The bridge kludge

Written late in the afternoon in English • Tags: , ,

I ran into a model symptom of lacking multicast support with IPv6: a system wouldn’t answer to IPv6 traffic it didn’t initiate. But unless you’ve run into the problem before and managed to diagnose it successfully, you might not realize it’s about multicast.

It was my second Debian Linux system with IPv6 connectivity that gave me a start. I built one more system and got the same results. I could have sworn the first one had worked fine without any tricks. I considered it, but decided I’d rather not abandon IPv6 on Linux. After all, I had it running on all the other platforms (NetBSD, Mac OS X, Windows).

I used tcpdump to inspect the traffic closer. I ran this command in one window on a system that works without problems:

tcpdump ip6

I simultaneously used ping6 in another window on the same system to initiate traffic to other systems. This revealed that the problematic Linux systems never answer to neighbor solicitation messages.

At this point I realized that both of the problem systems were using the same network card (gsip aka ns83820). I swapped in one of my older favorites, 3Com 3C905C-TXM (ex aka 3c59x). Indeed, now the system works fine, although at a lower speed due to the different hardware.

Searching for ns83820 took me to a message about net driver updates that has patches to fix multicast handling for a number of Linux network drivers. The problem was now clear: the network card wouldn’t be programmed to receive the multicast traffic even if multicast addresses were configured on the interface. And we know IPv6 relies on multicast, for example for neighbor solicitation.

I figured I could “fix” this if I just get the card programmed into promiscuous mode. The easiest way to do that is to make the interface part of a bridge! Just edit /etc/network/interfaces and replace all instances of eth0 with br0. Then add a statement to configure the ports of the new bridge interface. The result could look like this:

auto br0
iface br0 inet dhcp
    bridge_ports all

It’s a kludge, but it works well. Since this system is going to be running Xen, it will need a bridge anyway.

I quickly looked at ethtool as well, but didn’t see an option to frob the promiscuous mode setting. It might be impossible to support such an option, given that the drivers make decisions about the setting based on the interface configuration.


  • 1

    What about ethtool? As far as I know it gives detailed information about the drivers used by ethernet interfaces. Have you tested snort? It’s also a packet sniffer than can help you with promiscuous mode setting. However I didn’t tested it already with IPv6 networks.

    Bytecoders — 21.11.07 @ 10:59

  • 2

    I don’t really want to run snort on a system just to enable promiscuous mode. Pushing packets through snort rules would have more processing overhead, I’d think.

    As I mentioned already in the article, ethtool doesn’t have an option for manipulating the promiscuous mode setting.

    Kimmo Suominen — 24.11.07 @ 12:35

  • 3

    I was looking at the ip(1) command recently and noticed that it can be used to modify the link layer settings. I haven’t tested this, but it should work:

    ip link set eth0 promisc on

    It might also be enough to just use allmulticast on instead.

    In the interfaces(5) file you could add this to the interface stanza:

    up ip link set ${IFACE} promisc on

    The ip(1) command is in the iproute package on Debian.

    Kimmo Suominen — 1.1.08 @ 12:09

Sorry, commenting is not available for this post.