headers
David McCullough | 3 Aug 2006 01:05

Re: Is bridgeing possible with kernel 2.6.10


Jivin Juergen Pfeiffer lays it down ...
> Hi
> 
> I didn't get bridgeing to work with Linux kernel 2.6.10 (coldfire 5485) 
> yet. When i try to configure bridgeing
> with "brctl", everything seems to be ok, but i if i try to ping through 
> my bridge, i see ARP-Request arriving on the other side, but the
> ARP-Responses do not go back through the bridge.
> Now i could read in 
> "http://www.tldp.org/HOWTO/Ethernet-Bridge-netfilter-HOWTO-2.html#ss2.1"
> that "Use of kernel 2.6 is not yet a good idea".
> So do i have a change to get it working?

One of the guys here has been testing bridging with 2.6.17 from the
uClinux-dist and it is working fine.  Probably can't offer you much more
than that though,

Cheers,
Davidm

--

-- 
David McCullough,  david_mccullough <at> securecomputing.com,   Ph:+61 734352815
Secure Computing - SnapGear  http://www.uCdot.org http://www.cyberguard.com
_______________________________________________
uClinux-dev mailing list
uClinux-dev <at> uclinux.org
http://mailman.uclinux.org/mailman/listinfo/uclinux-dev
This message was resent by uclinux-dev <at> uclinux.org
(Continue reading)

Permalink | Reply | 0 comments |
headers
Trinidad | 6 Aug 2006 06:57
Picon

[KJ] your chance

Dear friend,
I found your picture on one of the websites, can we talk to 
each other? I might be coming to your place in few baweeaks.
This would be a great opportunity to meet each other.
Btw, I am a woman. I am 25. aDrop me a line at jde <at> summerdayzz.com
Permalink | Reply | 0 comments |
headers
He, Zhenjie | 8 Aug 2006 08:05
Picon

Re: Network seperation and ethernet bridge...

Hi, Stephen/all,

The situation I meet is similar as this.

I want to capture BPDU packets go through the Linux bridge,

[internal bridge] --> (connected with a switch) --> [external bridge] --> workstation,

[internal bridge]: br1 ip.addr == 192.168.1.2
[external bridge]: ifconfig br0 192.168.1.10 netmask 255.255.255.0 up
workstation: ip.addr == 192.168.1.222
enable the [internal bridge] with stp on,

My question is, could [internal bridge] generate BPDU packets, and pass the [external bridge], finally captured on the outside workstation?

Best regards,

Jason,
email: hezhenjie <at> gmail.com

On 7/8/06, Stephen Hemminger < shemminger <at> osdl.org> wrote:
On Thu, 22 Jun 2006 16:06:39 +0200
Etienne Pretorius < etiennep <at> kingsley.co.za> wrote:

> Hello all,
>
> I would like to know if it is possible to have 2 bridge instances
> running - one for the internal network and the other for the external
> network.

Yes, you can have two separate bridge instances in the system.

> What I need to explain is that I need the internal bridge to go though
> the Linux Kernel and pass its packets to the external network bridge.
> I am also hopeful that the internal network bridge will not need an IP
> address as I am hoping to allocate the internal network clients a gateway
> address beyond the external network bridge and so when I have 2 similar
> machines running with both internal and external network bridges
> that when one machine dies completely then the other will take over.
> Sooooo what I need to know is will I require proxy-arp and/or ip_forwarding?
>
>
> [internal NW] ---> [internal bridge port 1 of  2]----[external bridge
> port 4 of 4] --->[GW router]----> www.google.com

No, you can't bridge a bridge.
This is done to prevent creating loops and causing deep stack nesting.

> I would like to make it so that no request can obviously enter the
> internal network via the external bridge without having been requested
> from the
> internal network --- something similar to tcp state marking but for all
> protocals and/or ether types.
>


--
Stephen Hemminger <shemminger <at> osdl.org >
Quis custodiet ipsos custodes?
_______________________________________________
Bridge mailing list
Bridge <at> lists.osdl.org
https://lists.osdl.org/mailman/listinfo/bridge

_______________________________________________
Bridge mailing list
Bridge <at> lists.osdl.org
https://lists.osdl.org/mailman/listinfo/bridge
Permalink | Reply | 4 comments |
headers
Stephen Hemminger | 8 Aug 2006 20:30

Re: Network seperation and ethernet bridge...

