that traffic is generated by a wireless access point (Prism GT chipset, 802.11g) and when it is used as "client bridge" it acts as a proxy ARP device. I think, there is a bug in a firmware, because it doesn't do an ARP request for IP addresses which it doesn't know and simply send IP packet in broadcasted ethernet frame. This bug makes also proxy ARP on router (which is right behind that client bridge) rather problematic, but not impossible (under current IP addressing scheme).
Temporarily, I workarounded this by Frame Diverter (which replace incorrect ff:ff... address with MAC address of router's interface) and now IP stack in kernel happily routes all packets.
After a new firmware release (I hope, that there will be any) I will switch to proxy arp.
Thank you very much.
Best Regards
mARTin
Tony Wasson wrote:
Martin Rusko wrote:
Hi all,
do anybody know, whether is it possible to route packets incoming to ethernet interface as broadcasts?
~~~~~|WirelessDevice/WD|-----eth0-|LinuxRouter/RT|-eth1---(10.18.63.0/24)
tcpdump: listening on eth0
0:a:e6:ac:e8:7a ff:ff:ff:ff:ff:ff 98: 192.168.7.11 > 10.18.63.249: icmp: echo request (DF)
0:a:e6:ac:e8:7a ff:ff:ff:ff:ff:ff 98: 192.168.7.11 > 10.18.63.249: icmp: echo request (DF)
Please notice, that echo request packets are in ethernet frames, heading to broadcast address (ff:ff:ff:ff:ff:ff).
Linux kernel seems to be, that refuse to route such packets (not intented for the MAC address of eth0 interface). But that interface received that packets, as seen in running tcpdump session. When that frames has "correct" MAC addresses, I mean destination is not a broadcast address, the same packet (source IP, destination IP) is routed without any problem.
Do you have any explanation, for this? Or better, does any linux networking guru know some magic, how to make linux kernel start routing also broadcasted packets?
Any help will be much appreciated. Also, when more info, why I see such packets is needed, I'm ready to serve.
Best regards
mARTin
Hi Martin,
Routers are usually installed to seperate broadcast domains. They really don't *LIKE* to forward broadcasts. I am imagining that this is a really broken TCP/IP stack you are working with. Just for kicks, do you see ARPs right before these echo requests? If so, proxy ARP would help deliver your traffic.
Can you reveal more about what device is sending this interesting traffic? You may be able to set an ARP entry for 10.18.63.249 on the crazy network device as the linux box and "force" things to work.
Tony Wasson
-- Martin Rusko PhD student Department of Automation and Measurement Faculty of Mechanical Engineering Slovak University of Technology -- E-mail: rusko@xxxxxxxxxxxxxxx Web: http://sunsite.mine.nu/~rusko -- motto: We are Microsoft! Resistance is futile. Open your source code and prepare for assimilation. _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/