From hmo@sep.oldach.net  Tue Sep  2 21:21:26 2008
Return-Path: <hmo@sep.oldach.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id ED9CE1065673;
	Tue,  2 Sep 2008 21:21:26 +0000 (UTC)
	(envelope-from hmo@sep.oldach.net)
Received: from rigel.oldach.net (rigel.oldach.net [194.8.96.250])
	by mx1.freebsd.org (Postfix) with ESMTP id 6A5E28FC0A;
	Tue,  2 Sep 2008 21:21:26 +0000 (UTC)
	(envelope-from hmo@sep.oldach.net)
Received: from sep.oldach.net (hmo.in-dsl.de [217.197.85.210])
	by rigel.oldach.net (8.14.2/8.14.2/hmo30jul04) with ESMTP id m82L6mwj078807
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Tue, 2 Sep 2008 23:06:48 +0200 (CEST)
	(envelope-from hmo@sep.oldach.net)
Received: from sep.oldach.net (localhost [127.0.0.1])
	by sep.oldach.net (8.14.3/8.14.3/hmo26jun05) with ESMTP id m82L6ljC052679
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 2 Sep 2008 23:06:47 +0200 (CEST)
	(envelope-from hmo@sep.oldach.net)
Received: (from hmo@localhost)
	by sep.oldach.net (8.14.3/8.14.3/Submit/hmo26jun05) id m82L6lFX052678;
	Tue, 2 Sep 2008 23:06:47 +0200 (CEST)
	(envelope-from hmo)
Message-Id: <200809022106.m82L6lFX052678@sep.oldach.net>
Date: Tue, 2 Sep 2008 23:06:47 +0200 (CEST)
From: Helge Oldach <freebsd-bridge-sep08@oldach.net>
Reply-To: Helge Oldach <freebsd-bridge-sep08@oldach.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc: philip@freebsd.org
Subject: Still bridge issues - with L2 protocols such as PPPoE
X-Send-Pr-Version: 3.113
X-GNATS-Notify: rea-fbsd@codelabs.ru

>Number:         127052
>Category:       kern
>Synopsis:       [if_bridge] Still bridge issues - with L2 protocols such as PPPoE
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-net
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 02 21:30:01 UTC 2008
>Closed-Date:    Mon Sep 08 03:20:52 UTC 2008
>Last-Modified:  Mon Sep 08 03:20:52 UTC 2008
>Originator:     Helge Oldach
>Release:        FreeBSD 6.4-1330 i386
>Organization:
>Environment:

System: FreeBSD localhost 6.4-1330 FreeBSD 6.4-1330 #0: Tue Sep 2 18:34:28 CEST 2008 toor@localhost:/usr/obj/usr/src/sys/HMO i386

>Description:

Since the "MAC inheritance" change in if_bridge (SVN r180140) I observe
loss of connectivity due to ARP timeouts and also layer-2 connectivity
issues.

The change below (and the according MFCs) indeed fixes the ARP bridging
issue, but does not fix layer-2 protocols.

For instance, I run a bridge with a wi0 and an fxp0 interface, while
talking PPPoE over the fxp0 interface simultaneously. I observe that the
change below fixes my IP connectivity issue over the bridge, but PPPoE
is still broken. I still need to change the Ethernet address of bridge0
(disable inheritence of the bridge's MAC address from the first member
interface) to make it work.

So I would suggest that a true fix should be implemented in if_bridge,
not in the IP stack.

The issue applies identically to CURRENT, 7-STABLE and 6-STABLE.



Revision 1.174: download - view: text, markup, annotated - select for diffs
Mon Aug 18 09:06:11 2008 UTC (2 weeks, 1 day ago) by philip
Branches: MAIN
Diff to: previous 1.173: preferred, colored
Changes since revision 1.173: +24 -1 lines
SVN rev 181824 on 2008-08-18 09:06:11Z by philip

Fix ARP in bridging scenarios where the bridge shares its
MAC address with one of its members (see my r180140).

Pointy hat to:  philip
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>
MFC after:      3 days


>How-To-Repeat:

Set up PPPoE over a bridge member interface...

