VLAN priority for DHCP not working

[franco]

Netmap would be odd, but stranger things have happened. Still... hardware VLAN fail due to the relevant driver perhaps?

> IMNSHO, all this automagic behind the scenes stuff is just annoying.

Historic goo going back to silliness in dhclient/bpf even.


Cheers,
Franco

[Ilford]

Thanks for the replies. Indeed I have Surricata enabled.

I cannot debug more this week but I will try disabling Surricata or even re-install OS for a clean test.

[doktornotor]

Netmap would be odd, but stranger things have happened. Still... hardware VLAN fail due to the relevant driver perhaps?

Well, netmap + pf set prio is a documented upstream issue/limitation.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236219

Testing without IPS would be useful.

[franco]

Hmm, I'm not entirely sure I follow. The netmap generic rework should fix the issues described in the ticket from 2019. pf set-prio uses the same as dhclient vlan-pcp which is:

vlan_set_pcp() which sets MTAG_8021Q_PCP_OUT which is used by ether_8021q_frame() to set the value in the frame. I don't see how this is broken, but I can assure you that using tcpdump on the system will not tell you that it did what it should.


Cheers,
Franco

[Ilford]

I disabled IDS and VLAN-PCP works as expected for DHCP without any rules or normalization.

Thank you very much @doktornotor !

I guess there is still an issue on that (very specific user case I concede), but I had IDS enabled on a VLAN interface (WAN) and maybe this is not a good practice.

[franco]

Ok, still a bit odd considering we just pass the packet along from host to hardware.


Cheers,
Franco