Re: i386 -current Sloppy source-track Breaks?

Thu, 17 May 2012 00:31:47 -0700 

Hi Misc@,
I noticed that this ICMP traffic always gets a bad checksum leaving the router. 

sample:

on routerA(accessRouter)
------------------------
$ ping 203.190.abc.xyz
PING 203.190.abc.xyz: 56 data bytes
64 bytes from 203.190.abc.xyz: icmp_seq=0 ttl=58 time=6.215 ms
64 bytes from 203.190.abc.xyz: icmp_seq=42 ttl=58 time=6.604 ms
64 bytes from 203.190.abc.xyz: icmp_seq=72 ttl=58 time=5.823 ms

On the routerB (edgeRouter)
---------------------------
$sudo tcpdump -entvi pflog0 action pass and icmp and host 203.190.abc.xyz

rule 119/(match) [uid 0, pid 14104] pass in on vlan11: abc.def.ghi.198 >  
203.190.abc.xyz: icmp: echo request (id:285b seq:0) (ttl 254, id 59391,  
len 84)
rule 157/(match) [uid 0, pid 14104] pass out on vlan97: abc.def.ghi.198 >  
203.190.abc.xyz: icmp: echo request (id:285b seq:0) (ttl 253, id 59391,  
len 84, bad cksum 899d!)



Thanks.


Insan Praja


On Thu, 17 May 2012 03:11:33 +0700, Insan Praja SW <insan.pr...@gmail.com>  
wrote:



Hi Misc@,


I was upgrading my 5.0 i386 -stable to 5.1 i386 -stable. We use ECMP  
using ospfd, and asymmetric routing with bgpd. Strangely, "keep state  
(sloppy source-track) flags any" can't no longer pass icmp traffic.  
Traceroute, browsing etc works, though. Then, I decided to upgrade it to  
-current, which, doesn't seem solve the problem.


This;

pass in quick log on $core_if\
         inet proto icmp to <public_ip> tag PING\
                 keep state (sloppy source-track global) flags any\
                         queue (CoreUp_icmp CoreUp_ack)
pass in quick log on $core_if\
         inet proto udp to <public_ip> port 33433 >< 33626 tag PING\
                 keep state (sloppy source-track global) flags any\
                         queue (CoreUp_icmp CoreUp_ack)

pass out quick log on $core_if\
         inet tagged PING\
                 keep state (sloppy source-track global) flags any\
                         queue CoreUp_icmp
pass out quick log on $core_if\
         inet proto icmp from self\
                 keep state (sloppy source-track global) flags any\
                         queue CoreUp_icmp
pass out quick log on $core_if\
         inet proto udp from self to any port 33433 >< 33626\
                 keep state (sloppy source-track global) flags any\
                         queue CoreUp_icmp

pass in quick log on $serv_if\
         inet proto icmp from <public_ip>\
                 keep state (sloppy source-track global) flags any\
                         queue ServDn_icmp tag PING
pass in quick log on $serv_if\
         inet proto udp to any port 33433 >< 33626\
                 keep state (sloppy source-track global) flags any\
                         queue ServDn_icmp tag PING

pass out quick log on $serv_if\
         inet tagged PING\
                 keep state (sloppy source-track global) flags any\
                         queue ServDn_icmp
pass out quick log on $serv_if\
         inet proto icmp\
                 keep state (sloppy source-track global) flags any\
                         queue ServDn_icmp
pass out quick log on $serv_if\
         inet proto udp to any port 33433 >< 33626\
                 keep state (sloppy source-track global) flags any\
                         queue ServDn_icmp



Doesn't behave consistently. Some hosts/packets gets block, some get  
through, randomly.


Thanks,


Insan Praja SW


DMESG (identical machines):
OpenBSD 5.1-current (GENERIC.MP) #0: Thu May 17 01:18:14 WIT 2012
     
r...@greenrouter-jkt02.mygreenlinks.net:/usr/src/sys/arch/i386/compile/GENERIC.MP
RTC BIOS diagnostic error 3

cpu0: Intel(R) Pentium(R) D CPU 3.00GHz ("GenuineIntel" 686-class) 3.01  
GHz
cpu0:  
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR,PDCM,LAHF

real mem  = 2142687232 (2043MB)
avail mem = 2096836608 (1999MB)
mainbus0 at root

bios0 at mainbus0: AT/286+ BIOS, date 03/26/07, SMBIOS rev. 2.4 @  
0x7fbe4000 (43 entries)
bios0: vendor Intel Corporation version  
"S3000.86B.02.00.0054.061120091710" date 06/11/2009

