freebsd stable - Jan 2007 - Source MAC addresses when bridge(4) used

I've just noticed an number of unpexected "IP address changed MAC"
messages on one of the hosts in my network.  It is connected via a
FreeBSD bridge to the rest of my network (there aren't enuf network
ports in my son's bedroom).  The configuration looks like:

  +---------+         +---------+
  |         |         |         |
  | laptop1 |---------| desktop |------> Rest of network
  |    	    |dc0   tl0|         |rl0     via dumb switch
  +---------+         +---------+

The desktop network configuration is:
tl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        ether 00:00:24:28:98:9a
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 192.168.123.36 netmask 0xffffff00 broadcast 192.168.123.255
        ether 00:20:ed:78:9c:a3
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000 
bridge0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        ether ca:a9:aa:1e:71:32
        priority 32768 hellotime 2 fwddelay 15 maxage 20
        member: tl0 flags=3<LEARNING,DISCOVER>
        member: rl0 flags=3<LEARNING,DISCOVER>

laptop1 is regularly reporting that 192.168.123.36 (the IP address of
the desktop) is switching between the two adapters in it:
Jan  6 07:27:09 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  6 08:09:45 laptop1 kernel: arp: 192.168.123.36 moved from 00:20:ed:78:9c:a3
to 00:00:24:28:98:9a on dc0
Jan  6 08:46:11 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  6 09:29:00 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  6 12:12:12 laptop1 kernel: arp: 192.168.123.36 moved from 00:20:ed:78:9c:a3
to 00:00:24:28:98:9a on dc0
Jan  6 12:15:31 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  6 13:06:42 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  6 16:48:45 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  6 17:32:22 laptop1 kernel: arp: 192.168.123.36 moved from 00:20:ed:78:9c:a3
to 00:00:24:28:98:9a on dc0
Jan  6 17:33:33 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  6 17:53:45 laptop1 kernel: arp: 192.168.123.36 moved from 00:20:ed:78:9c:a3
to 00:00:24:28:98:9a on dc0
Jan  6 17:57:05 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  6 18:17:20 laptop1 kernel: arp: 192.168.123.36 moved from 00:20:ed:78:9c:a3
to 00:00:24:28:98:9a on dc0
Jan  6 18:24:48 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  6 18:45:08 laptop1 kernel: arp: 192.168.123.36 moved from 00:20:ed:78:9c:a3
to 00:00:24:28:98:9a on dc0
Jan  6 18:48:19 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  6 19:08:45 laptop1 kernel: arp: 192.168.123.36 moved from 00:20:ed:78:9c:a3
to 00:00:24:28:98:9a on dc0
Jan  6 19:11:50 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  6 19:32:15 laptop1 kernel: arp: 192.168.123.36 moved from 00:20:ed:78:9c:a3
to 00:00:24:28:98:9a on dc0
Jan  6 19:33:07 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  6 19:56:34 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  6 22:44:24 laptop1 kernel: arp: 192.168.123.36 moved from 00:20:ed:78:9c:a3
to 00:00:24:28:98:9a on dc0
Jan  6 23:04:26 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0

Even more unexpectedly, laptop1 is repeating the same "moved" message:
Jan  7 00:46:55 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  7 01:38:09 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  7 02:29:26 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  7 03:20:39 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  7 04:28:59 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  7 05:18:50 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  7 06:28:31 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0
Jan  7 07:16:05 laptop1 kernel: arp: 192.168.123.36 moved from 00:00:24:28:98:9a
to 00:20:ed:78:9c:a3 on dc0

Both hosts are running 6.1-STABLE:
laptop1: FreeBSD laptop1.vk2pj.dyndns.org 6.1-STABLE FreeBSD 6.1-STABLE #0: Wed
Nov 15 18:40:00 EST 2006    
root@laptop1.vk2pj.dyndns.org:/usr/obj/usr/src/sys/laptop  i386
desktop: FreeBSD jashank.vk2pj.dyndns.org 6.1-STABLE FreeBSD 6.1-STABLE #15: Wed
Aug  2 18:35:57 EST 2006    
root@jashank.vk2pj.dyndns.org:/usr/obj/usr/src/sys/jashank  i386

I'm not seeing similar messages on other hosts in my network, it seems
that the desktop is always sending traffic to the rest of my network
via rl0.  This leaves two questions:

Firstly, why is laptop1 seeing packets coming from both interfaces on
the desktop?  I had expected that the desktop would always originate
packets from the interface with the IP address ("netstat -r" on it
shows laptop1 associated with rl0).

