Re: forwarding didn't work if wlan0 is member of a bridge

2016-01-13 Thread Olivier Cochard-Labbé 
On Wed, Jan 13, 2016 at 9:45 AM, Alexander V. Chernikov 
wrote:

>
> I suspect the reason here is link state bridge handling.
> ix0 does not seem to have IFCAP_LINKSTATE option but re(4) does. Probably
> wlan0 doesn't have LINKSTATE option.
> Code in bridge_linkcheck() doesn't handle the case with both "has link
> state" and "no link state" interfaces well:
> if reX is the only interface w/ IFCAP_LINKSTATE and it goes down, bridge
> will also change its link state to down.
> (However, bridge does not seem to have link state option itself, so
> RT_LINK_IS_UP() macro should return true...)
>
>
>
>
​For validating your "IFCAP_LINKSTATE" hypothesis, I've plug an USB
ethernet adapter ue(4) that didn't support IFCAP_LINKSTATE.
And I've setup the bridge0 with wlan0 and ue0 (in place of re1): same bug
triggered. I need to ​plug a cable for correct routing.

​root@fbsd-router:~ # ifconfig bridge0
bridge0: flags=8843 metric 0 mtu
1500
ether 02:6b:c0:de:b8:00
inet 1.1.1.1 netmask 0xff00 broadcast 1.1.1.255
nd6 options=9
groups: bridge
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: ue0 flags=143
ifmaxaddr 0 port 7 priority 128 path cost 55
member: wlan0 flags=143
ifmaxaddr 0 port 5 priority 128 path cost 3
root@fbsd-router:~ # ifconfig ue0
ue0: flags=8943 metric 0
mtu 1500
options=80008
ether 00:19:fd:4e:77:4d
nd6 options=29
media: Ethernet autoselect (none)
status: no carrier
​
​Regards,
___
freebsd-wireless@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to "freebsd-wireless-unsubscr...@freebsd.org"

Re: forwarding didn't work if wlan0 is member of a bridge

2016-01-13 Thread Hooman Fazaeli 

On 1/13/2016 1:31 PM, Olivier Cochard-Labbé wrote:

On Wed, Jan 13, 2016 at 9:45 AM, Alexander V. Chernikov 
wrote:


I suspect the reason here is link state bridge handling.
ix0 does not seem to have IFCAP_LINKSTATE option but re(4) does. Probably
wlan0 doesn't have LINKSTATE option.
Code in bridge_linkcheck() doesn't handle the case with both "has link
state" and "no link state" interfaces well:
if reX is the only interface w/ IFCAP_LINKSTATE and it goes down, bridge
will also change its link state to down.
(However, bridge does not seem to have link state option itself, so
RT_LINK_IS_UP() macro should return true...)





​For validating your "IFCAP_LINKSTATE" hypothesis, I've plug an USB
ethernet adapter ue(4) that didn't support IFCAP_LINKSTATE.
And I've setup the bridge0 with wlan0 and ue0 (in place of re1): same bug
triggered. I need to ​plug a cable for correct routing.

​root@fbsd-router:~ # ifconfig bridge0
bridge0: flags=8843 metric 0 mtu
1500
 ether 02:6b:c0:de:b8:00
 inet 1.1.1.1 netmask 0xff00 broadcast 1.1.1.255
 nd6 options=9
 groups: bridge
 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
 member: ue0 flags=143
 ifmaxaddr 0 port 7 priority 128 path cost 55
 member: wlan0 flags=143
 ifmaxaddr 0 port 5 priority 128 path cost 3
root@fbsd-router:~ # ifconfig ue0
ue0: flags=8943 metric 0
mtu 1500
 options=80008
 ether 00:19:fd:4e:77:4d
 nd6 options=29
 media: Ethernet autoselect (none)
 status: no carrier
​
​Regards,
___
freebsd-wireless@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to "freebsd-wireless-unsubscr...@freebsd.org"


IMHO, this situation happens because if_bridge applies link state logic
with the (wrong) assumption that it is _only_ responsible to forward
packets between member interfaces. In this special setup, the packet
comes from IP layer (not from another member interface) and should be
forwarded on an up and active member interface w/o problem.

It seems to me that the correct behavior for if_bridge it to check
link state after it has determined outgoing interface and is
about to forward the packet on that interface (however, I am not sure if
returning unreachables, which is a good troubleshooting signal, is then
possible or not).

--
Best regards
Hooman Fazaeli

___
freebsd-wireless@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to "freebsd-wireless-unsubscr...@freebsd.org"

Re: forwarding didn't work if wlan0 is member of a bridge

2016-01-13 Thread Alexander V . Chernikov 
13.01.2016, 13:02, "Olivier Cochard-Labbé" :
> On Wed, Jan 13, 2016 at 9:45 AM, Alexander V. Chernikov 
> wrote:
>
>>  I suspect the reason here is link state bridge handling.
>>  ix0 does not seem to have IFCAP_LINKSTATE option but re(4) does. Probably
>>  wlan0 doesn't have LINKSTATE option.
>>  Code in bridge_linkcheck() doesn't handle the case with both "has link
>>  state" and "no link state" interfaces well:
>>  if reX is the only interface w/ IFCAP_LINKSTATE and it goes down, bridge
>>  will also change its link state to down.
>>  (However, bridge does not seem to have link state option itself, so
>>  RT_LINK_IS_UP() macro should return true...)
>
> ​For validating your "IFCAP_LINKSTATE" hypothesis, I've plug an USB
> ethernet adapter ue(4) that didn't support IFCAP_LINKSTATE.
> And I've setup the bridge0 with wlan0 and ue0 (in place of re1): same bug
> triggered. I need to ​plug a cable for correct routing.
We discussed/investigated this behaviour on IRC. To summarise:
1) ip_tryforward() does check interface linkstate regardless of linkstate 
capability
2) bridge linkcheck function does not seem to care about linkstate capability.

