level=warning msg=Received unexpected Bonjour packet

[gutschein]

Hi, installed your nice solution on MT RB3011. in the log I get frequently (~3 secs) a warning. I'd like to understand, why a bonbjour-reflector doesn't expect bonjour packets ;) What could this mean?

time=2024-01-21T18:47:30Z level=warning msg=Received unexpected Bonjour packet: PACKET: 1518 bytes, wire length 1518 cap length 1518 @ 2024-01-21 18:47:29.298703 +0000 UTC
- Layer 1 (14 bytes) = Ethernet {Contents=[..14..] Payload=[..1504..] SrcMAC=00:00:00:03:00:19 DstMAC=01:00:5e:00:00:fb EthernetType=Dot1Q Length=0}
- Layer 2 (04 bytes) = Dot1Q    {Contents=[0, 30, 8, 0] Payload=[..1500..] Priority=0 DropEligible=false VLANIdentifier=30 Type=IPv4}
- Layer 3 (20 bytes) = IPv4 {Contents=[..20..] Payload=[..1480..] Version=4 IHL=5 TOS=0 Length=1500 Id=47005 Flags=MF FragOffset=0 TTL=255 Protocol=UDP Checksum=7868 SrcIP=192.168.30.19 DstIP=224.0.0.251 Options=[] Padding=[]}
- Layer 4 (1480 bytes) = Fragment   1480 byte(s)

[nberlee]

I would really like a packet capture when this happens of the 192.168.30.19

This is a packet addressed on the right multicast group and port, but is NOT a DNS query or DNS response. https://github.com/nberlee/bonjour-reflector/blob/ea19ed88ea91a22c53d1c76dcb2067f5d80897b4/bonjour.go#L35

So the content is totally unexpected to the bonjour reflector. As this is the case, it does not know if the packet is a response or query and therefor does not know how to securely handle it.

Maybe there is something wrong with my detection, and I would love to fix it, but I need to see the content in order to make a determination

[gutschein]

I would really like a packet capture when this happens of the 192.168.30.19

How can I do this? With a tool in the MT router?

2nd question: Would this warning comes with any config.toml or must the unexpected package be related to any of my customized devices? Note: the MAC noted in the warning ("DstMAC=01:00:5e:00:00:fb") is not part of my device list. But maybe I oversee something. I assume it is independend to the devices.

[nberlee]

Tools -> Network Sniffer

In tab General set a File Name

Type in the ip adress, and set the Inferface to you veth interface for the reflector. Click apply, click Start, watch the Packets come in using Packets. Click stop if you captured enough, go to Files and download the pcap, upload it here.

2nd question: Can come from any device on one of the vlans. The problem is, bonjour-reflector only forwards responses from config.toml devices to the vlans, and forwards only mdns queries from vlans then back to the devices.

Because it cannot make heads or tails from this packet it can therefor be everything. As it cannot determine if its a query or a response

[gutschein]

sniff_vlan030.zip I had a running homebridge container. WIth stopping it the unexpected packages doesn't comes up anymore Container image: oznu/homebridge

Attached ZIP (sniff-file ZIPped) as requested

[gutschein]

As I'd like to use the homebridge-container again in future it would be great, if you find a solution for this. Since a while your refelector works fine now. But this is still on my open-issue-list :)

[gutschein]

Hi, any progress on the sniffed package? Is it expainable and is there a solution? I'd like to re-activate the homebridge-container. Thank you.