Index | Thread | Search

From:
Alexander Bluhm <alexander.bluhm@gmx.net>
Subject:
Re: problem with gateway with snapshot #1660: Mon Feb 5 12:31:47 MST 2024
To:
Hrvoje Popovski <hrvoje@srce.hr>
Cc:
tech@openbsd.org
Date:
Tue, 6 Feb 2024 00:55:14 +0100

Download raw body.

Thread

  • Alexander Bluhm:

    problem with gateway with snapshot #1660: Mon Feb 5 12:31:47 MST 2024

    • On Tue, Feb 06, 2024 at 12:24:33AM +0100, Hrvoje Popovski wrote:
> On 6.2.2024. 0:15, Hrvoje Popovski wrote:
> > On 5.2.2024. 23:56, Hrvoje Popovski wrote:
> >> Hi all,
> >>
> >> with latest snapshot my firewall can't ping it's gateway and default
> >> route isn't working. I see default route with netstat -rnf inet but
> >> firewall
> >>
> >> Destination        Gateway            Flags   Refs      Use   Mtu  Prio
> >> Iface
> >> default            10.198.155.233    GS         0      209     -     8 em0
> >>
> > 
> > 
> > if I remove 10.198.155.233 as gateway than I can ping it.
> > 
> > bcbnfw1# ping 10.198.155.233
> > PING 10.198.155.233 (10.198.155.233): 56 data bytes
> > 64 bytes from 10.198.155.233: icmp_seq=0 ttl=255 time=0.874 ms
> > 64 bytes from 10.198.155.233: icmp_seq=1 ttl=255 time=0.220 ms
> > 
> > 
> > arp
> > 10.198.155.233                      00:1f:26:3d:d4:00     em0 19m39s
> > 
> 
> Sorry for spamming list. I was in panic mode.
> 
> With latest snapshot gateway doesn't work after reboot. After removing
> gateway, doing sh netstart and adding that same gateway firewall is
> working as it should.

Do I understand correctly that the problem appears after boot, but
not when setting the default route later?

I have intrduced a stupid bug in sys/netinet/in_pcb.c
    revision 1.288
    date: 2024/01/31 12:27:57;  author: bluhm;  state: Exp;  lines: +14 -27;
    commitid: X16LHIV9KkCBB2Zu;
    Split in_pcbrtentry() and in6_pcbrtentry() based on INP_IPV6.
and fixed it here
    revision 1.289
    date: 2024/02/02 15:39:23;  author: bluhm;  state: Exp;  lines: +2 -2;
     commitid: yke8TNyNyudaSvhc;
    In in_pcbrtentry() add missing return of in6_pcbrtentry() value.
The timestap of the snapshots suggest that both were not affected.

Maybe it is related to route generation number diff.
    revision 1.427
    date: 2024/01/31 14:56:42;  author: bluhm;  state: Exp;  lines: +42 -3;
    commitid: Z7Bwoh4DHiXOSQuF;
    Add route generation number to route cache.

Could you try to disable route generation number.  Please compile
from current with and without diff.  So we know the source code and
not only the snapshot.  And better do it in test envoronment than
in production.

Of course the generation number is not the only change in my commit,
but the only thing that should change behavior.

bluhm

Index: net/route.c
===================================================================
RCS file: /cvs/src/sys/net/route.c,v
diff -u -p -r1.428 route.c
--- net/route.c	5 Feb 2024 23:16:39 -0000	1.428
+++ net/route.c	5 Feb 2024 23:41:42 -0000
@@ -206,7 +206,7 @@ route_cache(struct route *ro, struct in_
 {
 	u_long gen;
 
-	gen = atomic_load_long(&rtgeneration);
+	gen = 0;
 	membar_consumer();
 
 	if (rtisvalid(ro->ro_rt) &&

  • Alexander Bluhm:

    problem with gateway with snapshot #1660: Mon Feb 5 12:31:47 MST 2024