>Fix:

Eygene supplied a patch that supposedly fixes this issue by introducing
a sysctl that makes the former if_bridge behaviour default, and which
must be turned on to enable MAC inheritance. I have not tested this
patch yet.

I wonder what the purpose of MAC inheritance is anyway... Multiple
unicast MACs in one segment sounds pretty odd.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Tue Sep 2 22:46:19 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=127052 

From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To: Helge Oldach <freebsd-bridge-sep08@oldach.net>
Cc: bug-followup@FreeBSD.org, philip@FreeBSD.org
Subject: Re: kern/127052: Still bridge issues - with L2 protocols such as
	PPPoE
Date: Wed, 3 Sep 2008 08:21:43 +0400

 --UNifc18z8z6e1QHx
 Content-Type: text/plain; charset=koi8-r
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 Tue, Sep 02, 2008 at 11:06:47PM +0200, Helge Oldach wrote:
 > Eygene supplied a patch that supposedly fixes this issue by introducing
 > a sysctl that makes the former if_bridge behaviour default, and which
 > must be turned on to enable MAC inheritance. I have not tested this
 > patch yet.
 
 And here is the patch itself:
 --- if_bridge-mac_inheritance.patch begins here ---
 =46rom 545d95995bb1879a6807be28a43d4ee061dda218 Mon Sep 17 00:00:00 2001
 =46rom: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
 Date: Tue, 2 Sep 2008 19:49:44 +0400
 Subject: [PATCH] Add sysctl net.link.bridge.inherit_mac to control MAC inhe=
 ritance
 
 Philip Paeps enabled bridge to inherit its MAC from the first bridge
 member.  This broke ARP, it was fixed, but then Helge Oldach reported
 that this also brokes PPPoE when it is done on the bridged interface.
 
 I had implemented new sysctl that controls MAC inheritance.  It is off
 by default to enable previous behaviour of bridge until all problems
 with duplicated MAC addresses will be chased and fixed.
 
 Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
 ---
  sys/net/if_bridge.c |    9 +++++++--
  1 files changed, 7 insertions(+), 2 deletions(-)
 
 diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
 index a84a0ff..aee7c4a 100644
 --- a/sys/net/if_bridge.c
 +++ b/sys/net/if_bridge.c
 @@ -350,6 +350,7 @@ static int pfil_ipfw_arp =3D 0;   /* layer2 filter with=
  ipfw */
  static int pfil_local_phys =3D 0; /* run pfil hooks on the physical interf=
 ace for
                                     locally destined packets */
  static int log_stp   =3D 0;   /* log STP state changes */
 +static int bridge_inherit_mac =3D 0;   /* share MAC with first bridge memb=
 er */
  SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW,
      &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled");
  SYSCTL_INT(_net_link_bridge, OID_AUTO, ipfw_arp, CTLFLAG_RW,
 @@ -363,6 +364,9 @@ SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_local_phys,=
  CTLFLAG_RW,
      "Packet filter on the physical interface for locally destined packets"=
 );
  SYSCTL_INT(_net_link_bridge, OID_AUTO, log_stp, CTLFLAG_RW,
      &log_stp, 0, "Log STP state changes");
 +SYSCTL_INT(_net_link_bridge, OID_AUTO, inherit_mac, CTLFLAG_RW,
 +    &bridge_inherit_mac, 0,
 +    "Inherit MAC address from the first bridge member");
 =20
  struct bridge_control {
  	int	(*bc_func)(struct bridge_softc *, void *);
 @@ -921,7 +925,8 @@ bridge_delete_member(struct bridge_softc *sc, struct br=
 idge_iflist *bif,
  	 * the mac address of the bridge to the address of the next member, or
  	 * to its default address if no members are left.
  	 */
 -	if (!memcmp(IF_LLADDR(sc->sc_ifp), IF_LLADDR(ifs), ETHER_ADDR_LEN)) {
 +	if (bridge_inherit_mac &&
 +	    !memcmp(IF_LLADDR(sc->sc_ifp), IF_LLADDR(ifs), ETHER_ADDR_LEN)) {
  		if (LIST_EMPTY(&sc->sc_iflist))
  			bcopy(sc->sc_defaddr,
  			    IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN);
 @@ -1028,7 +1033,7 @@ bridge_ioctl_add(struct bridge_softc *sc, void *arg)
  	 * member and the MAC address of the bridge has not been changed from
  	 * the default randomly generated one.
  	 */
 -	if (LIST_EMPTY(&sc->sc_iflist) &&
 +	if (bridge_inherit_mac && LIST_EMPTY(&sc->sc_iflist) &&
  	    !memcmp(IF_LLADDR(sc->sc_ifp), sc->sc_defaddr, ETHER_ADDR_LEN))
  		bcopy(IF_LLADDR(ifs), IF_LLADDR(sc->sc_ifp), ETHER_ADDR_LEN);
 =20
 --=20
 1.5.6.4
 --- if_bridge-mac_inheritance.patch ends here ---
 
