[Bridge] 802.1q packets

richardvoigt at gmail.com richardvoigt at gmail.com
Sat Jun 28 14:06:00 PDT 2008 

On Sat, Jun 28, 2008 at 2:50 PM, Fulvio Ricciardi <
fulvio.ricciardi at zeroshell.net> wrote:

>
> > > > Hi,
> > > >
> > > > I notice that with the Kernel 2.6.25.9 the 802.1q VLAN
> > > > tagged packets larger than 1470 bytes are not
> > > > forwarded at all by a bridge.
> > > > I think there is a bad interaction between bridge and
> > > > netfilter codes. Any chance to a have a patch to solve
> > > > this problem that limit the possibility to use the
> > > > Linux bridges in a environment with VLANs?
> > >
> > > With the following command it works:
> > >
> > > echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables
> > >
> > > but this disable the iptables support that it's
> > > important for obtaining complex bridge-firewall
> > > scenarios.
> > > Regards
> > > Fulvio Ricciardi
> >
> > Your iptables need to know about VLAN's as well.
> > I bet your default action is to DROP.
> >
> No, the default policy is ACCEPT for the FORWARD chain. In
> any case the problem takes place only with large packets.
> For example if I try
>
> ping -s 1472 192.168.99.74
>
> it works, but
>
> ping -s 1473 192.168.99.74
>
> it does not.
> I am sure that the network cards are VLAN 802.1q aware
> because only the forwarding process is broken. If instead I
> just ping the IP of the bridge interface it works fine.


Are the other nodes directly connected to the netfilter bridge, or are there
ethernet switches involved?   Are these switches managed, smart, or dumb?
Are jumbo frames enabled on all devices in the path?


>
>
> Regards
> Fulvio
>
> --------------------------------------------------------------------
> Fulvio Ricciardi
> web: http://www.zeroshell.net/eng/
> skype: zeroshellnet
> Phone: +3908321835630
> _______________________________________________
> Bridge mailing list
> Bridge at lists.linux-foundation.org
> https://lists.linux-foundation.org/mailman/listinfo/bridge
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux-foundation.org/pipermail/bridge/attachments/20080628/352f1d58/attachment.htm

More information about the Bridge mailing list