Secondly, why is laptop1 reporting a list of "address moved" messages
from tl0 to rl0 without matching movements from rl0 to tl0?

-- 
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20070106/93ea1632/attachment.pgp

Peter Jeremy wrote:
> I've just noticed an number of unpexected "IP address changed
MAC"
> messages on one of the hosts in my network.  It is connected via a
> FreeBSD bridge to the rest of my network (there aren't enuf network
> ports in my son's bedroom).  The configuration looks like:
> 
>   +---------+         +---------+
>   |         |         |         |
>   | laptop1 |---------| desktop |------> Rest of network
>   |    	    |dc0   tl0|         |rl0     via dumb switch
>   +---------+         +---------+
> 
> The desktop network configuration is:
> tl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu
1500
>         ether 00:00:24:28:98:9a
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
> rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu
1500
>         options=8<VLAN_MTU>
>         inet 192.168.123.36 netmask 0xffffff00 broadcast 192.168.123.255
>         ether 00:20:ed:78:9c:a3
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>         inet 127.0.0.1 netmask 0xff000000 
> bridge0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>         ether ca:a9:aa:1e:71:32
>         priority 32768 hellotime 2 fwddelay 15 maxage 20
>         member: tl0 flags=3<LEARNING,DISCOVER>
>         member: rl0 flags=3<LEARNING,DISCOVER>
> 
> laptop1 is regularly reporting that 192.168.123.36 (the IP address of
> the desktop) is switching between the two adapters in it:
> Jan  6 07:27:09 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  6 08:09:45 laptop1 kernel: arp: 192.168.123.36 moved from
00:20:ed:78:9c:a3 to 00:00:24:28:98:9a on dc0
> Jan  6 08:46:11 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  6 09:29:00 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  6 12:12:12 laptop1 kernel: arp: 192.168.123.36 moved from
00:20:ed:78:9c:a3 to 00:00:24:28:98:9a on dc0
> Jan  6 12:15:31 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  6 13:06:42 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  6 16:48:45 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  6 17:32:22 laptop1 kernel: arp: 192.168.123.36 moved from
00:20:ed:78:9c:a3 to 00:00:24:28:98:9a on dc0
> Jan  6 17:33:33 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  6 17:53:45 laptop1 kernel: arp: 192.168.123.36 moved from
00:20:ed:78:9c:a3 to 00:00:24:28:98:9a on dc0
> Jan  6 17:57:05 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  6 18:17:20 laptop1 kernel: arp: 192.168.123.36 moved from
00:20:ed:78:9c:a3 to 00:00:24:28:98:9a on dc0
> Jan  6 18:24:48 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  6 18:45:08 laptop1 kernel: arp: 192.168.123.36 moved from
00:20:ed:78:9c:a3 to 00:00:24:28:98:9a on dc0
> Jan  6 18:48:19 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  6 19:08:45 laptop1 kernel: arp: 192.168.123.36 moved from
00:20:ed:78:9c:a3 to 00:00:24:28:98:9a on dc0
> Jan  6 19:11:50 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  6 19:32:15 laptop1 kernel: arp: 192.168.123.36 moved from
00:20:ed:78:9c:a3 to 00:00:24:28:98:9a on dc0
> Jan  6 19:33:07 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  6 19:56:34 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  6 22:44:24 laptop1 kernel: arp: 192.168.123.36 moved from
00:20:ed:78:9c:a3 to 00:00:24:28:98:9a on dc0
> Jan  6 23:04:26 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> 
> Even more unexpectedly, laptop1 is repeating the same "moved"
message:
> Jan  7 00:46:55 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  7 01:38:09 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  7 02:29:26 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  7 03:20:39 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  7 04:28:59 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  7 05:18:50 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  7 06:28:31 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> Jan  7 07:16:05 laptop1 kernel: arp: 192.168.123.36 moved from
00:00:24:28:98:9a to 00:20:ed:78:9c:a3 on dc0
> 
> Both hosts are running 6.1-STABLE:
> laptop1: FreeBSD laptop1.vk2pj.dyndns.org 6.1-STABLE FreeBSD 6.1-STABLE #0:
Wed Nov 15 18:40:00 EST 2006    
root@laptop1.vk2pj.dyndns.org:/usr/obj/usr/src/sys/laptop  i386
> desktop: FreeBSD jashank.vk2pj.dyndns.org 6.1-STABLE FreeBSD 6.1-STABLE
#15: Wed Aug  2 18:35:57 EST 2006    
root@jashank.vk2pj.dyndns.org:/usr/obj/usr/src/sys/jashank  i386
> 
> I'm not seeing similar messages on other hosts in my network, it seems
> that the desktop is always sending traffic to the rest of my network
> via rl0.  This leaves two questions:
> 
> Firstly, why is laptop1 seeing packets coming from both interfaces on
> the desktop?  I had expected that the desktop would always originate
> packets from the interface with the IP address ("netstat -r" on
it
> shows laptop1 associated with rl0).
> 
> Secondly, why is laptop1 reporting a list of "address moved"
messages
> from tl0 to rl0 without matching movements from rl0 to tl0?
> 
Does moving 192.168.123.36 to the bridge interface help?

