On Sun, Nov 08, 2015 at 10:05:34PM +0200, Joonas Ruohonen wrote: > On 11/08/15 21:36, Peter Hessler wrote: > > On 2015 Nov 08 (Sun) at 18:52:58 +0200 (+0200), Joonas Ruohonen wrote: > > :>Synopsis: gre(4) keepalives are sent from wrong rdomain > > :>Category: kernel > > :>Environment: > > : System : OpenBSD 5.8 > > : Details : OpenBSD 5.8-current (GENERIC) #1458: Fri Nov 6 05:12:57 > > :MST 2015 > > : > > [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC > > : Architecture: OpenBSD.amd64 > > : Machine : amd64 > > : > > :>Description: > > :I was trying out gre(4) tunnels with rdomains and pair(4) interfaces > > :and everything seemed to work quite alright except that I started to > > :get this diagnostic warning message when using keepalive in the GRE > > :tunnels that were on some other rdomain than the default. Regular > > :traffic (eg. ping) does not trigger the diagnostic warning. > > : > > :The warning message was as follows: > > :"gre1: trying to send packet on wrong domain. if 1 vs. mbuf 0, AF 2" > > : > > :Everything (regular traffic and keepalive messages) seems to work OK > > :even without the patch below, except of course the diagnostic warning. > > :But wrong ph_rtableid could maybe lead to some problems with PF filters > > :and such? > > : > > :>How-To-Repeat: > > :Commands to reproduce the diagnostic warning and to verify the patch: > > :=================================================================== > > :sysctl net.inet.gre.allow=1 > > :sysctl net.inet.ip.forwarding=1 > > : > > :# Disable PF... > > :pfctl -d > > :# ... or add the following line to pf.conf: > > :# pass quick on gre proto gre no state > > : > > :ifconfig pair0 create rdomain 0 10.1.1.1/24 > > :ifconfig pair1 create rdomain 1 10.1.1.2/24 > > :ifconfig pair0 patch pair1 > > : > > :ifconfig gre0 create rdomain 0 10.2.2.0/31 > > :ifconfig gre1 create rdomain 1 10.2.2.1/31 > > :route -T 0 add -inet 10.2.2.0/31 -iface 10.2.2.0 > > :route -T 1 add -inet 10.2.2.0/31 -iface 10.2.2.1 > > : > > :ifconfig gre0 tunnel 10.1.1.1 10.1.1.2 tunneldomain 0 > > :ifconfig gre1 tunnel 10.1.1.2 10.1.1.1 tunneldomain 1 > > : > > :ifconfig gre0 keepalive 2 3 > > :ifconfig gre1 keepalive 2 3 > > : > > :>Fix: > > :With this patch keepalives no longer trigger the diagnostic warning: > > :Index: sys/net/if_gre.c > > :=================================================================== > > :RCS file: /cvs/src/sys/net/if_gre.c,v > > :retrieving revision 1.76 > > :diff -u -p -r1.76 if_gre.c > > :--- sys/net/if_gre.c 25 Oct 2015 11:58:11 -0000 1.76 > > :+++ sys/net/if_gre.c 8 Nov 2015 14:22:05 -0000 > > :@@ -693,6 +693,9 @@ gre_send_keepalive(void *arg) > > : m->m_len = m->m_pkthdr.len = sizeof(*ip) + sizeof(*gh); > > : MH_ALIGN(m, m->m_len); > > : > > :+ /* use the interface's rdomain when sending keepalives. */ > > :+ m->m_pkthdr.ph_rtableid = sc->sc_if.if_rdomain; > > :+ > > : /* build the ip header */ > > : ip = mtod(m, struct ip *); > > : > > > > > > gre has an internal copy if the rdomain, so can you test with > > "m->m_pkthdr.ph_rtableid = sc->g_rtableid;" instead? > > > > Otherwise, looks nice to me. > > > > Hi, > I was pondering whether to use sc->g_rtableid or sc->sc_if.if_rdomain > since the first one is dictated by tunnel's tunneldomain argument and > the latter is dictated by the interface's rdomain argument, but I was > not quite sure how tunneldomain is intended to be used since the > diagnostic warning would occur (using sc->g_rtableid) if I would > configure tunneldomain as follows: > > ifconfig gre0 create rdomain 0 10.2.2.0/31 > ifconfig gre1 create rdomain 1 10.2.2.1/31 > ifconfig gre0 tunnel 10.1.1.1 10.1.1.2 tunneldomain 0 > ifconfig gre1 tunnel 10.1.1.2 10.1.1.1 tunneldomain 0 > > But anyhow I've tried both and both work equally as well as long as > tunneldomain == rdomain, but using sc->sc_if.if_rdomain does not > produce diagnostic warning even when tunneldomain != rdomain, where as > using sc->g_rtableid does.
