From: Vitaliy Makkoveev Subject: Re: problem with gateway with snapshot #1660: Mon Feb 5 12:31:47 MST 2024 To: Alexander Bluhm Cc: Hrvoje Popovski , tech@openbsd.org Date: Tue, 6 Feb 2024 12:05:05 +0300 Sorry :( On Tue, Feb 06, 2024 at 01:22:19AM +0100, Alexander Bluhm wrote: > On Tue, Feb 06, 2024 at 01:18:29AM +0100, Hrvoje Popovski wrote: > > On 6.2.2024. 1:07, Alexander Bluhm wrote: > > > On Tue, Feb 06, 2024 at 12:40:17AM +0100, Hrvoje Popovski wrote: > > >> On 6.2.2024. 0:24, Hrvoje Popovski wrote: > > >>> On 6.2.2024. 0:15, Hrvoje Popovski wrote: > > >>>> On 5.2.2024. 23:56, Hrvoje Popovski wrote: > > >>>>> Hi all, > > >>>>> > > >>>>> with latest snapshot my firewall can't ping it's gateway and default > > >>>>> route isn't working. I see default route with netstat -rnf inet but > > >>>>> firewall > > >>>>> > > >>>>> Destination Gateway Flags Refs Use Mtu Prio > > >>>>> Iface > > >>>>> default 10.198.155.233 GS 0 209 - 8 em0 > > >>>>> > > >>>> > > >>>> > > >>>> if I remove 10.198.155.233 as gateway than I can ping it. > > >>>> > > >>>> bcbnfw1# ping 10.198.155.233 > > >>>> PING 10.198.155.233 (10.198.155.233): 56 data bytes > > >>>> 64 bytes from 10.198.155.233: icmp_seq=0 ttl=255 time=0.874 ms > > >>>> 64 bytes from 10.198.155.233: icmp_seq=1 ttl=255 time=0.220 ms > > >>>> > > >>>> > > >>>> arp > > >>>> 10.198.155.233 00:1f:26:3d:d4:00 em0 19m39s > > >>>> > > >>> > > >>> Sorry for spamming list. I was in panic mode. > > >>> > > >>> With latest snapshot gateway doesn't work after reboot. After removing > > >>> gateway, doing sh netstart and adding that same gateway firewall is > > >>> working as it should. > > >>> > > >>> > > >>> > > >> > > >> > > >> When I reverted if.c from 1.717 to 1.716 firewall was happy > > >> https://cvsweb.openbsd.org/src/sys/net/if.c > > > > > > Yes, that is the problem. Logic is inverted. > > > > > > bluhm > > > > > > > > With this diff firewall is working just fine. Thank you for fast response. > > Already commited, deraadt@ will build new snapshot. > > Thanks for the fast finding. If we have a bug in our tree, you > always run into it within a day. > > > > Index: net/if.c > > > =================================================================== > > > RCS file: /cvs/src/sys/net/if.c,v > > > diff -u -p -r1.717 if.c > > > --- net/if.c 5 Feb 2024 18:27:47 -0000 1.717 > > > +++ net/if.c 6 Feb 2024 00:05:50 -0000 > > > @@ -1788,7 +1788,7 @@ if_linkstate(struct ifnet *ifp) > > > { > > > NET_ASSERT_LOCKED(); > > > > > > - if (panicstr != NULL) { > > > + if (panicstr == NULL) { > > > rtm_ifchg(ifp); > > > rt_if_track(ifp); > > > } > > > >