2 routers + Wiregurd + PBR + PPPOE

Installing and Using OpenWrt
9

Issue #1. Dropped packets on WAN interface (lan5)

ethtool -S lan5
NIC statistics:
     tx_packets: 1229459
     tx_bytes: 584056689
     rx_packets: 2096055
     rx_bytes: 2263026563
     TxDrop: 0
     TxCrcErr: 0
     TxUnicast: 1227787
     TxMulticast: 282
     TxBroadcast: 1403
     TxCollision: 0
     TxSingleCollision: 0
     TxMultipleCollision: 0
     TxDeferred: 0
     TxLateCollision: 0
     TxExcessiveCollistion: 0
     TxPause: 0
     TxPktSz64: 4760
     TxPktSz65To127: 182409
     TxPktSz128To255: 641844
     TxPktSz256To511: 81548
     TxPktSz512To1023: 18204
     Tx1024ToMax: 300707
     TxBytes: 589023503
     RxDrop: 0
     RxFiltering: 0
     RxUnicast: 2040234
     RxMulticast: 5430
     RxBroadcast: 50391
     RxAlignErr: 0
     RxCrcErr: 0
     RxUnderSizeErr: 0
     RxFragErr: 0
     RxOverSzErr: 0
     RxJabberErr: 0
     RxPause: 0
     RxPktSz64: 85827
     RxPktSz65To127: 88824
     RxPktSz128To255: 287810
     RxPktSz256To511: 41264
     RxPktSz512To1023: 29546
     RxPktSz1024ToMax: 1562784
     RxBytes: 2271410783
     RxCtrlDrop: 0
     RxIngressDrop: 0
     RxArlDrop: 0

     

ifconfig lan5
lan5      Link encap:Ethernet  HWaddr 52:AD:47:5D:3C:12  
          inet addr:192.168.178.20  Bcast:192.168.178.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:156503 errors:0 dropped:9914 overruns:0 frame:0
          TX packets:102745 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:120636377 (115.0 MiB)  TX bytes:35994413 (34.3 MiB)

On the WAN port, the packet sniffer shows broadcast packets constantly coming from the FritzBox (router1). Every 2 seconds.

tcpdump -i lan5 -c 100 'ether broadcast'
     
12:44:12.505957 dc:39:6f:25:f5:ee (oui Unknown) > Broadcast, ethertype Unknown (0x88e1), length 60: 
        0x0000:  0000 a000 b052 1c92 fdb6 0000 0000 0000  .....R..........
        0x0010:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0020:  0000 0000 0000 0000 0000 0000 0000       ..............
12:44:12.506031 dc:39:6f:25:f5:ee (oui Unknown) > Broadcast, ethertype Unknown (0x8912), length 60: 
        0x0000:  0170 a000 0000 1f84 92a3 97a2 5553 bef1  .p..........US..
        0x0010:  fcf9 796b 5214 13e9 e200 0000 0000 0000  ..ykR...........
        0x0020:  0000 0000 0000 0000 0000 0000 0000       ..............

according to the articles
https://serverfault.com/questions/1019460/how-can-i-use-iptables-to-drop-packages-for-an-invalid-ether-type
https://superuser.com/questions/1574757/unknown-ethertypes-0x88e1-and-0x8912-from-my-fritz-box
this is a search for smart devices and powerline extenders by a router1 (FritzBox) and there is nothing illegal here. Here the user described the problem in detail

What I've done:

  • Disabled SQM/VPN/PBR
  • Gathered all the technical datails
  • Disconnected all network devices, only one laptop left, connected via ethernet cable

I tried to use this rule, but it didn't work

table netdev filter {
    chain ingress {
        type filter hook ingress device lan5 priority 0; policy accept;
        meta protocol {0x8912, 0x88e1} drop
    }
}

I have searched through these topics 1 2 3 4 5 6 7 8 but no luck. It's not my case.

So my questions are
1) Can these packets occupy the network buffer of the lan5 interface?
2) How can I block these incoming packets using nftables/firewall4? So that they are not taken into account in the interface statistics.