Thanks for the link. I’ll keep an eye on this thread and the gitlab issue (and maybe figure out DSA VLANs some day).
The issue might be sorted with kernel => 5.4, least from my bit of testing.
Prior that arrives in TOS a simple workaround might be to add the clients’ MACs that could potentially roam from a switch port to the node’s AP manually (thus being a static entry) to the bridge’s FDB
For static FDB entries which the user adds, they are first added to the software bridge, and then pushed down to the switch.
Gather those MACs and query the respective WLan device name through bridge v and follow the Static FDB Entries section https://www.kernel.org/doc/Documentation/networking/switchdev.txt.
I have not tested this and neither do I know whether the bridge’s ageing will also retire static entries, but for sure it does not survive a power cycle and thus would need to be scripted if to be applied on rebooting the device (that if it works indeed).
I can confirm that removing mac fdb from switch specific lan port is working. I created an daemon to watch MACs appeared on wlan ifaces and remove it automatically.
2 Likes
@psy666, thanks a lot for sharing this. It seems to have solved (or at least worked around) the issue for me!
I installed it according to the instructions and it does mention in the logs that it is running, but it doesn’t work. I didn’t reboot the switch yet, didn’t seem necessary. Is there anything I can troubleshoot?
To be clear, I’m using the MOX as an AP and I’m not using the WAN port. Roaming from home network to MOX WiFi fails almost every time.
Update: the reason it didn’t work was because my uplink is on lan3 not lan1.
@psy666 I took a look at the script and I think it’s not necessary to list all the ports. Instead, you can just remove the mac address from all other interfaces.
here is an init script that does this, just copy it to /etc/init.d/whatevernameyoulike
#!/bin/bash /etc/rc.common
USE_PROCD=1
EXTRA_COMMANDS=run
START=99
STOP=10
run() {
/usr/sbin/bridge monitor fdb | while read mac d dev rest; do
if [ $mac != Deleted ]; then
echo Found $mac on $dev;
/usr/sbin/bridge fdb show br br-lan | while read omac d odev rest; do
if [ $omac = $mac ] && [ $odev != $dev ]; then
echo Removing old entry from $odev;
/usr/sbin/bridge fdb del $mac dev $odev $rest;
fi;
done;
fi;
done
}
start_service() {
procd_open_instance
procd_set_param command $initscript run
procd_set_param stdout 1
procd_set_param stderr 1
procd_close_instance
}
2 Likes
@Wout_Mertens Thank you for the script. It seems to fix the arp problem for an Omnia with a default network configuration without vlans.
Since TOS was updated to use DSA, pings between devices on the local network started to fail intermittently. I think the problem is caused by failures in arp responses.
Your script fixes the problem even though I do not use vlans.
# cat /etc/config/network
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option ifname 'lo'
config globals 'globals'
option ula_prefix '****:****:****::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.0.1'
list ifname 'lan0'
list ifname 'lan1'
list ifname 'lan2'
list ifname 'lan3'
list ifname 'lan4'
config interface 'wan'
option proto 'dhcp'
option ipv6 '1'
option peerdns '0'
option dns '8.8.8.8 8.8.4.4'
option ifname 'eth2'
config interface 'wan6'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option peerdns '0'
option dns '2001:4860:4860::8888 2001:4860:4860::8844'
option noserverunicast '1'
option ifname '@wan'
config interface 'guest_turris'
option enabled '0'
option type 'bridge'
option proto 'static'
option bridge_empty '1'
list ifname 'guest_turris_0'
list ifname 'guest_turris_1'
1 Like
I’m sad it’s still necessary 
And what upcoming TOS 6?
I just disabled automatic updates since this script is working. There are too many surprises with the updates.
There is little documentation of the interaction between dnsmasq + kresd. It would be nice to see practical examples of kresd in a split-horizon DNS configuration rather than emotional and dismissive comments.