DHCP packets get dropped inside the bridge

I have a bridged wifi interface:

# brctl show
bridge name	bridge id		STP enabled	interfaces
br-bb		7fff.001561980f7e	no		wlan1
							            wlan1-1

If I invoke tcpdump on the bridge interface, I see the DHCP request:

# tcpdump -i br-bb port 67 or port 68   -e
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-bb, link-type EN10MB (Ethernet), capture size 262144 bytes
12:24:33.518013 52:14:9f:54:e7:40 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 3170, p 0, ethertype IPv4, 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:14:9f:54:e7:40 (oui Unknown), length 300
12:24:34.904114 52:14:9f:54:e7:40 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 3170, p 0, ethertype IPv4, 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:14:9f:54:e7:40 (oui Unknown), length 300
12:24:37.038146 52:14:9f:54:e7:40 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 3170, p 0, ethertype IPv4, 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:14:9f:54:e7:40 (oui Unknown), length 300

But when I invoke the same command on a leg interface, for instance wlan1-1, then I see no DHCP requests passing by. That's really weird because I can see other packets passing on that interface.

Is that normal the DHCP request get dropped in the middle of my bridge? How can I enable them to pass through?

sysctl net.bridge; tcpdump -evni any udp port 67
# sysctl net.bridge
sysctl: error: 'net.bridge' is an unknown key

So instead I called (sorry for the flooding):