-- 
Sten Daniel S?rsdal

On Sun, Jan 07, 2007 at 08:02:11AM +1100, Peter Jeremy
wrote:
> The desktop network configuration is:
> tl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu
1500
>         ether 00:00:24:28:98:9a
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
> rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu
1500
>         options=8<VLAN_MTU>
>         inet 192.168.123.36 netmask 0xffffff00 broadcast 192.168.123.255
>         ether 00:20:ed:78:9c:a3
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>         inet 127.0.0.1 netmask 0xff000000 
> bridge0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>         ether ca:a9:aa:1e:71:32
>         priority 32768 hellotime 2 fwddelay 15 maxage 20
>         member: tl0 flags=3<LEARNING,DISCOVER>
>         member: rl0 flags=3<LEARNING,DISCOVER>
Does tinkering with net.link.ether.bridge.config help at all?  See
bridge(4) manpage.  (I haven't used this, I'm just brainstorming...)

-- 
| Jeremy Chadwick                                 jdc at parodius.com |
| Parodius Networking                        http://www.parodius.com/ |
| UNIX Systems Administrator                   Mountain View, CA, USA |
| Making life hard for others since 1977.               PGP: 4BD6C0CB |

On Sun, Jan 07, 2007 at 08:02:11AM +1100, Peter Jeremy
wrote:
> I've just noticed an number of unpexected "IP address changed
MAC"
> messages on one of the hosts in my network.  It is connected via a
> FreeBSD bridge to the rest of my network (there aren't enuf network
> ports in my son's bedroom).  The configuration looks like:
> 
>   +---------+         +---------+
>   |         |         |         |
>   | laptop1 |---------| desktop |------> Rest of network
>   |         |dc0   tl0|         |rl0     via dumb switch
>   +---------+         +---------+
Chiming in late here after a nice holiday. 
 
> Both hosts are running 6.1-STABLE:
> laptop1: FreeBSD laptop1.vk2pj.dyndns.org 6.1-STABLE FreeBSD
>  6.1-STABLE #0: Wed Nov 15 18:40:00 EST 2006
>  root@laptop1.vk2pj.dyndns.org:/usr/obj/usr/src/sys/laptop  i386
> desktop: FreeBSD jashank.vk2pj.dyndns.org 6.1-STABLE FreeBSD
>  6.1-STABLE #15: Wed Aug  2 18:35:57 EST 2006
                   ^^^^^^^^^^

This is actually fixed now in r1.84 and MFC'd early nov. The laptop
would have been fine but the bridging was done on the desktop which was
an older stable.

The reason is that the arp reply when bridging sends the mac address of
the nic where the request came in, so laptop1 will get the mac of tl0.
The other problem that was fixed in r1.84 was that locally destined
packets to the bridge were always broadcast when they shouldn't.
Anything on the rest of the network arping for the rl0 address would
cause the arp reply to also be sent to laptop1 (with rl0's address),
hence the logged 'address moved' warnings.

Some people pointed out that the address should be assigned to the
bridge interface which is correct, but they way you had it still works
and now that warning is now fixed.


cheers,
Andrew