freebsd stable - Apr 2006 - em (+pf+vlan+bridge+netgraph) stop sending packets (?)

I run a 6.1-RC (as of Apr, 14th) and after a day nothing can be sent from em
interface.

It is a filtering+accounting bridge-on-a-stick, with em interface connected to
3Com Switch 4200 100Mbit (not Gbit) port with 4 tagged vlans on it:

# This file now contains just the overrides from /etc/defaults/rc.conf.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
hostname="XXXX.gfk.ru"
defaultrouter="10.X.X.X"
ifconfig_sis0="10.X.X.X/24"
ifconfig_em0="up"
cloned_interfaces="vlan0 vlan1 vlan2 vlan3 bridge0 bridge1"
ifconfig_vlan0="84.X.X.X/28 vlan 21 vlandev em0 up"
ifconfig_vlan1="vlan 22 vlandev em0 up"
ifconfig_bridge0="addm vlan0 addm vlan1 up"
ifconfig_vlan2="217.X.X.X/29 vlan 31 vlandev em0 up"
ifconfig_vlan3="vlan 32 vlandev em0 up"
ifconfig_bridge1="addm vlan2 addm vlan3 up"
syslogd_flags="-ss"

sshd_enable="YES"
ipsec_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.freeroute"
pflog_enable="YES"

and kernel is GENERIC with unused hardware removed and 

####
options		DEVICE_POLLING
options		IPSEC
options		IPSEC_ESP
options		IPSEC_FILTERGIF

device		vlan
device		pf
device		pflog
device		pfsync
device		if_bridge

# altq(9). Enable the base part of the hooks with the ALTQ option.
# also have the ALTQ_NOPCC option.
options 	ALTQ
options 	ALTQ_CBQ	# Class Bases Queueing
options 	ALTQ_RED	# Random Early Detection
options 	ALTQ_RIO	# RED In/Out
options 	ALTQ_HFSC	# Hierarchical Packet Scheduler
options 	ALTQ_CDNR	# Traffic conditioner
options 	ALTQ_PRIQ	# Priority Queueing
options 	ALTQ_NOPCC	# Required for SMP build
#options 	ALTQ_DEBUG

added.

em0 is 
em0@pci0:10:0:	class=0x020000 card=0x002e8086 chip=0x100e8086 rev=0x02 hdr=0x00
    vendor   = 'Intel Corporation'
    device   = '82540EM Gigabit Ethernet Controller'
    class    = network
    subclass = ethernet

em0: <Intel(R) PRO/1000 Network Connection Version - 3.2.18> port
0xb400-0xb43f mem 0xd7ea0000-0xd7ebffff,0xd7e80000-0xd7e9ffff irq 18 at device
10.0 on pci0
em0: [GIANT-LOCKED]
em0: Ethernet address: 00:07:e9:09:c2:3d

Polling was not used (I'll try to work with polling enabled on em0).

ALTQ is not configured, pf has all block rules logged and I can't see
anything relevant logged to pflog.

This machine also use netgraph netflow for traffic accounting on vlan
interfaces, but shutting down all netgraph nodes does not help.

Turning vlans, bridge and em down and up does not help too.

Traffic is received (I can see pairs of OSPF HELO messages from ISP router
logged on pflog0 exactly every 10 seconds), but it looks like nothing can be
sent.