On Tue, 8 Aug 2006 14:05:03 +0800
"He, Zhenjie" <hezhenjie <at> gmail.com> wrote:

> Hi, Stephen/all,
> 
> The situation I meet is similar as this.
> 
> I want to capture BPDU packets go through the Linux bridge,

Simpler just to use something like AF_PACKET, or tools like pcapture?

> 
> [internal bridge] --> (connected with a switch) --> [external bridge] -->
> workstation,
> 
> [internal bridge]: br1 ip.addr == 192.168.1.2
> [external bridge]: ifconfig br0 192.168.1.10 netmask 255.255.255.0 up
> workstation: ip.addr == 192.168.1.222
> enable the [internal bridge] with stp on,
> 
> My question is, could [internal bridge] generate BPDU packets, and pass the
> [external bridge], finally captured on the outside workstation?
> 
> Best regards,

Nested bridges are not supported because of possible stack depth and recursion
issues.
Permalink | Reply | 3 comments |
headers
He, Zhenjie | 9 Aug 2006 03:53
Picon

Re: Network seperation and ethernet bridge...

Thank you for your reply.
Please see the following comments.
On 8/9/06, Stephen Hemminger <shemminger <at> osdl.org> wrote:

On Tue, 8 Aug 2006 14:05:03 +0800
"He, Zhenjie" < hezhenjie <at> gmail.com> wrote:

> Hi, Stephen/all,
>
> The situation I meet is similar as this.
>
> I want to capture BPDU packets go through the Linux bridge,

Simpler just to use something like AF_PACKET, or tools like pcapture?
 
I intend to use a Linux bridge with stp enable in the internal to generate BPDU packets, and use ethereal or tcpdump to capture packets in the other side.
Is there other ways to generate BPDU?

>
> [internal bridge] --> (connected with a switch) --> [external bridge] -->
> workstation,
>
> [internal bridge]: br1 ip.addr == 192.168.1.2
> [external bridge]: ifconfig br0 192.168.1.10 netmask 255.255.255.0 up
> workstation: ip.addr == 192.168.1.222
> enable the [internal bridge] with stp on,
>
> My question is, could [internal bridge] generate BPDU packets, and pass the
> [external bridge], finally captured on the outside workstation?
>
> Best regards,

Nested bridges are not supported because of possible stack depth and recursion
issues.

Then, how to deploy the network topology in order to test a Linux bridge that could pass/block BPDU packets?
Any suggestions, many thanks,

Jason
_______________________________________________
Bridge mailing list
Bridge <at> lists.osdl.org
https://lists.osdl.org/mailman/listinfo/bridge
Permalink | Reply | 0 comments |
headers
He, Zhenjie | 9 Aug 2006 12:02
Picon

Re: Network seperation and ethernet bridge...

Thank you for your reply.
On 8/9/06, Stephen Hemminger <shemminger <at> osdl.org > wrote:

On Tue, 8 Aug 2006 14:05:03 +0800
"He, Zhenjie" <hezhenjie <at> gmail.com> wrote:

> Hi, Stephen/all,
>
> The situation I meet is similar as this.
>
> I want to capture BPDU packets go through the Linux bridge,

Simpler just to use something like AF_PACKET, or tools like pcapture?
 
I intend to use a Linux bridge with stp enable in the internal to generate BPDU packets, and use ethereal or tcpdump to capture packets in the other side.
Is there other ways to generate BPDU?

>
> [internal bridge] --> (connected with a switch) --> [external bridge] -->
> workstation,
>
> [internal bridge]: br1 ip.addr == 192.168.1.2
> [external bridge]: ifconfig br0 192.168.1.10 netmask 255.255.255.0 up
> workstation: ip.addr == 192.168.1.222
> enable the [internal bridge] with stp on,
>
> My question is, could [internal bridge] generate BPDU packets, and pass the
> [external bridge], finally captured on the outside workstation?
>
> Best regards,

Nested bridges are not supported because of possible stack depth and recursion
issues.

Then, how to deploy the network topology if I want to test  a bridge that could  pass/block BPDU packets?