# sysctl net
net.core.bpf_jit_enable = 1
net.core.bpf_jit_limit = 268386304
net.core.busy_poll = 0
net.core.busy_read = 0
net.core.default_qdisc = fq_codel
net.core.dev_weight = 64
net.core.dev_weight_rx_bias = 1
net.core.dev_weight_tx_bias = 1
net.core.max_skb_frags = 17
net.core.message_burst = 10
net.core.message_cost = 5
net.core.netdev_budget = 300
net.core.netdev_budget_usecs = 20000
net.core.netdev_max_backlog = 1000
net.core.netdev_rss_key = 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
net.core.netdev_tstamp_prequeue = 1
net.core.optmem_max = 10240
net.core.rmem_default = 163840
net.core.rmem_max = 163840
net.core.somaxconn = 128
net.core.tstamp_allow_data = 1
net.core.warnings = 0
net.core.wmem_default = 163840
net.core.wmem_max = 163840
net.ipv4.conf.all.accept_local = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.arp_accept = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_notify = 0
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.disable_policy = 0
net.ipv4.conf.all.disable_xfrm = 0
net.ipv4.conf.all.drop_gratuitous_arp = 0
net.ipv4.conf.all.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.all.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.all.ignore_routes_with_linkdown = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.medium_id = 0
net.ipv4.conf.all.promote_secondaries = 0
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.proxy_arp_pvlan = 0
net.ipv4.conf.all.route_localnet = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.all.shared_media = 1
net.ipv4.conf.all.src_valid_mark = 0
net.ipv4.conf.all.tag = 0
net.ipv4.conf.br-bb.accept_local = 0
net.ipv4.conf.br-bb.accept_redirects = 1
net.ipv4.conf.br-bb.accept_source_route = 1
net.ipv4.conf.br-bb.arp_accept = 0
net.ipv4.conf.br-bb.arp_announce = 0
net.ipv4.conf.br-bb.arp_filter = 0
net.ipv4.conf.br-bb.arp_ignore = 1
net.ipv4.conf.br-bb.arp_notify = 0
net.ipv4.conf.br-bb.bootp_relay = 0
net.ipv4.conf.br-bb.disable_policy = 0
net.ipv4.conf.br-bb.disable_xfrm = 0
net.ipv4.conf.br-bb.drop_gratuitous_arp = 0
net.ipv4.conf.br-bb.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.br-bb.force_igmp_version = 0
net.ipv4.conf.br-bb.forwarding = 1
net.ipv4.conf.br-bb.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.br-bb.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.br-bb.ignore_routes_with_linkdown = 0
net.ipv4.conf.br-bb.log_martians = 0
net.ipv4.conf.br-bb.mc_forwarding = 0
net.ipv4.conf.br-bb.medium_id = 0
net.ipv4.conf.br-bb.promote_secondaries = 0
net.ipv4.conf.br-bb.proxy_arp = 0
net.ipv4.conf.br-bb.proxy_arp_pvlan = 0
net.ipv4.conf.br-bb.route_localnet = 0
net.ipv4.conf.br-bb.rp_filter = 0
net.ipv4.conf.br-bb.secure_redirects = 1
net.ipv4.conf.br-bb.send_redirects = 1
net.ipv4.conf.br-bb.shared_media = 1
net.ipv4.conf.br-bb.src_valid_mark = 0
net.ipv4.conf.br-bb.tag = 0
net.ipv4.conf.br-lan.accept_local = 0
net.ipv4.conf.br-lan.accept_redirects = 1
net.ipv4.conf.br-lan.accept_source_route = 1
net.ipv4.conf.br-lan.arp_accept = 0
net.ipv4.conf.br-lan.arp_announce = 0
net.ipv4.conf.br-lan.arp_filter = 0
net.ipv4.conf.br-lan.arp_ignore = 1
net.ipv4.conf.br-lan.arp_notify = 0
net.ipv4.conf.br-lan.bootp_relay = 0
net.ipv4.conf.br-lan.disable_policy = 0
net.ipv4.conf.br-lan.disable_xfrm = 0
net.ipv4.conf.br-lan.drop_gratuitous_arp = 0
net.ipv4.conf.br-lan.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.br-lan.force_igmp_version = 0
net.ipv4.conf.br-lan.forwarding = 1
net.ipv4.conf.br-lan.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.br-lan.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.br-lan.ignore_routes_with_linkdown = 0
net.ipv4.conf.br-lan.log_martians = 0
net.ipv4.conf.br-lan.mc_forwarding = 0
net.ipv4.conf.br-lan.medium_id = 0
net.ipv4.conf.br-lan.promote_secondaries = 0
net.ipv4.conf.br-lan.proxy_arp = 0
net.ipv4.conf.br-lan.proxy_arp_pvlan = 0
net.ipv4.conf.br-lan.route_localnet = 0
net.ipv4.conf.br-lan.rp_filter = 0
net.ipv4.conf.br-lan.secure_redirects = 1
net.ipv4.conf.br-lan.send_redirects = 1
net.ipv4.conf.br-lan.shared_media = 1
net.ipv4.conf.br-lan.src_valid_mark = 0
net.ipv4.conf.br-lan.tag = 0
net.ipv4.conf.default.accept_local = 0
net.ipv4.conf.default.accept_redirects = 1
net.ipv4.conf.default.accept_source_route = 1
net.ipv4.conf.default.arp_accept = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_notify = 0
net.ipv4.conf.default.bootp_relay = 0
net.ipv4.conf.default.disable_policy = 0
net.ipv4.conf.default.disable_xfrm = 0
net.ipv4.conf.default.drop_gratuitous_arp = 0
net.ipv4.conf.default.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.default.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.default.ignore_routes_with_linkdown = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.medium_id = 0
net.ipv4.conf.default.promote_secondaries = 0
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.proxy_arp_pvlan = 0
net.ipv4.conf.default.route_localnet = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.secure_redirects = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.default.shared_media = 1
net.ipv4.conf.default.src_valid_mark = 0
net.ipv4.conf.default.tag = 0
net.ipv4.conf.eth0.accept_local = 0
net.ipv4.conf.eth0.accept_redirects = 1
net.ipv4.conf.eth0.accept_source_route = 1
net.ipv4.conf.eth0.arp_accept = 0
net.ipv4.conf.eth0.arp_announce = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.eth0.arp_notify = 0
net.ipv4.conf.eth0.bootp_relay = 0
net.ipv4.conf.eth0.disable_policy = 0
net.ipv4.conf.eth0.disable_xfrm = 0
net.ipv4.conf.eth0.drop_gratuitous_arp = 0
net.ipv4.conf.eth0.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.eth0.force_igmp_version = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.eth0.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.eth0.ignore_routes_with_linkdown = 0
net.ipv4.conf.eth0.log_martians = 0
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.medium_id = 0
