Menu
▾
▴
Re: [Snort-inline-users] bpdu packets and snort_inline
|
From: Roman G. <sl...@sl...> - 2007-04-23 07:53:28
|
> > Hello, > > Trunking is a word used by Cisco Systems. > It used the normalized 802.1Q protocol .(In the past Cisco used ISL) > You need to use 802.1Q when you want to propagate several VLANs > inside a network link. > > REgards > > Troopy > > ********************** > Open Your Mind! > http://www.openmaniak.com > > > ---------- Original Message ---------------------------------- > From: "Roman Glebov" <sl...@sl...> > Reply-To: sl...@sl... > Date: Sun, 22 Apr 2007 10:05:09 -0000 (UTC) > >> >>Yes, there are vlans and everything on that network. >> >>And linux bridge should be there completely transparent and forward every >>possible packet/protocol. >> >>It looks like it does not do it somehow. >> >>hmm >> >>Roman Glebov >> >>P.S What does trunking mean? >> >>> Are you trunking and using vlans? >>> >>> Regards, >>> >>> Will >>> >>> On 4/21/07, Roman Glebov <sl...@sl...> wrote: >>>> >>>> i did a test . i have one cisco device before the bridge >>>> and second cisco device after the bridge. >>>> >>>> the first sends the bpdu packets all the time, which are never >>>> received >>>> by >>>> the second one after the bridge. >>>> my stp on the bridge is off because it should not participate but >>>> simple >>>> forward all of the traffik. >>>> >>>> > hmmmm you will not see bpdu's in snort-inline. What makes you think >>>> they >>>> > are >>>> > not being passed? Do you have stp enabled on the bridge? >>>> > >>>> > Regards, >>>> > >>>> > Will >>>> > >>>> > On 4/21/07, Roman Glebov <sl...@sl...> wrote: >>>> >> >>>> >> Sorry, i forgought to tell >>>> >> It is simple bridge with stp off: >>>> >> >>>> >> brctl addbr br0 >>>> >> brctl addif eth0 >>>> >> brctl addif eth1 >>>> >> >>>> >> ifconfig br0 up >>>> >> >>>> >> br0 eth0 eth1 have no adresses. >>>> >> >>>> >> I am using debian unstable kernel : >>>> >> 2.6.18-4-686 >>>> >> >>>> >> With regards Roman Glebov >>>> >> >>>> >> >>>> >> > what does your bridge configuration look like? >>>> >> > >>>> >> > On 4/21/07, Roman Glebov <sl...@sl...> wrote: >>>> >> >> >>>> >> >> Hallo! >>>> >> >> >>>> >> >> I found recently out that snort inline or the bridge are not >>>> >> forwarding >>>> >> >> any bpdu packets! >>>> >> >> >>>> >> >> >>>> >> >> Is this a known problem or a missconfiguration ? >>>> >> >> >>>> >> >> Roman Glebov >>>> >> >> >>>> >> >> >>>> >> >> >>>> >> >>>> ------------------------------------------------------------------------- >>>> >> >> This SF.net email is sponsored by DB2 Express >>>> >> >> Download DB2 Express C - the FREE version of DB2 express and >>>> take >>>> >> >> control of your XML. No limits. Just data. Click to get it now. >>>> >> >> http://sourceforge.net/powerbar/db2/ >>>> >> >> _______________________________________________ >>>> >> >> Snort-inline-users mailing list >>>> >> >> Sno...@li... >>>> >> >> https://lists.sourceforge.net/lists/listinfo/snort-inline-users >>>> >> >> >>>> >> > >>>> >> >>>> >> >>>> > >>>> >>>> >>> >> >> >>------------------------------------------------------------------------- >>This SF.net email is sponsored by DB2 Express >>Download DB2 Express C - the FREE version of DB2 express and take >>control of your XML. No limits. Just data. Click to get it now. >>http://sourceforge.net/powerbar/db2/ >>_______________________________________________ >>Snort-inline-users mailing list >>Sno...@li... >>https://lists.sourceforge.net/lists/listinfo/snort-inline-users >> > > > > ______________________________________________________ > Désirez vous une adresse éléctronique @suisse.com? > Visitez la Suisse virtuelle sur http://www.suisse.com > > looks like the problem lays in the bridge implementation of the linux kernel. linux bridge does not forward bpdu packets , but only a) drops them when stp is off, of b) consumes them when stp is on and sends own packets with own mac address , which makes the bridge detectable! There is nothing you can do about it without hacking on the kernel. With regards, Roman Glebov |
