em0, VLAN and bpf(?) trouble w/RELENG_5

[astesin at ukrtelecom.net]

> > The problem. From time to time, vlan0 stops passing packets 
> > at all. At 
> > this moments, Catalyst stops seeing MAC of vlan0 (it's the 
> > same MAC as
> > em0) in the mantione VLAN (untagged VLAN is also configured 
> > at em0 and 
> > works fine!).  This means that `show mac-address-table vlan XX' 
> > command on Catalyst don't show the MAC.
> > 
> > The problem can be easily repeated manually. It's enough 
> > just to issue 
> > a command like `trafshow -I vlan0' of `tcpdump -I vlan0' and voila! 
> > vlan0 is out of business, no packets are going through.
> 
> Hmm.  Could I get you to try/investigate a few things:
> 
> (1) If you run tcpdump on the em0 interface itself, does the 
> same thing happen?

Hmm... Tried this; yes the connection freeze. (The box is remote, and I'm
accessing it through the same vlan0; it's a bit boring). Oopps, when ssh
connection hangs up, tcpdump gets SIGHUP, and... everything works nice
again.

Can it happen that way that bpf (or maybe it's promiscuous mode?) just
"eats" all packets without returning them back into network stack? (Our
local Ukrainian FreeBSD people suggested trying -p switch to trafshow -
means "don't put interface into promiscuous mode" - but I didn't try this
yet, I think it shouldn't behave *this* way anyway).

> (2) When vlan0 wedges, do you still see traffic on em0, and can you
>     generate traffic on em0 that's picked up by the switch?

When I tried that from the console, being locally near the box (now I'm at
remote location) - yes, em0 was working Ok (in untagged VLAN) while vlan0
was already "frozen".

> (3) Do other vlan pseudo-interfaces wedge under similar circumstances?

Will check this in a while...

> (4) Could you try running with "debug.mpsafenet=0" in 
> loader.conf (reboot for it to take effect) and see if that makes a
difference?

`mpsafenet' is now off, because kernel is compiled with IPSec

> (5) Does it matter whether you enter promiscuous mode using 
> BPF -- i.e.,
>     "tcpdump -p -i vlan0" vs w/o the -p flag?

Will try this later. My collegue (sysadmin) occasionally started a long
fetch operation (Xorg) and I just don't want to interrupt it...

> (6) When vlan0 is in the wedged condition, how "no packets" 
> is it?  Can you send packets but not receieve, or receive packets and 
> not send?

AFAIK nothing goes through both ways. I can't check this for sure just now,
because Cisco router at the other end isn't under my responcibility.

> Thanks!

Thank you for your attention! I'll try all the other tests later this night.

WBR,
Andrew