Bug 17912 (bogusip)
Summary: | "bridge-nf-call-iptables" causes bogus IP-Pakets in connection with bridged VLAN (8021Q) | ||
---|---|---|---|
Product: | Networking | Reporter: | Stephan Bärwolf (stephan.baerwolf) |
Component: | Netfilter/Iptables | Assignee: | networking_netfilter-iptables (networking_netfilter-iptables) |
Status: | RESOLVED OBSOLETE | ||
Severity: | high | CC: | alan, kaber, stephan.baerwolf |
Priority: | P1 | ||
Hardware: | All | ||
OS: | Linux | ||
Kernel Version: | at least 2.6.33.7 | Subsystem: | |
Regression: | No | Bisected commit-id: |
Description
Stephan Bärwolf
2010-09-06 11:24:18 UTC
(In reply to comment #0) > The testszenario consits of 2 bridges, 3 real phys, 1 TUNTAP and one vlan > (id=1999): > > 1) br0 consists of eth0, eth2 (yes: eth-two), and tap0 > > 2) vlan1999 is backended by br0 > > 3) br1 consists of eth1 and vlan1999 > > If now eth1 sends an normal, untagged IP-packet (to/behind tap0), then you > can > catch the bogus packet in the described manner on tap0. How are the two bridges connected? Are you routing locally between the bridges and/or are you using NAT? Hi Mr. McHardy, on the machine with bridges there is no ip_forwarding. Such things as NAT (NAPT) or ipfiltering are disabled, too. The bridges br0 and br1 only interact passivly beacause of the vlan1999 in br1 backended with br0. Both interfaces host different IP-Subnets. I haven't found any older kernel-version without this problem, yet. Stephan Bärwolf, stephan.baerwolf@tu-ilmenau.de Closing as obsolete. If this is still seen on modern kernels (3.2+) please update/reopen and also report this to netdev@vger.kernel.org |