What happened in original case:
802.11 does not provide linkstate cap and actual linkstate value is 0 (unknown).
re0 does provide linkstate cap, so on link down, bridge_linkcheck() code 
decided to set own linkstate as DOWN as well (has non-zero linkstate interface, 
0 up).
On packet transmission. ip_tryforward() checked bridge0 state, found it to be 
DOWN so the icmp_error() was triggered.

Attached patch fixes the problem, but I'm still thinking about better solution.

>
> ​root@fbsd-router:~ # ifconfig bridge0
> bridge0: flags=8843 metric 0 mtu
> 1500
> ether 02:6b:c0:de:b8:00
> inet 1.1.1.1 netmask 0xff00 broadcast 1.1.1.255
> nd6 options=9
> groups: bridge
> id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
> maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
> root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
> member: ue0 flags=143
> ifmaxaddr 0 port 7 priority 128 path cost 55
> member: wlan0 flags=143
> ifmaxaddr 0 port 5 priority 128 path cost 3
> root@fbsd-router:~ # ifconfig ue0
> ue0: flags=8943 metric 0
> mtu 1500
> options=80008
> ether 00:19:fd:4e:77:4d
> nd6 options=29
> media: Ethernet autoselect (none)
> status: no carrier
> ​
> ​Regards,
> ___
> freebsd-curr...@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"Index: /usr/src/sys/net/if_bridge.c
===
--- /usr/src/sys/net/if_bridge.c	(revision 293659)
+++ /usr/src/sys/net/if_bridge.c	(working copy)
@@ -3550,22 +3550,25 @@ static void
 bridge_linkcheck(struct bridge_softc *sc)
 {
 	struct bridge_iflist *bif;
-	int new_link, hasls;
+	int new_link, nols;
 
 	BRIDGE_LOCK_ASSERT(sc);
 	new_link = LINK_STATE_DOWN;
-	hasls = 0;
+	nols = 0;
 	/* Our link is considered up if at least one of our ports is active */
 	LIST_FOREACH(bif, >sc_iflist, bif_next) {
-		if (bif->bif_ifp->if_capabilities & IFCAP_LINKSTATE)
-			hasls++;
+		if ((bif->bif_ifp->if_capabilities & IFCAP_LINKSTATE) == 0) {
+			/* XXX: Handle admin down? */
+			nols++;
+			continue;
+		}
 		if (bif->bif_ifp->if_link_state == LINK_STATE_UP) {
 			new_link = LINK_STATE_UP;
 			break;
 		}
 	}
-	if (!LIST_EMPTY(>sc_iflist) && !hasls) {
-		/* If no interfaces support link-state then we default to up */
+	if (!LIST_EMPTY(>sc_iflist) && nols != 0) {
+		/* If some ifaces don't support link-state then we default to up */
 		new_link = LINK_STATE_UP;
 	}
 	if_link_state_change(sc->sc_ifp, new_link);
___
freebsd-wireless@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to "freebsd-wireless-unsubscr...@freebsd.org"

Re: forwarding didn't work if wlan0 is member of a bridge

2016-01-12 Thread Adrian Chadd 
This is actually the intended behaviour, right? The routed interface
is down, so the IP address on it and connected to it are unreachable.