net.ipv4.conf.eth0.promote_secondaries = 0
net.ipv4.conf.eth0.proxy_arp = 0
net.ipv4.conf.eth0.proxy_arp_pvlan = 0
net.ipv4.conf.eth0.route_localnet = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth0.secure_redirects = 1
net.ipv4.conf.eth0.send_redirects = 1
net.ipv4.conf.eth0.shared_media = 1
net.ipv4.conf.eth0.src_valid_mark = 0
net.ipv4.conf.eth0.tag = 0
net.ipv4.conf.eth0.1.accept_local = 0
net.ipv4.conf.eth0.1.accept_redirects = 1
net.ipv4.conf.eth0.1.accept_source_route = 1
net.ipv4.conf.eth0.1.arp_accept = 0
net.ipv4.conf.eth0.1.arp_announce = 0
net.ipv4.conf.eth0.1.arp_filter = 0
net.ipv4.conf.eth0.1.arp_ignore = 1
net.ipv4.conf.eth0.1.arp_notify = 0
net.ipv4.conf.eth0.1.bootp_relay = 0
net.ipv4.conf.eth0.1.disable_policy = 0
net.ipv4.conf.eth0.1.disable_xfrm = 0
net.ipv4.conf.eth0.1.drop_gratuitous_arp = 0
net.ipv4.conf.eth0.1.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.eth0.1.force_igmp_version = 0
net.ipv4.conf.eth0.1.forwarding = 1
net.ipv4.conf.eth0.1.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.eth0.1.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.eth0.1.ignore_routes_with_linkdown = 0
net.ipv4.conf.eth0.1.log_martians = 0
net.ipv4.conf.eth0.1.mc_forwarding = 0
net.ipv4.conf.eth0.1.medium_id = 0
net.ipv4.conf.eth0.1.promote_secondaries = 0
net.ipv4.conf.eth0.1.proxy_arp = 0
net.ipv4.conf.eth0.1.proxy_arp_pvlan = 0
net.ipv4.conf.eth0.1.route_localnet = 0
net.ipv4.conf.eth0.1.rp_filter = 0
net.ipv4.conf.eth0.1.secure_redirects = 1
net.ipv4.conf.eth0.1.send_redirects = 1
net.ipv4.conf.eth0.1.shared_media = 1
net.ipv4.conf.eth0.1.src_valid_mark = 0
net.ipv4.conf.eth0.1.tag = 0
net.ipv4.conf.eth0.200.accept_local = 0
net.ipv4.conf.eth0.200.accept_redirects = 1
net.ipv4.conf.eth0.200.accept_source_route = 1
net.ipv4.conf.eth0.200.arp_accept = 0
net.ipv4.conf.eth0.200.arp_announce = 0
net.ipv4.conf.eth0.200.arp_filter = 0
net.ipv4.conf.eth0.200.arp_ignore = 1
net.ipv4.conf.eth0.200.arp_notify = 0
net.ipv4.conf.eth0.200.bootp_relay = 0
net.ipv4.conf.eth0.200.disable_policy = 0
net.ipv4.conf.eth0.200.disable_xfrm = 0
net.ipv4.conf.eth0.200.drop_gratuitous_arp = 0
net.ipv4.conf.eth0.200.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.eth0.200.force_igmp_version = 0
net.ipv4.conf.eth0.200.forwarding = 1
net.ipv4.conf.eth0.200.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.eth0.200.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.eth0.200.ignore_routes_with_linkdown = 0
net.ipv4.conf.eth0.200.log_martians = 0
net.ipv4.conf.eth0.200.mc_forwarding = 0
net.ipv4.conf.eth0.200.medium_id = 0
net.ipv4.conf.eth0.200.promote_secondaries = 0
net.ipv4.conf.eth0.200.proxy_arp = 0
net.ipv4.conf.eth0.200.proxy_arp_pvlan = 0
net.ipv4.conf.eth0.200.route_localnet = 0
net.ipv4.conf.eth0.200.rp_filter = 0
net.ipv4.conf.eth0.200.secure_redirects = 1
net.ipv4.conf.eth0.200.send_redirects = 1
net.ipv4.conf.eth0.200.shared_media = 1
net.ipv4.conf.eth0.200.src_valid_mark = 0
net.ipv4.conf.eth0.200.tag = 0
net.ipv4.conf.eth0.3170.accept_local = 0
net.ipv4.conf.eth0.3170.accept_redirects = 1
net.ipv4.conf.eth0.3170.accept_source_route = 1
net.ipv4.conf.eth0.3170.arp_accept = 0
net.ipv4.conf.eth0.3170.arp_announce = 0
net.ipv4.conf.eth0.3170.arp_filter = 0
net.ipv4.conf.eth0.3170.arp_ignore = 1
net.ipv4.conf.eth0.3170.arp_notify = 0
net.ipv4.conf.eth0.3170.bootp_relay = 0
net.ipv4.conf.eth0.3170.disable_policy = 0
net.ipv4.conf.eth0.3170.disable_xfrm = 0
net.ipv4.conf.eth0.3170.drop_gratuitous_arp = 0
net.ipv4.conf.eth0.3170.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.eth0.3170.force_igmp_version = 0
net.ipv4.conf.eth0.3170.forwarding = 1
net.ipv4.conf.eth0.3170.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.eth0.3170.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.eth0.3170.ignore_routes_with_linkdown = 0
net.ipv4.conf.eth0.3170.log_martians = 0
net.ipv4.conf.eth0.3170.mc_forwarding = 0
net.ipv4.conf.eth0.3170.medium_id = 0
net.ipv4.conf.eth0.3170.promote_secondaries = 0
net.ipv4.conf.eth0.3170.proxy_arp = 0
net.ipv4.conf.eth0.3170.proxy_arp_pvlan = 0
net.ipv4.conf.eth0.3170.route_localnet = 0
net.ipv4.conf.eth0.3170.rp_filter = 0
net.ipv4.conf.eth0.3170.secure_redirects = 1
net.ipv4.conf.eth0.3170.send_redirects = 1
net.ipv4.conf.eth0.3170.shared_media = 1
net.ipv4.conf.eth0.3170.src_valid_mark = 0
net.ipv4.conf.eth0.3170.tag = 0
net.ipv4.conf.eth1.accept_local = 0
net.ipv4.conf.eth1.accept_redirects = 1
net.ipv4.conf.eth1.accept_source_route = 1
net.ipv4.conf.eth1.arp_accept = 0
net.ipv4.conf.eth1.arp_announce = 0
net.ipv4.conf.eth1.arp_filter = 0
net.ipv4.conf.eth1.arp_ignore = 1
net.ipv4.conf.eth1.arp_notify = 0
net.ipv4.conf.eth1.bootp_relay = 0
net.ipv4.conf.eth1.disable_policy = 0
net.ipv4.conf.eth1.disable_xfrm = 0
net.ipv4.conf.eth1.drop_gratuitous_arp = 0
net.ipv4.conf.eth1.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.eth1.force_igmp_version = 0
net.ipv4.conf.eth1.forwarding = 1
net.ipv4.conf.eth1.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.eth1.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.eth1.ignore_routes_with_linkdown = 0
net.ipv4.conf.eth1.log_martians = 0
net.ipv4.conf.eth1.mc_forwarding = 0
net.ipv4.conf.eth1.medium_id = 0
net.ipv4.conf.eth1.promote_secondaries = 0
net.ipv4.conf.eth1.proxy_arp = 0
net.ipv4.conf.eth1.proxy_arp_pvlan = 0
net.ipv4.conf.eth1.route_localnet = 0
net.ipv4.conf.eth1.rp_filter = 0
net.ipv4.conf.eth1.secure_redirects = 1
net.ipv4.conf.eth1.send_redirects = 1
net.ipv4.conf.eth1.shared_media = 1
net.ipv4.conf.eth1.src_valid_mark = 0
net.ipv4.conf.eth1.tag = 0
net.ipv4.conf.eth1.2.accept_local = 0
net.ipv4.conf.eth1.2.accept_redirects = 1
net.ipv4.conf.eth1.2.accept_source_route = 1
net.ipv4.conf.eth1.2.arp_accept = 0
net.ipv4.conf.eth1.2.arp_announce = 0
net.ipv4.conf.eth1.2.arp_filter = 0
net.ipv4.conf.eth1.2.arp_ignore = 1
net.ipv4.conf.eth1.2.arp_notify = 0
net.ipv4.conf.eth1.2.bootp_relay = 0
