Hi all,
I have the following tables to showcase the issue:
table netdev meh {
chain input {
type filter hook ingress device "bridge0" priority filter;
policy accept;
arp saddr ether 36:b0:4a:e2:72:ea arp daddr ether
00:00:00:00:00:00 log prefix "netdev in: " flags all
}
chain output {
type filter hook egress device "bridge0" priority filter; policy accept;
arp saddr ether c2:76:e5:71:e1:de arp daddr ether
36:b0:4a:e2:72:ea log prefix "netdev out: " flags all
}
}
table bridge meh {
chain input {
type filter hook input priority filter; policy accept;
arp saddr ether 36:b0:4a:e2:72:ea arp daddr ether
00:00:00:00:00:00 log prefix "bridge in: " flags all
}
chain output {
type filter hook output priority filter; policy accept;
arp saddr ether c2:76:e5:71:e1:de arp daddr ether
36:b0:4a:e2:72:ea log prefix "bridge out: " flags all
}
}
table arp meh {
chain input {
type filter hook input priority filter; policy accept;
arp saddr ether 36:b0:4a:e2:72:ea arp daddr ether
00:00:00:00:00:00 log prefix "arp in: " flags all
}
chain output {
type filter hook output priority filter; policy accept;
arp saddr ether c2:76:e5:71:e1:de arp daddr ether
36:b0:4a:e2:72:ea log prefix "arp out: " flags all
}
}
which get me the following logs:
bridge in: IN=temp_tap OUT= MACSRC=36:b0:4a:e2:72:ea
MACDST=ff:ff:ff:ff:ff:ff MACPROTO=0806 ARP HTYPE=1 PTYPE=0x0800
OPCODE=1 MACSRC=36:b0:4a:e2:72:ea IPSRC=192.168.150.253
MACDST=00:00:00:00:00:00 IPDST=192.168.150.1
netdev in: IN=bridge0 OUT= MACSRC=36:b0:4a:e2:72:ea
MACDST=ff:ff:ff:ff:ff:ff MACPROTO=0806 ARP HTYPE=1 PTYPE=0x0800
OPCODE=1 MACSRC=36:b0:4a:e2:72:ea IPSRC=192.168.150.253
MACDST=00:00:00:00:00:00 IPDST=192.168.150.1
arp in: IN=bridge0 OUT= MACSRC=36:b0:4a:e2:72:ea
MACDST=ff:ff:ff:ff:ff:ff MACPROTO=0806 ARP HTYPE=1 PTYPE=0x0800
OPCODE=1 MACSRC=36:b0:4a:e2:72:ea IPSRC=192.168.150.253
MACDST=00:00:00:00:00:00 IPDST=192.168.150.1
arp out: IN= OUT=bridge0 MACSRC=8a:ff:ff:00:00:00
MACDST=00:00:1c:dc:90:74 MACPROTO=0000 ARP HTYPE=14000 PTYPE=0x4ae2
OPCODE=49782
netdev out: IN= OUT=bridge0 MACSRC=c2:76:e5:71:e1:de
MACDST=36:b0:4a:e2:72:ea MACPROTO=0806 ARP HTYPE=14000 PTYPE=0x4ae2
OPCODE=49782
bridge out: IN= OUT=temp_tap MACSRC=c2:76:e5:71:e1:de
MACDST=36:b0:4a:e2:72:ea MACPROTO=0806 ARP HTYPE=1 PTYPE=0x0800
OPCODE=2 MACSRC=c2:76:e5:71:e1:de IPSRC=192.168.150.1
MACDST=36:b0:4a:e2:72:ea IPDST=192.168.150.253
For some reasons, it seems that the Ethernet frame / SKB? (which
contains the *outbound* ARP packet) is not "parsed" correctly in the
arp and netdev family tables. As you can see, in case of arp family
table, MAC{SRC,DST,PROTO} have values that came from nowhere (and
therefore `ether sdddr|daddr` does not work as expected). In the case
of netdev family table, MAC{SRC,DST,PROTO} were fine, but it still try
to get the ARP header from the wrong place / offset (although `arp
saddr|daddr ether` works fine, as you can see). By contrast,
everything seems fine with the bridge family table.
Note that 14000 (HTYPE) is 0x36b0, with 0x4ae2 (PTYPE) they were the
first four octets of the expected MACDST. (Although not logged, HLEN
and PLEN would be 0x72 and 0xea respectively.) 47982 is 0xc276, which
were the first two octets of the expected MACSRC.
Tested with kernel 5.18.9. (The issue first came to my knowledge
through the post here: https://serverfault.com/q/1104251/569990)
Regards,
Tom