-a

On 11 January 2016 at 14:52, Olivier Cochard-Labbé  wrote:
> After weeks of troubleshooting, at last I found how to reproduce this
> problem ;-)
>
> Here is the setup:
>
> LAN0 <--> [(re0) fbsd router (bridge0 addm re1 addm wlan0)] <--> Wireless
> LAN
>
> If interface re1 (bridge0 member with wlan0) is in "active" status
> (=ethernet cable plugged to something): I don't have any problem, all is
> working great for my wireless clients connected to wlan0: They can ping
> devices in LAN0.
> But once I've unplug the ethernet cable connected to re1 (bridge member
> with wlan0) and re1 state switch to "no carrier", Wireless LAN clients are
> not able to reach LAN0.
>
> Here is my rc.conf with simple subnetting for Adrian ;-)
>
> wlans_ath0="wlan0"
> ifconfig_wlan0="hostap channel 6"
> create_args_wlan0="wlanmode hostap"
> cloned_interfaces="bridge0"
> ifconfig_re0="inet 1.0.0.1/24"
> ifconfig_re1="up"
> ifconfig_bridge0="inet 1.1.1.1/24 addm re1 addm wlan0 up"
> gateway_enable="YES"
>
> And an example with re1 in "no carrier" status:
>
> root@fbsd-router:~ # ifconfig bridge0
> bridge0: flags=8843 metric 0 mtu
> 1500
> ether 02:6b:c0:de:b8:00
> inet 1.1.1.1 netmask 0xff00 broadcast 1.1.1.255
> nd6 options=9
> groups: bridge
> id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
> maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
> root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
> member: wlan0 flags=143
> ifmaxaddr 0 port 5 priority 128 path cost 3
> member: re1 flags=143
> ifmaxaddr 0 port 2 priority 128 path cost 55
>
>
> root@fbsd-router:~ # ifconfig re1
> re1: flags=8943 metric 0
> mtu 1500
>
> options=82099
> ether 00:0d:b9:3c:ae:25
> nd6 options=29
> media: Ethernet autoselect (none)
> status: no carrier
>
> => from a wireless LAN client (1.1.1.2) I'm trying to ping a host on LAN0
> (1.0.0.2):
>
> root@fbsd-router:~ # tcpdump -pni re0
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on re0, link-type EN10MB (Ethernet), capture size 262144 bytes
> 23:38:04.466866 ARP, Request who-has 1.0.0.2 tell 1.0.0.1, length 28
> 23:38:04.467052 ARP, Reply 1.0.0.2 is-at 00:08:a2:09:c4:a2, length 46
> 23:38:04.467090 IP 1.1.1.2 > 1.0.0.2: ICMP echo request, id 72, seq 1,
> length 64
> 23:38:04.467226 IP 1.0.0.2 > 1.1.1.2: ICMP echo reply, id 72, seq 1, length
> 64
> 23:38:04.467300 IP 1.0.0.1 > 1.0.0.2: ICMP host 1.1.1.2 unreachable, length
> 36
> 23:38:05.483053 IP 1.1.1.2 > 1.0.0.2: ICMP echo request, id 72, seq 2,
> length 64
> 23:38:05.483259 IP 1.0.0.2 > 1.1.1.2: ICMP echo reply, id 72, seq 2, length
> 64
> 23:38:05.483318 IP 1.0.0.1 > 1.0.0.2: ICMP host 1.1.1.2 unreachable, length
> 36
> 23:38:06.387304 IP 1.1.1.2 > 1.0.0.2: ICMP echo request, id 72, seq 3,
> length 64
> 23:38:06.387466 IP 1.0.0.2 > 1.1.1.2: ICMP echo reply, id 72, seq 3, length
> 64
> 23:38:06.387514 IP 1.0.0.1 > 1.0.0.2: ICMP host 1.1.1.2 unreachable, length
> 36
> ^C
> 11 packets captured
> 11 packets received by filter
> 0 packets dropped by kernel
> root@fbsd-router:~ # arp -na
> ? (1.1.1.1) at 02:6b:c0:de:b8:00 on bridge0 permanent [bridge]
> ? (1.1.1.2) at fc:64:ba:97:c0:ff on bridge0 expires in 1168 seconds [bridge]
> ? (1.0.0.1) at 00:0d:b9:3c:ae:24 on re0 permanent [ethernet]
>
> => The FreeBSD router answers "unreacheable" to the host: My wireless LAN
> client never get the ICMP reply.
>
> => Now I plug eth1 to a dummy machine (just for changing its status):
>
> root@fbsd-router:~ # ifconfig re1
> re1: flags=8943 metric 0
> mtu 1500
>
> options=82099
> ether 00:0d:b9:3c:ae:25
> nd6 options=29
> media: Ethernet autoselect (1000baseT )
> status: active
>
> => and I restart the same ping from the wireless LAN client:
>
> root@fbsd-router:~ # tcpdump -pni re0
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on re0, link-type EN10MB (Ethernet), capture size 262144 bytes
> 23:44:08.597429 IP 1.1.1.2 > 1.0.0.2: ICMP echo request, id 74, seq 1,
> length 64
> 23:44:08.597660 IP 1.0.0.2 > 1.1.1.2: ICMP echo reply, id 74, seq 1, length
> 64
> 23:44:09.604447 IP 1.1.1.2 > 1.0.0.2: ICMP echo request, id 74, seq 2,
> length 64
> 23:44:09.604683 IP 1.0.0.2 > 1.1.1.2: ICMP echo reply, id

Re: forwarding didn't work if wlan0 is member of a bridge

2016-01-12 Thread Olivier Cochard-Labbé 
On Tue, Jan 12, 2016 at 9:52 PM, Alexander V. Chernikov <
melif...@freebsd.org> wrote:

>
> Could you show 'netstat -rn' output when one of bridge members is down?
> Btw, I tried to reproduce it today (but, with ix0 instead of wlan0) and I
> wasn't able to trigger the problem.
>
>
​Sure,

here some output with the re1 (member of bridge) unplugged:

root@
​fbsd-router
:~ # ifconfig bridge0
bridge0: flags=8843 metric 0 mtu
1500
ether 02:6b:c0:de:b8:00
inet 1.1.1.1 netmask 0xff00 broadcast 1.1.1.255
nd6 options=9
groups: bridge
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: wlan0 flags=143
ifmaxaddr 0 port 5 priority 128 path cost 3
member: re1 flags=143
ifmaxaddr 0 port 2 priority 128 path cost 55

root@
​fbsd-router
:~ # ifconfig re1
re1: flags=8943 metric 0
mtu 1500

options=82099
ether 00:0d:b9:3c:ae:25
nd6 options=29
media: Ethernet autoselect (none)
status: no carrier
root@
​fbsd-router​
:~ # netstat -r
​4​
n
Routing tables

Internet:
DestinationGatewayFlags Netif Expire
1.0.0.0/24 link#1 U   re0
1.0.0.1link#1 UHS lo0
1.1.1.0/24 link#6 U   bridge0
1.1.1.1link#6 UHS lo0
127.0.0.1  link#4 UH  lo0

