[Bridge] bridge in 'hub' mode possible?

[Bridge] bridge in 'hub' mode possible?

[Nuutti Kotivuori]

Is it somehow possible to configure a bridge in 'hub' mode. So that
every packet sent from a 'port' (eg. an interface) is delivered to
every other 'port' on the bridge.

That is, effectively to just turn off MAC address learning and treat
all packets on the bridge level effectively as broadcasts.

Or could this be done with some ebtables hack?

Suggestions appreciated,
-- Naked

Re: [Bridge] bridge in 'hub' mode possible?

[Stephen Hemminger]

On Mon, 29 Nov 2004 16:01:57 +0200
Nuutti Kotivuori <naked@iki.fi> wrote:

> Is it somehow possible to configure a bridge in 'hub' mode. So that
> every packet sent from a 'port' (eg. an interface) is delivered to
> every other 'port' on the bridge.

No. The bridge needs to try and stay true to the IEEE 802.2 specification.

> That is, effectively to just turn off MAC address learning and treat
> all packets on the bridge level effectively as broadcasts.

Why, are you trying to work around flaws in the underlying Ethernet
layer. If so, fix it there.


> Or could this be done with some ebtables hack?

Yes

> Suggestions appreciated,
> -- Naked
> 
> 
> 

Re: [Bridge] bridge in 'hub' mode possible?

[Nuutti Kotivuori]

Stephen Hemminger wrote:
> On Mon, 29 Nov 2004 16:01:57 +0200
> Nuutti Kotivuori <naked@iki.fi> wrote:
>> That is, effectively to just turn off MAC address learning and
>> treat all packets on the bridge level effectively as broadcasts.
>
> Why, are you trying to work around flaws in the underlying Ethernet
> layer. If so, fix it there.

No, I am trying to allow tcpdumping of all traffic travelling through
the bridge at any port of the bridge, most of which are running UML
virtual machines.

This isn't fixing some flaw, or trying to work around features - for
example it is a legitimate need to be able to set up a dumper for some
part of the network. At my former workplace, we used to have a
'guaranteed hub' - an old 10Mbit hub that was guaranteed to do no MAC
address learning - that we used when we needed to dump some traffic
for a certain computer.

And no, the bridge will not be running spanning tree protocol either.

>> Or could this be done with some ebtables hack?
>
> Yes

Instructions appreciated, then.

-- Naked

Re: [Bridge] bridge in 'hub' mode possible?

[Stephen Hemminger]

Have you tried "brctl setageingtime br0 0" to turn off 
forwarding table?

Re: [Bridge] bridge in 'hub' mode possible?

[Nuutti Kotivuori]

Stephen Hemminger wrote:
> Have you tried "brctl setageingtime br0 0" to turn off 
> forwarding table?

Actually, yes, it works.

I started digging into the code soon after my inquiry and determined
that if I do:

  brctl stp br0 off
  brctl setageing br0 0
  brctl setfd br0 0

I get it to behave as wanted. The last setting is just paranoia, in
case the bridge decided it was reconfiguring itself for some odd
reason.

Ofcourse the bridge still learns the MAC addresses, but since it
always considers them expired, it is just wasted effort.

So, thanks for your assistance, problem resolved.

-- Naked

Re: [Bridge] bridge in 'hub' mode possible?

[Michael Renzmann]

Hi.

Stephen Hemminger wrote:
> Have you tried "brctl setageingtime br0 0" to turn off 
> forwarding table?

I wonder if it would be worth to introduce some kind of "monitor 
interface" for a brigde (as can be found on switches, don't know if 
"monitor port" would be the correct term for it).

The bridge could work as usual, while this virtual interface sees every 
packet that traverses the bridge. tcpdump & co could be used on this 
interface when needed. As an addition it should be possible to 
enable/disable this interface using a new brctl command (something like 
"brctl br0 monitor on|off").

Comments? If there's interest in such a function I possibly could spend 
some time on it after christmas.

Bye, Mike

RE: [Bridge] bridge in 'hub' mode possible?

[Roman Chertov]

> 
> Hi.
> 
> Stephen Hemminger wrote:
> > Have you tried "brctl setageingtime br0 0" to turn off
> > forwarding table?
> 
> I wonder if it would be worth to introduce some kind of "monitor
> interface" for a brigde (as can be found on switches, don't know if
> "monitor port" would be the correct term for it).
> 
> The bridge could work as usual, while this virtual interface sees
every
> packet that traverses the bridge. tcpdump & co could be used on this
> interface when needed. As an addition it should be possible to
> enable/disable this interface using a new brctl command (something
like
> "brctl br0 monitor on|off").
> 
> Comments? If there's interest in such a function I possibly could
spend
> some time on it after christmas.

