What a FreeBSD kernel message about your bridge means
Suppose, not hypothetically, that you're operating a FreeBSD based bridging firewall (or some other bridge situation) and you see something like the following kernel message:
kernel: bridge0: mac address 01:02:03:04:05:06 vlan 0 moved from ix0 to ix1 kernel: bridge0: mac address 01:02:03:04:05:06 vlan 0 moved from ix1 to ix0
The bad news is that this message means what you think it means. Your FreeBSD bridge between ix0 and ix1 first saw this MAC address as the source address on a packet it received on the ix0 interface of the bridge, and then it saw the same MAC address as the source address of a packet received on ix1, and then it received another packet on ix0 with that MAC address as the source address. Either you have something echoing those packets back on one side, or there is a network path between the two sides that bypasses your bridge.
(If you're lucky this happens regularly. If you're not lucky it happens only some of the time.)
This particular message comes from bridge_rtupdate()
in
sys/net/if_bridge.c, which is
called to update the bridge's 'routing entries', which here means
MAC addresses, not IP addresses. This function is called from
bridge_forward()
, which forwards packets, which is itself
called from bridge_input()
, which handles received packets.
All of this only happens if the underlying interfaces are in
'learning' mode, but this is the default.
As covered in the ifconfig manual page, you can inspect what MAC addresses have been learned on which device with 'ifconfig bridge0 addr' (covered in the 'Bridge Interface Parameters' section of the manual page). This may be useful to see if your bridge normally has a certain MAC address (perhaps the one that's moving) on the interface it should be on. If you want to go further, it's possible to set a static mapping for some MAC addresses, which will make them stick to one interface even if seen on another one.
Logging this message is controlled by the net.link.bridge.log_mac_flap sysctl, and it's rate limited to only being reported five times a second in general (using ppsratecheck()). That's five times total, even if each time is a different MAC address or even a different bridge. This 'five times a second' log count isn't controllable through a sysctl.
(I'm writing all of this down because I looked much of it up today. Sometimes I'm a system programmer who goes digging in the (FreeBSD) kernel source just to be sure.)
|
|