bios0: Intel S3000AH
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S4 S5

acpi0: tables DSDT SLIC FACP APIC WDDT HPET MCFG ASF! SSDT SSDT SSDT  
SSDT SSDT HEST BERT ERST EINJ
acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S1) PEX4(S4) PEX5(S4)  
UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) AC9M(S4) AZAL(S4)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Pentium(R) D CPU 3.00GHz ("GenuineIntel" 686-class) 3 GHz

cpu1:  
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR,PDCM,LAHF

ioapic0 at mainbus0: apid 5 pa 0xfec00000, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 5
acpihpet0 at acpi0: 14318179 Hz
acpimcfg0 at acpi0 addr 0xf0000000, bus 0-127
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 4 (P32_)
acpiprt2 at acpi0: bus 1 (PEX0)
acpiprt3 at acpi0: bus -1 (PEX1)
acpiprt4 at acpi0: bus -1 (PEX2)
acpiprt5 at acpi0: bus -1 (PEX3)
acpiprt6 at acpi0: bus 2 (PEX4)
acpiprt7 at acpi0: bus 3 (PEX5)
acpicpu0 at acpi0: PSS
acpicpu1 at acpi0: PSS
acpibtn0 at acpi0: SLPB

bios0: ROM list: 0xc0000/0x9000 0xc9000/0x4800 0xcd800/0x1000  
0xce800/0x1000

cpu0: Enhanced SpeedStep 3000 MHz: speeds: 3000, 2400 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel E7230 Host" rev 0x00

ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: apic 5 int  
17

pci1 at ppb0 bus 1

ppb1 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01: apic 5 int  
17

pci2 at ppb1 bus 2

em0 at pci2 dev 0 function 0 "Intel PRO/1000 PT (82571EB)" rev 0x06:  
apic 5 int 16, address 00:15:1a:6e:06:aa
em1 at pci2 dev 0 function 1 "Intel PRO/1000 PT (82571EB)" rev 0x06:  
apic 5 int 17, address 00:15:1a:6e:06:ab
ppb2 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01: apic 5 int  
16

pci3 at ppb2 bus 3

em2 at pci3 dev 0 function 0 "Intel PRO/1000MT (82573E)" rev 0x03: msi,  
address 00:15:17:49:02:30

"Intel 82573E Serial" rev 0x03 at pci3 dev 0 function 3 not configured
"Intel 82573E KCS" rev 0x03 at pci3 dev 0 function 4 not configured

uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: apic 5 int  
23
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: apic 5 int  
19
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: apic 5 int  
18
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: apic 5 int  
16
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: apic 5 int  
23

ehci0: timed out waiting for BIOS
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb3 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xe1
pci4 at ppb3 bus 4

skc0 at pci4 dev 1 function 0 "D-Link DGE-530T B1" rev 0x11, Yukon Lite  
(0x9): apic 5 int 22

sk0 at skc0 port A: address 00:21:91:20:5d:da
eephy0 at sk0 phy 0: 88E1011 Gigabit PHY, rev. 5
vga1 at pci4 dev 4 function 0 "ATI ES1000" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
radeondrm0 at vga1: apic 5 int 18
drm0 at radeondrm0

em3 at pci4 dev 5 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05: apic  
5 int 17, address 00:15:17:49:02:31
ichpcib0 at pci0 dev 31 function 0 "Intel 82801GB LPC" rev 0x01: PM  
disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x01: DMA,  
channel 0 configured to compatibility, channel 1 configured to  
compatibility

pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)

pciide1 at pci0 dev 31 function 2 "Intel 82801GR RAID" rev 0x01: DMA,  
channel 0 wired to native-PCI, channel 1 wired to native-PCI

pciide1: using apic 5 int 19 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: <ST3250310AS>
wd0: 16-sector PIO, LBA48, 238474MB, 488395055 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6

ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x01: apic 5  
int 19

iic0 at ichiic0
adt0 at iic0 addr 0x2e: sch5027 rev 0x69
spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM ECC PC2-5300CL5
spdmem1 at iic0 addr 0x52: 1GB DDR2 SDRAM ECC PC2-5300CL5
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
mtrr: Pentium Pro MTRR support
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
scsibus1 at softraid0: 256 targets
root on wd0a (bb9852606ae0f9cd.a) swap on wd0b dump on wd0b













--
Using Opera's revolutionary email client: http://www.opera.com/mail/























					Reply via email to