>Synopsis: route label of cloned routes
>Category: n/a
>Environment:
System : OpenBSD 6.0
Details : OpenBSD 6.0-current (GENERIC) #2254: Fri Sep 9 05:41:55
MDT 2016
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
PF allows to filter based on route labels. Cloned routes created by PMTU don't
inherit route labels and PF filtering fails.
>How-To-Repeat:
Sample setup:
pf.conf:
block out log on vio0
pass out log on vio0 to route TEST
routing info:
route get 10.250.0.30
route to: 10.250.0.30
destination: 10.0.0.0
mask: 255.0.0.0
gateway: 10.150.0.2
interface: vio0
if address: 10.150.0.22
priority: 48 (bgp)
flags: <UP,GATEWAY,DONE>
label: INT
use mtu expire
10781233 0 0
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA,LABEL>
Everything works unitl you get cloned route. This one doesn't have the label
and PF will drop the traffic if the session expires or you try to open new one:
route to: 10.250.0.30
destination: 10.250.0.30
mask: 255.255.255.255
gateway: 10.150.0.2
interface: vio0
if address: 10.150.0.22
priority: 56 (default)
flags: <UP,GATEWAY,HOST,DYNAMIC,DONE>
use mtu expire
10776239 1395 306
>Fix:
This patch will inherit route label from route it gets cloned.
Index: sys/netinet/ip_icmp.c
===================================================================
RCS file: /cvs/src/sys/netinet/ip_icmp.c,v
retrieving revision 1.154
diff -u -p -r1.154 ip_icmp.c
--- sys/netinet/ip_icmp.c 14 Nov 2016 03:51:53 -0000 1.154
+++ sys/netinet/ip_icmp.c 14 Nov 2016 22:34:32 -0000
@@ -951,11 +951,13 @@ icmp_mtudisc_clone(struct in_addr dst, u
if ((rt->rt_flags & RTF_HOST) == 0) {
struct rtentry *nrt;
struct rt_addrinfo info;
+ struct sockaddr_rtlabel sa_rl;
memset(&info, 0, sizeof(info));
info.rti_info[RTAX_DST] = sintosa(&sin);
info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
info.rti_flags = RTF_GATEWAY | RTF_HOST | RTF_DYNAMIC;
+ info.rti_info[RTAX_LABEL] = rtlabel_id2sa(rt->rt_labelid,
&sa_rl);
error = rtrequest(RTM_ADD, &info, RTP_DEFAULT, &nrt, rtableid);
if (error) {
begin-base64 644 pmtucloned.diff
SW5kZXg6IHN5cy9uZXRpbmV0L2lwX2ljbXAuYwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09ClJDUyBmaWxlOiAvY3ZzL3Ny
Yy9zeXMvbmV0aW5ldC9pcF9pY21wLmMsdgpyZXRyaWV2aW5nIHJldmlzaW9uIDEuMTU0CmRpZmYg
LXUgLXAgLXIxLjE1NCBpcF9pY21wLmMKLS0tIHN5cy9uZXRpbmV0L2lwX2ljbXAuYwkxNCBOb3Yg
MjAxNiAwMzo1MTo1MyAtMDAwMAkxLjE1NAorKysgc3lzL25ldGluZXQvaXBfaWNtcC5jCTE1IE5v
diAyMDE2IDE2OjI4OjI1IC0wMDAwCkBAIC05NTEsMTEgKzk1MSwxMyBAQCBpY21wX210dWRpc2Nf
Y2xvbmUoc3RydWN0IGluX2FkZHIgZHN0LCB1CiAJaWYgKChydC0+cnRfZmxhZ3MgJiBSVEZfSE9T
VCkgPT0gMCkgewogCQlzdHJ1Y3QgcnRlbnRyeSAqbnJ0OwogCQlzdHJ1Y3QgcnRfYWRkcmluZm8g
aW5mbzsKKwkJc3RydWN0IHNvY2thZGRyX3J0bGFiZWwgc2Ffcmw7CiAKIAkJbWVtc2V0KCZpbmZv
LCAwLCBzaXplb2YoaW5mbykpOwogCQlpbmZvLnJ0aV9pbmZvW1JUQVhfRFNUXSA9IHNpbnRvc2Eo
JnNpbik7CiAJCWluZm8ucnRpX2luZm9bUlRBWF9HQVRFV0FZXSA9IHJ0LT5ydF9nYXRld2F5Owog
CQlpbmZvLnJ0aV9mbGFncyA9IFJURl9HQVRFV0FZIHwgUlRGX0hPU1QgfCBSVEZfRFlOQU1JQzsK
KwkJaW5mby5ydGlfaW5mb1tSVEFYX0xBQkVMXSA9IHJ0bGFiZWxfaWQyc2EocnQtPnJ0X2xhYmVs
aWQsICZzYV9ybCk7CiAKIAkJZXJyb3IgPSBydHJlcXVlc3QoUlRNX0FERCwgJmluZm8sIFJUUF9E
RUZBVUxULCAmbnJ0LCBydGFibGVpZCk7CiAJCWlmIChlcnJvcikgewo=
====
dmesg:
OpenBSD 6.0-current (GENERIC) #2254: Fri Sep 9 05:41:55 MDT 2016