_______________________________________________
Bridge mailing list
Bridge <at> lists.osdl.org
https://lists.osdl.org/mailman/listinfo/bridge
Permalink | Reply | 1 comment |
headers
Stephen Hemminger | 9 Aug 2006 19:05

Re: Network seperation and ethernet bridge...

On Wed, 9 Aug 2006 18:02:03 +0800
"He, Zhenjie" <hezhenjie <at> gmail.com> wrote:

> Thank you for your reply.
> On 8/9/06, Stephen Hemminger <shemminger <at> osdl.org> wrote:
> >
> > On Tue, 8 Aug 2006 14:05:03 +0800
> > "He, Zhenjie" <hezhenjie <at> gmail.com> wrote:
> >
> > > Hi, Stephen/all,
> > >
> > > The situation I meet is similar as this.
> > >
> > > I want to capture BPDU packets go through the Linux bridge,
> >
> > Simpler just to use something like AF_PACKET, or tools like pcapture?
> 
> 
> I intend to use a Linux bridge with stp enable in the internal to generate
> BPDU packets, and use ethereal or tcpdump to capture packets in the other
> side.
> Is there other ways to generate BPDU?

You could use LLC to send/receive spanning tree BPDU's.
Or you could use the Ethernet tap driver (tuntap) and attach a pseudo-device
to a bridge.
Permalink | Reply | 0 comments |
headers
Stephen Hemminger | 11 Aug 2006 01:09

Re: Oops in 2.6.17.7 running multiple eth bridges

On Thu, 10 Aug 2006 23:59:56 +0200
"Peter M" <peter.mdk <at> gmail.com> wrote:

> The analyzer is a AMD Duron around 1200 MHz and has 128 MB of RAM.

Your trying to squeeze blood from a turnip (not tulip) by trying
to run 8 interfaces at once on that system.

> I can't remember if the crashes only comes when I'm running tcpdumps
> on several bridges at a time. But shouldn't the kernel handle it more
> gracefully if it uses up all the memory?
> 
> analyze-this:~# free
> Unknown HZ value! (91) Assume 100.
>              total       used       free     shared    buffers     cached
> Mem:        127280     124800       2480          0      21048      84044
> -/+ buffers/cache:      19708     107572
> Swap:       506036          0     506036
> 
> Regards
> Peter
> 
> 2006/8/10, Stephen Hemminger <shemminger <at> osdl.org>:
> > On Thu, 10 Aug 2006 19:34:22 +0200
> > "Peter M" <peter.mdk <at> gmail.com> wrote:
> >
> > > I have built a multi bridge i386 machine with 8 eth devices which
> > > keeps crashing on me.
> > >
> > > Kernel 2.6.7.17
> > >
> > > I'm using a network card with 4 ports (tulip) and 4 r8169 based cards.
> > >
> > > br0: eth0 eth1
> > > br1: eth2 eth3
> > > br2: eth3 eth4
> > > br3: eth5 eth6
> > >
> > > Below crash came when I unplugged a cable on a running bridge. Today I
> > > have had two crashes without touching the cables but didn't get any
> > > usable syslog.
> > >
> > > I have attached a number of info files which might help.
> > >
> > > Regards
> > > Peter M.
> >
> > Looks like you are running out of memory.  You will need more memory
> > to be able to hold all the receive rings data, as well as data in flight.
> > Rough estimate:
> >
> >         R8169 := 4 * 256 (ringsize) * 2K
> >         Tulip := 4 * 128  * 2K
> >
> > That comes out to 3 Meg in use just being idle. Once you get going
> > it could easily be 3x that.
> >
> > And that is for standard 1500 byte MTU. If you use large packets, you
> > will have problems with memory fragmentation and will probably have
> > to go to a bigger 64 bit machine and even more memory.
> >

The kernel should survive short term memory pressure (it will get noisy), 
but you can't survive that way forever. Unless memory is free soon,
it will deadlock itself because some critical operation can't get
memory.

