[ previous ] [ next ] [ threads ]
 
 From:  Kolia <nika at hotmail dot ge>
 To:  Manuel Kasper <mk at neon1 dot net>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Transparent bridge
 Date:  Wed, 21 Jul 2004 14:52:31 +0400 
Hello Manuel,

Recently I downloaded new beta of m0n0 (1.1b16), tested it in my 
environment and found that it still locks m0n0 when configured as 
transparent bridge between WAN and OPT1.

Here's excerpt from my config.xml:

.........
        <wan>
            <if>xl1</if>
            <mtu/>
            <ipaddr>dhcp</ipaddr>
            <subnet/>
            <gateway/>
            <blockpriv/>
            <dhcphostname/>
        </wan>
        <opt1>
            <if>xl2</if>
            <descr>OPT1</descr>
            <ipaddr/>
            <subnet>31</subnet>
            <bridge>wan</bridge>
            <enable/>
        </opt1>
..........

As you can see WAN has 'dhcp' as an 'ipaddr'. In 'filter.inc' at line 
436 you check for $oc['ip'] that is assigned in following code:
..........
                      if ($oc['bridge']) {
                                if (!strstr($oc['bridge'], "opt") ||
                                         
isset($config['interfaces'][$oc['bridge']]['enable'])) {
                                        $oic['ip'] = 
$config['interfaces'][$oc['bridge']]['ipaddr']; <<<<<<
                                        $oic['sn'] = 
$config['interfaces'][$oc['bridge']]['subnet'];
                                        $oic['sa'] = 
gen_subnet($oic['ip'], $oic['sn']);
                                }
                                $oic['bridge'] = 1;
                        } else {
                                $oic['ip'] = $oc['ipaddr'];
                                $oic['sn'] = $oc['subnet'];
                                $oic['sa'] = gen_subnet($oic['ip'], 
$oic['sn']);
                        }      
                       
                        $optcfg['opt' . $i] = $oic;
.............

strstr($oc['bridge'], "opt") will return FALSE and based on my 
config.xml, $oic['ip'] will be assigned 'dhcp'. As a consequence call to 
'filter_rules_spoofcheck_generate' will be made and it'll return wrong 
ipf rule.

In my opinion solution can be to include 'None' in the WAN's ip address 
configuration or check for unassigned DHCP address during $oic 
initialization.

Cheers,
Kolia