VLAN priority for DHCP not working

Started by Ilford, September 08, 2024, 09:07:29 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
September 09, 2024, 10:58:05 AM #30
Netmap would be odd, but stranger things have happened. Still... hardware VLAN fail due to the relevant driver perhaps?

> IMNSHO, all this automagic behind the scenes stuff is just annoying.

Historic goo going back to silliness in dhclient/bpf even.


Cheers,
Franco
September 09, 2024, 01:44:02 PM #31
Thanks for the replies. Indeed I have Surricata enabled.

I cannot debug more this week but I will try disabling Surricata or even re-install OS for a clean test.
September 09, 2024, 03:08:44 PM #32
Quote from: franco on September 09, 2024, 10:58:05 AM
Netmap would be odd, but stranger things have happened. Still... hardware VLAN fail due to the relevant driver perhaps?

Well, netmap + pf set prio is a documented upstream issue/limitation.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236219

Testing without IPS would be useful.
September 09, 2024, 10:13:04 PM #33
Hmm, I'm not entirely sure I follow. The netmap generic rework should fix the issues described in the ticket from 2019. pf set-prio uses the same as dhclient vlan-pcp which is:

vlan_set_pcp() which sets MTAG_8021Q_PCP_OUT which is used by ether_8021q_frame() to set the value in the frame. I don't see how this is broken, but I can assure you that using tcpdump on the system will not tell you that it did what it should.


Cheers,
Franco
September 15, 2024, 11:21:26 AM #34
I disabled IDS and VLAN-PCP works as expected for DHCP without any rules or normalization.

Thank you very much @doktornotor !

I guess there is still an issue on that (very specific user case I concede), but I had IDS enabled on a VLAN interface (WAN) and maybe this is not a good practice.
September 16, 2024, 09:06:35 AM #35
Ok, still a bit odd considering we just pass the packet along from host to hardware.


Cheers,
Franco
Print
Go Up Pages 1 2 3
User actions