Bridging in FreeBSD without one side being blocked?

[Maxim Konovalov]

Hello Will,

On Sun, 10 Aug 2003, 23:52-0700, Will Andrews wrote:

> Hello (please cc: me as I am not subscribed, thanks),
>
> I was wondering if anyone has managed to set up bridge in such a
> way that hosts on both sides will be able to access the machine
> doing the bridging.  The reason I need this is because I need to
> join two media types (10baseT/100baseTX and 1000baseSX), and both
> sides of the bridge need access to the machine in question.  I'd
> prefer to do it like this instead of buying another switch with
> the necessary media ports or a media converter just for this.
>
> As far as I can tell, it does not seem like FreeBSD's BRIDGE is
> capable of doing this sort of thing.  Does someone know if
>
> ng_bridge can do it, or if it could be made to with some slight
> modifications?  I could not find any documentation about someone
> that has done something like this.
>
> I should note.. later I may add an Atheros card to the bridge,
> configured in 802.11a host AP mode.  Same conditions apply.  :)
>
> Seems to me that if a packet is destined for an IP associated
> with any of the bridge's child interfaces, the code should
> recognize that the packet can be delivered directly to it, as
> opposed to simply dropping it.

First, there is a bug in bridge code when it is loaded as module.
Use static compiled bridge instead.

Second, if your NICs in a bridge cluster have different if_hwassist
checksum capabilities, you hit another bug.

Third, if you use vlan(4) there is a bug with bridging them too.

Forth, you have to turn net.inet.ip.check_interface off (sysctl
net.inet.ip.check_interface=0).

I have a gross hack

http://people.freebsd.org/~maxim/diff/bridge.diff

to work around all these bugs but I still can't figure how to fix them
properly.

--
Maxim Konovalov, maxim at macomnet.ru, maxim at FreeBSD.org