Hi Guys, I was evaluating the GS108Tv3 for table/POS access switch usage. I discovered that third party hardware suddenly was not able to communicatie with eachother anymore, so I investigated it, and discovered that sending broadcasts to udp poort 123 is actively dropped by the switch.It's a bit of an unfortunate port, but that does not justify blocking the port. Test case: take a factory reset GS108Tv3 with any firmware version up to 7.0.4.4 .Attach a system on one port, and use this script:root@ultra:~# for i in 122 123 124; do echo crap| socat - UDP4-DATAGRAM:10.255.255.255:$i,broadcast;done It just broadcasts "crap" to udp ports 122, 123 and 124.On another port listen to the device:tcpdump -nei eth0 ether host 00:1e:06:31:cc:12 and udp15:54:59.343666 00:1e:06:31:cc:12 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 60: 10.235.0.1.56381 > 10.255.255.255.122: UDP, length 515:55:00.373540 00:1e:06:31:cc:12 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 60: 10.235.0.1.38117 > 10.255.255.255.124: UDP, length 5 The switch also sees it drops packets, but it doesn't say why. In the web interface: Monitoring,Ports,Port Detailed Statistics clearly shows two counters: Total Received Packets Not Forwarded9Dropped Transmit Frames9 Could someone tell me how to report a grave bug like this to netgear? EDIT 1: 16:48:31.565478 00:1e:06:31:cc:12 > 33:33:00:00:55:55, ethertype IPv6 (0x86dd), length 67: fe80::21e:6ff:fe31:cc12.56472 > ff02::5555.122: UDP, length 516:48:32.075350 00:1e:06:31:cc:12 > 33:33:00:00:55:55, ethertype IPv6 (0x86dd), length 67: fe80::21e:6ff:fe31:cc12.54246 > ff02::5555.123: NTPv4, Client, length 516:48:32.584974 00:1e:06:31:cc:12 > 33:33:00:00:55:55, ethertype IPv6 (0x86dd), length 67: fe80::21e:6ff:fe31:cc12.47350 > ff02::5555.124: UDP, length 516:49:38.466926 00:1e:06:31:cc:12 > 01:00:5e:01:01:01, ethertype IPv4 (0x0800), length 60: 10.235.0.1.60205 > 224.1.1.1.122: UDP, length 516:49:38.977551 00:1e:06:31:cc:12 > 01:00:5e:01:01:01, ethertype IPv4 (0x0800), length 60: 10.235.0.1.40214 > 224.1.1.1.123: NTPv4, Client, length 516:49:39.487050 00:1e:06:31:cc:12 > 01:00:5e:01:01:01, ethertype IPv4 (0x0800), length 60: 10.235.0.1.46736 > 224.1.1.1.124: UDP, length 5 So it's specific to IPv4 broadcast.My next EDIT will when I move the management to out-of-band instead of in band, because I fear it might be a filter to specifically protect the host cpu, but the host cpu should just get by with a tiny iptables if it's necessary.

Update:We got a beta release 7.0.4.7beta that fixed the issue.Currently the switch has been running production for 2 months I think, and not a problem that's related to that switch. Of course I've seen weird things going on in the switch (upnp, weird configuration daemons and such), but it doesn't stop it from working. So that beta seems good.Changing the management vlan will be my next achievement, I fear I have to do that with scripted tftp download, sed, tftp upload, reboot. As the web doesn't allow it, and the command line doesn't allow it. Maybe if we use the serial console, but we do not intend to solder one on every switch ;-). Anyway, past the initial problems of getting a support ticket opened (the "owner" is a different person than the tech support here), the support crew was helpful in getting it resolved. Regards,Ard van Breemen

Ardje

Guide

May 28, 2020

Solved

[BUG] GS108tv3 blocks udp broadcasts to port 123

Hi Guys,

I was evaluating the GS108Tv3 for table/POS access switch usage. I discovered that third party hardware suddenly was not able to communicatie with eachother anymore, so I investigated it, and discovered that sending broadcasts to udp poort 123 is actively dropped by the switch.

