Re: [Bridge] physical interface on a bridge

[Stephen Hemminger <shemminger@osdl.org>]

On Wed, 22 Feb 2006 09:42:49 +0100
Jørgen Hovland <jorgen@hovland.cx> wrote:

> 
> ----- Original Message ----- 
> From: "Stephen Hemminger" <shemminger@osdl.org>
> 
> 
> > On Tue, 21 Feb 2006 21:50:00 +0100
> > Jørgen Hovland <jorgen@hovland.cx> wrote:
> >
> >> Hi
> >>
> >> Is there a way to either:
> >> Find the real ifindex/ifname a mac-address is bound to
> >> or
> >> Find the real ifindex/ifname of an incoming packet
> >> ?
> >>
> >> I am writing a dhcp server and need to know what real interface the dhcp 
> >> request packet came from. An acceptable solution would be to get the 
> >> interface by the mac-address, but that can be faked so I would rather get 
> >> the interface by knowing where the data actually came from. Data is IP, 
> >> UDP broadcast.
> >> I _could_ use raw sockets. The problem is when I do that, the program is 
> >> using ~8% cpu on a 3.2ghz xeon64 just reading packets without doing 
> >> anything due to the amount of traffic passing through the box (~200mbit 
> >> and increasing) so that doesn't look like a good idea.
> >
> > Why should the app care. If forwarding database is working correctly, the 
> > source mac
> > of the incoming packet will be in the list and any response to it will go 
> > out that interface.
> >
> 
> Well there is no guarantee that the source mac isn't faked. Additionally, 
> the hardware address of the dhcp client is put inside a dhcp-packet, which 
> also can be faked. So I am stuck with two hardware addresses that I am 
> suppposed to believe are correct but have no information about where I 
> originally received them from.
> I can live with this (I guess all the other dhcp servers do that too), but I 
> can't find a way to map a hardware address to a physical interface when 
> using bridgemode. I need to know this because the dhcp server will be 
> limiting the amount of leases you can get per interface (eg max 5 ips per 
> interface). It will also be assigning static IP-addresses based on what 
> interface the dhcp packet came from. I will also be using iptables to only 
> permit the IP+MAC traffic to/from the real physical interface so if you 
> don't use dhcp at all times, the traffic won't be permitted.
> 
> 
> >
> >> brctl showmacs returns a list of port numbers, but they dont make much 
> >> sense to me. They do not seem to be in the same order I added the 
> >> interfaces? Is there a mapping here?
> >>
> >> Example,
> >> jorgen@ams41:/$ /tmp/brctl showmacs test0
> >> port no mac addr                is local?       ageing timer
> >>   2     00:04:e2:a8:3b:d7       no                 0.24
> >>   1     00:08:a1:85:39:fd       no                17.31
> >> 133     00:0d:88:a3:61:4a       no                 9.90
> >>   1     00:14:22:b0:cd:e0       yes                0.00
> >> 133     00:16:c7:f5:8f:e2       no                 0.48
> >>
> >> Port 133 is the 901'th interface (0x385) I added to bridge test0. What 
> >> does 133 point to?  The ifindex of this physical interface is 912 (0x390) 
> >> (retrieved with SIOCGIFINDEX).
> >
> > Arbitrary index assigned by bridge for STP usage. Slots get reused as 
> > ports are deleted and added.
> 
> So there is no way to get the physical interface from a mac address?

You can read the forwarding database (see brctl sources for how).
But the value can change as result of traffic.