Project

General

Profile

Bug #10502

LLDP spamming errors on Netgate XG-7100

Added by DRago_Angel [InV@DER] 5 months ago. Updated 4 months ago.

Status:
Pull Request Review
Priority:
Normal
Assignee:
-
Category:
lldpd
Target version:
-
Start date:
04/27/2020
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

Apr 27 03:01:34     lldpd     59971     unable to send second SONMP packet on real device for ix2: Operation not permitted 

Looks like this due bonding of managemented switch

History

#1 Updated by Viktor Gurov 5 months ago

Please provide more information about this issue.

Seems like https://redmine.pfsense.org/issues/9635

#2 Updated by DRago_Angel [InV@DER] 5 months ago

I'm on 2.4.5 now. This error message appears for each ix0-4 and repeat each minute. Lldpd work, at least I can see my Unifi switch in lldp status. On ix0-1 I have LACP for SPF+ and on ix2-3 I have managed switch. Looks like issue in that pfsense trying to run lldp on all interfaces including physical interfaces which are actually only part of another logical interface like lagg or bond which case such error in the logs. So this new issue, but yes it related to fix of previous issue. I think this can be fixed by not launch lldp on interfaces which are part of lagg or bond

#4 Updated by Jim Pingle 5 months ago

  • Status changed from New to Pull Request Review

#5 Updated by DRago_Angel [InV@DER] 4 months ago

From github:
Sorry for late reply,
Yep, I have lagg on SPF+ ix0 & ix1 for reductant connection.
In the UI I selected:
  • LAN (lagg1.17)
  • MGMNT (lagg1.13)
  • DEFAULT (lagg0.3091)

LAGG1 has child ix0 & ix1 and LAGG0 is managed switch. In my network LAGG0 is used to connect multiply WANs and LAGG1 (2x SPF+) to connect internal Switch with VLANS.
Looks like after update error with binding to ix2 & ix3 is not reproduce, but still...
To clarify this about https://redmine.pfsense.org/issues/10502
with lldpd v0.9.11 pfsense package I get this errors in log if I choose active mode for all in lldpd:

May 24 11:42:31 | lldpd | 86378 | unable to send second SONMP packet on real device for lagg0.3091: Operation not permitted
May 24 11:42:31 | lldpd | 86378 | unable to send second SONMP packet on real device for ix1: Operation not permitted
May 24 11:42:31 | lldpd | 86378 | unable to send second SONMP packet on real device for ix0: Operation not permitted
May 24 11:42:31 | lldpd | 86378 | libevent 2.1.11-stable initialized with kqueue method
May 24 11:42:31 | lldpd | 86378 | protocol FDP enabled and forced
May 24 11:42:31 | lldpd | 86378 | protocol EDP enabled and forced
May 24 11:42:31 | lldpd | 86378 | protocol SONMP enabled and forced
May 24 11:42:31 | lldpd | 86378 | protocol CDPv2 enabled and forced
May 24 11:42:31 | lldpd | 86378 | protocol CDPv1 enabled
May 24 11:42:31 | lldpd | 86378 | protocol LLDP enabled and forced
May 24 11:42:31 | lldpd | 86378 | unable to create /var/empty/etc directory: Operation not permitted
May 24 11:42:31 | lldpd | 85861 | no libcap support, running monitor as root
May 24 11:42:31 | lldpd | 85861 | lsb_release information not available
May 24 11:42:31 | lldpd | 85861 | could not open either /etc/os-release or /usr/lib/os-release

SONMP warning generates each minute, spamming the log as previously.
They even appear on lagg0.3091.
Switching Nortel Discovery Protocol (NDP) to passive mode removes SONMP warning from logs. Doesn't know what to say, but looks like real resolution is to forcibly change active mode to passive mode for NDP if user bind LLDPd to devices who are parent or children of LAGG/BOND.
Or maybe simply add some note in UI for NDP like: if you have lagg or bonding you must use NDP only in passive mode as SONMP can't run on it in active mode.

P.S. offtopic:
  • Additionally there some issues with opening /etc/os-release or /usr/lib/os-release to determinate OS, maybe add this https://www.freshports.org/sysutils/etc_os-release/ package as dependency for LLDPd?
  • /var/empty/etc directory: Operation not permitted looks like lldpd user had some issues with HOME patch, doesn't know hot to fix this correctly.

#6 Updated by DRago_Angel [InV@DER] 4 months ago

Additionally LLDPd with active NDP (enabled and forced) throw errors if chosen interfaces are parent or child of VLANs.
Tested with simple Intel Card and VLAN, with active NDP:
May 24 21:36:17 | lldpd | 13074 | unable to send second SONMP packet on real device for igb1: Operation not permitted

Same with passive NDP:
No errors

#7 Updated by Viktor Gurov 4 months ago

DRago_Angel [InV@DER] wrote:

Additionally LLDPd with active NDP (enabled and forced) throw errors if chosen interfaces are parent or child of VLANs.
Tested with simple Intel Card and VLAN, with active NDP:
May 24 21:36:17 | lldpd | 13074 | unable to send second SONMP packet on real device for igb1: Operation not permitted

Same with passive NDP:
No errors

but I see the same issue with 'vtnet' interface, without any VLANs:

/usr/local/sbin/lldpd -d -ll -ss -I 'vtnet0' -C 'vtnet0' -m '192.168.3.4':
...
unable to send second SONMP packet on real device for vtnet0: Operation not permitted

There seems to be a issue with the lldpd NDP protocol, you should report this upstream: https://github.com/vincentbernat/lldpd/issues

no such error with LLDP, CDP, EDP or FDP proto

#8 Updated by DRago_Angel [InV@DER] 4 months ago

So maybe we can track this issue https://github.com/vincentbernat/lldpd/issues/394 and till it (or if it will not) fixed - we can disable active (force) mode for NDP as it not working anyway as I understand, what you think?

Also available in: Atom PDF