ifconfig: BRDGADD vr1: Invalid argument

Ian Smith smithi at nimnet.asn.au
Wed Dec 12 22:47:58 PST 2007 

On Thu, 13 Dec 2007, Randy Bush wrote:
 > ok, i have bridging working (kernel/userland version skew likely culprit, thanks max),
 > except that ath0 does not seem to completely bridge. bms may have warned me in saying
 > 
 > > although you won't get the 802.11 frames bridged.

I'm wondering just what that means too ..

 > the problem:
 >   o hosts on vr1, vr2, and vr3 get dhcp addresses and can see the world
 >   o host on ath0 can not get dhcp address
 >     - soekris sees dhcp request and responds
 >     - response not seen by anyone on wireless
 >     - tcpdump says dhcpd is sending the response (see below)
 > 
 > the plan:
 > 
 >                  Soekris 5501
 >             .-----------------------.
 >             |                       |
 >             |              b ---ath0|
 >             |              r        |  LAN
 >  external   |              i --- vr1|
 > ------------|vr0---NAT---- d        |  DHCP
 >    WAN      |              g --- vr2|
 >             |              e        |  Clients
 >             |              0 --- vr3|
 >             |                       |
 >             `-----------------------'
 > 
 > vr0 gets address via DHCP from external link
 > 
 > bridge0 is hard coded as 192.168.0.1/24
 > 
 > dhcpd runs on bridge0 for the range 192.168.0.100-199 to feed the LAN.
 > 
 > ---
 > 
 > from /etc/rc.conf:
 > 
 > firewall_enable=YES             # Set to YES to enable firewall functionality
 > firewall_type="/etc/ipfw.rules" # Firewall type (see /etc/rc.firewall)
 > firewall_quiet=YES              # Set to YES to suppress rule display
 > firewall_logging=YES            # Set to YES to enable events logging
 > 
 > ifconfig_vr0=DHCP
 > cloned_interfaces=bridge0
 > ifconfig_bridge0="192.168.0.1 addm vr1 addm vr2 addm vr3 up addm ath0"
 > ifconfig_vr1=up
 > ifconfig_vr2=up
 > ifconfig_vr3=up
 > ifconfig_ath0="channel 4 ssid rgnet-aden wep wepkey x mediaopt hostap up"
 > 
 > gateway_enable=YES
 > 
 > ---
 > 
 > from /etc/sysctl.conf:
 > 
 > # nat
 > net.inet.ip.fw.one_pass=0
 > 
 > # bridging
 > #net.link.ether.ipfw=1  -- uncomment and connectivity on vr0 is lost

Do your ipfw rules handle ethernet packets, or maybe enabling this and
not filtering on them (ie allow) affects vr0 connectivity?  (guessing,
while still largely ignorant of layer2 filtering despite 10 x ipfw(8))

 > net.link.bridge.ipfw=1
 > net.link.bridge.ipfw_arp=1
 > 
 > # ath bridging
 > net.inet.ip.check_interface=0

Not asking entirely gratuitously as I'm also trying to sus out relations
between ipfw, if_bridge, dummynet pipes, maybe nat, planning to 7-ise a
4.8 box that has for years run on ipfw1 and ye olde bridge(4) between a
gateway and an unruly mob of assorted community groups - and struggling. 

What do your net.link.bridge.pfil_{onlyip,member,bridge} sysctls wind up
being, noting that your bridge iface is serving DHCP and:

net.link.bridge.ipfw		Set to 1 to enable layer2 filtering with
				ipfirewall(4), set to 0 to disable it. This
				needs to be enabled for dummynet(4) support.
				When ipfw is enabled, pfil_bridge and
				pfil_member will be disabled so that IPFW is
				not run twice; these can be re-enabled if
				desired.

cheers, Ian

(tailquoting julian-style for sent-mail reference :)

 > ---
 > 
 > # ifconfig -a
 > vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
 >         options=b<RXCSUM,TXCSUM,VLAN_MTU>
 >         ether 00:00:24:c8:b3:28
 >         inet 666.42.86.171 netmask 0xffffffc0 broadcast 666.42.86.191
 >         media: Ethernet autoselect (100baseTX <full-duplex>)
 >         status: active
 > vr1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
 >         options=9<RXCSUM,VLAN_MTU>
 >         ether 00:00:24:c8:b3:29
 >         media: Ethernet autoselect (none)
 >         status: no carrier
 > vr2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
 >         options=9<RXCSUM,VLAN_MTU>
 >         ether 00:00:24:c8:b3:2a
 >         media: Ethernet autoselect (none)
 >         status: no carrier
 > vr3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
 >         options=9<RXCSUM,VLAN_MTU>
 >         ether 00:00:24:c8:b3:2b
 >         media: Ethernet autoselect (none)
 >         status: no carrier
 > ath0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
 >         ether 00:0b:6b:83:59:25
 >         media: IEEE 802.11 Wireless Ethernet autoselect <hostap> (autoselect <hostap>)
 >         status: associated
 >         ssid rgnet-aden channel 4 (2427 Mhz 11g) bssid 00:0b:6b:83:59:25
 >         authmode OPEN privacy ON deftxkey UNDEF wepkey 1:104-bit txpower 31.5
 >         scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi11g 7
 >         roam:rate11g 5 protmode CTS burst dtimperiod 1
 > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
 >         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
 >         inet6 ::1 prefixlen 128
 >         inet 127.0.0.1 netmask 0xff000000
 > bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
 >         ether c6:75:12:20:d9:c2
 >         inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
 >         id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
 >         maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
 >         root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
 >         member: ath0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
 >                 ifmaxaddr 0 port 5 priority 128 path cost 370370
 >         member: vr3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
 >                 ifmaxaddr 0 port 4 priority 128 path cost 200000
 >         member: vr2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
 >                 ifmaxaddr 0 port 3 priority 128 path cost 55
 >         member: vr1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
 >                 ifmaxaddr 0 port 2 priority 128 path cost 55
 > 
 > ---
 > 
 > the tcpdump -i ath0
 > 
 > 03:48:29.717236 00:18:de:21:76:c9 (oui Unknown) > Broadcast Null Supervisory, Receiver not Ready, rcv seq 64, Flags [Poll], length 6
 > 03:48:29.717244 00:18:de:21:76:c9 (oui Unknown) > Broadcast Null Supervisory, Receiver not Ready, rcv seq 64, Flags [Poll], length 6
 > 03:48:30.192604 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:18:de:21:76:c9 (oui Unknown), length 300
 > 03:48:30.192613 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:18:de:21:76:c9 (oui Unknown), length 300
 > 03:48:30.193467 IP 192.168.0.1.bootps > test.psg.com.bootpc: BOOTP/DHCP, Reply, length 300
 > 03:48:33.192787 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:18:de:21:76:c9 (oui Unknown), length 300
 > 03:48:33.192799 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:18:de:21:76:c9 (oui Unknown), length 300
 > 03:48:33.194067 IP 192.168.0.1.bootps > test.psg.com.bootpc: BOOTP/DHCP, Reply, length 300
 > 
 > ---
 > 
 > randy

More information about the freebsd-net mailing list