headers
ratheesh k | 1 Jul 2010 19:05
Picon

Re: Bridge blocking network traffic

On Thu, Jul 1, 2010 at 12:45 AM, Grant Taylor <gtaylor <at> riverviewtech.net> wrote:
> On 06/30/10 02:50, ratheesh k wrote:
>>
>> Why is it so ?
>
> Independent of your scenario, I'd say that binding the IP to the interface
> will make it more resilient to the individual interfaces going down.  At
> least in such as all the interfaces would have to go down before the IP
> would go down.
>
>> I have a linux   machine with interfaces eth0 (192.168.1.100 ) and eth1 (
>> 192.168.2.100 )  .   . I can connect  both eth0 an eth1  to a hardware  HUB
>> . How could i do this in linux machine itself using brctl ?
>
> What netmask are your two IPs using, a /24?  If they are, then you are
> actually using two different subnets, and possibly doing something like a
> bridging router.
>
> Either way, you could bind both IPs to the bridge interface (classic IP
> alias or "ip add").
>
> With in the Xen context it may be because different things manage various
> parts of the Xen network differently and having the IP bound in the wrong
> place might cause a problem if the Xen hypervisor takes something down.
>
> There is also the fact that if a cable gets unplugged from an interface
> (that is a member of a bridge with at least one other member interface) said
> interface will go down but the bridge will stay up.  In doing so, the IP
> will go down b/c the interface that it was bound to would go down.
>  Conversely if the IP was bound to the bridge interface, the IP would stay
(Continue reading)

Permalink | Reply | 0 comments |
headers
ratheesh k | 1 Jul 2010 20:14
Picon

Re: Bridge blocking network traffic

>On Thu, Jul 1, 2010 11:27 PM, Pascal Hambourg <pascal.mail <at> plouf.fr.eu.org> wrote:
> I strongly doubt it. This rule forces routing of all packets instead of
> bridging, so IIUC it effectively totally disables bridging and you are
> back to two independent interfaces.

 I am sorry that i made a ambigous statement .
 what i meant is : We could add rules to BROUTING to selectively
bridge and route packets .Previously i was not able to ping eth0 or
eth1 from some other machine (in same subnet ) if i attach both to br0
. This got solved when we made default policy as DROP .

On Thu, Jul 1, 2010 at 11:27 PM, Pascal Hambourg
<pascal.mail <at> plouf.fr.eu.org> wrote:
> ratheesh k a écrit :
>>
>> brctl addbr br0
>> brctl  addif eth0
>> brctl  addif eth1
>> ifconfig br0  0.0.0.0 up
>>
>> The problem was "default brouter policy is accept " . So packets are
>> coming to layer2  only .
>
> Indeed, by default (i.e. no brouting) packets received on a bridge port
> are intercepted by the bridge. This is the intended behaviour of a
> bridge, isn't it ? Thus a bridge port is not supposed to be assigned an
> IP address (or be used by any protocol), because the IP stack (or any
> other upper protocol layer) won't receive any packet directly from it
> but from the bridge interface (which should have the IP address).
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Jonathan Thibault | 1 Jul 2010 20:24
Favicon

Re: Enquiry on Linux bridge

 As far as I can tell, the setup you describe should work as expected. I am not sure what causes the problem you
describe. The first thing I would check is if the bridge interfaces (br0) have the same MAC address, they
should not.

Jonathan

On 30/06/10 02:37 AM, Ng Ming Ann wrote:
>
> Dear all,
>
> I’m currently working on a Ethernet bridge for a system. I have a machine(not PC, but an embedded system)
which has two Ethernet ports, I wanted to configure it into a Ethernet bridge which connect other PC.
>
> I have tested on configuring it into a bridge where the two PC able to ping each other and send files. I’m
wondering that whether I can involve the embedded Linux system in the network, where the two PC able to
detect the Linux OS( embedded system) and able to send files and communicate with it as the figure below:
>
> Rounded Rectangle: Embedded System ( Bridge)
>
>
> 	
> 	
> 	
> 	
> 	
> 	
> 	
>
> 	
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Rodolfo Giometti | 2 Jul 2010 15:56
Favicon

rstpd & 2.4

Hello,

project rstpd at
http://git.kernel.org/?p=linux/kernel/git/shemminger/rstp.git can work
if default kernel stp is disabled by calling userspace program
/sbin/bridge-stp and checking the return code.

On 2.4.27 such mechanism is not implemented so should I backport some
kernel code or I can just disable the STP by using the
BRCTL_SET_BRIDGE_STP_STATE ioctl command? There are any drawbacks in
doing so?

Thanks in advance,

Rodolfo

--

-- 

GNU/Linux Solutions                  e-mail: giometti <at> enneenne.com
Linux Device Driver                          giometti <at> linux.it
Embedded Systems                     phone:  +39 349 2432127
UNIX programming                     skype:  rodolfo.giometti
Freelance ICT Italia - Consulente ICT Italia - www.consulenti-ict.it
Permalink | Reply | 6 comments |
headers
Stephen Hemminger | 2 Jul 2010 18:21

Re: rstpd & 2.4

On Fri, 2 Jul 2010 15:56:41 +0200
Rodolfo Giometti <giometti <at> enneenne.com> wrote:

> Hello,
> 
> project rstpd at
> http://git.kernel.org/?p=linux/kernel/git/shemminger/rstp.git can work
> if default kernel stp is disabled by calling userspace program
> /sbin/bridge-stp and checking the return code.
> 
> On 2.4.27 such mechanism is not implemented so should I backport some
> kernel code or I can just disable the STP by using the
> BRCTL_SET_BRIDGE_STP_STATE ioctl command? There are any drawbacks in
> doing so?