I have already made one for the 2.4.20 kernel module and the 1.0.4
bridge-utils.  Since I was making this for the Emulab testbed I also had
to change the src/dst MACs that were going to the tap; otherwise, the
underlying switch would drop the mirrored packets as their MAC's were
not registered on the VLAN where the tap sat.  

If people have any interest in this I can share with the code.

Roman


> 
> Bye, Mike
> _______________________________________________
> Bridge mailing list
> Bridge@lists.osdl.org
> http://lists.osdl.org/mailman/listinfo/bridge

Re: [Bridge] bridge in 'hub' mode possible?

[Jody Belka]

On Fri, Dec 03, 2004 at 11:48:35AM -0500, Roman Chertov wrote:
> > I wonder if it would be worth to introduce some kind of "monitor
> > interface" for a brigde (as can be found on switches, don't know if
> > "monitor port" would be the correct term for it).
> > 
> I have already made one for the 2.4.20 kernel module and the 1.0.4
> bridge-utils.  Since I was making this for the Emulab testbed I also had
> to change the src/dst MACs that were going to the tap; otherwise, the
> underlying switch would drop the mirrored packets as their MAC's were
> not registered on the VLAN where the tap sat.  
> 
> If people have any interest in this I can share with the code.

I'd be interested in something like this. Maybe something along the lines of:

brctl addtap <bridge> <device>    # only allow 1 tap? i'd guess so, but if not
brctl deltap <bridge>             # then add a <device> param to deltap

This would be very useful for me, as it would make hooking up snort
to a linux bridge very nice and easy.


J

-- 
Jody Belka
knew (at) pimb (dot) org

RE: [Bridge] bridge in 'hub' mode possible?

[Roman Chertov]

> -----Original Message-----
> From: Jody Belka,,,,knew@pimb.org [mailto:jmb@mccarroll.org.uk] On
Behalf
> Of Jody Belka
> Sent: Tuesday, January 18, 2005 8:33 PM
> To: bridge@osdl.org
> Cc: Roman Chertov
> Subject: Re: [Bridge] bridge in 'hub' mode possible?
> 
> On Fri, Dec 03, 2004 at 11:48:35AM -0500, Roman Chertov wrote:
> > > I wonder if it would be worth to introduce some kind of "monitor
> > > interface" for a brigde (as can be found on switches, don't know
if
> > > "monitor port" would be the correct term for it).
> > >
> > I have already made one for the 2.4.20 kernel module and the 1.0.4
> > bridge-utils.  Since I was making this for the Emulab testbed I also
had
> > to change the src/dst MACs that were going to the tap; otherwise,
the
> > underlying switch would drop the mirrored packets as their MAC's
were
> > not registered on the VLAN where the tap sat.
> >
> > If people have any interest in this I can share with the code.
> 
> I'd be interested in something like this. Maybe something along the
lines
> of:
> 
> brctl addtap <bridge> <device>    # only allow 1 tap? i'd guess so,
but if
> not
> brctl deltap <bridge>             # then add a <device> param to
deltap
> 

The tap that I made, allows for only one tap and I have not implemented
the tap removal function.  But it should be trivial to do so.  Also when
the tap is configured the MAC address of the tap has to be specified.
(this was done to get around a certain problem with a switch on
www.emulab.net)

If you want the source code shoot me an email.

Roman


> This would be very useful for me, as it would make hooking up snort
> to a linux bridge very nice and easy.
> 
> 
> J
> 
> --
> Jody Belka
> knew (at) pimb (dot) org

Re: [Bridge] bridge in 'hub' mode possible?

[kevin]

Was a solution for this ever reached? I am needing a snort type solution
myself as my new switches don't support mirroring.

Could the packet delivery of the bridge be modified to deliver to all
interfaces?  Any ideas where I should start breaking things in the source?

Thanks much
Kevin Karsh

Re: [Bridge] bridge in 'hub' mode possible?

[Stephen Hemminger]

On Thu, 29 Nov 2007 15:16:33 -0700 (MST)
kevin@ouraynet.com wrote:

> Was a solution for this ever reached? I am needing a snort type solution
> myself as my new switches don't support mirroring.
> 
> Could the packet delivery of the bridge be modified to deliver to all
> interfaces?  Any ideas where I should start breaking things in the source?
> 
> Thanks much
> Kevin Karsh
> 

You can use the tc actions to mirror.

-- 
Stephen Hemminger <shemminger@linux-foundation.org>