I have used [/tool sniffer] on a VLAN interface (sub-interface to ether5 in my RB751G-2HnD) and generated the file testRecording.pcap. This works and the file looks right in Wireshark. (It only contains a few packets about keep-alive telnet commands to a modem. The modem and the router are the only two devices in this VLAN.)
Then I tried to playback this file using [/tool traffic-generator inject-pcap interface=“VLAN=modemControlChannel” pcap-file=“testRecording.pcap”]. This causes RouterOS to crash and reboot immediately. After reboot it shows the following error in the log: “router was rebooted without proper shutdown by watchdog timer” (never had this before).
If I playback the pcap file into ether5 instead of its VLAN sub-interface, it seems to work: The console answers something like “iteration: 1 \ tx-packets: 33 \ tx-bytes: 2051”. There is no reboot.
However, I am not certain that it really works: I temporarily moved one to the router’s own IP addresses to ether5 and added some “log all tcp on ether5” rules to the firewall. The pcap file contains packets targeted to this IP (and the router’s MAC). Nevertheless, I do not see any log entries from the firewall when playing back this pcap file. Shouldn’t the router see injected packets to itself?
The same crash&reboot occurs, if I try to playback the pcap file into my brigde interface (that bridges ether1, ether2 and wlan and is the only bridge in my config). Again it does not crash, if I playback it e.g. into ether2.
Further information that might help debugging&reproducing the issue:
I first found the reboots on v6.2. I upgraded to v6.3. No change.
ether5 is a standalone interface (in no bridge), but has three VLAN sub-interfaces.
I have tried other pcap files (recorded with Wireshark on a Windows machine); same behavior.
Can you please try to reproduce the reboot?
Is there maybe some self-test script available for inject-pcap (that generates, records and replays some packets to the router itself and shows them via firewall log rules)?
EDIT: This post might not be related at all, as cimMT pointed out below.
I can confirm similar issues. I have an RB2011 and an RB751G with vlan trunking between them. I have not investigated more closely, but the RB2011 with 6.x used to crash every 20-40 minutes with the same log entry:
“router was rebooted without proper shutdown by watchdog timer”.
In 5.24 it didn’t occur. Now I have removed the vlan trunk it works fine.
I’ve ordered spare mikrotik routers for further experimenting without causing downtime
@janisk: Thanks for your quick reply and thanks for working on it! @friction: I never had any intermittent reboots, only when I used the inject-pcap command mentioned above. (I guess that the “watchdog timer” log entry we both see is generic and occurs for any cause of unexpected reboot…)
First of all, I can confirm that pcap-injecting into a bridge or VLAN interface no longer causes any reboot in v6.4rc1.
I have tested the new pcap-inject feature a bit further and have a question regarding packets that are targeted to the router’s own MAC. It seems that all packets get tx-injected. Intuitively, I had expected that packets in the pcap file that have the router’s own MAC address as destination automatically get rx-injected into the same interface. How can I rx-inject packets to the router? Or more to the point: How can I inject them in a way that they trigger their matching IP firewall rules (for example, a dstnat forwarding rule for a specific port)?
Details / reproducible test case:
I created a pcap file with a single TCP packet sent to the router.
When I playback the pcap file from a windows machine (connected to ether2/bridge0):
I see the packet in Wireshark.
RouterOS logs the packet via a bridge-level IN-ether2 log action.
RouterOS logs the packet via a matching IP-firewall-level log action.
So, everything is processed as I expected.
When I now inject the identical pcap file from within RouterOS via the traffic-generator (into ether2 or its bridge; does not make any difference):
I see the identical packet in Wireshark.
RouterOS logs the packet via a bridge-level filter/OUT-ether2 log action.
I do not see the packet being processed by the IP firewall.
The same happens when injecting a pcap file that was recorded inside RouterOS (with filter-direction=rx).