Yuriy Tsibizov,
GfK RUS

try enabling pormisc mode on vlans

19.04.06, Yuriy Tsibizov <Yuriy.Tsibizov@gfk.ru>
???????(?):
>
> I run a 6.1-RC (as of Apr, 14th) and after a day nothing can be sent from
> em interface.
>
> It is a filtering+accounting bridge-on-a-stick, with em interface
> connected to 3Com Switch 4200 100Mbit (not Gbit) port with 4 tagged vlans
on
> it:
>
> # This file now contains just the overrides from /etc/defaults/rc.conf.
> # Please make all changes to this file, not to /etc/defaults/rc.conf.
> hostname="XXXX.gfk.ru"
> defaultrouter="10.X.X.X"
> ifconfig_sis0="10.X.X.X/24"
> ifconfig_em0="up"
> cloned_interfaces="vlan0 vlan1 vlan2 vlan3 bridge0 bridge1"
> ifconfig_vlan0="84.X.X.X/28 vlan 21 vlandev em0 up"
> ifconfig_vlan1="vlan 22 vlandev em0 up"
> ifconfig_bridge0="addm vlan0 addm vlan1 up"
> ifconfig_vlan2="217.X.X.X/29 vlan 31 vlandev em0 up"
> ifconfig_vlan3="vlan 32 vlandev em0 up"
> ifconfig_bridge1="addm vlan2 addm vlan3 up"
> syslogd_flags="-ss"
>
> sshd_enable="YES"
> ipsec_enable="YES"
> pf_enable="YES"
> pf_rules="/etc/pf.freeroute"
> pflog_enable="YES"
>
> and kernel is GENERIC with unused hardware removed and
>
> ####
> options         DEVICE_POLLING
> options         IPSEC
> options         IPSEC_ESP
> options         IPSEC_FILTERGIF
>
> device          vlan
> device          pf
> device          pflog
> device          pfsync
> device          if_bridge
>
> # altq(9). Enable the base part of the hooks with the ALTQ option.
> # also have the ALTQ_NOPCC option.
> options         ALTQ
> options         ALTQ_CBQ        # Class Bases Queueing
> options         ALTQ_RED        # Random Early Detection
> options         ALTQ_RIO        # RED In/Out
> options         ALTQ_HFSC       # Hierarchical Packet Scheduler
> options         ALTQ_CDNR       # Traffic conditioner
> options         ALTQ_PRIQ       # Priority Queueing
> options         ALTQ_NOPCC      # Required for SMP build
> #options        ALTQ_DEBUG
>
> added.
>
> em0 is
> em0@pci0:10:0:  class=0x020000 card=0x002e8086 chip=0x100e8086 rev=0x02
> hdr=0x00
>    vendor   = 'Intel Corporation'
>    device   = '82540EM Gigabit Ethernet Controller'
>    class    = network
>    subclass = ethernet
>
> em0: <Intel(R) PRO/1000 Network Connection Version - 3.2.18> port
> 0xb400-0xb43f mem 0xd7ea0000-0xd7ebffff,0xd7e80000-0xd7e9ffff irq 18 at
> device 10.0 on pci0
> em0: [GIANT-LOCKED]
> em0: Ethernet address: 00:07:e9:09:c2:3d
>
> Polling was not used (I'll try to work with polling enabled on em0).
>
> ALTQ is not configured, pf has all block rules logged and I can't see
> anything relevant logged to pflog.
>
> This machine also use netgraph netflow for traffic accounting on vlan
> interfaces, but shutting down all netgraph nodes does not help.
>
> Turning vlans, bridge and em down and up does not help too.
>
> Traffic is received (I can see pairs of OSPF HELO messages from ISP router
> logged on pflog0 exactly every 10 seconds), but it looks like nothing can
be
> sent.
>
> Yuriy Tsibizov,
> GfK RUS
>
> _______________________________________________
> freebsd-stable@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to
"freebsd-stable-unsubscribe@freebsd.org"
>

>> 19.04.06, Yuriy Tsibizov <Yuriy.Tsibizov@gfk.ru> ???????(?): 
>> I run a 6.1-RC (as of Apr, 14th) and after a day nothing can be sent
from em interface.
>> It is a filtering+accounting bridge-on-a-stick, with em interface
connected to 3Com
>> Switch 4200 100Mbit (not Gbit) port with 4 tagged vlans on it: 
>> Polling was not used (I'll try to work with polling enabled on
em0).
Polling doesn't help too
>> This machine also use netgraph netflow for traffic accounting on vlan
interfaces,
>> but shutting down all netgraph nodes does not help. 
>> Turning vlans, bridge and em down and up does not help too.
>> Traffic is received (I can see pairs of OSPF HELO messages from ISP
router logged
>> on pflog0 exactly every 10 seconds), but it looks like nothing can be
sent.
> try enabling pormisc mode on vlans 
It was enabled (it is enabled by default when you add interface to bridge, I
think)
It also does not explain why it work for almost a day and then stops. On switch 
I can see zero RX counters on this port (and non-zero TX).