The keepalive needs to be sent with the rdomain of the interface (sc->sc_if.if_rdomain). The tunneldomain (sc->g_rtableid) is the rdomain for the encapsulated packet. With this it is possible to have a gre0 in rodomain 1 but the encapsulated packets are routed via rdomain 0 (like the gre1 in your example). Your initial diff is correct. OK claudio@ > > > > : > > :dmesg: > > :OpenBSD 5.8-current (GENERIC) #1458: Fri Nov 6 05:12:57 MST 2015 > > : [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC > > :real mem = 251592704 (239MB) > > :avail mem = 240001024 (228MB) > > :mpath0 at root > > :scsibus0 at mpath0: 256 targets > > :mainbus0 at root > > :bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xe1000 (10 entries) > > :bios0: vendor innotek GmbH version "VirtualBox" date 12/01/2006 > > :bios0: innotek GmbH VirtualBox > > :acpi0 at bios0: rev 2 > > :acpi0: sleep states S0 S5 > > :acpi0: tables DSDT FACP APIC SSDT > > :acpi0: wakeup devices > > :acpitimer0 at acpi0: 3579545 Hz, 32 bits > > :acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat > > :cpu0 at mainbus0: apid 0 (boot processor) > > :cpu0: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz, 3228.03 MHz > > :cpu0: > > :FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,MWAIT,SSSE3,NXE,LONG,LAHF > > :cpu0: 4MB 64b/line 16-way L2 cache > > :cpu0: smt 0, core 0, package 0 > > :mtrr: CPU supports MTRRs but not enabled by BIOS > > :cpu0: apic clock running at 1000MHz > > :cpu0: mwait min=64, max=64 > > :ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 11, 24 pins > > :acpiprt0 at acpi0: bus 0 (PCI0) > > :acpicpu0 at acpi0: C1(@1 halt!) > > :acpibat0 at acpi0: BAT0 not present > > :acpiac0 at acpi0: AC unit online > > :acpivideo0 at acpi0: GFX0 > > :pci0 at mainbus0 bus 0 > > :pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 > > :pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 > > :pciide0 at pci0 dev 1 function 1 "Intel 82371AB IDE" rev 0x01: DMA, > > :channel 0 configured to compatibility, channel 1 configured to > > compatibility > > :wd0 at pciide0 channel 0 drive 0: <VBOX HARDDISK> > > :wd0: 128-sector PIO, LBA, 2048MB, 4194304 sectors > > :wd1 at pciide0 channel 0 drive 1: <VBOX HARDDISK> > > :wd1: 128-sector PIO, LBA, 8192MB, 16777216 sectors > > :wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 > > :wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2 > > :atapiscsi0 at pciide0 channel 1 drive 0 > > :scsibus1 at atapiscsi0: 2 targets > > :cd0 at scsibus1 targ 0 lun 0: <VBOX, CD-ROM, 1.0> ATAPI 5/cdrom removable > > :cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 > > :vga1 at pci0 dev 2 function 0 "InnoTek VirtualBox Graphics Adapter" rev > > 0x00 > > :wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > > :wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > > :em0 at pci0 dev 3 function 0 "Intel 82540EM" rev 0x02: apic 1 int 19, > > :address 08:00:27:27:df:c8 > > :"InnoTek VirtualBox Guest Service" rev 0x00 at pci0 dev 4 function 0 not > > :configured > > :auich0 at pci0 dev 5 function 0 "Intel 82801AA AC97" rev 0x01: apic 1 > > :int 21, ICH AC97 > > :ac97: codec id 0x83847600 (SigmaTel STAC9700) > > :audio0 at auich0 > > :ohci0 at pci0 dev 6 function 0 "Apple Intrepid USB" rev 0x00: apic 1 int > > :22, version 1.0 > > :piixpm0 at pci0 dev 7 function 0 "Intel 82371AB Power" rev 0x08: SMBus > > :disabled > > :isa0 at pcib0 > > :isadma0 at isa0 > > :pckbc0 at isa0 port 0x60/5 irq 1 irq 12 > > :pckbd0 at pckbc0 (kbd slot) > > :wskbd0 at pckbd0: console keyboard, using wsdisplay0 > > :pms0 at pckbc0 (aux slot) > > :wsmouse0 at pms0 mux 0 > > :pcppi0 at isa0 port 0x61 > > :spkr0 at pcppi0 > > :usb0 at ohci0: USB revision 1.0 > > :uhub0 at usb0 "Apple OHCI root hub" rev 1.00/1.00 addr 1 > > :vscsi0 at root > > :scsibus2 at vscsi0: 256 targets > > :softraid0 at root > > :scsibus3 at softraid0: 256 targets > > :root on wd0a (e57c71436647abdf.a) swap on wd0b dump on wd0b > > :gre1: trying to send packet on wrong domain. if 1 vs. mbuf 0, AF 2 > > :gre1: trying to send packet on wrong domain. if 1 vs. mbuf 0, AF 2 > > :gre1: trying to send packet on wrong domain. if 1 vs. mbuf 0, AF 2 > > : > > > -- :wq Claudio
