Duplicate packets in bridge setup, also missing some packets.

Question

Duplicate packets in bridge setup, also missing some packets.

mweinelt opened this issue 3 years ago · comments

I'm seeing the following ubus messages for the tcpdump below.

<- 9d79c7b7 #30f726e8         notify: {"objid":821503720,"method":"request","data":{"packet":"000db949ccf9483fda7ef4850800450001505c78000080116ac6c0a8780fc0a878fe00440043013cac3e01010600abcd002100000000c0a8780f000000000000000000000000483fda7ef4850000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000063825363350103390205dc0c0e776c65642d4c45442d53747269703204c0a8780f3604c0a878feff0000000000000000000000000000000000000000000000000000000000000000"},"no_reply":true}
<- 9d79c7b7 #30f726e8         notify: {"objid":821503720,"method":"request","data":{"packet":"000db949ccf9483fda7ef4850800450001505c78000080116ac6c0a8780fc0a878fe00440043013cac3e01010600abcd002100000000c0a8780f000000000000000000000000483fda7ef4850000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000063825363350103390205dc0c0e776c65642d4c45442d53747269703204c0a8780f3604c0a878feff0000000000000000000000000000000000000000000000000000000000000000"},"no_reply":true}

The dhcp option list starts right after the magic cookie 0x63825363, so the option 53 (DHCP message type, 0x35) for both packets is the same, while in the tcpdump they are different.

350103
350103

which maps to

option 53
length 0x01
value 0x03 (DHCPREQUEST)

15:14:22.631336 IP (tos 0x0, ttl 128, id 23672, offset 0, flags [none], proto UDP (17), length 336)
    192.168.120.15.68 > 192.168.120.254.67: BOOTP/DHCP, Request from 48:3f:da:7e:f4:85, length 308, xid 0xabcd0021, Flags [none]
	  Client-IP 192.168.120.15
	  Client-Ethernet-Address 48:3f:da:7e:f4:85
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: Request
	    MSZ Option 57, length 2: 1500
	    Hostname Option 12, length 14: "wled-LED-Strip"
	    Requested-IP Option 50, length 4: 192.168.120.15
	    Server-ID Option 54, length 4: 192.168.120.254
15:14:22.633534 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 340)
    192.168.120.254.67 > 192.168.120.15.68: BOOTP/DHCP, Reply, length 312, xid 0xabcd0021, Flags [none]
	  Client-IP 192.168.120.15
	  Your-IP 192.168.120.15
	  Client-Ethernet-Address 48:3f:da:7e:f4:85
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: ACK
	    Server-ID Option 54, length 4: 192.168.120.254
	    Lease-Time Option 51, length 4: 1440
	    Subnet-Mask Option 1, length 4: 255.255.255.0
	    Default-Gateway Option 3, length 4: 192.168.120.254
	    Domain-Name-Server Option 6, length 4: 192.168.120.254
	    T119 Option 119, length 15: 5.108.111.115.115.121.7.110.101.116.119.111.114.107.0
	    NTP Option 42, length 4: 192.168.120.254
	    Domain-Name Option 15, length 13: "lossy.network"

I can provide a pcap if that helps.

Martin Weinelt · Answer 1 · Mon Jul 05 2021 00:13:30 GMT+0800 (China Standard Time)

Just noticed now, it seems to notify twice for the same packet? And the second packet should be a different one. This is odd, I'm missing an ACK that way.

Martin Weinelt · Answer 2 · Mon Jul 05 2021 00:19:59 GMT+0800 (China Standard Time)

My network interfaces are bridges, maybe that explains why I'm seeing things twice?

config interface 'vlan100'
	option ifname 'eth1.100'
	option type 'bridge'

config interface 'vlan120'
	option ifname 'eth1.120'
	option type 'bridge'

config snooping
	option enable 1
	list network vlan100
	list network vlan120

Martin Weinelt · Answer 3 · Mon Jul 05 2021 00:38:10 GMT+0800 (China Standard Time)

config interface 'vlan42'
	option device 'eth1'
	option proto 'dhcp'

And I have a native VLAN on the trunk port eth1 and even though I have not configured dhcpsnoop to run on there it sees DHCP messages on that vlan. If I reduce the network list to vlan100 it still sees vlan120 and vlan42, so the bind/filtering is not really working.

John Crispin · Answer 4 · Mon Jul 05 2021 00:48:41 GMT+0800 (China Standard Time)

ok, will have a look tomorrow

Martin Weinelt · Answer 5 · Mon Jul 05 2021 01:13:28 GMT+0800 (China Standard Time)

My working thesis is, that since there are two members in the bridge the filter sees the package entering and leaving both members.

No clue about why it would see traffic from other vlans though.

It seems to really bind to br-vlan100 though, so I'm out of ideas.

root@ap:~# ubus call network.interface.vlan100 status
{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 415106,
	"l3_device": "br-vlan100",
	"proto": "none",
	"device": "br-vlan100",
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
		
	],
	"ipv6-address": [
		
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		
	],
	"dns-server": [
		
	],
	"dns-search": [
		
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		
	}
}

root@ap:~# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br-lan state UP qlen 1000
    link/ether e4:95:6e:41:f7:a0 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether e4:95:6e:41:f7:a1 brd ff:ff:ff:ff:ff:ff
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether e4:95:6e:41:f7:a0 brd ff:ff:ff:ff:ff:ff
9: br-vlan120: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether e4:95:6e:41:f7:a1 brd ff:ff:ff:ff:ff:ff
10: eth1.120@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-vlan120 state UP qlen 1000
    link/ether e4:95:6e:41:f7:a1 brd ff:ff:ff:ff:ff:ff
11: radio1_vlan100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-vlan100 state UP qlen 1000
    link/ether e4:95:6e:41:f7:a1 brd ff:ff:ff:ff:ff:ff
12: radio0_vlan120: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-vlan120 state UP qlen 1000
    link/ether e4:95:6e:41:f7:a0 brd ff:ff:ff:ff:ff:ff
13: br-vlan100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether e4:95:6e:41:f7:a1 brd ff:ff:ff:ff:ff:ff
14: eth1.100@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-vlan100 state UP qlen 1000
    link/ether e4:95:6e:41:f7:a1 brd ff:ff:ff:ff:ff:ff

Martin Weinelt · Answer 6 · Thu Jan 05 2023 05:48:20 GMT+0800 (China Standard Time)

ok, will have a look tomorrow

Hey, can you take a look?