On 9/26/18 12:42 PM, Martin Pieuchot wrote:
> Hello,
>
> On 26/09/18(Wed) 11:59, [email protected] wrote:
>>> Synopsis: Page fault in rt_setgwroute triggered by npppd under
>>> specific circumstances
>>> Category: kernel (networking)
>>> Environment:
>> System : OpenBSD 6.3
>> Details : OpenBSD 6.3 (GENERIC) #100: Sat Mar 24 14:17:45 MDT 2018
>>
>> [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC
>>
>> Architecture: OpenBSD.amd64
>> Machine : amd64
>>> Description:
>> On client connection, npppd cause a panic. It seems the panic occurs
>> when the
>> selected address for the tun interface is already used on another interface.
>> For instance,
>> if I use 10.0.0.254/24 on a vlan interface, using 10.0.0.254 on tun0 trigger
>> the panic.
>> Using 10.0.0.253 for tun0 do not trigger the panic.
>>
>>> How-To-Repeat:
>> - Configure an interface with 10.0.0.254/24 (in my case a vlan
>> interface)
>> - Configure npppd like this:
>>
>> ipcp interco {
>> pool-address 10.0.0.64-10.0.0.127 for static
>> dns-servers 10.0.0.254
>> allow-user-selected-address no
>> }
>> interface tun0 address 10.0.0.254 ipcp interco
>>
>> - Connect the L2TP client (in my case through IPsec)
>
> Could you include the output of "# route -n show -inet" before
> connecting the L2TP client in your next report?
Please see at the end of the mail. The concurrent network is
10.0.252.0/24, shared between vlan252 and tun0.
>
> Does the diff below help? Even if it does, please insert the route(8)
> output.
It help, no panic, and the following line in the logs:
npppd[44212]: ppp id=2 layer=ipcp logtype=Opened ip=10.0.252.65
assignType=static
npppd[44212]: write() failed in in_route0 on RTM_ADD : No route to host
And no route for the client so the connection is not working.
I tried manually (without -ifp tun0, carp252 is prefered):
# route add 10.0.252.65 10.0.252.254 -ifp tun0
add host 10.0.252.65: gateway 10.0.252.254: No route to host
Without the patch, the same route command trigger the same page fault.
>
> Index: net/route.c
> ===================================================================
> RCS file: /cvs/src/sys/net/route.c,v
> retrieving revision 1.377
> diff -u -p -r1.377 route.c
> --- net/route.c 11 Jul 2018 19:52:19 -0000 1.377
> +++ net/route.c 26 Sep 2018 10:40:22 -0000
> @@ -399,7 +399,8 @@ rt_setgwroute(struct rtentry *rt, u_int
> * If we found a non-L2 entry on a different interface
> * there's nothing we can do.
> */
> - if (!ISSET(nhrt->rt_flags, RTF_LLINFO)) {
> + if (!ISSET(nhrt->rt_flags, RTF_LLINFO) ||
> + nhrt->rt_parent == NULL) {
> rtfree(nhrt);
> return (EHOSTUNREACH);
> }
>
galant# route -n show -inet
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio
Iface
default 91.224.148.0 UGS 7 745493 - 23
carp0
default 10.254.254.251 UGS 0 16916 - 30
vio3
224/4 127.0.0.1 URS 0 568 32768 8
lo0
10.0.2/24 10.0.2.252 UCn 0 2 - 4
vlan20
10.0.2/24 10.0.2.254 UCn 0 0 - 19
carp20
10.0.2.64/26 127.0.0.1 UGB 0 0 32768 56
lo0
10.0.2.64 tun1 UHl 0 0 - 1
tun1
10.0.2.64/32 10.0.2.64 UCn 0 0 - 4
tun1
10.0.2.64 127.0.0.1 UGH 0 0 32768 56
lo0
10.0.2.252 52:54:00:81:06:07 UHLl 0 0 - 1
vlan20
10.0.2.254 00:00:5e:00:01:14 UHLl 0 54 - 1
carp20
10.0.2.255 10.0.2.252 UHb 0 0 - 1
vlan20
10.0.2.255 10.0.2.254 UHb 0 0 - 1
carp20
10.0.252/24 10.0.252.252 UCn 5 2223 - 4
vlan252
10.0.252/24 10.0.252.254 UCn 0 0 - 19
carp252
10.0.252.64/26 127.0.0.1 UGB 0 563 32768 56
lo0
10.0.252.10 52:54:69:58:ac:8d UHLc 0 1262 - 3
vlan252
10.0.252.12 52:54:69:a7:c4:dd UHLch 6 32 - 3
vlan252
10.0.252.20 52:54:69:58:ac:8d UHLc 0 1602 - 3
vlan252
10.0.252.30 52:54:69:58:ac:8d UHLc 0 13121 - 3
vlan252
10.0.252.235 52:54:69:58:ac:8d UHLc 0 30575 - 3
vlan252
10.0.252.252 52:54:00:81:06:07 UHLl 0 1446 - 1
vlan252
10.0.252.254 00:00:5e:00:01:0a UHLl 0 3026 - 1
carp252
10.0.252.254/32 10.0.252.254 UCn 0 0 - 4
tun0
10.0.252.254 127.0.0.1 UGH 0 0 32768 56
lo0
10.0.252.255 10.0.252.252 UHb 0 0 - 1
vlan252
10.0.252.255 10.0.252.254 UHb 0 0 - 1
carp252
10.31.200/24 10.0.252.12 UGS 0 61 - 8
vlan252
10.142.24/24 10.142.24.252 UCn 0 0 - 4
vio0
10.142.24.252 52:54:00:81:06:05 UHLl 0 0 - 1
vio0
10.142.24.255 10.142.24.252 UHb 0 0 - 1
vio0
10.254.254/24 10.254.254.252 UCn 1 0 - 4
vio3
10.254.254.251 52:54:00:81:05:07 UHLch 2 27347 - 3
vio3
10.254.254.252 52:54:00:81:06:07 UHLl 0 20677 - 1
vio3
10.254.254.255 10.254.254.252 UHb 0 0 - 1
vio3
91.224.148.0 90:e2:ba:20:b7:5c UHLSh 1 67 - 23
carp0
91.224.149.170 00:00:5e:00:01:01 UHLl 0 1626 - 1
carp0
91.224.149.170/32 91.224.149.170 UCn 0 0 - 19
carp0
127/8 127.0.0.1 UGRS 0 0 32768 8
lo0
127.0.0.1 127.0.0.1 UHhl 5 6 32768 1 lo0
