Project

General

Profile

Actions

Bug #10502

open

LLDP spamming errors on Netgate XG-7100

Added by DRago_Angel [InV@DER] almost 4 years ago. Updated 8 months ago.

Status:
In Progress
Priority:
Normal
Assignee:
-
Category:
lldpd
Target version:
-
Start date:
04/27/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

Apr 27 03:01:34     lldpd     59971     unable to send second SONMP packet on real device for ix2: Operation not permitted 

Looks like this due bonding of managemented switch
Actions #1

Updated by Viktor Gurov almost 4 years ago

Please provide more information about this issue.

Seems like https://redmine.pfsense.org/issues/9635

Actions #2

Updated by DRago_Angel [InV@DER] almost 4 years ago

I'm on 2.4.5 now. This error message appears for each ix0-4 and repeat each minute. Lldpd work, at least I can see my Unifi switch in lldp status. On ix0-1 I have LACP for SPF+ and on ix2-3 I have managed switch. Looks like issue in that pfsense trying to run lldp on all interfaces including physical interfaces which are actually only part of another logical interface like lagg or bond which case such error in the logs. So this new issue, but yes it related to fix of previous issue. I think this can be fixed by not launch lldp on interfaces which are part of lagg or bond

Actions #4

Updated by Jim Pingle almost 4 years ago

  • Status changed from New to Pull Request Review
Actions #5

Updated by DRago_Angel [InV@DER] almost 4 years ago

From github:
Sorry for late reply,
Yep, I have lagg on SPF+ ix0 & ix1 for reductant connection.
In the UI I selected:
  • LAN (lagg1.17)
  • MGMNT (lagg1.13)
  • DEFAULT (lagg0.3091)

LAGG1 has child ix0 & ix1 and LAGG0 is managed switch. In my network LAGG0 is used to connect multiply WANs and LAGG1 (2x SPF+) to connect internal Switch with VLANS.
Looks like after update error with binding to ix2 & ix3 is not reproduce, but still...
To clarify this about https://redmine.pfsense.org/issues/10502
with lldpd v0.9.11 pfsense package I get this errors in log if I choose active mode for all in lldpd:

May 24 11:42:31 | lldpd | 86378 | unable to send second SONMP packet on real device for lagg0.3091: Operation not permitted
May 24 11:42:31 | lldpd | 86378 | unable to send second SONMP packet on real device for ix1: Operation not permitted
May 24 11:42:31 | lldpd | 86378 | unable to send second SONMP packet on real device for ix0: Operation not permitted
May 24 11:42:31 | lldpd | 86378 | libevent 2.1.11-stable initialized with kqueue method
May 24 11:42:31 | lldpd | 86378 | protocol FDP enabled and forced
May 24 11:42:31 | lldpd | 86378 | protocol EDP enabled and forced
May 24 11:42:31 | lldpd | 86378 | protocol SONMP enabled and forced
May 24 11:42:31 | lldpd | 86378 | protocol CDPv2 enabled and forced
May 24 11:42:31 | lldpd | 86378 | protocol CDPv1 enabled
May 24 11:42:31 | lldpd | 86378 | protocol LLDP enabled and forced
May 24 11:42:31 | lldpd | 86378 | unable to create /var/empty/etc directory: Operation not permitted
May 24 11:42:31 | lldpd | 85861 | no libcap support, running monitor as root
May 24 11:42:31 | lldpd | 85861 | lsb_release information not available
May 24 11:42:31 | lldpd | 85861 | could not open either /etc/os-release or /usr/lib/os-release

SONMP warning generates each minute, spamming the log as previously.
They even appear on lagg0.3091.
Switching Nortel Discovery Protocol (NDP) to passive mode removes SONMP warning from logs. Doesn't know what to say, but looks like real resolution is to forcibly change active mode to passive mode for NDP if user bind LLDPd to devices who are parent or children of LAGG/BOND.
Or maybe simply add some note in UI for NDP like: if you have lagg or bonding you must use NDP only in passive mode as SONMP can't run on it in active mode.