 > I wonder what the purpose of MAC inheritance is anyway... Multiple
 > unicast MACs in one segment sounds pretty odd.
 
 As was explained to me by Philip Paeps,
 -----
 On 2008-08-15 18:24:29 (+0400), Eygene Ryabinkin <rea-fbsd@codelabs.ru> wro=
 te:
 > I wonder what was the real need of the commit r180140, where you added
 > preemption of first bridge member MAC address by the bridge itself?
 
 There were two reasons: firstly, it makes the bridge more predictable across
 reboots, particularly in setups using DHCP.  Secondly, this is the way the
 IEEE spec seems to suggest it should work.  It is also the way other bridgi=
 ng
 implementations I've encountered work -- which suggests my reading of the s=
 pec
 is correct.
 -----
 --=20
 Eygene
  _                ___       _.--.   #
  \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
  /  ' `         ,       __.--'      #  to read the on-line manual  =20
  )/' _/     \   `-_,   /            #  while single-stepping the kernel.
  `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
      _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook=20
     {_.-``-'         {_/            #
 
 --UNifc18z8z6e1QHx
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.9 (FreeBSD)
 
 iEYEARECAAYFAki+ENcACgkQthUKNsbL7Yi/wgCgpyeZJSj2E5Bx7R8SdLN/gjRl
 DfMAnR76+UX8D/LtyeN8Upz2FNnufDZ9
 =J9Nn
 -----END PGP SIGNATURE-----
 
 --UNifc18z8z6e1QHx--

From: freebsd-bridge-sep08@oldach.net (Helge Oldach)
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
Cc:  
Subject: Re: kern/127052: Still bridge issues - with L2 protocols such as PPPoE
Date: Sat, 6 Sep 2008 07:43:42 +0200 (CEST)

 I have tested Eygenes patch and it works as expected on 6-STABLE.
 
 However the behaviour is a little bit strange: The sysctl is of by
 default. When enabling it, nothing happens. The bridge's MAC still is
 the random MAC chosen upon boot. Even toggling the bridge interface
 down/up doesn't change it. The bridge's MAC is inherited only when a
 member interface is added or deleted. Essentially this sysctl must be
 set at boot time, e.g. in /etc/sysctl.conf to make it work consistently.
 
 Further, it is a global sysctl that applies to *all* bridge interfaces
 identically. It is not possible to have one bridge with inheritance, and
 another without.
 
 Philip explained that the main rationale for MAC inheritance was to make
 DHCP consistent over reboots. This can be simply achieved by a trivial
 
 	ifconfig_bridge0="link 66:fc:df:e2:3f:f5 up"
 
 (or similar) in /etc/rc.conf. There is no need to change code at all to
 achieve the desired effect, and we still have full flexibility, even
 with multiple bridges. (To simplify mass deployment, one can seed the
 MAC in the above command from a file created upon initial boot.)
 
 I would therefore mandate to back out the bridge inheritance stuff
 completely.
 
 Helge
State-Changed-From-To: open->closed 
State-Changed-By: thompsa 
State-Changed-When: Mon Sep 8 03:19:43 UTC 2008 
State-Changed-Why:  
r180140 has been reverted for 6.4 and 7.1, thanks for testing  
and reporting the problems. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=127052 
>Unformatted:
