----- Original Message ----- From: "Stephen Hemminger" <shemminger@xxxxxxxx> > On Tue, 21 Feb 2006 21:50:00 +0100 > Jørgen Hovland <jorgen@xxxxxxxxxx> wrote: > >> Hi >> >> Is there a way to either: >> Find the real ifindex/ifname a mac-address is bound to >> or >> Find the real ifindex/ifname of an incoming packet >> ? >> >> I am writing a dhcp server and need to know what real interface the dhcp >> request packet came from. An acceptable solution would be to get the >> interface by the mac-address, but that can be faked so I would rather get >> the interface by knowing where the data actually came from. Data is IP, >> UDP broadcast. >> I _could_ use raw sockets. The problem is when I do that, the program is >> using ~8% cpu on a 3.2ghz xeon64 just reading packets without doing >> anything due to the amount of traffic passing through the box (~200mbit >> and increasing) so that doesn't look like a good idea. > > Why should the app care. If forwarding database is working correctly, the > source mac > of the incoming packet will be in the list and any response to it will go > out that interface. > Well there is no guarantee that the source mac isn't faked. Additionally, the hardware address of the dhcp client is put inside a dhcp-packet, which also can be faked. So I am stuck with two hardware addresses that I am suppposed to believe are correct but have no information about where I originally received them from. I can live with this (I guess all the other dhcp servers do that too), but I can't find a way to map a hardware address to a physical interface when using bridgemode. I need to know this because the dhcp server will be limiting the amount of leases you can get per interface (eg max 5 ips per interface). It will also be assigning static IP-addresses based on what interface the dhcp packet came from. I will also be using iptables to only permit the IP+MAC traffic to/from the real physical interface so if you don't use dhcp at all times, the traffic won't be permitted. > >> brctl showmacs returns a list of port numbers, but they dont make much >> sense to me. They do not seem to be in the same order I added the >> interfaces? Is there a mapping here? >> >> Example, >> jorgen@ams41:/$ /tmp/brctl showmacs test0 >> port no mac addr is local? ageing timer >> 2 00:04:e2:a8:3b:d7 no 0.24 >> 1 00:08:a1:85:39:fd no 17.31 >> 133 00:0d:88:a3:61:4a no 9.90 >> 1 00:14:22:b0:cd:e0 yes 0.00 >> 133 00:16:c7:f5:8f:e2 no 0.48 >> >> Port 133 is the 901'th interface (0x385) I added to bridge test0. What >> does 133 point to? The ifindex of this physical interface is 912 (0x390) >> (retrieved with SIOCGIFINDEX). > > Arbitrary index assigned by bridge for STP usage. Slots get reused as > ports are deleted and added. So there is no way to get the physical interface from a mac address? Is there any way at all? Do you plan to add this functionality? Would you accept a patch if I were to submit any (I can't guarantee anything atm) ? As an example, Cisco IOS support mac lookup just fine. > >> >> Secondly, >> I seem to be unable to add more than around 1024 interfaces to a single >> bridge. Is there a way to increase this limit? > > Increase BR_PORT_BITS (you can go up to 15) but you will lose priority > bits on the spanning tree. > Also, why? You performance is going to start to fall off with so many > interfaces. Can't you > partition to multiple machines? Perhaps it would be better to split it into multiple bridges. I was planning on having 1 bridge per router, and one router will have ~3000 interfaces. I will reconsider this. Thank you. Joergen
