From owner-freebsd-net@FreeBSD.ORG Sat Apr 11 01:54:38 2009 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AB9EF10656C5 for ; Sat, 11 Apr 2009 01:54:38 +0000 (UTC) (envelope-from ccowart@rescomp.berkeley.edu) Received: from hal.rescomp.berkeley.edu (hal.Rescomp.Berkeley.EDU [169.229.70.150]) by mx1.freebsd.org (Postfix) with ESMTP id 918368FC17 for ; Sat, 11 Apr 2009 01:54:38 +0000 (UTC) (envelope-from ccowart@rescomp.berkeley.edu) Received: by hal.rescomp.berkeley.edu (Postfix, from userid 1225) id 8B0273C054F; Fri, 10 Apr 2009 18:38:34 -0700 (PDT) Date: Fri, 10 Apr 2009 18:38:34 -0700 From: Chris Cowart To: "Bjoern A. Zeeb" Message-ID: <20090411013834.GB40655@hal.rescomp.berkeley.edu> Mail-Followup-To: "Bjoern A. Zeeb" , "Eugene M. Kim" <20080111.freebsd.org@ab.ote.we.lv>, freebsd-net@FreeBSD.org References: <48693E39.4080104@ab.ote.we.lv> <20080630220842.X83875@maildrop.int.zabbadoz.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-ripemd160; protocol="application/pgp-signature"; boundary="H1spWtNR+x+ondvy" Content-Disposition: inline In-Reply-To: <20080630220842.X83875@maildrop.int.zabbadoz.net> Organization: RSSP-IT, UC Berkeley User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-net@FreeBSD.org, "Eugene M. Kim" <20080111.freebsd.org@ab.ote.we.lv> Subject: Re: bridge(4) and IPv6 link-local address X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Apr 2009 01:54:39 -0000 --H1spWtNR+x+ondvy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Bjoern A. Zeeb wrote: > On Mon, 30 Jun 2008, Eugene M. Kim wrote: > > A quick question: Is bridge(4) supposed /not/ to automatically configur= e an=20 > > IPv6 link-local address? >=20 > yes there is a check for this in the code and if remoed (tried that > lately) more things go wrong. >=20 > > I'm trying to use it to bridge a wired segment and a wireless segment, = and=20 > > router advertisement over bridge0 wouldn't work because, with bridge0 l= acking=20 > > a LL address, the router uses a non-LL address as the source address f= or RA=20 > > packets, which then is ignored as invalid by other IPv6 nodes. >=20 > yes, seem something similar lately but ETIMEOUT on debugging. The > problem basically was: >=20 > lan bridge ath --- wlan client >=20 > the LL address was on the "lan" interface. >=20 > ping6 LL on lan from wlan client did not work. I could see the packets > being bridged and visible on all interfaces and even the router on lan > noticed them but there was no reply going to the client. ping6 from > the bridge ``box'' to the wlan client and everything was fine as nd > was seeded. >=20 > Removing the check we ended up with the same LL address on both bridge > and the lan interface if I can remember correctly and you do not want > that... it's a bit tricky and there is something that does not work as > expected, right. If you find the time to debug it I'll happily test > patches;-) I seem to be reviving a fairly old thread here, but this is what I found when I went searching for the issue. I am personally bridging a wireless NIC (ath0) with a VLAN interface (vlan10). The bridge does not receive a link-local address. The bridge interface (bridge0) is the default gateway for my LAN, both for v4 and v6. My Mac was logging this message in response to router advertisements: | Apr 10 18:16:54 administrators-imac configd[29]: RTADV_VERIFY_PACKET: | invalid RA with non link-local source from 2001:4830:1679:10::1 on en0 and was refusing to acknowledge them. My solution was to assign a link-local address to bridge0 based on the ethernet address (I think I did the EUI-48 stuff correctly): | bridge0: flags=3D8843 metric 0 mt= u 1500 | ether 92:db:a2:b4:8e:ba | inet 10.1.10.1 netmask 0xffffff00 broadcast 10.1.10.255 | inet6 2001:4830:1679:10::1 prefixlen 64=20 | inet6 fe80::90db:a2ff:feb4:83ba%bridge0 prefixlen 64 scopeid 0xc=20 | id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 | maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 | root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 According to ifconfig(8): | Basic IPv6 node operation requires a link-local address on each interface | configured for IPv6. Normally, such an address is automatically config- | ured by the kernel on each interface added to the system; this behaviour | may be disabled by setting the sysctl MIB variable | net.inet6.ip6.auto_linklocal to 0. The bridge(4) page does not add any disclaimer about bridge interfaces. Neither man page gives a good how-to on assigning your own link-local address (I guessed and got it right with the % notation). Shouldn't the kernel assign link-local addresses to these interfaces? Should this address be based on the ethernet address of the bridge interface? I'm not sure I really understood the challenges with the implementation. --=20 Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley --H1spWtNR+x+ondvy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (FreeBSD) iQIcBAEBAwAGBQJJ3/SaAAoJEIGh6j3cHUNP+ecP+gKBGGQUMWgmJ1BQNgT/FfW3 rHkRDLUYNF8eJ+OX4yDfOLgsWCXtEDqvO99OwMHr+1GHhg4rJWYM2C1JJYJElAXE fp79/eSM8Gjo0n9EiWqglkUL9HyRiPtRX7K7WbPLJG75J7ALkThK04UCTghF8GJ5 ZfeoKG9PauZJruH3j91v6aBZhV0E6GrSc8+KiJvx/NmxBiMzpBXOGb4h32R0zPfT n1Fat3bJ5yxyBXaAEnRdOajTG4wUIXa1CFYrmskk8XA7uToaXK0CuiSdexHjrxIj 5GymlpLL33FuOvg32/nK9HDEaL/ktqHZNz+wt9n1p2T4VGk+bdd1TQQvOwXRXwG/ SEIHnpFTREasZ9K0RgVC6mFgkVvFbZGV6OGW/ugISg81u56l+O4IncH6JUCeT5CP h4JUwcQgLAd4IC2ISqNBlYOaDj1yFikhyHWsv8BzUV5WmQT0fq4AToswbAUdQU6A 4lNH0Wq3YZurcRk1fcVQY4atGdin3ftGL6FOI54AB+yb+o1a6E/UxoiYh4tHW4lW XFvkjV23yy+W94SWhbjyldQyy5GoCED0wzxF/x/R7lzQ9AF1/uumcubRWV7f/+EG 0HvIbBx34TvsTCDyocBNGwcred+BnHE7saS67dWuB6fvcUrOjyqqvjLoMIY4X8tB zV9aw1X5E3Dmg0EAzdOa =S/1z -----END PGP SIGNATURE----- --H1spWtNR+x+ondvy--