It's a bit of an unfortunate port, but that does not justify blocking the port.

Test case: take a factory reset GS108Tv3 with any firmware version up to 7.0.4.4 .

Attach a system on one port, and use this script:

root@ultra:~# for i in 122 123 124; do echo crap| socat - UDP4-DATAGRAM:10.255.255.255:$i,broadcast;done

It just broadcasts "crap" to udp ports 122, 123 and 124.

On another port listen to the device:

tcpdump -nei eth0 ether host 00:1e:06:31:cc:12 and udp

15:54:59.343666 00:1e:06:31:cc:12 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 60: 10.235.0.1.56381 > 10.255.255.255.122: UDP, length 5
15:55:00.373540 00:1e:06:31:cc:12 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 60: 10.235.0.1.38117 > 10.255.255.255.124: UDP, length 5

The switch also sees it drops packets, but it doesn't say why. In the web interface: Monitoring,Ports,Port Detailed Statistics clearly shows two counters:

Total Received Packets Not Forwarded

Dropped Transmit Frames

Could someone tell me how to report a grave bug like this to netgear?

EDIT 1:

16:48:31.565478 00:1e:06:31:cc:12 > 33:33:00:00:55:55, ethertype IPv6 (0x86dd), length 67: fe80::21e:6ff:fe31:cc12.56472 > ff02::5555.122: UDP, length 5
16:48:32.075350 00:1e:06:31:cc:12 > 33:33:00:00:55:55, ethertype IPv6 (0x86dd), length 67: fe80::21e:6ff:fe31:cc12.54246 > ff02::5555.123: NTPv4, Client, length 5
16:48:32.584974 00:1e:06:31:cc:12 > 33:33:00:00:55:55, ethertype IPv6 (0x86dd), length 67: fe80::21e:6ff:fe31:cc12.47350 > ff02::5555.124: UDP, length 5
16:49:38.466926 00:1e:06:31:cc:12 > 01:00:5e:01:01:01, ethertype IPv4 (0x0800), length 60: 10.235.0.1.60205 > 224.1.1.1.122: UDP, length 5
16:49:38.977551 00:1e:06:31:cc:12 > 01:00:5e:01:01:01, ethertype IPv4 (0x0800), length 60: 10.235.0.1.40214 > 224.1.1.1.123: NTPv4, Client, length 5
16:49:39.487050 00:1e:06:31:cc:12 > 01:00:5e:01:01:01, ethertype IPv4 (0x0800), length 60: 10.235.0.1.46736 > 224.1.1.1.124: UDP, length 5

So it's specific to IPv4 broadcast.

My next EDIT will when I move the management to out-of-band instead of in band, because I fear it might be a filter to specifically protect the host cpu, but the host cpu should just get by with a tiny iptables if it's necessary.

Ardje
Sep 11, 2020
Update:
We got a beta release 7.0.4.7beta that fixed the issue.
Currently the switch has been running production for 2 months I think, and not a problem that's related to that switch.

Of course I've seen weird things going on in the switch (upnp, weird configuration daemons and such), but it doesn't stop it from working. So that beta seems good.

Changing the management vlan will be my next achievement, I fear I have to do that with scripted tftp download, sed, tftp upload, reboot. As the web doesn't allow it, and the command line doesn't allow it. Maybe if we use the serial console, but we do not intend to solder one on every switch ;-).

Anyway, past the initial problems of getting a support ticket opened (the "owner" is a different person than the tech support here), the support crew was helpful in getting it resolved.

Regards,
Ard van Breemen

Forum Discussion

[BUG] GS108tv3 blocks udp broadcasts to port 123

12 Replies

Related Content

Setting MTU on GS108Tv3

GS108Tv3, disable SSDP broadcast on UDP port 1900

2.4GHZ Band not broadcasting

VLAN Routing GS108Tv3

SSID broadcast

NETGEAR Academy

ProSupport for Business