net.ipv4.conf.eth1.2.disable_policy = 0
net.ipv4.conf.eth1.2.disable_xfrm = 0
net.ipv4.conf.eth1.2.drop_gratuitous_arp = 0
net.ipv4.conf.eth1.2.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.eth1.2.force_igmp_version = 0
net.ipv4.conf.eth1.2.forwarding = 1
net.ipv4.conf.eth1.2.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.eth1.2.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.eth1.2.ignore_routes_with_linkdown = 0
net.ipv4.conf.eth1.2.log_martians = 0
net.ipv4.conf.eth1.2.mc_forwarding = 0
net.ipv4.conf.eth1.2.medium_id = 0
net.ipv4.conf.eth1.2.promote_secondaries = 0
net.ipv4.conf.eth1.2.proxy_arp = 0
net.ipv4.conf.eth1.2.proxy_arp_pvlan = 0
net.ipv4.conf.eth1.2.route_localnet = 0
net.ipv4.conf.eth1.2.rp_filter = 0
net.ipv4.conf.eth1.2.secure_redirects = 1
net.ipv4.conf.eth1.2.send_redirects = 1
net.ipv4.conf.eth1.2.shared_media = 1
net.ipv4.conf.eth1.2.src_valid_mark = 0
net.ipv4.conf.eth1.2.tag = 0
net.ipv4.conf.lo.accept_local = 0
net.ipv4.conf.lo.accept_redirects = 1
net.ipv4.conf.lo.accept_source_route = 1
net.ipv4.conf.lo.arp_accept = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_notify = 0
net.ipv4.conf.lo.bootp_relay = 0
net.ipv4.conf.lo.disable_policy = 1
net.ipv4.conf.lo.disable_xfrm = 1
net.ipv4.conf.lo.drop_gratuitous_arp = 0
net.ipv4.conf.lo.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.lo.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.lo.ignore_routes_with_linkdown = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.medium_id = 0
net.ipv4.conf.lo.promote_secondaries = 0
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.proxy_arp_pvlan = 0
net.ipv4.conf.lo.route_localnet = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.lo.secure_redirects = 1
net.ipv4.conf.lo.send_redirects = 1
net.ipv4.conf.lo.shared_media = 1
net.ipv4.conf.lo.src_valid_mark = 0
net.ipv4.conf.lo.tag = 0
net.ipv4.conf.wlan1.accept_local = 0
net.ipv4.conf.wlan1.accept_redirects = 1
net.ipv4.conf.wlan1.accept_source_route = 1
net.ipv4.conf.wlan1.arp_accept = 0
net.ipv4.conf.wlan1.arp_announce = 0
net.ipv4.conf.wlan1.arp_filter = 0
net.ipv4.conf.wlan1.arp_ignore = 1
net.ipv4.conf.wlan1.arp_notify = 0
net.ipv4.conf.wlan1.bootp_relay = 0
net.ipv4.conf.wlan1.disable_policy = 0
net.ipv4.conf.wlan1.disable_xfrm = 0
net.ipv4.conf.wlan1.drop_gratuitous_arp = 0
net.ipv4.conf.wlan1.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.wlan1.force_igmp_version = 0
net.ipv4.conf.wlan1.forwarding = 1
net.ipv4.conf.wlan1.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.wlan1.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.wlan1.ignore_routes_with_linkdown = 0
net.ipv4.conf.wlan1.log_martians = 0
net.ipv4.conf.wlan1.mc_forwarding = 0
net.ipv4.conf.wlan1.medium_id = 0
net.ipv4.conf.wlan1.promote_secondaries = 0
net.ipv4.conf.wlan1.proxy_arp = 0
net.ipv4.conf.wlan1.proxy_arp_pvlan = 0
net.ipv4.conf.wlan1.route_localnet = 0
net.ipv4.conf.wlan1.rp_filter = 0
net.ipv4.conf.wlan1.secure_redirects = 1
net.ipv4.conf.wlan1.send_redirects = 1
net.ipv4.conf.wlan1.shared_media = 1
net.ipv4.conf.wlan1.src_valid_mark = 0
net.ipv4.conf.wlan1.tag = 0
net.ipv4.conf.wlan1-1.accept_local = 0
net.ipv4.conf.wlan1-1.accept_redirects = 1
net.ipv4.conf.wlan1-1.accept_source_route = 1
net.ipv4.conf.wlan1-1.arp_accept = 0
net.ipv4.conf.wlan1-1.arp_announce = 0
net.ipv4.conf.wlan1-1.arp_filter = 0
net.ipv4.conf.wlan1-1.arp_ignore = 1
net.ipv4.conf.wlan1-1.arp_notify = 0
net.ipv4.conf.wlan1-1.bootp_relay = 0
net.ipv4.conf.wlan1-1.disable_policy = 0
net.ipv4.conf.wlan1-1.disable_xfrm = 0
net.ipv4.conf.wlan1-1.drop_gratuitous_arp = 0
net.ipv4.conf.wlan1-1.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.wlan1-1.force_igmp_version = 0
net.ipv4.conf.wlan1-1.forwarding = 1
net.ipv4.conf.wlan1-1.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.wlan1-1.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.wlan1-1.ignore_routes_with_linkdown = 0
net.ipv4.conf.wlan1-1.log_martians = 0
net.ipv4.conf.wlan1-1.mc_forwarding = 0
net.ipv4.conf.wlan1-1.medium_id = 0
net.ipv4.conf.wlan1-1.promote_secondaries = 0
net.ipv4.conf.wlan1-1.proxy_arp = 0
net.ipv4.conf.wlan1-1.proxy_arp_pvlan = 0
net.ipv4.conf.wlan1-1.route_localnet = 0
net.ipv4.conf.wlan1-1.rp_filter = 0
net.ipv4.conf.wlan1-1.secure_redirects = 1
net.ipv4.conf.wlan1-1.send_redirects = 1
net.ipv4.conf.wlan1-1.shared_media = 1
net.ipv4.conf.wlan1-1.src_valid_mark = 0
net.ipv4.conf.wlan1-1.tag = 0
net.ipv4.conf.wlan1-1.sta1.accept_local = 0
net.ipv4.conf.wlan1-1.sta1.accept_redirects = 1
net.ipv4.conf.wlan1-1.sta1.accept_source_route = 1
net.ipv4.conf.wlan1-1.sta1.arp_accept = 0
net.ipv4.conf.wlan1-1.sta1.arp_announce = 0
net.ipv4.conf.wlan1-1.sta1.arp_filter = 0
net.ipv4.conf.wlan1-1.sta1.arp_ignore = 1
net.ipv4.conf.wlan1-1.sta1.arp_notify = 0
net.ipv4.conf.wlan1-1.sta1.bootp_relay = 0
net.ipv4.conf.wlan1-1.sta1.disable_policy = 0
net.ipv4.conf.wlan1-1.sta1.disable_xfrm = 0
net.ipv4.conf.wlan1-1.sta1.drop_gratuitous_arp = 0
net.ipv4.conf.wlan1-1.sta1.drop_unicast_in_l2_multicast = 0
net.ipv4.conf.wlan1-1.sta1.force_igmp_version = 0
net.ipv4.conf.wlan1-1.sta1.forwarding = 1
net.ipv4.conf.wlan1-1.sta1.igmpv2_unsolicited_report_interval = 10000
net.ipv4.conf.wlan1-1.sta1.igmpv3_unsolicited_report_interval = 1000
net.ipv4.conf.wlan1-1.sta1.ignore_routes_with_linkdown = 0
net.ipv4.conf.wlan1-1.sta1.log_martians = 0
net.ipv4.conf.wlan1-1.sta1.mc_forwarding = 0
net.ipv4.conf.wlan1-1.sta1.medium_id = 0
net.ipv4.conf.wlan1-1.sta1.promote_secondaries = 0
net.ipv4.conf.wlan1-1.sta1.proxy_arp = 0
net.ipv4.conf.wlan1-1.sta1.proxy_arp_pvlan = 0
net.ipv4.conf.wlan1-1.sta1.route_localnet = 0
net.ipv4.conf.wlan1-1.sta1.rp_filter = 0
net.ipv4.conf.wlan1-1.sta1.secure_redirects = 1
net.ipv4.conf.wlan1-1.sta1.send_redirects = 1
net.ipv4.conf.wlan1-1.sta1.shared_media = 1
net.ipv4.conf.wlan1-1.sta1.src_valid_mark = 0
net.ipv4.conf.wlan1-1.sta1.tag = 0
...

