pfSense » pfSense Packages

Please provide more information about this issue.

Seems like https://redmine.pfsense.org/issues/9635

I'm on 2.4.5 now. This error message appears for each ix0-4 and repeat each minute. Lldpd work, at least I can see my Unifi switch in lldp status. On ix0-1 I have LACP for SPF+ and on ix2-3 I have managed switch. Looks like issue in that pfsense trying to run lldp on all interfaces including physical interfaces which are actually only part of another logical interface like lagg or bond which case such error in the logs. So this new issue, but yes it related to fix of previous issue. I think this can be fixed by not launch lldp on interfaces which are part of lagg or bond

https://github.com/pfsense/FreeBSD-ports/pull/860

• LAN (lagg1.17)
• MGMNT (lagg1.13)
• DEFAULT (lagg0.3091)

LAGG1 has child ix0 & ix1 and LAGG0 is managed switch. In my network LAGG0 is used to connect multiply WANs and LAGG1 (2x SPF+) to connect internal Switch with VLANS.
Looks like after update error with binding to ix2 & ix3 is not reproduce, but still...
To clarify this about https://redmine.pfsense.org/issues/10502
with lldpd v0.9.11 pfsense package I get this errors in log if I choose active mode for all in lldpd:

May 24 11:42:31 | lldpd | 86378 | unable to send second SONMP packet on real device for lagg0.3091: Operation not permitted
May 24 11:42:31 | lldpd | 86378 | unable to send second SONMP packet on real device for ix1: Operation not permitted
May 24 11:42:31 | lldpd | 86378 | unable to send second SONMP packet on real device for ix0: Operation not permitted
May 24 11:42:31 | lldpd | 86378 | libevent 2.1.11-stable initialized with kqueue method
May 24 11:42:31 | lldpd | 86378 | protocol FDP enabled and forced
May 24 11:42:31 | lldpd | 86378 | protocol EDP enabled and forced
May 24 11:42:31 | lldpd | 86378 | protocol SONMP enabled and forced
May 24 11:42:31 | lldpd | 86378 | protocol CDPv2 enabled and forced
May 24 11:42:31 | lldpd | 86378 | protocol CDPv1 enabled
May 24 11:42:31 | lldpd | 86378 | protocol LLDP enabled and forced
May 24 11:42:31 | lldpd | 86378 | unable to create /var/empty/etc directory: Operation not permitted
May 24 11:42:31 | lldpd | 85861 | no libcap support, running monitor as root
May 24 11:42:31 | lldpd | 85861 | lsb_release information not available
May 24 11:42:31 | lldpd | 85861 | could not open either /etc/os-release or /usr/lib/os-release

SONMP warning generates each minute, spamming the log as previously.
They even appear on lagg0.3091.
Switching Nortel Discovery Protocol (NDP) to passive mode removes SONMP warning from logs. Doesn't know what to say, but looks like real resolution is to forcibly change active mode to passive mode for NDP if user bind LLDPd to devices who are parent or children of LAGG/BOND.
Or maybe simply add some note in UI for NDP like: if you have lagg or bonding you must use NDP only in passive mode as SONMP can't run on it in active mode.

• Additionally there some issues with opening /etc/os-release or /usr/lib/os-release to determinate OS, maybe add this https://www.freshports.org/sysutils/etc_os-release/ package as dependency for LLDPd?
• /var/empty/etc directory: Operation not permitted looks like lldpd user had some issues with HOME patch, doesn't know hot to fix this correctly.

Additionally LLDPd with active NDP (enabled and forced) throw errors if chosen interfaces are parent or child of VLANs.
Tested with simple Intel Card and VLAN, with active NDP:
May 24 21:36:17 | lldpd | 13074 | unable to send second SONMP packet on real device for igb1: Operation not permitted

Same with passive NDP:
No errors

DRago_Angel [InV@DER] wrote:

Additionally LLDPd with active NDP (enabled and forced) throw errors if chosen interfaces are parent or child of VLANs.
Tested with simple Intel Card and VLAN, with active NDP:
May 24 21:36:17 | lldpd | 13074 | unable to send second SONMP packet on real device for igb1: Operation not permitted

Same with passive NDP:
No errors

but I see the same issue with 'vtnet' interface, without any VLANs:

/usr/local/sbin/lldpd -d -ll -ss -I 'vtnet0' -C 'vtnet0' -m '192.168.3.4':
...
unable to send second SONMP packet on real device for vtnet0: Operation not permitted

There seems to be a issue with the lldpd NDP protocol, you should report this upstream: https://github.com/vincentbernat/lldpd/issues

no such error with LLDP, CDP, EDP or FDP proto

So maybe we can track this issue https://github.com/vincentbernat/lldpd/issues/394 and till it (or if it will not) fixed - we can disable active (force) mode for NDP as it not working anyway as I understand, what you think?

DRago_Angel [InV@DER] wrote:

So maybe we can track this issue https://github.com/vincentbernat/lldpd/issues/394 and till it (or if it will not) fixed - we can disable active (force) mode for NDP as it not working anyway as I understand, what you think?

I've applied the change requested by developers on 2.5.0. lldpd-1.0.4_1 will have that applied and can be used to test

Renato Botelho wrote:

DRago_Angel [InV@DER] wrote:

So maybe we can track this issue https://github.com/vincentbernat/lldpd/issues/394 and till it (or if it will not) fixed - we can disable active (force) mode for NDP as it not working anyway as I understand, what you think?

I've applied the change requested by developers on 2.5.0. lldpd-1.0.4_1 will have that applied and can be used to test

same issue on 2.5.0.a.20201013.1850 with lldp-1.0.4_1:

# /usr/local/sbin/lldpd -d -ll -ss -I 'vtnet0' -C 'vtnet0' -m '192.168.3.4':
...
unable to send second SONMP packet on real device for vtnet0: Operation not permitted

# pkg info lldpd
lldpd-1.0.4_1
Name           : lldpd
Version        : 1.0.4_1
Installed on   : Wed Oct 14 09:12:22 2020 MSK
...

still seeing this on 7100 running 23.05.1 lldpd 0.9.11_1 - set all protocol support to active, save

unable to send second SONMP packet on real device for lagg0.4091: Operation not permitted