From: Alexander Bluhm Subject: Re: problem with gateway with snapshot #1660: Mon Feb 5 12:31:47 MST 2024 To: Hrvoje Popovski Cc: tech@openbsd.org Date: Tue, 6 Feb 2024 00:55:14 +0100 On Tue, Feb 06, 2024 at 12:24:33AM +0100, Hrvoje Popovski wrote: > On 6.2.2024. 0:15, Hrvoje Popovski wrote: > > On 5.2.2024. 23:56, Hrvoje Popovski wrote: > >> Hi all, > >> > >> with latest snapshot my firewall can't ping it's gateway and default > >> route isn't working. I see default route with netstat -rnf inet but > >> firewall > >> > >> Destination Gateway Flags Refs Use Mtu Prio > >> Iface > >> default 10.198.155.233 GS 0 209 - 8 em0 > >> > > > > > > if I remove 10.198.155.233 as gateway than I can ping it. > > > > bcbnfw1# ping 10.198.155.233 > > PING 10.198.155.233 (10.198.155.233): 56 data bytes > > 64 bytes from 10.198.155.233: icmp_seq=0 ttl=255 time=0.874 ms > > 64 bytes from 10.198.155.233: icmp_seq=1 ttl=255 time=0.220 ms > > > > > > arp > > 10.198.155.233 00:1f:26:3d:d4:00 em0 19m39s > > > > Sorry for spamming list. I was in panic mode. > > With latest snapshot gateway doesn't work after reboot. After removing > gateway, doing sh netstart and adding that same gateway firewall is > working as it should. Do I understand correctly that the problem appears after boot, but not when setting the default route later? I have intrduced a stupid bug in sys/netinet/in_pcb.c revision 1.288 date: 2024/01/31 12:27:57; author: bluhm; state: Exp; lines: +14 -27; commitid: X16LHIV9KkCBB2Zu; Split in_pcbrtentry() and in6_pcbrtentry() based on INP_IPV6. and fixed it here revision 1.289 date: 2024/02/02 15:39:23; author: bluhm; state: Exp; lines: +2 -2; commitid: yke8TNyNyudaSvhc; In in_pcbrtentry() add missing return of in6_pcbrtentry() value. The timestap of the snapshots suggest that both were not affected. Maybe it is related to route generation number diff. revision 1.427 date: 2024/01/31 14:56:42; author: bluhm; state: Exp; lines: +42 -3; commitid: Z7Bwoh4DHiXOSQuF; Add route generation number to route cache. Could you try to disable route generation number. Please compile from current with and without diff. So we know the source code and not only the snapshot. And better do it in test envoronment than in production. Of course the generation number is not the only change in my commit, but the only thing that should change behavior. bluhm Index: net/route.c =================================================================== RCS file: /cvs/src/sys/net/route.c,v diff -u -p -r1.428 route.c --- net/route.c 5 Feb 2024 23:16:39 -0000 1.428 +++ net/route.c 5 Feb 2024 23:41:42 -0000 @@ -206,7 +206,7 @@ route_cache(struct route *ro, struct in_ { u_long gen; - gen = atomic_load_long(&rtgeneration); + gen = 0; membar_consumer(); if (rtisvalid(ro->ro_rt) &&