On Fri, Mar 02, 2012 at 03:19:34PM +0100, Camiel Dobbelaar wrote:
> I think the bridge loop detection in if_ethersubr.c can be removed. It
> taxes all bridge output traffic, but I don't think it ever kicks in.
>
> It was added in 2001 by angelos:
> http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_ethersubr.c.diff?r1=1.48;r2=1.49;f=h
>
> I'd say the following ethertypes are safe, they push packets further down
> the stack so they cannot be bridged again: ieee80211, trunk, vlan
>
> tun and gre cannot be part of a bridge.
While I don't understand the network stack very deeply, I for sure
have tun interfaces (in tap mode, with link0 set) part of a bridge on
my openvpn gateway:
bridge0: flags=41<UP,RUNNING>
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6
proto rstp
tun0 flags=3<LEARNING,DISCOVER>
port 14 ifpriority 0 ifcost 0
vlan4 flags=3<LEARNING,DISCOVER>
port 6 ifpriority 0 ifcost 0
>
> vether discards all output.
>
> That leaves gif, but that has its own loop detection. Added by angelos in
> 2001 as well, so I'm not sure what I'm missing.
> http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_gif.c.diff?r1=1.18;r2=1.19;f=h
>
> FreeBSD and NetBSD don't have it.
>
>
> Can people with exotic bridge setups (two bridges on one machine, gif
> tunnels, etc) give this a spin? It increases the collission counter
> (netstat -in) when a loop is broken.
>
> Index: if_ethersubr.c
> ===================================================================
> RCS file: /cvs/src/sys/net/if_ethersubr.c,v
> retrieving revision 1.151
> diff -u -p -t -u -r1.151 if_ethersubr.c
> --- if_ethersubr.c 9 Jul 2011 00:47:18 -0000 1.151
> +++ if_ethersubr.c 2 Mar 2012 13:47:45 -0000
> @@ -399,8 +399,10 @@ ether_output(ifp0, m0, dst, rt0)
> goto bad;
> }
> #endif
> - if (!bcmp(&ifp->if_bridge, mtag + 1,
> sizeof(caddr_t)))
> + if (!bcmp(&ifp->if_bridge, mtag + 1,
> sizeof(caddr_t))) {
> + ifp->if_collisions++;
> break;
> + }
> }
> if (mtag == NULL) {
> /* Attach a tag so we can detect loops */
>
--
Matthieu Herrb
