[Bug 550049] New: bridge does not work as expected, packets don't seem to get through
http://bugzilla.novell.com/show_bug.cgi?id=550049 Summary: bridge does not work as expected, packets don't seem to get through Classification: openSUSE Product: openSUSE 11.2 Version: RC 1 Platform: x86 OS/Version: openSUSE 11.2 Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: casualprogrammer@gmail.com QAContact: qa@suse.de Found By: --- Created an attachment (id=324108) --> (http://bugzilla.novell.com/attachment.cgi?id=324108) yast2 logs User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.3) Gecko/20090909 SUSE/3.5.3-3.2 Firefox/3.5.3 While setting up a bridge with yast2 lets me access devices on either bridge port from the workstation, traffic does not seem to get through from end to end. Configuration is a WD ShareSpace (Linux Box, 192.168.178.55/255.255.255.0) <-->eth1 (realtek gigabit nic, 0.0.0.0/255.255.255.255) -workstation6l(br0, 192.168.178.50/255.255.255.0)-wlan0(intel ipw3945, 0.0.0.0/255.255.255.255) <-->AVM Fritz!Box (192.168.178.1/255.255.255.0)<-->Internet(ATM) With Firefox I can reach the admin pages of both AP and NAS as well as Internet. With NFS as well as SMB I can access data stored on the NAS. But neither can the NAS access internet (NTP, Update Server), nor van members of the local network (WLAN) access the NAS. The Apache Webserver on the workstation carrying the bridge can be reached from local network as well as internet (dyndns). # ifconfig br0 Link encap:Ethernet HWaddr 00:13:02:18:12:AC inet addr:192.168.178.50 Bcast:192.168.178.255 Mask:255.255.255.0 inet6 addr: fe80::213:2ff:fe18:12ac/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:768 errors:0 dropped:0 overruns:0 frame:0 TX packets:569 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:160649 (156.8 Kb) TX bytes:76270 (74.4 Kb) eth0 Link encap:Ethernet HWaddr 00:16:36:34:25:66 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) eth1 Link encap:Ethernet HWaddr 00:E0:4C:68:01:1E inet6 addr: fe80::2e0:4cff:fe68:11e/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:2730 errors:0 dropped:0 overruns:0 frame:0 TX packets:3333 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:984098 (961.0 Kb) TX bytes:407080 (397.5 Kb) Interrupt:28 Base address:0x6000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:132 errors:0 dropped:0 overruns:0 frame:0 TX packets:132 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:12099 (11.8 Kb) TX bytes:12099 (11.8 Kb) wlan0 Link encap:Ethernet HWaddr 00:13:02:18:12:AC inet6 addr: fe80::213:2ff:fe18:12ac/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:20178 errors:0 dropped:0 overruns:0 frame:0 TX packets:15499 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:11244488 (10.7 Mb) TX bytes:2765939 (2.6 Mb) wmaster0 Link encap:UNSPEC HWaddr 00-13-02-18-12-AC-31-38-00-00-00-00-00-00-00-00 UP RUNNING MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Not sure if interfaces attached to bridge should not have PROMISC set ? # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.178.0 * 255.255.255.0 U 0 0 0 br0 loopback * 255.0.0.0 U 0 0 0 lo default fritz.box 0.0.0.0 UG 0 0 0 br0 # iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550049
Andreas Jaeger
http://bugzilla.novell.com/show_bug.cgi?id=550049
User mzugec@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c1
Michal Zugec
http://bugzilla.novell.com/show_bug.cgi?id=550049
User casualprogrammer@gmail.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c2
Casual J. Programmer
From #0
"But neither can the NAS access internet (NTP, Update Server), nor can members of the local network (WLAN) access the NAS." not explicitly said, but implicitly suggested: by traversing the bridge. Which is not exactly what I call bridging.
"A bridge is a way to connect two Ethernet segments together in a protocol independent way. Packets are forwarded based on Ethernet address, rather than IP address (like a router). Since forwarding is done at Layer 2, all protocols can go transparently through a bridge." Needless to say, this works nicely, as expected, in Windows XP ;-) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550049
User casualprogrammer@gmail.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c3
--- Comment #3 from Casual J. Programmer
http://bugzilla.novell.com/show_bug.cgi?id=550049
User casualprogrammer@gmail.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c5
Casual J. Programmer
http://bugzilla.novell.com/show_bug.cgi?id=550049
User mzugec@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c6
Michal Zugec
http://bugzilla.novell.com/show_bug.cgi?id=550049
User casualprogrammer@gmail.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c7
Casual J. Programmer
http://bugzilla.novell.com/show_bug.cgi?id=550049
User mzugec@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c8
Michal Zugec
http://bugzilla.novell.com/show_bug.cgi?id=550049
User casualprogrammer@gmail.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c9
--- Comment #9 from Casual J. Programmer
http://bugzilla.novell.com/show_bug.cgi?id=550049
User casualprogrammer@gmail.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c10
Casual J. Programmer
http://bugzilla.novell.com/show_bug.cgi?id=550049
User casualprogrammer@gmail.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c11
--- Comment #11 from Casual J. Programmer
http://bugzilla.novell.com/show_bug.cgi?id=550049
User mt@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c12
Marius Tomaschewski
http://bugzilla.novell.com/show_bug.cgi?id=550049
User casualprogrammer@gmail.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c13
Casual J. Programmer
http://bugzilla.novell.com/show_bug.cgi?id=550049
User mt@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c14
Marius Tomaschewski
http://bugzilla.novell.com/show_bug.cgi?id=550049
User casualprogrammer@gmail.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c15
--- Comment #15 from Casual J. Programmer
http://bugzilla.novell.com/show_bug.cgi?id=550049
User mt@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c16
--- Comment #16 from Marius Tomaschewski
Could Bug 547537 be connected with this issue ?