You could try reducing the size of the transmit queues, and receive
rings, either with scripts or by modifying the drivers.
--

--
Permalink | Reply | 0 comments |
headers
Juergen Pfeiffer | 14 Aug 2006 17:52
Picon

Re: [Bridge] Is bridgeing possible with kernel 2.6.10

Juergen Pfeiffer schrieb:
Hi I didn't get bridgeing to work with Linux kernel 2.6.10 (coldfire 5485) yet. When i try to configure bridgeing with "brctl", everything seems to be ok, but i if i try to ping through my bridge, i see ARP-Request arriving on the other side, but the ARP-Responses do not go back through the bridge.

Now i found the error in the coldfire specific ethernet driver: "drivers/net/fec/fec.c"
The driver did not set Promiscuouse Mode correct in Hardware Registers:

function fec_set_multicast_list() with error:
void fec_set_multicast_list(struct net_device *dev)
{
    // Pointer to the address list
    struct dev_mc_list *dmi;

    unsigned int crc, data;
    int i, j, k;

    // Receive the base address
    unsigned long base_addr = (unsigned long) dev->base_addr;

    if (dev->flags & IFF_PROMISC || dev->flags & IFF_ALLMULTI)
    {
        // Allow all incoming frames
        FEC_GALR(base_addr) = 0xFFFFFFFF;
        FEC_GAUR(base_addr) = 0xFFFFFFFF;
        return;
    }
...



function fec_set_multicast_list() correct:
void fec_set_multicast_list(struct net_device *dev)
{
    // Pointer to the address list
    struct dev_mc_list *dmi;

    unsigned int crc, data;
    int i, j, k;

    // Receive the base address
    unsigned long base_addr = (unsigned long) dev->base_addr;

    if (dev->flags & IFF_PROMISC)
    {
        // Allow all incoming frames
        if ((FEC_RCR(base_addr) & FEC_RCR_PROM)==0) {
            FEC_ECR(base_addr) &= ~FEC_ECR_ETHEREN;
            FEC_RCR(base_addr) |= FEC_RCR_PROM;
            FEC_ECR(base_addr) |= FEC_ECR_ETHEREN;
        }
        return;
    }
    if ((FEC_RCR(base_addr) & FEC_RCR_PROM)!=0) {
        FEC_ECR(base_addr) &= ~FEC_ECR_ETHEREN;
        FEC_RCR(base_addr) &= ~FEC_RCR_PROM;
        FEC_ECR(base_addr) |= FEC_ECR_ETHEREN;
    }
    if (dev->flags & IFF_ALLMULTI)
    {
        // Allow all incoming frames
        FEC_GALR(base_addr) = 0xFFFFFFFF;
        FEC_GAUR(base_addr) = 0xFFFFFFFF;
        return;
    }
...


after this the bridge worked fine!


--
Jürgen Pfeiffer

* mailto:j.pfeiffer <at> seskion.de
SesKion Softwareentwicklung und System Konzeption GmbH

( : +49-711-9905814
Karlsruher Str. 11/1

Fax: +49-711-9905827
D-70771 Leinfelden-Echterdingen

1 http://www.seskion.de 
_______________________________________________
uClinux-dev mailing list
uClinux-dev <at> uclinux.org
http://mailman.uclinux.org/mailman/listinfo/uclinux-dev
This message was resent by uclinux-dev <at> uclinux.org
Permalink | Reply | 1 comment |
headers
Jon Sjoberg | 16 Aug 2006 05:31

VLAN handling in br_netfilter.c:br_nf_pre_routing

Hi all,

Noticed that br_nf_pre_routing has some code to handle VLANs, but does not
update the nh header.  This appears to cause the IP validity checks to fail
(i.e. "if (iph->ihl < 5...").

There is a check:
if (skb->protocol == __constant_htons(ETH_P_8021Q)){
sk_pull(skb, VLAN_HLEN);
}

If this was changed to:
if (skb->protocol == __constant_htons(ETH_P_8021Q)){
sk_pull(skb, VLAN_HLEN);
skb->nh.raw += VLAN_HLEN;
}

the checks pass.  Note that this updated behavior is already doen elsewhere
in the code.

Thanks,
Jon
----------------------------------------------------------------
Jon Sjoberg
DJA Solutions
E-mail: jsjoberg <at> djasolutions.com
Phone: 978.448.3659
Permalink | Reply | 1 comment |

Gmane