Yuriy.

On Wed, Apr 19, 2006 at 04:15:10PM +0400, Yuriy Tsibizov
wrote:
> I run a 6.1-RC (as of Apr, 14th) and after a day nothing can be sent from
em interface.
> 
> It is a filtering+accounting bridge-on-a-stick, with em interface
> connected to 3Com Switch 4200 100Mbit (not Gbit) port with 4 tagged
> vlans on it:
> 
> Polling was not used (I'll try to work with polling enabled on em0).
> 
> ALTQ is not configured, pf has all block rules logged and I can't see
anything relevant logged to pflog.
> 
> Traffic is received (I can see pairs of OSPF HELO messages from ISP
> router logged on pflog0 exactly every 10 seconds), but it looks like
> nothing can be sent.
A bridge on a stick only works under certian conditions, mainly support
by the switch its connected to. Its obviously working for you for a
period of time so thats probably ok.

Make sure that you dont use scrubbing with pf as the bridge doesn't
handle the fragment reassembly at the moment.

Can you also try a few things when it stops
 - flush the bridge table using ifconfig
 - use tcpdump on the bridge interface to see if its forwarding packets


cheers,
Andrew

> On Wed, Apr 19, 2006 at 04:15:10PM +0400, Yuriy Tsibizov wrote:
> > I run a 6.1-RC (as of Apr, 14th) and after a day nothing 
> can be sent from em interface.
> > 
> > It is a filtering+accounting bridge-on-a-stick, with em interface
> > connected to 3Com Switch 4200 100Mbit (not Gbit) port with 4 tagged
> > vlans on it:
> > 
> > Polling was not used (I'll try to work with polling enabled on
em0).
> > 
> > ALTQ is not configured, pf has all block rules logged and I 
> can't see anything relevant logged to pflog.
> > 
> > Traffic is received (I can see pairs of OSPF HELO messages from ISP
> > router logged on pflog0 exactly every 10 seconds), but it looks like
> > nothing can be sent.
> 
> A bridge on a stick only works under certian conditions, 
> mainly support
> by the switch its connected to. Its obviously working for you for a
> period of time so thats probably ok.
> 
> Make sure that you dont use scrubbing with pf as the bridge doesn't
> handle the fragment reassembly at the moment.
I had it, and will try to work without it. 

Thank you for your help,

Yuriy.

> > On Wed, Apr 19, 2006 at 04:15:10PM +0400, Yuriy Tsibizov wrote:
> > > I run a 6.1-RC (as of Apr, 14th) and after a day nothing 
> > can be sent from em interface.
> > > 
> > > It is a filtering+accounting bridge-on-a-stick, with em interface
> > > connected to 3Com Switch 4200 100Mbit (not Gbit) port 
> with 4 tagged
> > > vlans on it:
> > > 
> > > Polling was not used (I'll try to work with polling 
> enabled on em0).
> > > 
> > > ALTQ is not configured, pf has all block rules logged and I 
> > can't see anything relevant logged to pflog.
> > > 
> > > Traffic is received (I can see pairs of OSPF HELO 
> messages from ISP
> > > router logged on pflog0 exactly every 10 seconds), but it 
> looks like
> > > nothing can be sent.
> > 
> > A bridge on a stick only works under certian conditions, 
> > mainly support
> > by the switch its connected to. Its obviously working for you for a
> > period of time so thats probably ok.
> > 
> > Make sure that you dont use scrubbing with pf as the bridge
doesn't
> > handle the fragment reassembly at the moment.
> I had it, and will try to work without it. 
One question - if pf was the cause, should it recover when I disable pf?
As I remeber, the box was still silent on vlan interfaces, when pf was disabled
with "/etc/rc.d/pf stop".

Yuriy