IMO yes, but the question is: is it the bridge, the wlan driver or just the l2_packet hook wpa_supplicant is using here does not work. I guess, it is not the bridge (that works fine with any normal eth type interface) itself, but wireless. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550049
User casualprogrammer@gmail.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c17
--- Comment #17 from Casual J. Programmer
I guess, it is not the bridge (that works fine with any normal eth type interface) itself, but wireless.
True, if I hook up another notebook to eth0, I can then access devices connected to eth1, but not wlan0. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550049
User vbotka@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c18
Vladimir Botka
IMO not the bridge is the problem here, but the wireless interface or wpa_supplicant itself as a special case; I'm sometimes getting
kernel: [21278.384369] ath5k phy4: unsupported jumbo kernel: [21708.263062] ath5k phy4: unsupported jumbo kernel: [21752.688189] ath5k phy4: unsupported jumbo kernel: [21949.728657] ath5k phy4: unsupported jumbo
messages when I make some traffic from workstation to ipv6 router or to the internet. I think, that the packets are not authenticated and dropped by the fritzbox (or already by the wpa_supplicant).
The packets from workstation (ping to fritzbox IP) are sent over the wlan1 iface:
Vladimir, any ideas?
I read somewhere, that it may depend on the wireless driver/hardware if it is able to forward packets with a different MAC.
Jiri Slaby is Atheros guy. Any idea Jiri ? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550049
User casualprogrammer@gmail.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c19
--- Comment #19 from Casual J. Programmer
http://bugzilla.novell.com/show_bug.cgi?id=550049
User casualprogrammer@gmail.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c20
--- Comment #20 from Casual J. Programmer
http://bugzilla.novell.com/show_bug.cgi?id=550049
User jslaby@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550049#c21
Jiri Slaby
I read somewhere, that it may depend on the wireless driver/hardware if it is able to forward packets with a different MAC.
What if you set promisc flag on the wlan interface as in the comment #0? So when you ping the fritzbox from workstation, are the ARP who has visible there? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550049#c22
--- Comment #22 from Vladimir Botka
http://bugzilla.novell.com/show_bug.cgi?id=550049
http://bugzilla.novell.com/show_bug.cgi?id=550049#c23
Marius Tomaschewski
Maybe this thread [1] on linux-wireless explains the problem.
[1] http://article.gmane.org/gmane.linux.kernel.wireless.general/43029
Yes, it explains it well. Similar on the hostap mailing list too: "[...] IEEE 802.11 is allowing clients to send out frames only with their own address as the source address so normal layer 2 bridging does not work for data frames [...]". AFAIS one solution seems to be to use WDS on the notebook, second seems to be proxy-arp/proxy-ndp. It looks like, there is no much success using "wpa_supplicant -b" feature, where the wpa_supplicant hooks into the bridge. (In reply to comment #2).
Needless to say, this works nicely, as expected, in Windows XP ;-)
I don't know which wireless specific hacks the the bridge on XP contains. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=550049
http://bugzilla.novell.com/show_bug.cgi?id=550049#c
Marius Tomaschewski
http://bugzilla.novell.com/show_bug.cgi?id=550049
http://bugzilla.novell.com/show_bug.cgi?id=550049#c24
Marius Tomaschewski
http://bugzilla.novell.com/show_bug.cgi?id=550049
http://bugzilla.novell.com/show_bug.cgi?id=550049#c25
--- Comment #25 from Casual J. Programmer
http://bugzilla.novell.com/show_bug.cgi?id=550049
http://bugzilla.novell.com/show_bug.cgi?id=550049#c26
Marius Tomaschewski
Also I don't believe that the ieee is stupid enough to devise a rule for wireless NICs that excludes them from usage in a bridge configuration also devised by that committee. A bridge is, by definition, transparent, so addressing shouldn't get into it's way.
It seems, it was not clear enough. It was about MAC / hardware addresses, not about IP addresses. Yes, a bridge (IEEE 802.1D) is transparent to protocols above the MAC layer. It works at the data link layer 2 and forwards (ethernet) frames a sender (port), to each another (port), except to the sender itself and uses hardware addresses (MAC) to control this flow and avoid loops. This also means, that bridges are not concerned with the above layer and are e.g. unable to distinguish between networks (as routers, that work at IP / network layer 3). As I already told, this is not a problem of a bridge per se. The WLAN interface used in the bridge does not forward the frames it gets from bridge, because it discards anything that has a different _MAC_ than the WLAN interface -- in this special case, the frames from your NAS, that come via the the ethernet interface. The bridging of wireless requires WDS. Without WDS, wireless to ethernet bridging works with some wireless drivers, that support a different sender and source address. I found two links about, that resolve this bug: http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge#It_d... http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge#I_st... -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com