diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2007-11-01 18:14:16 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2007-11-01 18:14:16 +0000 |
| commit | c5af8bf92abd51cfadc2ffd0ce810afa5c19abaa (patch) | |
| tree | 61273cec3bca960606346b3c28686977ded5e925 | |
| parent | d6c797416c30ef0c82fe772acbef8b8dd3515da5 (diff) | |
| download | pfsense-c5af8bf92abd51cfadc2ffd0ce810afa5c19abaa.zip pfsense-c5af8bf92abd51cfadc2ffd0ce810afa5c19abaa.tar.gz | |
multiple vlans + spoofmac result in unexpected behaviour
Ticket #1514
Introduction
I have an acceptable workaround, so the problem is not urgent, but before i fiogured out the workaround, is was severely impacting performance (3 interfaces not operating). I am a network specialist and I am available to assist wherever possible. If the issue si considered seriousenough for a fix, I can assist in more detailed pinpointing using tcpdumps on test-platforms.
Symptoms
If a interface is using vlan tagging for virtual interfaces and also the untagged interface is using MAC address spoofing, communication fails on the tagged vlans.
Description
On interface rl1 is untagged the WAN connection. This requires a spoofed MAC address, eg using <spoofmac>00:03:6b:f7:3b:3f</spoofmac>. On interface rl1 is also a vlan/tagged interface, eg vlan0 using rl1 and vlan tag 5. The tagged interface vlan0 expects to use the original MAC address of the interface rl0. But the issue is that interface rl0 is only processing incoming packets with destination mac address spoof_mac_rl1.
Workarounds (no code change required)
acceptable configure the <spoofmac>00:03:6b:f7:3b:3f</spoofmac> on all vlan interfaces connected to interface rl1
funny start a tcpdump on the vlan interface. This will put the interface in promiscuous mode and it will process all packets. Now the packets destined for the original MAC address (and active on the vlan interface)
bypass Do not use tagged interfaces on a interface with spoofmac
Remarks
It is very confusing that when a vlan is created, the GUI a refernece shows to the physical/original MAC address, even when the MAC addres of the untagged interface is
| -rw-r--r-- | etc/inc/interfaces.inc | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index ff79abf..4481aa8 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -85,6 +85,18 @@ function interfaces_vlan_configure() { /* invalidate interface cache */ get_interface_arr(true); + /* all vlans need to spoof their parent mac address, too. see + * ticket #1514: http://cvstrac.pfsense.com/tktview?tn=1514,33 + */ + foreach($config['interfaces'] as $interfaces) { + if($interfaces['if'] == $vlan['if']) { + if($interfaces['spoofmac']) { + mwexec("/sbin/ifconfig " . escapeshellarg($interfaces['if']) . + " link " . escapeshellarg($interfaces['spoofmac'])); + } + } + } + /* make sure the parent interface is up */ mwexec("/sbin/ifconfig " . escapeshellarg($vlan['if']) . " up"); |