During this "one-member-unplugged", the freebsd-router can still ping each
hosts on different connected interface, it just "refuse" to forward between
its interfaces:

root@fbsd-router:~ # ping 1.1.1.2 (the wireless client connected to wlan0,
member of the bridge0 interface)
PING 1.1.1.2 (1.1.1.2): 56 data bytes
64 bytes from 1.1.1.2: icmp_seq=0 ttl=64 time=4.600 ms
64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=5.878 ms
^C
--- 1.1.1.2 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 4.600/5.239/5.878/0.639 ms
root@fbsd-router:~ # ping 1.0.0.2 (an host on the LAN0)
PING 1.0.0.2 (1.0.0.2): 56 data bytes
64 bytes from 1.0.0.2: icmp_seq=0 ttl=64 time=0.282 ms
64 bytes from 1.0.0.2: icmp_seq=1 ttl=64 time=0.280 ms
^C
--- 1.0.0.2 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.280/0.281/0.282/0.001 ms
root@fbsd-router:~ # arp -na
? (1.1.1.1) at 02:6b:c0:de:b8:00 on bridge0 permanent [bridge]
? (1.1.1.2) at 00:c0:ca:7e:8b:fe on bridge0 expires in 1055 seconds [bridge]
? (1.0.0.1) at 00:0d:b9:3c:ae:24 on re0 permanent [ethernet]
? (1.0.0.2) at 0c:c4:7a:6b:a6:d3 on re0 expires in 1106 seconds [ethernet]

​And the wireless client (1.1.1.2) can still ping the fbsd-router bridge
interface (1.1.1.1) too (for answering to the Adrian question).​

Now I replug re1:

root@fbsd-router:~ # ifconfig re1
re1: flags=8943 metric 0
mtu 1500

options=82099
ether 00:0d:b9:3c:ae:25
nd6 options=29
media: Ethernet autoselect (1000baseT )
status: active

and here are netstat output (no changes with previous):

root@fbsd-router:~ # netstat -r4n
Routing tables

Internet:
DestinationGatewayFlags Netif Expire
1.0.0.0/24 link#1 U   re0
1.0.0.1link#1 UHS lo0
1.1.1.0/24 link#6 U   bridge0
1.1.1.1link#6 UHS lo0
127.0.0.1  link#4 UH  lo0

Because you didn't reach to reproduce with ix0 in place of wlan0, I've did
some modification to my bridge setup:
1. In place of using re1+wlan0, I've put re1+re2 in the bridge0. And I've
connected an host on re2: I didn't reach to reproduce the problem too, then I
confirm we didn't have this bug with 2 Ethernet Interfaces.

2. In place of using PCI ath(4) (Atheros 9280), I've plugged an USB rum(4)
(old Ralink) and configured it as wlan0 like was the ath0: the bridge0 was
reverted to re1+wlan0.
And I reach to reproduce the problem with a different wireless card: This
thread seems correctly belong to the "wireless" mailing-list :-)
___
freebsd-wireless@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to "freebsd-wireless-unsubscr...@freebsd.org"

Re: forwarding didn't work if wlan0 is member of a bridge

2016-01-12 Thread Adrian Chadd 
Ah, okay.

Can you ping out the routed interface whilst this occurs?


-a


On 12 January 2016 at 12:48, Olivier Cochard-Labbé  wrote:
> On Tue, Jan 12, 2016 at 7:22 PM, Adrian Chadd 
> wrote:
>>
>> This is actually the intended behaviour, right? The routed interface
>> is down, so the IP address on it and connected to it are unreachable.
>
>
> Hi Adrian,
>
> the routed interface is a bridge interface, and this bridge interface had
> only one of its 2 members interface down.
> Then the routed interface is not down.
>
___
freebsd-wireless@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to "freebsd-wireless-unsubscr...@freebsd.org"

Re: forwarding didn't work if wlan0 is member of a bridge

2016-01-12 Thread Olivier Cochard-Labbé 
On Tue, Jan 12, 2016 at 7:22 PM, Adrian Chadd 
wrote:

> This is actually the intended behaviour, right? The routed interface
> is down, so the IP address on it and connected to it are unreachable.
>

​Hi Adrian,

the routed interface is a bridge interface, and this bridge interface had
only one of its 2 members interface down.
Then the routed interface is not down.
___
freebsd-wireless@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to "freebsd-wireless-unsubscr...@freebsd.org"

Re: forwarding didn't work if wlan0 is member of a bridge

2016-01-12 Thread Alexander V . Chernikov 
12.01.2016, 23:48, "Olivier Cochard-Labbé" :
> On Tue, Jan 12, 2016 at 7:22 PM, Adrian Chadd 
> wrote:
>
>>  This is actually the intended behaviour, right? The routed interface
>>  is down, so the IP address on it and connected to it are unreachable.
>
> ​Hi Adrian,
>
> the routed interface is a bridge interface, and this bridge interface had
> only one of its 2 members interface down.
> Then the routed interface is not down.
Could you show 'netstat -rn' output when one of bridge members is down?
Btw, I tried to reproduce it today (but, with ix0 instead of wlan0) and I 
wasn't able to trigger the problem.

> ___
> freebsd-curr...@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
___
freebsd-wireless@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to "freebsd-wireless-unsubscr...@freebsd.org"

Re: forwarding didn't work if wlan0 is member of a bridge

2016-01-12 Thread Omni$ 
On Dec 23, 2015 2:32 AM, "Olivier Cochard-Labbé"  wrote:

> Hi,
>
> If wlan0 interface is member of a bridge, FreeBSD didn't reach to
> forward-back packets to wireless client
>
> My setup is this one:
>
> internet gateway <--> [net0] fbsd router [net1 + wifi-hostap in bridge0]
>  <--> wireless client
>
> and the problem description:
>  - wireless clients didn't receive any packet back: the fbsd-router blocks
> answers because it thinks wireless clients are "unreachable".
>  - But wireless clients can reach all IP of the fbsd-router hitself without
> problem, and fbsd-router can ping them too.
>  - Ethernet clients connected to the same bridge0 didn't have problem
>
> A tcpdump on the outgoing interface shows the fbsd-router correctly
> receiving/NATing/forwarding the wireless-client packet (10.239.142.104
> natted to 192.168.100.70) toward the Internet-gateway (192.168.100.254),
> but once received the response from the internet-gateway it is not able to
> reach the wireless-client (unreachable):
> [fbsd-router]~> sudo tcpdump -pni net0 icmp
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on net0, link-type EN10MB (Ethernet), capture size 262144 bytes
> 07:35:24.869560 IP 192.168.100.70 > 192.168.100.254: ICMP echo request, id
> 1, seq 375, length 40
> 07:35:24.869772 IP 192.168.100.254 > 192.168.100.70: ICMP echo reply, id
> 1,
> seq 375, length 40
> 07:35:24.870314 IP 192.168.100.70 > 192.168.100.254: ICMP host
> 10.239.142.104 unreachable, length 36
>
> But directly from the fbsd-router, there is no problem for reaching the
> wireless-client:
> [fbsd-router]~> ping wireless-client
> PING 10.239.142.104 (10.239.142.104): 56 data bytes
> 64 bytes from 10.239.142.104: icmp_seq=0 ttl=128 time=2.633 ms
> 64 bytes from 10.239.142.104: icmp_seq=1 ttl=128 time=1.614 ms
>
> I'm using a bridge because I need to use only one subnet for all my clients
> (ethernet and wifi):
> [fbsd-router]~> ifconfig bridge0
> bridge0: flags=8843 metric 0 mtu
> 1500
> ether 02:82:9f:45:81:00
> inet 10.239.142.126 netmask 0xffe0 broadcast 10.239.142.127
> nd6 options=49
> groups: bridge
> id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
> maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
> root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
> member: wlan0 flags=143
> ifmaxaddr 0 port 6 priority 128 path cost 3
> member: net1 flags=143
> ifmaxaddr 0 port 2 priority 128 path cost 55
>
> And this "unreacheable" problem is related to the bridge, if I remove the
> wlan0 from the bridge, there is no more problem.
>
> What problem can cause FreeBSD to answer back "unreachable" when wlan0 is
> member of a bridge ?
>
> Head versions tested: r290522, r291362, r292613.
>
> Thanks,
> ___
> freebsd-wireless@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
> To unsubscribe, send any mail to "freebsd-wireless-unsubscr...@freebsd.org
> "
>
___
freebsd-wireless@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to "freebsd-wireless-unsubscr...@freebsd.org"

Re: forwarding didn't work if wlan0 is member of a bridge

2016-01-11 Thread Olivier Cochard-Labbé 
After weeks of troubleshooting, at last I found how to reproduce this
problem ;-)

Here is the setup:

LAN0 <--> [(re0) fbsd router (bridge0 addm re1 addm wlan0)] <--> Wireless
LAN

If interface re1 (bridge0 member with wlan0) is in "active" status
(=ethernet cable plugged to something): I don't have any problem, all is
working great for my wireless clients connected to wlan0: They can ping
devices in LAN0.
But once I've unplug the ethernet cable connected to re1 (bridge member
with wlan0) and re1 state switch to "no carrier", Wireless LAN clients are
not able to reach LAN0.

Here is my rc.conf with simple subnetting for Adrian ;-)

wlans_ath0="wlan0"
ifconfig_wlan0="hostap channel 6"
create_args_wlan0="wlanmode hostap"
cloned_interfaces="bridge0"
ifconfig_re0="inet 1.0.0.1/24"
ifconfig_re1="up"
ifconfig_bridge0="inet 1.1.1.1/24 addm re1 addm wlan0 up"
gateway_enable="YES"

And an example with re1 in "no carrier" status:

root@fbsd-router:~ # ifconfig bridge0
bridge0: flags=8843 metric 0 mtu
1500
ether 02:6b:c0:de:b8:00
inet 1.1.1.1 netmask 0xff00 broadcast 1.1.1.255
nd6 options=9
groups: bridge
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: wlan0 flags=143
ifmaxaddr 0 port 5 priority 128 path cost 3
member: re1 flags=143
ifmaxaddr 0 port 2 priority 128 path cost 55


root@fbsd-router:~ # ifconfig re1
re1: flags=8943 metric 0
mtu 1500

options=82099
ether 00:0d:b9:3c:ae:25
nd6 options=29
media: Ethernet autoselect (none)
status: no carrier

=> from a wireless LAN client (1.1.1.2) I'm trying to ping a host on LAN0
(1.0.0.2):

root@fbsd-router:~ # tcpdump -pni re0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on re0, link-type EN10MB (Ethernet), capture size 262144 bytes
23:38:04.466866 ARP, Request who-has 1.0.0.2 tell 1.0.0.1, length 28
23:38:04.467052 ARP, Reply 1.0.0.2 is-at 00:08:a2:09:c4:a2, length 46
23:38:04.467090 IP 1.1.1.2 > 1.0.0.2: ICMP echo request, id 72, seq 1,
length 64
23:38:04.467226 IP 1.0.0.2 > 1.1.1.2: ICMP echo reply, id 72, seq 1, length
64
23:38:04.467300 IP 1.0.0.1 > 1.0.0.2: ICMP host 1.1.1.2 unreachable, length
36
23:38:05.483053 IP 1.1.1.2 > 1.0.0.2: ICMP echo request, id 72, seq 2,
length 64
23:38:05.483259 IP 1.0.0.2 > 1.1.1.2: ICMP echo reply, id 72, seq 2, length
64
23:38:05.483318 IP 1.0.0.1 > 1.0.0.2: ICMP host 1.1.1.2 unreachable, length
36
23:38:06.387304 IP 1.1.1.2 > 1.0.0.2: ICMP echo request, id 72, seq 3,
length 64
23:38:06.387466 IP 1.0.0.2 > 1.1.1.2: ICMP echo reply, id 72, seq 3, length
64
23:38:06.387514 IP 1.0.0.1 > 1.0.0.2: ICMP host 1.1.1.2 unreachable, length
36
^C
11 packets captured
11 packets received by filter
0 packets dropped by kernel
root@fbsd-router:~ # arp -na
? (1.1.1.1) at 02:6b:c0:de:b8:00 on bridge0 permanent [bridge]
? (1.1.1.2) at fc:64:ba:97:c0:ff on bridge0 expires in 1168 seconds [bridge]
? (1.0.0.1) at 00:0d:b9:3c:ae:24 on re0 permanent [ethernet]