The rest comes in a second post, because posts are limited to 32000 chars.

The rest of the output of #sysctl net is here:

net.ipv4.fib_multipath_hash_policy = 0
net.ipv4.fib_multipath_use_neigh = 0
net.ipv4.fwmark_reflect = 0
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_msgs_burst = 50
net.ipv4.icmp_msgs_per_sec = 1000
net.ipv4.icmp_ratelimit = 1000
net.ipv4.icmp_ratemask = 6168
net.ipv4.igmp_link_local_mcast_reports = 1
net.ipv4.igmp_max_memberships = 100
net.ipv4.igmp_max_msf = 10
net.ipv4.igmp_qrv = 2
net.ipv4.inet_peer_maxttl = 600
net.ipv4.inet_peer_minttl = 120
net.ipv4.inet_peer_threshold = 65664
net.ipv4.ip_default_ttl = 64
net.ipv4.ip_dynaddr = 0
net.ipv4.ip_early_demux = 1
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
net.ipv4.ip_local_port_range = 32768	60999
net.ipv4.ip_local_reserved_ports = 
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.ip_nonlocal_bind = 0
net.ipv4.ip_unprivileged_port_start = 1024
net.ipv4.ipfrag_high_thresh = 4194304
net.ipv4.ipfrag_low_thresh = 3145728
net.ipv4.ipfrag_max_dist = 64
net.ipv4.ipfrag_secret_interval = 0
net.ipv4.ipfrag_time = 30
net.ipv4.neigh.br-bb.anycast_delay = 100
net.ipv4.neigh.br-bb.app_solicit = 0
net.ipv4.neigh.br-bb.base_reachable_time = 30
net.ipv4.neigh.br-bb.base_reachable_time_ms = 30000
net.ipv4.neigh.br-bb.delay_first_probe_time = 5
net.ipv4.neigh.br-bb.gc_stale_time = 60
net.ipv4.neigh.br-bb.locktime = 100
net.ipv4.neigh.br-bb.mcast_resolicit = 0
net.ipv4.neigh.br-bb.mcast_solicit = 3
net.ipv4.neigh.br-bb.proxy_delay = 80
net.ipv4.neigh.br-bb.proxy_qlen = 64
net.ipv4.neigh.br-bb.retrans_time = 100
net.ipv4.neigh.br-bb.retrans_time_ms = 1000
net.ipv4.neigh.br-bb.ucast_solicit = 3
net.ipv4.neigh.br-bb.unres_qlen = 86
net.ipv4.neigh.br-bb.unres_qlen_bytes = 163840
net.ipv4.neigh.br-lan.anycast_delay = 100
net.ipv4.neigh.br-lan.app_solicit = 0
net.ipv4.neigh.br-lan.base_reachable_time = 30
net.ipv4.neigh.br-lan.base_reachable_time_ms = 30000
net.ipv4.neigh.br-lan.delay_first_probe_time = 5
net.ipv4.neigh.br-lan.gc_stale_time = 60
net.ipv4.neigh.br-lan.locktime = 100
net.ipv4.neigh.br-lan.mcast_resolicit = 0
net.ipv4.neigh.br-lan.mcast_solicit = 3
net.ipv4.neigh.br-lan.proxy_delay = 80
net.ipv4.neigh.br-lan.proxy_qlen = 64
net.ipv4.neigh.br-lan.retrans_time = 100
net.ipv4.neigh.br-lan.retrans_time_ms = 1000
net.ipv4.neigh.br-lan.ucast_solicit = 3
net.ipv4.neigh.br-lan.unres_qlen = 86
net.ipv4.neigh.br-lan.unres_qlen_bytes = 163840
net.ipv4.neigh.default.anycast_delay = 100
net.ipv4.neigh.default.app_solicit = 0
net.ipv4.neigh.default.base_reachable_time = 30
net.ipv4.neigh.default.base_reachable_time_ms = 30000
net.ipv4.neigh.default.delay_first_probe_time = 5
net.ipv4.neigh.default.gc_interval = 30
net.ipv4.neigh.default.gc_stale_time = 60
net.ipv4.neigh.default.gc_thresh1 = 128
net.ipv4.neigh.default.gc_thresh2 = 512
net.ipv4.neigh.default.gc_thresh3 = 1024
net.ipv4.neigh.default.locktime = 100
net.ipv4.neigh.default.mcast_resolicit = 0
net.ipv4.neigh.default.mcast_solicit = 3
net.ipv4.neigh.default.proxy_delay = 80
net.ipv4.neigh.default.proxy_qlen = 64
net.ipv4.neigh.default.retrans_time = 100
net.ipv4.neigh.default.retrans_time_ms = 1000
net.ipv4.neigh.default.ucast_solicit = 3
net.ipv4.neigh.default.unres_qlen = 86
net.ipv4.neigh.default.unres_qlen_bytes = 163840
net.ipv4.neigh.eth0.anycast_delay = 100
net.ipv4.neigh.eth0.app_solicit = 0
net.ipv4.neigh.eth0.base_reachable_time = 30
net.ipv4.neigh.eth0.base_reachable_time_ms = 30000
net.ipv4.neigh.eth0.delay_first_probe_time = 5
net.ipv4.neigh.eth0.gc_stale_time = 60
net.ipv4.neigh.eth0.locktime = 100
net.ipv4.neigh.eth0.mcast_resolicit = 0
net.ipv4.neigh.eth0.mcast_solicit = 3
net.ipv4.neigh.eth0.proxy_delay = 80
net.ipv4.neigh.eth0.proxy_qlen = 64
net.ipv4.neigh.eth0.retrans_time = 100
net.ipv4.neigh.eth0.retrans_time_ms = 1000
net.ipv4.neigh.eth0.ucast_solicit = 3
net.ipv4.neigh.eth0.unres_qlen = 86
net.ipv4.neigh.eth0.unres_qlen_bytes = 163840
net.ipv4.neigh.eth0.1.anycast_delay = 100
net.ipv4.neigh.eth0.1.app_solicit = 0
net.ipv4.neigh.eth0.1.base_reachable_time = 30
net.ipv4.neigh.eth0.1.base_reachable_time_ms = 30000
net.ipv4.neigh.eth0.1.delay_first_probe_time = 5
net.ipv4.neigh.eth0.1.gc_stale_time = 60
net.ipv4.neigh.eth0.1.locktime = 100
net.ipv4.neigh.eth0.1.mcast_resolicit = 0
net.ipv4.neigh.eth0.1.mcast_solicit = 3
net.ipv4.neigh.eth0.1.proxy_delay = 80
net.ipv4.neigh.eth0.1.proxy_qlen = 64
net.ipv4.neigh.eth0.1.retrans_time = 100
net.ipv4.neigh.eth0.1.retrans_time_ms = 1000
net.ipv4.neigh.eth0.1.ucast_solicit = 3
net.ipv4.neigh.eth0.1.unres_qlen = 86
net.ipv4.neigh.eth0.1.unres_qlen_bytes = 163840
net.ipv4.neigh.eth0.200.anycast_delay = 100
net.ipv4.neigh.eth0.200.app_solicit = 0
net.ipv4.neigh.eth0.200.base_reachable_time = 30
net.ipv4.neigh.eth0.200.base_reachable_time_ms = 30000
net.ipv4.neigh.eth0.200.delay_first_probe_time = 5
net.ipv4.neigh.eth0.200.gc_stale_time = 60
net.ipv4.neigh.eth0.200.locktime = 100
net.ipv4.neigh.eth0.200.mcast_resolicit = 0
net.ipv4.neigh.eth0.200.mcast_solicit = 3
net.ipv4.neigh.eth0.200.proxy_delay = 80
net.ipv4.neigh.eth0.200.proxy_qlen = 64
net.ipv4.neigh.eth0.200.retrans_time = 100
net.ipv4.neigh.eth0.200.retrans_time_ms = 1000
net.ipv4.neigh.eth0.200.ucast_solicit = 3
net.ipv4.neigh.eth0.200.unres_qlen = 86
net.ipv4.neigh.eth0.200.unres_qlen_bytes = 163840
net.ipv4.neigh.eth0.3170.anycast_delay = 100
net.ipv4.neigh.eth0.3170.app_solicit = 0
net.ipv4.neigh.eth0.3170.base_reachable_time = 30
net.ipv4.neigh.eth0.3170.base_reachable_time_ms = 30000
net.ipv4.neigh.eth0.3170.delay_first_probe_time = 5
net.ipv4.neigh.eth0.3170.gc_stale_time = 60
net.ipv4.neigh.eth0.3170.locktime = 100
net.ipv4.neigh.eth0.3170.mcast_resolicit = 0
net.ipv4.neigh.eth0.3170.mcast_solicit = 3
net.ipv4.neigh.eth0.3170.proxy_delay = 80
net.ipv4.neigh.eth0.3170.proxy_qlen = 64
net.ipv4.neigh.eth0.3170.retrans_time = 100
net.ipv4.neigh.eth0.3170.retrans_time_ms = 1000
net.ipv4.neigh.eth0.3170.ucast_solicit = 3
net.ipv4.neigh.eth0.3170.unres_qlen = 86
net.ipv4.neigh.eth0.3170.unres_qlen_bytes = 163840
net.ipv4.neigh.eth1.anycast_delay = 100
net.ipv4.neigh.eth1.app_solicit = 0
net.ipv4.neigh.eth1.base_reachable_time = 30
net.ipv4.neigh.eth1.base_reachable_time_ms = 30000
net.ipv4.neigh.eth1.delay_first_probe_time = 5
net.ipv4.neigh.eth1.gc_stale_time = 60
net.ipv4.neigh.eth1.locktime = 100
net.ipv4.neigh.eth1.mcast_resolicit = 0
net.ipv4.neigh.eth1.mcast_solicit = 3
net.ipv4.neigh.eth1.proxy_delay = 80
net.ipv4.neigh.eth1.proxy_qlen = 64
net.ipv4.neigh.eth1.retrans_time = 100
net.ipv4.neigh.eth1.retrans_time_ms = 1000
net.ipv4.neigh.eth1.ucast_solicit = 3
net.ipv4.neigh.eth1.unres_qlen = 86
net.ipv4.neigh.eth1.unres_qlen_bytes = 163840
net.ipv4.neigh.eth1.2.anycast_delay = 100
net.ipv4.neigh.eth1.2.app_solicit = 0
net.ipv4.neigh.eth1.2.base_reachable_time = 30
net.ipv4.neigh.eth1.2.base_reachable_time_ms = 30000
net.ipv4.neigh.eth1.2.delay_first_probe_time = 5
net.ipv4.neigh.eth1.2.gc_stale_time = 60
net.ipv4.neigh.eth1.2.locktime = 100
net.ipv4.neigh.eth1.2.mcast_resolicit = 0
net.ipv4.neigh.eth1.2.mcast_solicit = 3
net.ipv4.neigh.eth1.2.proxy_delay = 80
