Re: [Openvpn-users] br0: received packet on tap0 with own address as source address

Wed, 27 Jun 2018 11:03:37 -0700 

Hi,

On Wed, Jun 27, 2018 at 09:30:51AM +0200, free...@tango.lu wrote:
> There is this issue bugging me since a long time and try to put a stop 
> to it:
> 
> [22444423.820856] br0: received packet on tap0 with own address as 
> source address

I assume these are multicast packets, and I have the nagging suspicion
that the combination

  <--openvpn/tap--> client <-bridge-> LAN

will reflect multicast packets coming in from the "server->client" back
to the server.  This is hard to say for sure since tcpdump on the tap0
interface on the client does not always seem to be telling the full truth 
for multicast things...

(We have a trac ticket open on a similar case which leads to the
openvpn *server* starting to misbehave - if my theory is true, but 
still waiting for logs to say for sure)


It should be noted that br0 is not complaing about "source *IP* address"
but about "source *MAC* address".  So whatever you change in the IP config
won't be interesting to br0.

I guess if you do a tcpdump on the server's tap0 (that's logging the 
error) for "tcpdump -n -s0 -e -i tap0 'ether src x:x:x:x:x:x and multicast'", 
replacing the "x:x:x:x:x:x" with the ethernet address being shown in 
"ifconfig br0", it might lead to interesting discoveries.


(And @dazo: there's a reason why we have tap mode *and* why linux briding
exists - sometimes there is no other way to do things.  There is at
least one known bug in our server-side mac-learning code, though, but
this one is different)

gert

-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             g...@greenie.muc.de

Attachment: signature.asc
Description: PGP signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to