=> The FreeBSD router answers "unreacheable" to the host: My wireless LAN
client never get the ICMP reply.

=> Now I plug eth1 to a dummy machine (just for changing its status):

root@fbsd-router:~ # ifconfig re1
re1: flags=8943 metric 0
mtu 1500

options=82099
ether 00:0d:b9:3c:ae:25
nd6 options=29
media: Ethernet autoselect (1000baseT )
status: active

=> and I restart the same ping from the wireless LAN client:

root@fbsd-router:~ # tcpdump -pni re0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on re0, link-type EN10MB (Ethernet), capture size 262144 bytes
23:44:08.597429 IP 1.1.1.2 > 1.0.0.2: ICMP echo request, id 74, seq 1,
length 64
23:44:08.597660 IP 1.0.0.2 > 1.1.1.2: ICMP echo reply, id 74, seq 1, length
64
23:44:09.604447 IP 1.1.1.2 > 1.0.0.2: ICMP echo request, id 74, seq 2,
length 64
23:44:09.604683 IP 1.0.0.2 > 1.1.1.2: ICMP echo reply, id 74, seq 2, length
64
23:44:10.609711 IP 1.1.1.2 > 1.0.0.2: ICMP echo request, id 74, seq 3,
length 64
23:44:10.609874 IP 1.0.0.2 > 1.1.1.2: ICMP echo reply, id 74, seq 3, length
64

=> It's works :-)

How the status of a member of the bridge can impact the routing behavior of
other interfaces ?
How to fix this problem ?

Thanks
___
freebsd-wireless@freebsd.org mailing list

Re: forwarding didn't work if wlan0 is member of a bridge

2016-01-11 Thread Alexander V . Chernikov 
12.01.2016, 01:53, "Olivier Cochard-Labbé" :
> After weeks of troubleshooting, at last I found how to reproduce this
> problem ;-)
Hi Olivier,
>
> Here is the setup:
>
> LAN0 <--> [(re0) fbsd router (bridge0 addm re1 addm wlan0)] <--> Wireless
> LAN
>
> If interface re1 (bridge0 member with wlan0) is in "active" status
> (=ethernet cable plugged to something): I don't have any problem, all is
> working great for my wireless clients connected to wlan0: They can ping
> devices in LAN0.
> But once I've unplug the ethernet cable connected to re1 (bridge member
> with wlan0) and re1 state switch to "no carrier", Wireless LAN clients are
> not able to reach LAN0.
It looks like ICMP unreach messages are generated by IP forwarding.
Probably because (for some reason) bridge0 interface prefix was removed from 
route table.
I'll try to reproduce that.

