Michael T. Davis
2013-11-08 16:09:59 UTC
I'm running NetBSD v6.1.2 configured on a packet filtering bridge
with IP Filter (ipf -V reports "v4.1.34 (400)", as packaged with this
particular NetBSD release). The kernel has been modified to enable GATEWAY
and BRIDGE_IPF. I have a largely identical system running under NetBSD 5.1
without issues. On the NetBSD-6 system, the internal interface is seen as...
wm1 at pci1 dev 5 function 0: Intel i82541PI 1000BASE-T Ethernet (rev. 0x05)
wm1: interrupting at ioapic0 pin 17
wm1: 32-bit 33MHz PCI bus
wm1: 64 word (6 address bits) MicroWire EEPROM
wm1: Ethernet address 00:0e:0c:82:a6:77
igphy1 at wm1 phy 1: Intel IGP01E1000 Gigabit PHY, rev. 0
igphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT,
1000baseT-FDX, auto
...per dmesg. This and wm0 (the external interface, same hardware)
comprise the bridge endpoints, and an IP address is bound to wm1 for
"remote" management. The MTU for both interfaces is set as 1500
(the default).
Every so often, the NetBSD-6 kernel reports...
Nov 8 09:44:17 fw /netbsd: wm1: discarding oversize frame (len=1518)
It only ever cites wm1 and the length is always 1518. Since the MTU for
this interface is set to 1500, doesn't this mean that another system
attached to that interface is generating an invalid packet, presumably
due to a mis-configuration? If so, how does one pin down the miscreant
system? Can this be accomplished directly from the firewall? FWIW,
most of the installation sets are loaded, except for compiler support,
and the kernel is (otherwise) based on GENERIC. (Kernel [re]building
is done on another system.)
Thanks,
Mike
with IP Filter (ipf -V reports "v4.1.34 (400)", as packaged with this
particular NetBSD release). The kernel has been modified to enable GATEWAY
and BRIDGE_IPF. I have a largely identical system running under NetBSD 5.1
without issues. On the NetBSD-6 system, the internal interface is seen as...
wm1 at pci1 dev 5 function 0: Intel i82541PI 1000BASE-T Ethernet (rev. 0x05)
wm1: interrupting at ioapic0 pin 17
wm1: 32-bit 33MHz PCI bus
wm1: 64 word (6 address bits) MicroWire EEPROM
wm1: Ethernet address 00:0e:0c:82:a6:77
igphy1 at wm1 phy 1: Intel IGP01E1000 Gigabit PHY, rev. 0
igphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT,
1000baseT-FDX, auto
...per dmesg. This and wm0 (the external interface, same hardware)
comprise the bridge endpoints, and an IP address is bound to wm1 for
"remote" management. The MTU for both interfaces is set as 1500
(the default).
Every so often, the NetBSD-6 kernel reports...
Nov 8 09:44:17 fw /netbsd: wm1: discarding oversize frame (len=1518)
It only ever cites wm1 and the length is always 1518. Since the MTU for
this interface is set to 1500, doesn't this mean that another system
attached to that interface is generating an invalid packet, presumably
due to a mis-configuration? If so, how does one pin down the miscreant
system? Can this be accomplished directly from the firewall? FWIW,
most of the installation sets are loaded, except for compiler support,
and the kernel is (otherwise) based on GENERIC. (Kernel [re]building
is done on another system.)
Thanks,
Mike