I recently discovered that LLDP traffic is silently blocked/dropped via a mask in br_input.c and will not forward LLDP despite having a rule with the correct protocol value in ebtables. In ebtables, the packet count will not increment and no messages are generated in the kernel logs.
To fix the netmask value to allow LLDP, patch net/bridge/br_private.h or use my patch:
-
diff -ur a/net/bridge/br_private.h b/net/bridge/br_private.h
-
--- a/net/bridge/br_private.h 2014-05-02 13:05:03.466660437 -0700
-
+++ b/net/bridge/br_private.h 2014-05-02 13:05:21.583752300 -0700
-
@@ -34,7 +34,7 @@
-
/* Control of forwarding link local multicast */
-
#define BR_GROUPFWD_DEFAULT 0
-
/* Don't allow forwarding control protocols like STP and LLDP */
-
-#define BR_GROUPFWD_RESTRICTED 0x4007u
-
+#define BR_GROUPFWD_RESTRICTED 0x0007u
-
-
/* Path to usermode spanning tree program */
-
#define BR_STP_PROG "/sbin/bridge-stp
Now in userspace echo the following into the correct file for your bridge device
echo 16384 > /sys/class/net/[YOUR_BRIDGE_DEV]/bridge/group_fwd_mask
Add new comment