aa0 wmt.ko
  6    1 0xffffffff82822000     2940 nullfs.ko
  7    1 0xffffffff82825000     6fc0 if_bridge.ko
  8    1 0xffffffff8282c000     41c8 bridgestp.ko
  9    1 0xffffffff82831000     1a20 if_epair.ko


-- 
Best regards,
Alexander Lunev