>
> Here is my rc.conf with simple subnetting for Adrian ;-)
>
> wlans_ath0="wlan0"
> ifconfig_wlan0="hostap channel 6"
> create_args_wlan0="wlanmode hostap"
> cloned_interfaces="bridge0"
> ifconfig_re0="inet 1.0.0.1/24"
> ifconfig_re1="up"
> ifconfig_bridge0="inet 1.1.1.1/24 addm re1 addm wlan0 up"
> gateway_enable="YES"
>
> And an example with re1 in "no carrier" status:
>
> root@fbsd-router:~ # ifconfig bridge0
> bridge0: flags=8843 metric 0 mtu
> 1500
> ether 02:6b:c0:de:b8:00
> inet 1.1.1.1 netmask 0xff00 broadcast 1.1.1.255
> nd6 options=9
> groups: bridge
> id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
> maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
> root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
> member: wlan0 flags=143
> ifmaxaddr 0 port 5 priority 128 path cost 3
> member: re1 flags=143
> ifmaxaddr 0 port 2 priority 128 path cost 55
>
> root@fbsd-router:~ # ifconfig re1
> re1: flags=8943 metric 0
> mtu 1500
>
> options=82099
> ether 00:0d:b9:3c:ae:25
> nd6 options=29
> media: Ethernet autoselect (none)
> status: no carrier
>
> => from a wireless LAN client (1.1.1.2) I'm trying to ping a host on LAN0
> (1.0.0.2):
>
> root@fbsd-router:~ # tcpdump -pni re0
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on re0, link-type EN10MB (Ethernet), capture size 262144 bytes
> 23:38:04.466866 ARP, Request who-has 1.0.0.2 tell 1.0.0.1, length 28
> 23:38:04.467052 ARP, Reply 1.0.0.2 is-at 00:08:a2:09:c4:a2, length 46
> 23:38:04.467090 IP 1.1.1.2 > 1.0.0.2: ICMP echo request, id 72, seq 1,
> length 64
> 23:38:04.467226 IP 1.0.0.2 > 1.1.1.2: ICMP echo reply, id 72, seq 1, length
> 64
> 23:38:04.467300 IP 1.0.0.1 > 1.0.0.2: ICMP host 1.1.1.2 unreachable, length
> 36
> 23:38:05.483053 IP 1.1.1.2 > 1.0.0.2: ICMP echo request, id 72, seq 2,
> length 64
> 23:38:05.483259 IP 1.0.0.2 > 1.1.1.2: ICMP echo reply, id 72, seq 2, length
> 64
> 23:38:05.483318 IP 1.0.0.1 > 1.0.0.2: ICMP host 1.1.1.2 unreachable, length
> 36
> 23:38:06.387304 IP 1.1.1.2 > 1.0.0.2: ICMP echo request, id 72, seq 3,
> length 64
> 23:38:06.387466 IP 1.0.0.2 > 1.1.1.2: ICMP echo reply, id 72, seq 3, length
> 64
> 23:38:06.387514 IP 1.0.0.1 > 1.0.0.2: ICMP host 1.1.1.2 unreachable, length
> 36
> ^C
> 11 packets captured
> 11 packets received by filter
> 0 packets dropped by kernel
> root@fbsd-router:~ # arp -na
> ? (1.1.1.1) at 02:6b:c0:de:b8:00 on bridge0 permanent [bridge]
> ? (1.1.1.2) at fc:64:ba:97:c0:ff on bridge0 expires in 1168 seconds [bridge]
> ? (1.0.0.1) at 00:0d:b9:3c:ae:24 on re0 permanent [ethernet]
>
> => The FreeBSD router answers "unreacheable" to the host: My wireless LAN
> client never get the ICMP reply.
>
> => Now I plug eth1 to a dummy machine (just for changing its status):
>
> root@fbsd-router:~ # ifconfig re1
> re1: flags=8943 metric 0
> mtu 1500
>
> options=82099
> ether 00:0d:b9:3c:ae:25
> nd6 options=29
> media: Ethernet autoselect (1000baseT )
> status: active
>
> => and I restart the same ping from the wireless LAN client:
>
> root@fbsd-router:~ # tcpdump -pni re0
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on re0, link-type EN10MB (Ethernet), capture size 262144 bytes
> 23:44:08.597429 IP 1.1.1.2 > 1.0.0.2: ICMP echo request, id 74, seq 1,
> length 64
> 23:44:08.597660 IP 1.0.0.2 > 1.1.1.2: ICMP echo reply, id 74, seq 1, length
> 64
> 23:44:09.604447 IP 1.1.1.2 > 1.0.0.2: ICMP echo request, id 74, seq 2,
> length 64
> 23:44:09.604683 IP

Re: forwarding didn't work if wlan0 is member of a bridge

2015-12-24 Thread Ben Woods 
On Wednesday, 23 December 2015, Adrian Chadd  wrote:

> Hi,
>
> inet 10.239.142.126 netmask 0xffe0 broadcast 10.239.142.127
>
> This looks like a problem with your addressing. That netmask != that
> broadcast.
>
> Please recheck your networking setup!
>
>
> -a
>

That broadcast looks correct for me for a bet mask of 0xffe0 (/27).

http://jodies.de/ipcalc?host=10.239.142.126=27=

Regards,
Ben


-- 

--
From: Benjamin Woods
woods...@gmail.com
___
freebsd-wireless@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to "freebsd-wireless-unsubscr...@freebsd.org"

Re: forwarding didn't work if wlan0 is member of a bridge

2015-12-23 Thread Sergey Manucharian 
Excerpts from Olivier Cochard-Labbé's message from Wed 23-Dec-15 11:31:
> If wlan0 interface is member of a bridge, FreeBSD didn't reach to
> forward-back packets to wireless client
> 
> My setup is this one:
> 
> internet gateway <--> [net0] fbsd router [net1 + wifi-hostap in bridge0]
>  <--> wireless client
> 
> and the problem description:
>  - wireless clients didn't receive any packet back: the fbsd-router blocks
> answers because it thinks wireless clients are "unreachable".
>  - But wireless clients can reach all IP of the fbsd-router hitself without
> problem, and fbsd-router can ping them too.
>  - Ethernet clients connected to the same bridge0 didn't have problem

I believe this is related to the fact that wifi adapter cannot have more
that one MAC address. And that becomes true when it's a member of a
bridge. There exist some tricky ways to overcome that though.

S.

___
freebsd-wireless@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to "freebsd-wireless-unsubscr...@freebsd.org"

Re: forwarding didn't work if wlan0 is member of a bridge

2015-12-23 Thread Kristof Provost 
On 2015-12-23 08:08:29 (-0700), Sergey Manucharian  wrote:
> I believe this is related to the fact that wifi adapter cannot have more
> that one MAC address. And that becomes true when it's a member of a
> bridge. There exist some tricky ways to overcome that though.
> 
That's true, but that only applies in station mode (i.e. as a wifi
client). If I'm reading the report right Olivier is using wifi0 as an
access point here.

Regards,
Kristof
___
freebsd-wireless@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to "freebsd-wireless-unsubscr...@freebsd.org"

Re: forwarding didn't work if wlan0 is member of a bridge

2015-12-23 Thread Adrian Chadd 
Hi,

inet 10.239.142.126 netmask 0xffe0 broadcast 10.239.142.127

This looks like a problem with your addressing. That netmask != that broadcast.

Please recheck your networking setup!