net.ipv4.neigh.eth1.2.proxy_qlen = 64
net.ipv4.neigh.eth1.2.retrans_time = 100
net.ipv4.neigh.eth1.2.retrans_time_ms = 1000
net.ipv4.neigh.eth1.2.ucast_solicit = 3
net.ipv4.neigh.eth1.2.unres_qlen = 86
net.ipv4.neigh.eth1.2.unres_qlen_bytes = 163840
net.ipv4.neigh.lo.anycast_delay = 100
net.ipv4.neigh.lo.app_solicit = 0
net.ipv4.neigh.lo.base_reachable_time = 30
net.ipv4.neigh.lo.base_reachable_time_ms = 30000
net.ipv4.neigh.lo.delay_first_probe_time = 5
net.ipv4.neigh.lo.gc_stale_time = 60
net.ipv4.neigh.lo.locktime = 100
net.ipv4.neigh.lo.mcast_resolicit = 0
net.ipv4.neigh.lo.mcast_solicit = 3
net.ipv4.neigh.lo.proxy_delay = 80
net.ipv4.neigh.lo.proxy_qlen = 64
net.ipv4.neigh.lo.retrans_time = 100
net.ipv4.neigh.lo.retrans_time_ms = 1000
net.ipv4.neigh.lo.ucast_solicit = 3
net.ipv4.neigh.lo.unres_qlen = 86
net.ipv4.neigh.lo.unres_qlen_bytes = 163840
net.ipv4.neigh.wlan1.anycast_delay = 100
net.ipv4.neigh.wlan1.app_solicit = 0
net.ipv4.neigh.wlan1.base_reachable_time = 30
net.ipv4.neigh.wlan1.base_reachable_time_ms = 30000
net.ipv4.neigh.wlan1.delay_first_probe_time = 5
net.ipv4.neigh.wlan1.gc_stale_time = 60
net.ipv4.neigh.wlan1.locktime = 100
net.ipv4.neigh.wlan1.mcast_resolicit = 0
net.ipv4.neigh.wlan1.mcast_solicit = 3
net.ipv4.neigh.wlan1.proxy_delay = 80
net.ipv4.neigh.wlan1.proxy_qlen = 64
net.ipv4.neigh.wlan1.retrans_time = 100
net.ipv4.neigh.wlan1.retrans_time_ms = 1000
net.ipv4.neigh.wlan1.ucast_solicit = 3
net.ipv4.neigh.wlan1.unres_qlen = 86
net.ipv4.neigh.wlan1.unres_qlen_bytes = 163840
net.ipv4.neigh.wlan1-1.anycast_delay = 100
net.ipv4.neigh.wlan1-1.app_solicit = 0
net.ipv4.neigh.wlan1-1.base_reachable_time = 30
net.ipv4.neigh.wlan1-1.base_reachable_time_ms = 30000
net.ipv4.neigh.wlan1-1.delay_first_probe_time = 5
net.ipv4.neigh.wlan1-1.gc_stale_time = 60
net.ipv4.neigh.wlan1-1.locktime = 100
net.ipv4.neigh.wlan1-1.mcast_resolicit = 0
net.ipv4.neigh.wlan1-1.mcast_solicit = 3
net.ipv4.neigh.wlan1-1.proxy_delay = 80
net.ipv4.neigh.wlan1-1.proxy_qlen = 64
net.ipv4.neigh.wlan1-1.retrans_time = 100
net.ipv4.neigh.wlan1-1.retrans_time_ms = 1000
net.ipv4.neigh.wlan1-1.ucast_solicit = 3
net.ipv4.neigh.wlan1-1.unres_qlen = 86
net.ipv4.neigh.wlan1-1.unres_qlen_bytes = 163840
net.ipv4.neigh.wlan1-1.sta1.anycast_delay = 100
net.ipv4.neigh.wlan1-1.sta1.app_solicit = 0
net.ipv4.neigh.wlan1-1.sta1.base_reachable_time = 30
net.ipv4.neigh.wlan1-1.sta1.base_reachable_time_ms = 30000
net.ipv4.neigh.wlan1-1.sta1.delay_first_probe_time = 5
net.ipv4.neigh.wlan1-1.sta1.gc_stale_time = 60
net.ipv4.neigh.wlan1-1.sta1.locktime = 100
net.ipv4.neigh.wlan1-1.sta1.mcast_resolicit = 0
net.ipv4.neigh.wlan1-1.sta1.mcast_solicit = 3
net.ipv4.neigh.wlan1-1.sta1.proxy_delay = 80
net.ipv4.neigh.wlan1-1.sta1.proxy_qlen = 64
net.ipv4.neigh.wlan1-1.sta1.retrans_time = 100
net.ipv4.neigh.wlan1-1.sta1.retrans_time_ms = 1000
net.ipv4.neigh.wlan1-1.sta1.ucast_solicit = 3
net.ipv4.neigh.wlan1-1.sta1.unres_qlen = 86
net.ipv4.neigh.wlan1-1.sta1.unres_qlen_bytes = 163840
net.ipv4.ping_group_range = 1	0
net.ipv4.route.error_burst = 500
net.ipv4.route.error_cost = 100
net.ipv4.route.gc_elasticity = 8
net.ipv4.route.gc_interval = 60
net.ipv4.route.gc_min_interval = 0
net.ipv4.route.gc_min_interval_ms = 500
net.ipv4.route.gc_thresh = -1
net.ipv4.route.gc_timeout = 300
net.ipv4.route.max_size = 2147483647
net.ipv4.route.min_adv_mss = 256
net.ipv4.route.min_pmtu = 552
net.ipv4.route.mtu_expires = 600
net.ipv4.route.redirect_load = 2
net.ipv4.route.redirect_number = 9
net.ipv4.route.redirect_silence = 2048
net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_adv_win_scale = 1
net.ipv4.tcp_allowed_congestion_control = cubic reno
net.ipv4.tcp_app_win = 31
net.ipv4.tcp_autocorking = 1
net.ipv4.tcp_available_congestion_control = cubic reno
net.ipv4.tcp_available_ulp = 
net.ipv4.tcp_base_mss = 1024
net.ipv4.tcp_challenge_ack_limit = 1000
net.ipv4.tcp_congestion_control = cubic
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_early_demux = 1
net.ipv4.tcp_early_retrans = 3
net.ipv4.tcp_ecn = 0
net.ipv4.tcp_ecn_fallback = 1
net.ipv4.tcp_fack = 0
net.ipv4.tcp_fastopen = 1
net.ipv4.tcp_fastopen_blackhole_timeout_sec = 3600
net.ipv4.tcp_fastopen_key = 10a6e996-bc8afb90-d5401e55-6bd3284d
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_frto = 2
net.ipv4.tcp_fwmark_accept = 0
net.ipv4.tcp_invalid_ratelimit = 500
net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_time = 120
net.ipv4.tcp_limit_output_bytes = 262144
net.ipv4.tcp_low_latency = 0
net.ipv4.tcp_max_orphans = 512
net.ipv4.tcp_max_reordering = 300
net.ipv4.tcp_max_syn_backlog = 128
net.ipv4.tcp_max_tw_buckets = 512
net.ipv4.tcp_mem = 1437	1917	2874
net.ipv4.tcp_min_rtt_wlen = 300
net.ipv4.tcp_min_snd_mss = 48
net.ipv4.tcp_min_tso_segs = 2
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_mtu_probing = 0
net.ipv4.tcp_no_metrics_save = 0
net.ipv4.tcp_notsent_lowat = 4294967295
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_pacing_ca_ratio = 120
net.ipv4.tcp_pacing_ss_ratio = 200
net.ipv4.tcp_probe_interval = 600
net.ipv4.tcp_probe_threshold = 8
net.ipv4.tcp_recovery = 1
net.ipv4.tcp_reordering = 3
net.ipv4.tcp_retrans_collapse = 1
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_rfc1337 = 0
net.ipv4.tcp_rmem = 4096	87380	981600
net.ipv4.tcp_sack = 1
net.ipv4.tcp_slow_start_after_idle = 1
net.ipv4.tcp_stdurg = 0
net.ipv4.tcp_syn_retries = 6
net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_thin_linear_timeouts = 0
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_tso_win_divisor = 3
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_wmem = 4096	16384	981600
net.ipv4.tcp_workaround_signed_windows = 0
net.ipv4.udp_early_demux = 1
net.ipv4.udp_mem = 2874	3834	5748
net.ipv4.udp_rmem_min = 4096
net.ipv4.udp_wmem_min = 4096
net.netfilter.nf_conntrack_acct = 1
net.netfilter.nf_conntrack_buckets = 2048
net.netfilter.nf_conntrack_checksum = 0
net.netfilter.nf_conntrack_count = 2
net.netfilter.nf_conntrack_expect_max = 32
net.netfilter.nf_conntrack_generic_timeout = 600
net.netfilter.nf_conntrack_helper = 0
net.netfilter.nf_conntrack_icmp_timeout = 30
net.netfilter.nf_conntrack_log_invalid = 0
net.netfilter.nf_conntrack_max = 16384
net.netfilter.nf_conntrack_tcp_be_liberal = 0
net.netfilter.nf_conntrack_tcp_loose = 1
net.netfilter.nf_conntrack_tcp_max_retrans = 3
net.netfilter.nf_conntrack_tcp_no_window_check = 1
net.netfilter.nf_conntrack_tcp_timeout_close = 10
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_established = 7440
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
net.netfilter.nf_conntrack_udp_timeout = 60
net.netfilter.nf_conntrack_udp_timeout_stream = 180
net.netfilter.nf_log.0 = NONE
net.netfilter.nf_log.1 = NONE
net.netfilter.nf_log.10 = NONE
net.netfilter.nf_log.11 = NONE
net.netfilter.nf_log.12 = NONE
net.netfilter.nf_log.2 = nf_log_ipv4
net.netfilter.nf_log.3 = NONE
net.netfilter.nf_log.4 = NONE
net.netfilter.nf_log.5 = NONE
net.netfilter.nf_log.6 = NONE
net.netfilter.nf_log.7 = NONE
net.netfilter.nf_log.8 = NONE
net.netfilter.nf_log.9 = NONE
net.netfilter.nf_log_all_netns = 0
net.nf_conntrack_max = 16384
net.unix.max_dgram_qlen = 10

