WAN port flapping when spoofing mac on a DEC850?

[os914964619]

I'm using the latest opnsense (21.7) and I have a Deciso DEC850 and decided to try out specifying a custom MAC on the WAN port.

When I do this, the WAN port flaps. The interface goes up then down, then up, then down. It continues to do this until I remove the MAC spoof and then it starts working normally again.

Has anyone ever seen this issue before?

I installed the intel-em-kmod package / driver from FreeBSD but no luck, it still flaps.

I would be curious if someone who has a DEC800 series router could try to specify a custom MAC address on igb0 and let me know if it flaps.

[os914964619]

I tried a few different versions and discovered that it works on 22.1.1. I believe it's one of these two commits that broke mac spoofing:

https://github.com/opnsense/core/commit/13388839e7e
https://github.com/opnsense/core/commit/84cd38adb558

My bet is on the former since it specifically has to do with mac spoofing.

[os914964619]

Code Select Expand

    /*
     * Don't try to reapply the spoofed MAC if it's already applied.
     * When ifconfig link is used, it cycles the interface down/up,
     * which triggers the interface config again, which attempts to
     * spoof the MAC again which cycles the link again...
     */
    if (!empty($wancfg['spoofmac']) && strcasecmp($wancfg['spoofmac'], get_interface_mac($realhwif, $ifconfig_details))) {
        mwexecf('/sbin/ifconfig %s link %s', [$realhwif, $wancfg['spoofmac']]);
    }

I believe this is the code that keeps calling ifconfig and cycling the interface up and down. New logic was added in the conditional that broke this check:

https://github.com/opnsense/core/commit/13388839e7e

Even the comment above it describes the issue that is popping up.

[franco]

https://github.com/opnsense/core/commit/84cd38adb558 does nothing really except omitting a check for presense of interfaces to be destroyed and this isn't about hardware interfaces where MACs are applied and could cause link flapping.

https://github.com/opnsense/core/commit/13388839e7e is involved with mac handling, but all it is supposed to do is omit one ifconfig lookup call. if it doesn't return the mac it could end up reapplying but it's easy enough to test if you can reproduce.


Cheers,
Franco

[franco]

Aha, I think $ifs should be $interface. Can you try please...


Cheers,
Franco

[os914964619]

I changed:

Code Select Expand

if (!empty($wancfg['spoofmac']) && strcasecmp($wancfg['spoofmac'], get_interface_mac($realhwif, $ifconfig_details))) {

to

Code Select Expand

if (!empty($wancfg['spoofmac']) && strcasecmp($wancfg['spoofmac'], get_interface_mac($realhwif))) {

and that fixed it as it used $interface with legacy_interface_details() in get_interface_mac() because $ifconfig_details is null.

Wow, I can't believe mac spoofing has been broken that long and nobody complained! I guess nobody uses that feature.

EDIT:

Saw your commit here:

https://github.com/opnsense/core/commit/d19cd6cdbf4da581f71e5483b279f82fb4396bec

Thanks.

[franco]

There were some complaints but it seems interesting that it took 6 months for someone to point out the possible commits. I know we've been over this a number of times now.

https://github.com/opnsense/core/commit/d19cd6cdbf4

# opnsense-patch d19cd6cdbf4

The prior patch was definitely tested to a certain degree, but it seems I screwed up the refactor of the function get_interface_mac() leading to this issue.

Thank you for your time to review!


Cheers,
Franco

[Edwin70]

Is this fix already part of the 22.7 release? Or do I need to run the patch there also?

[franco]

It'll be in 22.7.1. For now you can apply it manually.

22.7.1 should be available early next week.


Cheers,
Franco