The 2.4 kernel is missing all the hooks to provide user level STP.
The startup is not the big issue, the real problem is that the
kernel doesn't have hooks to control port state from user space,
and the spanning tree packets may not be visible to user space
application either.

Sigh, 2.4 is at least 5 years old by now.
Permalink | Reply | 5 comments |
headers
Rodolfo Giometti | 2 Jul 2010 21:22
Favicon

Re: rstpd & 2.4

On Fri, Jul 02, 2010 at 09:21:48AM -0700, Stephen Hemminger wrote:
> On Fri, 2 Jul 2010 15:56:41 +0200
> Rodolfo Giometti <giometti <at> enneenne.com> wrote:
> 
> > Hello,
> > 
> > project rstpd at
> > http://git.kernel.org/?p=linux/kernel/git/shemminger/rstp.git can work
> > if default kernel stp is disabled by calling userspace program
> > /sbin/bridge-stp and checking the return code.
> > 
> > On 2.4.27 such mechanism is not implemented so should I backport some
> > kernel code or I can just disable the STP by using the
> > BRCTL_SET_BRIDGE_STP_STATE ioctl command? There are any drawbacks in
> > doing so?
> 
> 
> The 2.4 kernel is missing all the hooks to provide user level STP.
> The startup is not the big issue, the real problem is that the
> kernel doesn't have hooks to control port state from user space,

These could be added...

> and the spanning tree packets may not be visible to user space
> application either.

Neither using a packet sniffer?

> Sigh, 2.4 is at least 5 years old by now.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Pascal Hambourg | 1 Jul 2010 19:57

Re: Bridge blocking network traffic

ratheesh k a écrit :
> 
> brctl addbr br0
> brctl  addif eth0
> brctl  addif eth1
> ifconfig br0  0.0.0.0 up
> 
> The problem was "default brouter policy is accept " . So packets are
> coming to layer2  only .

Indeed, by default (i.e. no brouting) packets received on a bridge port
are intercepted by the bridge. This is the intended behaviour of a
bridge, isn't it ? Thus a bridge port is not supposed to be assigned an
IP address (or be used by any protocol), because the IP stack (or any
other upper protocol layer) won't receive any packet directly from it
but from the bridge interface (which should have the IP address).

>I applied the below command and every thing
> seemed to work exactly like connecting eth0 and eth1 to hardware hub .
> 
> ebtables -t broute  -P BROUTING -j DROP

I strongly doubt it. This rule forces routing of all packets instead of
bridging, so IIUC it effectively totally disables bridging and you are
back to two independent interfaces.
Permalink | Reply | 0 comments |
headers
Stephen Hemminger | 15 Jul 2010 21:21

Re: [PATCH 7/8] net: bridge: fix sign bug

On Thu, 15 Jul 2010 22:47:33 +0400
Kulikov Vasiliy <segooon <at> gmail.com> wrote:

> ipv6_skip_exthdr() can return error code that is below zero.
> 'offset' is unsigned, so it makes no sense.
> ipv6_skip_exthdr() returns 'int' so we can painlessly change type of
> offset to int.
> 
> Signed-off-by: Kulikov Vasiliy <segooon <at> gmail.com>
> ---
>  net/bridge/br_multicast.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
> index 27ae946..85afcda 100644
> --- a/net/bridge/br_multicast.c
> +++ b/net/bridge/br_multicast.c
>  <at>  <at>  -1435,7 +1435,7  <at>  <at>  static int br_multicast_ipv6_rcv(struct net_bridge *br,
>  	struct icmp6hdr *icmp6h;
>  	u8 nexthdr;
>  	unsigned len;
> -	unsigned offset;
> +	int offset;
>  	int err;
>  
>  	if (!pskb_may_pull(skb, sizeof(*ip6h)))

Acked-by: Stephen Hemminger <shemminger <at> vyatta.com>

--

--
(Continue reading)

Permalink | Reply | 0 comments |
headers
David Miller | 16 Jul 2010 05:28
Favicon

Re: [PATCH 7/8] net: bridge: fix sign bug

From: Stephen Hemminger <shemminger <at> linux-foundation.org>
Date: Thu, 15 Jul 2010 12:21:44 -0700

> On Thu, 15 Jul 2010 22:47:33 +0400
> Kulikov Vasiliy <segooon <at> gmail.com> wrote:
> 
>> ipv6_skip_exthdr() can return error code that is below zero.
>> 'offset' is unsigned, so it makes no sense.
>> ipv6_skip_exthdr() returns 'int' so we can painlessly change type of
>> offset to int.
>> 
>> Signed-off-by: Kulikov Vasiliy <segooon <at> gmail.com>
...
> Acked-by: Stephen Hemminger <shemminger <at> vyatta.com>

Applied.
Permalink | Reply | 0 comments |
headers
Kulikov Vasiliy | 15 Jul 2010 20:47
Picon

[PATCH 7/8] net: bridge: fix sign bug

ipv6_skip_exthdr() can return error code that is below zero.
'offset' is unsigned, so it makes no sense.
ipv6_skip_exthdr() returns 'int' so we can painlessly change type of
offset to int.

Signed-off-by: Kulikov Vasiliy <segooon <at> gmail.com>
---
 net/bridge/br_multicast.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 27ae946..85afcda 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
 <at>  <at>  -1435,7 +1435,7  <at>  <at>  static int br_multicast_ipv6_rcv(struct net_bridge *br,
 	struct icmp6hdr *icmp6h;
 	u8 nexthdr;
 	unsigned len;
-	unsigned offset;
+	int offset;
 	int err;

 	if (!pskb_may_pull(skb, sizeof(*ip6h)))
--

-- 
1.7.0.4
Permalink | Reply | 0 comments |

Gmane