-a


On 23 December 2015 at 02:31, Olivier Cochard-Labbé  wrote:
> Hi,
>
> If wlan0 interface is member of a bridge, FreeBSD didn't reach to
> forward-back packets to wireless client
>
> My setup is this one:
>
> internet gateway <--> [net0] fbsd router [net1 + wifi-hostap in bridge0]
>  <--> wireless client
>
> and the problem description:
>  - wireless clients didn't receive any packet back: the fbsd-router blocks
> answers because it thinks wireless clients are "unreachable".
>  - But wireless clients can reach all IP of the fbsd-router hitself without
> problem, and fbsd-router can ping them too.
>  - Ethernet clients connected to the same bridge0 didn't have problem
>
> A tcpdump on the outgoing interface shows the fbsd-router correctly
> receiving/NATing/forwarding the wireless-client packet (10.239.142.104
> natted to 192.168.100.70) toward the Internet-gateway (192.168.100.254),
> but once received the response from the internet-gateway it is not able to
> reach the wireless-client (unreachable):
> [fbsd-router]~> sudo tcpdump -pni net0 icmp
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on net0, link-type EN10MB (Ethernet), capture size 262144 bytes
> 07:35:24.869560 IP 192.168.100.70 > 192.168.100.254: ICMP echo request, id
> 1, seq 375, length 40
> 07:35:24.869772 IP 192.168.100.254 > 192.168.100.70: ICMP echo reply, id 1,
> seq 375, length 40
> 07:35:24.870314 IP 192.168.100.70 > 192.168.100.254: ICMP host
> 10.239.142.104 unreachable, length 36
>
> But directly from the fbsd-router, there is no problem for reaching the
> wireless-client:
> [fbsd-router]~> ping wireless-client
> PING 10.239.142.104 (10.239.142.104): 56 data bytes
> 64 bytes from 10.239.142.104: icmp_seq=0 ttl=128 time=2.633 ms
> 64 bytes from 10.239.142.104: icmp_seq=1 ttl=128 time=1.614 ms
>
> I'm using a bridge because I need to use only one subnet for all my clients
> (ethernet and wifi):
> [fbsd-router]~> ifconfig bridge0
> bridge0: flags=8843 metric 0 mtu
> 1500
> ether 02:82:9f:45:81:00
> inet 10.239.142.126 netmask 0xffe0 broadcast 10.239.142.127
> nd6 options=49
> groups: bridge
> id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
> maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
> root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
> member: wlan0 flags=143
> ifmaxaddr 0 port 6 priority 128 path cost 3
> member: net1 flags=143
> ifmaxaddr 0 port 2 priority 128 path cost 55
>
> And this "unreacheable" problem is related to the bridge, if I remove the
> wlan0 from the bridge, there is no more problem.
>
> What problem can cause FreeBSD to answer back "unreachable" when wlan0 is
> member of a bridge ?
>
> Head versions tested: r290522, r291362, r292613.
>
> Thanks,
> ___
> freebsd-curr...@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
___
freebsd-wireless@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to "freebsd-wireless-unsubscr...@freebsd.org"

forwarding didn't work if wlan0 is member of a bridge

2015-12-23 Thread Olivier Cochard-Labbé 
Hi,

If wlan0 interface is member of a bridge, FreeBSD didn't reach to
forward-back packets to wireless client

My setup is this one:

internet gateway <--> [net0] fbsd router [net1 + wifi-hostap in bridge0]
 <--> wireless client

and the problem description:
 - wireless clients didn't receive any packet back: the fbsd-router blocks
answers because it thinks wireless clients are "unreachable".
 - But wireless clients can reach all IP of the fbsd-router hitself without
problem, and fbsd-router can ping them too.
 - Ethernet clients connected to the same bridge0 didn't have problem

A tcpdump on the outgoing interface shows the fbsd-router correctly
receiving/NATing/forwarding the wireless-client packet (10.239.142.104
natted to 192.168.100.70) toward the Internet-gateway (192.168.100.254),
but once received the response from the internet-gateway it is not able to
reach the wireless-client (unreachable):
[fbsd-router]~> sudo tcpdump -pni net0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on net0, link-type EN10MB (Ethernet), capture size 262144 bytes
07:35:24.869560 IP 192.168.100.70 > 192.168.100.254: ICMP echo request, id
1, seq 375, length 40
07:35:24.869772 IP 192.168.100.254 > 192.168.100.70: ICMP echo reply, id 1,
seq 375, length 40
07:35:24.870314 IP 192.168.100.70 > 192.168.100.254: ICMP host
10.239.142.104 unreachable, length 36

But directly from the fbsd-router, there is no problem for reaching the
wireless-client:
[fbsd-router]~> ping wireless-client
PING 10.239.142.104 (10.239.142.104): 56 data bytes
64 bytes from 10.239.142.104: icmp_seq=0 ttl=128 time=2.633 ms
64 bytes from 10.239.142.104: icmp_seq=1 ttl=128 time=1.614 ms

I'm using a bridge because I need to use only one subnet for all my clients
(ethernet and wifi):
[fbsd-router]~> ifconfig bridge0
bridge0: flags=8843 metric 0 mtu
1500
ether 02:82:9f:45:81:00
inet 10.239.142.126 netmask 0xffe0 broadcast 10.239.142.127
nd6 options=49
groups: bridge
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: wlan0 flags=143
ifmaxaddr 0 port 6 priority 128 path cost 3
member: net1 flags=143
ifmaxaddr 0 port 2 priority 128 path cost 55

And this "unreacheable" problem is related to the bridge, if I remove the
wlan0 from the bridge, there is no more problem.

What problem can cause FreeBSD to answer back "unreachable" when wlan0 is
member of a bridge ?

Head versions tested: r290522, r291362, r292613.

Thanks,
___
freebsd-wireless@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
To unsubscribe, send any mail to "freebsd-wireless-unsubscr...@freebsd.org"