Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 27 Apr 2015 20:39:52 +0600
From:      Victor Sudakov <vas@mpeks.tomsk.su>
To:        freebsd-questions@freebsd.org
Subject:   Re: tunneling L2 tagged traffic over IP
Message-ID:  <20150427143952.GA94033@admin.sibptus.tomsk.ru>
In-Reply-To: <553E400F.2040906@gmx.com>
References:  <20150425174935.GA48023@admin.sibptus.tomsk.ru> <553C1F66.4060901@gmx.com> <20150426123629.GA48916@admin.sibptus.tomsk.ru> <20150427093355.GA86151@admin.sibptus.tomsk.ru> <553E400F.2040906@gmx.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Nikos Vassiliadis wrote:

[dd]

> >
> > In the meanwhile, I have tried bridging ethernet NICs and tap(4), and
> > connected two tap(4) devices with net/vtun. It works, but again, only
> > for untagged frames.
> >
> >
> 
> I just checked and remembered that there is a sysctl
> that controls forwarding of non-IP traffic
> 
> > sysctl net.link.bridge.pfil_onlyip
> > net.link.bridge.pfil_onlyip: 1
> 
> That means that only IP is allowed to be forwarded by the bridge.
> Change this to 0 and it will be hopefully ok.

Nikos, 

I have two interfaces in a bridge:

# ifconfig bridge0
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:d7:d7:0d:ff:00
        inet 10.14.133.20 netmask 0xffffffc0 broadcast 10.14.133.63
        nd6 options=9<PERFORMNUD,IFDISABLED>
        id 00:00:00:00:00:00 priority 61440 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 61440 ifcost 0 port 0
        member: vr0 flags=1c3<LEARNING,DISCOVER,AUTOEDGE,PTP,AUTOPTP>
                ifmaxaddr 0 port 6 priority 128 path cost 200000
        member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 11 priority 128 path cost 2000000
# 

"tcpdump -i vr0 stp" sees incoming STP traffic while "tcpdump -i tap0 stp" 
sees none no matter if net.link.bridge.pfil_onlyip is "1" or "0".

I see however some IP6, IPX (!) and CDP frames.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov@sibptus.tomsk.ru

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150427143952.GA94033>