On 2-3-2012 15:49, Matthieu Herrb wrote: > On Fri, Mar 02, 2012 at 03:19:34PM +0100, Camiel Dobbelaar wrote: >> I think the bridge loop detection in if_ethersubr.c can be removed. It >> taxes all bridge output traffic, but I don't think it ever kicks in. >> >> It was added in 2001 by angelos: >> http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_ethersubr.c.diff?r1=1.48;r2=1.49;f=h >> >> I'd say the following ethertypes are safe, they push packets further down >> the stack so they cannot be bridged again: ieee80211, trunk, vlan >> >> tun and gre cannot be part of a bridge. > > While I don't understand the network stack very deeply, I for sure > have tun interfaces (in tap mode, with link0 set) part of a bridge on > my openvpn gateway: > > bridge0: flags=41<UP,RUNNING> > groups: bridge > priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 > proto rstp > tun0 flags=3<LEARNING,DISCOVER> > port 14 ifpriority 0 ifcost 0 > vlan4 flags=3<LEARNING,DISCOVER> > port 6 ifpriority 0 ifcost 0 > > >
Yes, you are right, I missed the layer-2 tap mode. It looks like it only pushes packets further down as well (so they cannot be bridged twice). But the tun code is a little more challenging so not 100% sure yet. If you can try the diff on this setup, that would be nice.
