unexpected behavior of ebtables' BROUTING target redirect

unexpected behavior of ebtables' BROUTING target redirect

[k-yo]

Hello,

I have a bridge with a single ebtables rule to redirect all 
IPv4-containing frames to layer 3 filtering:

# ebtables -t broute -A BROUTING -p IPV4 -j redirect --redirect-target 
DROP --log-level notice --log-prefix "br_br_br:   "

then, if I send a frame containing IPv4 from one host to another one 
connected on another port of the bridge, I am supposed to get the 
destination MAC address to be the one of the bridge port it entered the 
bridge if I believe the documentation.

Or, logging packets with iptables, I see the source MAC address to 
become the bridge port address, and the destination MAC address the one 
of the host the message came from.

I am lost on this issue, it does not make sense to me and wonder where I 
failed…

Thanks a lot for any help, see below for details.

---- log on the bridge -----

Aug 28 11:15:08 spy kernel: [ 4952.682369] br_br_br:   IN=eth0 OUT= MAC 
source = 08:00:27:d5:24:36 MAC dest = 08:00:27:17:49:6d proto = 0x0800
Aug 28 11:15:08 spy kernel: [ 4952.682406] ip_raw_pre: IN=eth0 OUT= 
MAC=08:00:27:df:b7:98:08:00:27:d5:24:36:08:00 SRC=192.168.142.103 
DST=192.168.142.254 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=1 PROTO=TCP 
SPT=20 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
Aug 28 11:15:08 spy kernel: [ 4952.682443] ip_man_pre: IN=eth0 OUT= 
MAC=08:00:27:df:b7:98:08:00:27:d5:24:36:08:00 SRC=192.168.142.103 
DST=192.168.142.254 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=1 PROTO=TCP 
SPT=20 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
Aug 28 11:15:08 spy kernel: [ 4952.682464] ip_nat_pre: IN=eth0 OUT= 
MAC=08:00:27:df:b7:98:08:00:27:d5:24:36:08:00 SRC=192.168.142.103 
DST=192.168.142.254 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=1 PROTO=TCP 
SPT=20 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0

---- ip a on bridge ----

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
master br0 state UP qlen 1000
     link/ether 08:00:27:df:b7:98 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
master br0 state UP qlen 1000
     link/ether 08:00:27:d8:32:61 brd ff:ff:ff:ff:ff:ff
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state 
UP
     link/ether 08:00:27:d8:32:61 brd ff:ff:ff:ff:ff:ff

Re: unexpected behavior of ebtables' BROUTING target redirect

[Pascal Hambourg]

Hello,

k-yo@digmore.net a écrit :
> 
> I have a bridge with a single ebtables rule to redirect all 
> IPv4-containing frames to layer 3 filtering:
> 
> # ebtables -t broute -A BROUTING -p IPV4 -j redirect --redirect-target 
> DROP --log-level notice --log-prefix "br_br_br:   "
> 
> then, if I send a frame containing IPv4 from one host to another one 
> connected on another port of the bridge, I am supposed to get the 
> destination MAC address to be the one of the bridge port it entered the 
> bridge if I believe the documentation.
> 
> Or, logging packets with iptables, I see the source MAC address to 
> become the bridge port address, and the destination MAC address the one 
> of the host the message came from.
> 
> ---- log on the bridge -----
> 
> Aug 28 11:15:08 spy kernel: [ 4952.682369] br_br_br:   IN=eth0 OUT= MAC 
> source = 08:00:27:d5:24:36 MAC dest = 08:00:27:17:49:6d proto = 0x0800
> Aug 28 11:15:08 spy kernel: [ 4952.682406] ip_raw_pre: IN=eth0 OUT= 
> MAC=08:00:27:df:b7:98:08:00:27:d5:24:36:08:00 SRC=192.168.142.103 

> ---- ip a on bridge ----
> 
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
> master br0 state UP qlen 1000
>      link/ether 08:00:27:df:b7:98 brd ff:ff:ff:ff:ff:ff

I see nothing wrong here. The value following MAC= is the Ethernet
header in network order, i.e. destination:source:protocol.