Re: Ethernet interface set to the wrong group

Sat, 05 Apr 2025 10:19:43 -0700 

Reading hostname.if(5) and ifconfig(8) again, I understand that commands in 
hostname.if are executed by ifconfig. Of interest here is the ifconfig command 
"group"; hostname.if(8) does not say a word about this command, but it should 
work. Of special interest here is the group "egress". hostname.if(5) does not 
say a word about "egress"; this is not a critique, it is just a note on the 
fact. On its turn, ifconfig(8) mentions "egress", twice, only in reference to 
the command "group":

> a group could be used to create a hardware independent pf(4) ruleset (i.e. 
> not one based on the names of NICs) using existing (egress, carp, etc.) or 
> user-defined groups.

> The interfaces the default routes point to are members of the "egress" 
> interface group.

Does it work?

In the following case study, /etc/hostname.ix0 contains the command "group 
lan", and ix0 is assigned to group "lan" as a consequence. This means that the 
command "group" works in hostname.if. The command does not work for group 
"egress" however. Since em0 is wired to the gateway, em0 is the interface the 
default route points to, and therefore it should be assigned to egress. What 
follows is evidence of the fact that this does not happen.

Note that the interface ix0 is wired to the switch, its /etc/hostname.ix0 puts 
it in group "lan", it shows up in groups "lan" correctly, but it also shows up 
in group "egress" all by itself. You may say that perhaps the gateway has a 
wire to the switch as well. You are correct. The wire is needed because this is 
how this network works at this time. The OpenBSD firewall needs to be 
configured on the existing network before entering production mode in the 
existing network: the only change allowed will be the detachment of the wire 
that currently joins the gateway to the switch.

-----------------------------------------------------

192.168.1.1/24 is the LAN

192.168.1.1: gateway
192.168.1.4: em0 wire connected to gateway
192.168.1.5: em1 down
192.168.1.6: ix0 wire connected to switch
192.168.1.7: ix1 down

> ifconfig
lo0: flags=2008049<UP,LOOPBACK,RUNNING,MULTICAST,LRO> mtu 32768
   index 6 priority 0 llprio 3
   groups: lo
   inet 127.0.0.1 netmask 0xff000000
ix0: flags=2008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LRO> mtu 1500
   lladdr ac:1f:6b:6d:1e:18
   index 1 priority 0 llprio 3
   groups: lan egress
   media: Ethernet autoselect (10GSFP+Cu full-duplex,rxpause,txpause)
   status: active
   inet 192.168.1.6 netmask 0xffffff00 broadcast 192.168.1.255
ix1: flags=2008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LRO> mtu 1500
   lladdr ac:1f:6b:6d:1e:19
   index 2 priority 0 llprio 3
   groups: lan
   media: Ethernet autoselect
   status: no carrier
   inet 192.168.1.7 netmask 0xffffff00 broadcast 192.168.1.255
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
   lladdr ac:1f:6b:6d:1c:88
   index 3 priority 0 llprio 3
   media: Ethernet autoselect (1000baseT full-duplex,rxpause)
   status: active
   inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255
em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
   lladdr ac:1f:6b:6d:1c:89
   index 4 priority 0 llprio 3
   media: Ethernet autoselect (none)
   status: no carrier
   inet 192.168.1.5 netmask 0xffffff00 broadcast 192.168.1.255
   enc0: flags=0<>
   index 5 priority 0 llprio 3
   groups: enc
   status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136
   index 7 priority 0 llprio 3
   groups: pflog

> netstat -r -n

Routing tables

Internet:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
default            192.168.1.1        UGS        4       74     -     8 ix0
224/4              127.0.0.1          URS        0        4 32768     8 lo0
127/8              127.0.0.1          UGRS       0        0 32768     8 lo0
127.0.0.1          127.0.0.1          UHhl       3       85 32768     1 lo0
192.168.1/24       192.168.1.6        UCn        1       97     -     4 ix0
192.168.1/24       192.168.1.4        UCPn       0        2     -     4 em0
192.168.1/24       192.168.1.5        CPn        0        0     -     4 em1
192.168.1/24       192.168.1.7        CPn        0        0     -     4 ix1
192.168.1.1        14:49:bc:16:6c:a8  UHLch      1       39     -     3 ix0
192.168.1.4        ac:1f:6b:6d:1c:88  UHLl       0       43     -     1 em0
192.168.1.5        ac:1f:6b:6d:1c:89  UHLl       0        0     -     1 em1
192.168.1.6        ac:1f:6b:6d:1e:18  UHLl       0        7     -     1 ix0
192.168.1.7        ac:1f:6b:6d:1e:19  UHLl       0        0     -     1 ix1
192.168.1.255      192.168.1.6        UHb        0      642     -     1 ix0
192.168.1.255      192.168.1.4        UHPb       0        0     -     1 em0
192.168.1.255      192.168.1.5        HPb        0        0     -     1 em1
192.168.1.255      192.168.1.7        HPb        0        0     -     1 ix1

> route -n get default

   route to: 0.0.0.0
destination: 0.0.0.0
       mask: 0.0.0.0
    gateway: 192.168.1.1
  interface: ix0
 if address: 192.168.1.6
   priority: 8 (static)
      flags: <UP,GATEWAY,DONE,STATIC>
     use       mtu    expire
      74         0         0

Reply via email to