As for the second command:

# tcpdump -evni any udp port 67
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
14:26:44.806810   B 52:14:9f:54:e7:40 ethertype 802.1Q (0x8100), length 348: vlan 3170, p 0, ethertype IPv4, (tos 0x0, ttl 255, id 29966, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:14:9f:54:e7:40, length 300, xid 0xe07c2d54, secs 52, Flags [none]
	  Client-Ethernet-Address 52:14:9f:54:e7:40
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: Discover
	    Parameter-Request Option 55, length 8: 
	      Subnet-Mask, Classless-Static-Route, Default-Gateway, Domain-Name-Server
	      Domain-Name, URL, Option 119, Option 252
	    MSZ Option 57, length 2: 1500
	    Client-ID Option 61, length 7: ether 52:14:9f:54:e7:40
	    Lease-Time Option 51, length 4: 7776000
	    Hostname Option 12, length 14: "iPhone-de-Yves"
14:26:44.806810   B 52:14:9f:54:e7:40 ethertype 802.1Q (0x8100), length 348: vlan 3170, p 0, ethertype IPv4, (tos 0x0, ttl 255, id 29966, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:14:9f:54:e7:40, length 300, xid 0xe07c2d54, secs 52, Flags [none]
	  Client-Ethernet-Address 52:14:9f:54:e7:40
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: Discover
	    Parameter-Request Option 55, length 8: 
	      Subnet-Mask, Classless-Static-Route, Default-Gateway, Domain-Name-Server
	      Domain-Name, URL, Option 119, Option 252
	    MSZ Option 57, length 2: 1500
	    Client-ID Option 61, length 7: ether 52:14:9f:54:e7:40
	    Lease-Time Option 51, length 4: 7776000
	    Hostname Option 12, length 14: "iPhone-de-Yves"
14:26:48.057367   P ea:15:61:98:0f:1c ethertype 802.1Q (0x8100), length 367: vlan 3170, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 58642, offset 0, flags [none], proto UDP (17), length 347)
    172.16.0.1.67 > 172.16.7.189.68: BOOTP/DHCP, Reply, length 319, xid 0xe07c2d54, secs 52, Flags [none]
	  Your-IP 172.16.7.189
	  Server-IP 172.16.0.1
	  Client-Ethernet-Address 52:14:9f:54:e7:40
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: Offer
	    Server-ID Option 54, length 4: 172.16.0.1
	    Lease-Time Option 51, length 4: 3600
	    RN Option 58, length 4: 1800
	    RB Option 59, length 4: 3150
	    Domain-Name Option 15, length 3: "lan"
	    Subnet-Mask Option 1, length 4: 255.255.0.0
	    T252 Option 252, length 26: 26740,29808,14895,12081,14130,11825,13870,12334,12591,30576,24932,11876,24948
	    Domain-Name-Server Option 6, length 4: 172.16.0.1
	    Default-Gateway Option 3, length 4: 172.16.0.1
14:26:48.057367   P ea:15:61:98:0f:1c ethertype IPv4 (0x0800), length 363: (tos 0x0, ttl 64, id 58642, offset 0, flags [none], proto UDP (17), length 347)
    172.16.0.1.67 > 172.16.7.189.68: BOOTP/DHCP, Reply, length 319, xid 0xe07c2d54, secs 52, Flags [none]
	  Your-IP 172.16.7.189
	  Server-IP 172.16.0.1
	  Client-Ethernet-Address 52:14:9f:54:e7:40
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: Offer
	    Server-ID Option 54, length 4: 172.16.0.1
	    Lease-Time Option 51, length 4: 3600
	    RN Option 58, length 4: 1800
	    RB Option 59, length 4: 3150
	    Domain-Name Option 15, length 3: "lan"
	    Subnet-Mask Option 1, length 4: 255.255.0.0
	    T252 Option 252, length 26: 26740,29808,14895,12081,14130,11825,13870,12334,12591,30576,24932,11876,24948
	    Domain-Name-Server Option 6, length 4: 172.16.0.1
	    Default-Gateway Option 3, length 4: 172.16.0.1
^C

