WAN DHCP6 VLAN Priority tagging

[franco]

This is pretty nasty if true.

https://github.com/opnsense/core/blob/master/src/etc/inc/interfaces.lib.inc#L160

You can temporarily defang the VLAN setup by deleting the "vlanpcp" stuff there.

[marjohn56]

Confirmed, if I set the overall VLAN priority it all follows that, the dhcp6 packets get changed  to Pri 6.

[nivek1612]

I just set the VLAN priority to 3 in the GUI

My entry in rules.debug shows

pass out log quick on igb0_vlan832 proto udp from {any}  port {546} to {any}  port {547}  set prio 6 label "allow dhcpv6 client in WAN"

BUT wireshark trace show the VLAN still tagged as 3 so I conclude that the VLAN priority is overriding it or the rule is not modifying it

This is at 18.1

[franco]

Ok, that means we need an empty "keep default" default in the VLAN device setup. This will still blow up with user setups, I'll file a FreeBSD bug report next year.

For now you can edit out the vlanpcp setup instruction in interfaces.lib.inc and that should start working.

[marjohn56]

it's also at 17.11, it's an unusual situation though, we set a pri on an VLAN then overide a specific port.

[marjohn56]

it's also at 17.11, it's an unusual situation though, we set a pri on an VLAN then overide a specific port.

That certainly stops the pri being set on the VLAN, sadly it has no effect on the dhcp6c packet, which is stubbornly still at 0

[marjohn56]

Ok, that means we need an empty "keep default" default in the VLAN device setup. This will still blow up with user setups, I'll file a FreeBSD bug report next year.

For now you can edit out the vlanpcp setup instruction in interfaces.lib.inc and that should start working.

It seems that's not the problem either, even with that edited out, we're still not getting the pri set on the dhcp6c packet.

[nivek1612]

Just tested at 18.1 as well

Same result with the vlanpcp edited out the priority no longer gets set via the GUI BUT its staying at 0

[franco]

Wow, creating any VLAN already seems to get it stuck at vlanpcp 0 according to ifconfig output, which makes escalating this to FreeBSD more urgent... But for now, time for some kernel code reading. :/

[marjohn56]

Got it.

It is the net.link.vlan.mtag_pcp setting. Although I have set it to 1 in system.inc, that is not being honoured. I did a sysctl -a from the shell and it was showing 0, set it to 1 in the shell and voila, dhcp6c packets are now showing pri 6.

Ok, so why is the setting not being honoured in system.inc...

[franco]

It is the net.link.vlan.mtag_pcp setting.

Ok, that is what the code said. A bit counter-intuitive, but now all makes sense.

Let me take a look at that sysctl.

[marjohn56]

You are a shining star.

[marjohn56]

I'll get on and do the GUI setting for it, seems like we have it nailed now.

[nivek1612]

Loving the proactive support over here in the light

The darkside was so different 

[franco]

Well, tunables GUI worked here even with reboot. All in all this teaches us it's something we should take care of automatically so changed the ticket accordingly and reverted the VLAN PCP configure code.

But... I'm not even convinced this will be a performance impact as we pass the packets through pf anyway and that setting only affects VLAN driver during transmission... ?

https://github.com/opnsense/core/issues/2032