On 22/11/2015 15:52, Martin Pieuchot wrote:
btw., what OpenBSD version is this diff for? This is not -current.
Thanks for the quick reply. That was my impression too, but it seems
that bridge_output is also used sometimes for forwarding ARP requests by a
code path that I haven't found yet - it is not a direct forwarding, it is
like some kind of a proxy-ARP mechanism. I have a modified bridge and for me
it makes sense (it is for a box that bridges IP6 traffic and routes IP4
traffic - so I am blocking IP4 only with BLOCKNONIP), I just wondered why it
was not there and if I was missing something. Who does call bridge_output?
Isn't output always on the underlying interface, not directly on the bridge?
If you want some help you need to provide the information that allows
us to help you. Which version are you running? Can you describe the
problem you're facing *without* any modification on such version?
I just upgraded to 5.8 (from 4.9) and I see the bridge has changed
somewhat. I am using the bridge to pass IPv6 only traffic, NATting and
routing IPv4. This is not possible without modifying the bridge. Since
upgrading to 5.8 I started getting IPv4 ARP requests passing through my
_BLOCKNONIPV6_ bridge (which is a problem since there is an equipement
that gets confused by them on that other side). I traced those requests
down to bridge_output, so I added that check which solved my problem.
Except now I don't get ARPs at all on this interface, but this is fine
with me, I added a static entry for the only router I needed.
My questions were, isn't the missing BLOCKNONIP check actually
needed by everyone (not really according to Reyk Floeter) and why is
bridge_output used at all? ARP traffic should originate in the output
function of the underlying interface, not the bridge? But anyway, at
this point it is mostly academic, I solved my problem, I was just trying
to understand the code.
Thanks for the help.