show us firewall rules (and or zone) for that vlan...

There should be no firewall rules. Does it answer your question if I invoke iptables -L ? (I am a network noob, so if you need more precision, please ask me).

root@00-15-61-98-53-A7:/# iptables -L -t filter
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain forwarding_rule (0 references)
target     prot opt source               destination         

Chain input_rule (0 references)
target     prot opt source               destination         

Chain output_rule (0 references)
target     prot opt source               destination         

Chain reject (0 references)
target     prot opt source               destination         

Chain syn_flood (0 references)
target     prot opt source               destination         
root@00-15-61-98-53-A7:/# iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
root@00-15-61-98-53-A7:/# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
prerouting_rule  all  --  anywhere             anywhere             /* !fw3: Custom prerouting rule chain */

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
postrouting_rule  all  --  anywhere             anywhere             /* !fw3: Custom postrouting rule chain */

Chain postrouting_rule (1 references)
target     prot opt source               destination         

Chain prerouting_rule (1 references)
target     prot opt source               destination         
root@00-15-61-98-53-A7:/# 

1 Like

@anon50098793 @vgaetera Sorry for the confusion: the requests pass through, but the DHCP replies are dropped in the middle of the bridge:

root@00-15-61-98-53-A7:/# brctl show
bridge name	bridge id		STP enabled	interfaces
br-bb		7fff.0015619853a7	no		eth0
							            wlan1
							            wlan1-1
							            wlan1-1.sta1
br-lan		7fff.0015619853a7	no		eth0.1

# tcpdump -eni eth0 udp port 67
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:11:06.629825 ea:15:61:98:0f:1c > 52:14:9f:54:e7:40, ethertype 802.1Q (0x8100), length 365: vlan 3170, p 0, ethertype IPv4, 172.16.0.1.67 > 172.16.7.189.68: BOOTP/DHCP, Reply, length 319
... (and many more)

while on the wlan1-1 interface, I get nothing (no output while waiting here for a minute or so):

root@00-15-61-98-53-A7:/# tcpdump -eni wlan1-1 udp port 67
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan1-1, link-type EN10MB (Ethernet), capture size 262144 bytes


One more time, sorry for any confusion (I get tired with this issue .... )

The DHCP discover messages are captured as 802.1Q VLAN 3170.
But one of the DHCP offer messages goes without VLAN tag.

Looks like some sort of confusion with VLANs and/or the built-in switch.
Also we typically don't use eth0 and eth0.1 at the same time.

1 Like

Possible it was that.
I've just factory reset my machine, reinstalled everything and I managed to make it work... I don't know how...

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.