LLDP on bridge interfaces

[freel4ncer]

Hello
LLDP packets are dropped on bridge interfaces by default
However on Ubuntu you can do

Code: Select all

echo 16384 > /sys/class/net/br10/bridge/group_fwd_mask

to override this
Unfortunately on Centos 7 it is not possible

Code: Select all

bash: echo: write error: Invalid argument

Is there any way to do allow LLDP packets on Centos bridge interfaces (some path or other hack)?
Thanks

[jlehtone]

I cannot answer the question, but

in https://thenetworkway.wordpress.com/201 ... x-bridges/

“the destination address shall be 01-80-C2-00-00-0E. This address is within the range reserved by IEEE Std 802.1D-2004 for protocols constrained to an individual LAN, and ensures that the LLDPDU will not be forward by MAC Bridges that conform to IEEE Std 802.1D-2004.”

and in https://lists.linuxfoundation.org/piper ... 09292.html

I am ok with forwarding LLDP because some people need it.
But allowing forwarding STP or PAUSE frames is bad.

We don't let people do things that break networks. Other examples
already exist like set all 0 ethernet addresses, or the restrictions
on allowing net 127 in IP addresses.

The latter is a response to a patch proposal (but I don't know against what the patch was). You wrote "Ubuntu". Wikipedia lists 26 Ubuntu releases. Perhaps you should state the version of kernel, where 16384 is not blacklisted? The centosplus repo has some upstream kernels.

[freel4ncer]

Yeah i have seen that
It works on 4.2.0-27-generic for sure
Im Network Engineer not Sysadmin so all this kernel shenanigans are a little to much for me so looking for some easy fix

[jlehtone]

CentOS 7 is based on kernel version 3.10 (with some backports). Stable featureset.

The centosplus has merely an inofficial build of the same kernel with different options.
https://wiki.centos.org/AdditionalResou ... CentOSPlus

ELRepo repository has an inofficial build of (currently version 4.11) upstream kernel.
http://elrepo.org/tiki/kernel-ml

If the patch that allows LLDP is in the upstream and already on 4.2, then 4.11 is likely
to contain it too.

The kernel of CentOS 7 does get security updates. I have no idea what kind of
maintenance policy does the ELRepo have on its kernel-ml, i.e. does it get urgent
security patches as predictably or how often features change on update.

[TrevorH]

ELRepo's kernel is just a packaging of the latest upstream kernel mainline code as produced by Linus. It's updated each time a new kernel is released upstream so there are no backports - the answer is update to $latest.

CentOS 7's kernel OTOH is a wild mismatch of different bits backported from newer mainline kernels so some parts of the 3.10.0 CentOS kernel come from e.g the upstream 4.9 kernel.

I ran

Code: Select all

$ rpm -q --changelog kernel-3.10.0-514.21.1.el7.x86_64 | grep -i lldp
- [netdrv] cxgb4: Improve IEEE DCBx support, other minor open-lldp fixes (Sai Vemuri) [1251611]
- [netdrv] cxgb4: dcb open-lldp interop fixes (Sai Vemuri) [1251611]
- [netdrv] i40e: Issue "Stop LLDP" command for firmware older than v4.3 (Stefan Assmann) [1173788]
- [netdrv] i40e: Check for LLDP AdminStatus before querying DCBX (Stefan Assmann) [1173788]
- [ethernet] i40e: debugfs fix to dump remote LLDPDU (Stefan Assmann) [1091126]
- [netdrv] ixgbe: Fix Tx Hang issue with lldpad on 82598EB (Andy Gospodarek) [726818]

Nothing looks hopeful from that list to me though I don't know what LLDP is or does (and don't really care!)

[freel4ncer]

Just FYI http://elrepo.org/tiki/kernel-ml helped