ospf: Socket error on ix0: Permission denied + a lot KIF: Received address message for unknown interface

SC SCx kredaxx at gmail.com
Mon Dec 7 13:48:33 CET 2015 

Hello.

I have a FreeBSD x64 10.2-p7 system with Bird 1.5.0 acting as a PPPOE
concentrator using MPD5 version 5.7

The system has 2 physical interfaces:

ix0 ( a /30 connection to another freebsd router - ABR running Bird  )
ix1 ( listening for PPPOE via MPD5 )

And many virtual interfaces when a PPPOE connection is established that
follow this pattern:

ng1, ng2, ng3 ... etc

Here's my bird config (This router is running in a Totally Stubby Area
0.0.0.1):

router id 172.16.116.5;

protocol kernel {
        export all;
}

protocol direct {
        interface "ix0", "ng*";
}

protocol device {
        scan time 10;
}

protocol static {

}

protocol ospf {
        tick 2;
        area 0.0.0.1 {
                stub yes;
                summary no;

                networks {
                        10.10.0.0/16;
                        125.40.44.0/22;
                };

                interface "ix0" {
                        dead count 4;
                        type broadcast;
                };

                interface "ng*" {
                        stub yes;
                };
        };
}

This router also has a firewall enabled (ipfw) with the following rules:

00100  deny ip from any to not 125.40.44.0/22 out recv ng* xmit ng*
01000  pipe tablearg ip from any to table(2) out via ng*
01010  deny ip from any to any out via ng*
01020  pipe tablearg ip from table(1) to any in via ng*
01030  deny ip from any to any in via ng*
65534  allow ip from any to any
65535  deny ip from any to any

What happens when I turn the system on and receive about 800 connections
(e.g around 800 ng interfaces are created) is this in the logs:

Dec  2 03:59:41 pppoe1 bird: ospf1: Socket error on ix0: Permission denied
Dec  2 03:59:41 pppoe1 bird: KIF: Received address message for unknown
interface 124
Dec  2 03:59:41 pppoe1 last message repeated 2 times
Dec  2 03:59:41 pppoe1 bird: KIF: Received address message for unknown
interface 123
Dec  2 03:59:41 pppoe1 last message repeated 2 times
Dec  2 03:59:41 pppoe1 bird: KIF: Received address message for unknown
interface 125
Dec  2 03:59:41 pppoe1 last message repeated 2 times
Dec  2 03:59:41 pppoe1 bird: KIF: Received address message for unknown
interface 126
Dec  2 03:59:41 pppoe1 last message repeated 2 times
Dec  2 03:59:41 pppoe1 bird: KIF: Received address message for unknown
interface 127
Dec  2 03:59:41 pppoe1 last message repeated 2 times
Dec  2 03:59:41 pppoe1 bird: KIF: Received address message for unknown
interface 128
Dec  2 03:59:41 pppoe1 last message repeated 2 times
Dec  2 03:59:41 pppoe1 bird: KIF: Received address message for unknown
interface 130
Dec  2 03:59:41 pppoe1 last message repeated 2 times
Dec  2 03:59:41 pppoe1 bird: KIF: Received address message for unknown
interface 129
Dec  2 03:59:41 pppoe1 last message repeated 2 times
Dec  2 03:59:41 pppoe1 bird: KIF: Received address message for unknown
interface 131
Dec  2 03:59:41 pppoe1 last message repeated 2 times
Dec  2 03:59:41 pppoe1 bird: KIF: Received address message for unknown
interface 133
Dec  2 03:59:41 pppoe1 last message repeated 2 times
Dec  2 03:59:41 pppoe1 bird: KIF: Received address message for unknown
interface 132
Dec  2 03:59:41 pppoe1 last message repeated 2 times
Dec  2 03:59:41 pppoe1 bird: KIF: Received address message for unknown
interface 134
Dec  2 03:59:41 pppoe1 last message repeated 2 times
Dec  2 03:59:41 pppoe1 bird: KIF: Received address message for unknown
interface 136
Dec  2 03:59:41 pppoe1 last message repeated 2 times
Dec  2 03:59:41 pppoe1 bird: KIF: Received address message for unknown
interface 135
Dec  2 03:59:41 pppoe1 last message repeated 2 times
.... and much more

As it can be seen I see tons of KIF: Received address message for unknown
interface messages which I am not sure if it means anything serious. These
happen anytime a ng interface is brought up/down.

The worst is ospf1: Socket error on ix0: Permission denied because bird
doesn't appear to listen and form any adjacency via ospf on this interface.

At first I thought this may be due to a race condition, e.g Bird might load
faster than the firewall rules and with ipfw the only loaded rule at
startup is 'deny ip from any to any' which could explain the permission
error. However if I manually stop bird and restart it after the system has
fully booted I still receive the permission error, despite that there's now
an 'allow ip from any to any' rule present.

Interestingly I have an identical setup created with VirtualBox for this
router and when I test with only 2 PPPOE connections it doesn't complain
about any permission error. Same firewall rules and everything else. System
starts up the same way, but no permission error. And the router forms
adjacency..

I do still see of KIF: Received address message for unknown interface
messages, though.

Any ideas what can be the cause?

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20151207/16518aeb/attachment.html>

More information about the Bird-users mailing list