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1056804864 (1007MB)
avail mem = 1020387328 (973MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf69d0 (9 entries)
bios0: vendor SeaBIOS version "1.9.1-1.fc24" date 04/01/2014
bios0: QEMU Standard PC (i440FX + PIIX, 1996)
acpi0 at bios0: rev 0
acpi0: sleep states S5
acpi0: tables DSDT FACP APIC
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel Xeon E312xx (Sandy Bridge), 2200.33 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,HV,NXE,PAGE1GB,LONG,LAHF,ARAT
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line
16-way L2 cache
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 1000MHz
ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 11, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
"ACPI0006" at acpi0 not configured
"PNP0303" at acpi0 not configured
"PNP0F13" at acpi0 not configured
"PNP0700" at acpi0 not configured
"PNP0501" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"QEMU0002" at acpi0 not configured
"PNP0A06" at acpi0 not configured
pvbus0 at mainbus0: KVM
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 2.5+> ATAPI 5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 disabled (no drives)
piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9
iic0 at piixpm0
vga1 at pci0 dev 2 function 0 "Red Hat QXL Video" rev 0x04
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00
vio0 at virtio0: address 52:54:00:8c:e5:0e
virtio0: msix shared
virtio1 at pci0 dev 4 function 0 "Qumranet Virtio Network" rev 0x00
vio1 at virtio1: address 52:54:00:98:f0:af
virtio1: msix shared
azalia0 at pci0 dev 5 function 0 "Intel 82801FB HD Audio" rev 0x01: apic 0 int
10
azalia0: No codecs found
uhci0 at pci0 dev 6 function 0 "Intel 82801I USB" rev 0x03: apic 0 int 10
uhci1 at pci0 dev 6 function 1 "Intel 82801I USB" rev 0x03: apic 0 int 11
uhci2 at pci0 dev 6 function 2 "Intel 82801I USB" rev 0x03: apic 0 int 11
ehci0 at pci0 dev 6 function 7 "Intel 82801I USB" rev 0x03: apic 0 int 10
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00
addr 1
virtio2 at pci0 dev 7 function 0 "Qumranet Virtio Console" rev 0x00
virtio2: no matching child driver; not configured
virtio3 at pci0 dev 8 function 0 "Qumranet Virtio Storage" rev 0x00
vioblk0 at virtio3
scsibus2 at vioblk0: 2 targets
sd0 at scsibus2 targ 0 lun 0: <VirtIO, Block Device, > SCSI3 0/direct fixed
sd0: 4096MB, 512 bytes/sector, 8388608 sectors
virtio3: msix shared
virtio4 at pci0 dev 9 function 0 "Qumranet Virtio Memory" rev 0x00
viomb0 at virtio4
virtio4: apic 0 int 10
isa0 at pcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 1: density unknown
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00
addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00
addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00
addr 1
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (2425b24d62d3fc96.a) swap on sd0b dump on sd0b
usbdevs:
usbdevs: /dev/usb0: Permission denied
usbdevs: /dev/usb1: Permission denied
usbdevs: /dev/usb2: Permission denied
usbdevs: /dev/usb3: Permission denied
usbdevs: /dev/usb4: Permission denied
usbdevs: /dev/usb5: Permission denied
usbdevs: /dev/usb6: Permission denied
usbdevs: /dev/usb7: Permission denied
