Re: mcx(4) and bridge(4)

[Hauke Fath <hf%spg.tu-darmstadt.de@localhost>]

On 4/11/25 19:29, Mouse wrote:
> Does tcpdump on mcx0 show the request leaving?

No, nothing.

> bouyer@ suggested that it's something wrong with mcx leading to it not
> receiving packets for the domU.  Snooping on the mcx could help tell;
> if this is the problem, you'll see the arp request go out and then,
> depending on whether you specified -p to tcpdump, either having tcpdump
> running will fix it or you won't see anything coming back.

Either way, silence. The arp requests that show up on vlan2 do not show 
up on the physical interface.

> It occurs to me that it could also be that net.inet{,6}.ip.forwarding
> is turned off, but your test with the bge led to something turning it
> on (handwave: some script might notice you're bringing up multiple
> interfaces?).

% sysctl -a | grep forwarding
net.inet.ip.forwarding = 1
net.inet6.ip6.forwarding = 0
%

-- we don't use ipv6 here.

> Another possibility is that you've got packet filtering turned on on
> mcx but not on bge, such that it's dropping relevant traffic.

No packet filtering on the machine, no.

> I definitely would start by snooping traffic to see where ARP is
> failing.  Is the dom0 not receiving the request?

It is - it can access the DomU via ssh, and vice versa.

> Is it not sending it on?

That is how I read it.

To make it more interesting: A machine on the vlan2 subnet pinging 
(without success) the DomU ends up with a valid arp cache entry - maybe 
the Dom0's doing?

Cheerio,
Hauke

--
     The ASCII Ribbon Campaign                    Hauke Fath
()     No HTML/RTF in email	        Institut für Nachrichtentechnik
/\     No Word docs in email                     TU Darmstadt
     Respect for open standards              Ruf +49-6151-16-21344