[Bridge] Packets go through the bridge one-way only

Stephen Hemminger shemminger at osdl.org
Mon Jul 12 09:48:00 PDT 2004

On Mon, 12 Jul 2004 11:34:26 -0500
"Saxer, John -ACDSD" <John.Saxer at itt.com> wrote:

> Hello all,
> I am new to this list, and to bridging, and am having a problem. Perhaps I just don't understand something, am setting it up incorrectly, or just plain missed something, but I could use some help.
> I am using 2 Redhat 7.3 systems to work out the configuration issues for a bridge, before transferring all my accumulated knowledge to an embedded system. One of the systems has only a wireless card, while the other has a wireless card and a wired interface. The plan is to use the 2nd machine to allow the first to access the wired world.
> I followed the directions in setting up a bridge on the 2nd machine, bridging the wireless card and the wired interface. However, even something as simple as ping on the first card does not work. I run TCPDUMP on the 2nd machine, and it reports the "apr-whohas" packets arriving, but either they then don't go out, or the responses get lost, or something.
> I can ping the 2nd machine from the first, using the bridge IP address, just fine. Even telnet works. But only addressing the 2nd machine - everything else is a black hole.
> Any ideas? What did I do wrong?
> Thanks,
> John Saxer
> ITT Industries, San Diego

It doesn't work with my Wireless card!
This is a known problem, and it is not caused by the bridge code. Many wireless cards don't allow spoofing of the source address. It is a firmware restriction with some chipsets. You might find some information in the bridge mailing list archives to help.
Has anyone found a way to get around Wavelan not allowing anything but its own MAC address?
(answer by Michael Renzmann (mrenzmann at compulan.de))

Well, for 99% of computer users there will never be a way to get rid of this. For this function a special firmware is needed. This firmware can be loaded into the RAM of any WaveLAN card, so it could do its job with bridging. But there is no documentation on the interface available to the public. The only way to achieve this is to have a full version of the hcf library which controls every function of the card and also allows accessing the card´s RAM. To get this full version Lucent wants to know that it will be a financial win for them, also you have to sign an NDA. So be sure that you won´t most probably get access to this peace of software until Lucent does not change its mind in this (which I doubt never will happen).

If you urgently need to have a wireless LAN card which is able to bridge, you should use one of those having the prism chipset onboard (manufactured by Harris Intersil). There are drivers for those cards available at www.linux-wlan.com (which is the website from Absoval), and I found a mail that says that there is the necessary firmware and an upload tool available for Linux to the public. If you need additional features of an access point you should also talk to Absoval.

I still don't understand!!
(answer by Mark S. Mathews (mark at absoval.com))

Bridging Ethernet (v2 or 802.3) is predicated on the ability of a station to transmit frames with a source address (SA) other than its own. This is possible because Ethernet uses a 'transmit and forget'/stateless transmission model.

This isn't possible with 'normal' 802.11 station cards and software because 802.11 station mode doesn't allow the transmission of frames with 'someone else's source address. The primary reason is that 802.11 is an acknowledged protocol. If you transmit a frame with someone else's source address, the ACK will never come back to you. The ACK will be sent to the station whose source address you used.

There are ways to make it work (that's how I earn a living ;-), but it is not always straightforward and you probably won't get it right without a pretty solid understanding of 802.11, it's modes, and the frame header format.

More information about the Bridge mailing list