P.S. offtopic:
  • Additionally there some issues with opening /etc/os-release or /usr/lib/os-release to determinate OS, maybe add this https://www.freshports.org/sysutils/etc_os-release/ package as dependency for LLDPd?
  • /var/empty/etc directory: Operation not permitted looks like lldpd user had some issues with HOME patch, doesn't know hot to fix this correctly.
Actions #6

Updated by DRago_Angel [InV@DER] almost 4 years ago

Additionally LLDPd with active NDP (enabled and forced) throw errors if chosen interfaces are parent or child of VLANs.
Tested with simple Intel Card and VLAN, with active NDP:
May 24 21:36:17 | lldpd | 13074 | unable to send second SONMP packet on real device for igb1: Operation not permitted

Same with passive NDP:
No errors

Actions #7

Updated by Viktor Gurov almost 4 years ago

DRago_Angel [InV@DER] wrote:

Additionally LLDPd with active NDP (enabled and forced) throw errors if chosen interfaces are parent or child of VLANs.
Tested with simple Intel Card and VLAN, with active NDP:
May 24 21:36:17 | lldpd | 13074 | unable to send second SONMP packet on real device for igb1: Operation not permitted

Same with passive NDP:
No errors

but I see the same issue with 'vtnet' interface, without any VLANs:

/usr/local/sbin/lldpd -d -ll -ss -I 'vtnet0' -C 'vtnet0' -m '192.168.3.4':
...
unable to send second SONMP packet on real device for vtnet0: Operation not permitted

There seems to be a issue with the lldpd NDP protocol, you should report this upstream: https://github.com/vincentbernat/lldpd/issues

no such error with LLDP, CDP, EDP or FDP proto

Actions #8

Updated by DRago_Angel [InV@DER] almost 4 years ago

So maybe we can track this issue https://github.com/vincentbernat/lldpd/issues/394 and till it (or if it will not) fixed - we can disable active (force) mode for NDP as it not working anyway as I understand, what you think?

Actions #9

Updated by Renato Botelho over 3 years ago

DRago_Angel [InV@DER] wrote:

So maybe we can track this issue https://github.com/vincentbernat/lldpd/issues/394 and till it (or if it will not) fixed - we can disable active (force) mode for NDP as it not working anyway as I understand, what you think?

I've applied the change requested by developers on 2.5.0. lldpd-1.0.4_1 will have that applied and can be used to test

Actions #10

Updated by Renato Botelho over 3 years ago

  • Assignee set to Renato Botelho
Actions #11

Updated by Renato Botelho over 3 years ago

  • Status changed from Pull Request Review to In Progress

There is no PR waiting for review

Actions #12

Updated by Viktor Gurov over 3 years ago

Renato Botelho wrote:

DRago_Angel [InV@DER] wrote:

So maybe we can track this issue https://github.com/vincentbernat/lldpd/issues/394 and till it (or if it will not) fixed - we can disable active (force) mode for NDP as it not working anyway as I understand, what you think?

I've applied the change requested by developers on 2.5.0. lldpd-1.0.4_1 will have that applied and can be used to test

same issue on 2.5.0.a.20201013.1850 with lldp-1.0.4_1:

# /usr/local/sbin/lldpd -d -ll -ss -I 'vtnet0' -C 'vtnet0' -m '192.168.3.4':
...
unable to send second SONMP packet on real device for vtnet0: Operation not permitted

# pkg info lldpd
lldpd-1.0.4_1
Name           : lldpd
Version        : 1.0.4_1
Installed on   : Wed Oct 14 09:12:22 2020 MSK
...

Actions #13

Updated by Renato Botelho almost 2 years ago

  • Assignee deleted (Renato Botelho)
Actions #14

Updated by Jordan G 8 months ago

still seeing this on 7100 running 23.05.1 lldpd 0.9.11_1 - set all protocol support to active, save

unable to send second SONMP packet on real device for lagg0.4091: Operation not permitted
Actions

Also available in: Atom PDF