[Bridge] Re: Linux bridging code bounces back frames?
Lennert Buytenhek
buytenh at wantstofly.org
Thu May 20 16:51:37 PDT 2004
Hmm.. I never saw this problem before. It _shouldn't_ bounce frames back.
Can you just leave tcpdump running for a while on both interfaces just to
be sure that no packets from 00:a0:24:cf:e8:8e come in via interface 2?
I think STP was turned off by default because it was found to be 'insecure'.
(Well, I mean, doh. If an attacker has physical access to the VLAN you run
your STP instance in you're in for big trouble anyway.)
On Thu, May 20, 2004 at 11:03:56PM +0200, Georg Schwarz wrote:
> Hi,
>
> I'm trying to build a bridge using a 486DX2/66 with two 10 Mbit Ethernet
> NICs. The machine (tsushima) is running Debian stable and kernel 2.4.26.
> Previously I used it as a router, so I know the hardware (NICs) is
> working.
> The NICs are as follows:
> eth0: WD80x3 at 0x280, 00 00 C0 0A 2C 2F WD8003-old, IRQ 10, shared
> memory at 0xd0000-0xd1fff.
> eth16i.c: v0.35 01-Jul-1999 Mika Kuoppala (miku at iki.fi)
> eth1: ICL EtherTeam 16i/32 at 0x240, IRQ 15, 00:00:4b:07:b3:9f TP
> interface.
>
> eth0 is a BNC network, if that matters.
>
> I'm using the bridge-utils 0.95-2 from Debian stable, and I've set up
> br0 with eth0 and eth1 via the interfaces script, as found in the
> examples. There I've also assigned a static IP to br0 to access the
> machine (bridge) from remote:
>
> tsushima:/etc/network# grep -v ^# interfaces
>
> auto lo
> iface lo inet loopback
>
> auto br0
> iface br0 inet static
> address 192.168.0.225
> network 192.168.0.0
> netmask 255.255.255.0
> broadcast 192.168.0.255
> gateway 192.168.0.1
> bridge_ports eth0 eth1
>
>
>
> Now the problem is that the bridge appears to sometimes "reflect" frames
> received on eth0 back to eth0. When I ping from one PC another PC on the
> same side (eth0) of the bridge, i.e. in the same collision domain, I
> often get duplicate replies when the bridge is running and connected
> (and only then). This is not normal behaviour, is it? Is this a known
> problem?
>
> I tried to nail down the problem. On the eth0 side there is a host
> 192.168.0.1 and a host 192.168.0.39 (00:A0:24:CF:E8:8E).
> On the bridge with brctl showmacs br0 I can see where 00:A0:24:CF:E8:8E
> is supposed to be. It should be on port no. 1. Nevertheless,
> brctl showmacs br0 sometimes shows the 00:a0:24:cf:e8:8e on port no. 2,
> i.e. eth1. This is when the duplicates/reflections occur.
>
> At one instance:
>
> tsushima:/etc# brctl showmacs br0
> port no mac addr is local? ageing timer
> 2 00:00:4b:07:b3:9f yes 0.00
> 2 00:00:c0:0a:26:69 no 10.52
> 1 00:00:c0:0a:2c:2f yes 0.00
> 2 00:10:a4:8d:b1:85 no 21.38
> 2 00:a0:24:cf:e8:8e no 0.37
> 1 08:00:07:d6:8e:f5 no 0.04
> 1 08:00:69:06:99:59 no 19.79
>
> then after unplugging eth1 on the bridge and pinging from 192.168.0.1 to
> 192.168.0.39:
>
> tsushima:/etc# brctl showmacs br0
> port no mac addr is local? ageing timer
> 2 00:00:4b:07:b3:9f yes 0.00
> 1 00:00:c0:0a:26:69 no 36.85
> 1 00:00:c0:0a:2c:2f yes 0.00
> 2 00:10:a4:8d:b1:85 no 246.98
> 1 00:a0:24:cf:e8:8e no 44.13
> 1 08:00:07:d6:8e:f5 no 0.05
> 1 08:00:69:06:99:59 no 21.68
>
> Here, 00:10:a4:8d:b1:85 really on the eth1 (port 2) side; all other
> (non-local) MACs are not.
> How can this happen???
>
>
> To get stop the phenomenon immediately, it turned out to be sufficient
> unplug eth1 or to turn of the carrier on that interface. I've tried
> several different machines connect to eth1 (via a TP cross cable). In
> all cases the duplicates sooner or later did occur.
>
> The bride does not work; I cannot ping through it; strangely though dhcp
> does work through it, as does arp resolution.
>
> My network is very simple. There's only that one bridge linking two
> ethernet collission domains.
> Unlike what /usr/share/doc/bridge-utils/README.Debian.gz says, STP seems
> to be disabled by default. With the one-bridge network I have (no other
> switches, really) this should not hurt though (and turning it on did not
> make a difference).
> In /etc/network/options both spoofprotect and ip_forwarding are set to
> no (if that matters).
> Could it be that ethernet broadcast frames are, under certain
> conditions, reflected back to the incoming interface?
>
>
> Any help on figuring out what's going wrong would be very much
> appreciated.
>
> completely puzzled, Georg
>
>
> --
> Georg Schwarz http://home.pages.de/~schwarz/
> geos at epost.de +49 177 8811442
>
More information about the Bridge
mailing list