Re: dhcpleased and ifstated

2022-07-14 Thread Christer Solskogen 
tor. 14. jul. 2022, 15:50 skrev Theo de Raadt :

> Christer Solskogen  wrote:
>
> > On Thu, Jul 14, 2022 at 1:23 AM Theo de Raadt 
> wrote:
> >
> > > Is this specific to a particular network driver?
> > >
> > >
> > Probably not, but I can't be sure as I haven't tried all of them but it
> > happens on both re (APU1) and em(APU2).
>
> Since you have the situation happening, can I ask you to do two tests.
> Use ktrace against dhclient (without the recent execve change), and also
> against dhcpleased.  then use kdump with the -R and -T options, and look
> at the timestamps to study dhcpleased's timing behaviour for querying.
> If there are lessons found in the timing of dhclient, maybe dhcpleased
> can become more forgiving.
>

Will do, but it will probably take a week due to I'm on vacation.

>

Re: dhcpleased and ifstated

2022-07-14 Thread Theo de Raadt 
Christer Solskogen  wrote:

> On Thu, Jul 14, 2022 at 1:23 AM Theo de Raadt  wrote:
> 
> > Is this specific to a particular network driver?
> >
> >
> Probably not, but I can't be sure as I haven't tried all of them but it
> happens on both re (APU1) and em(APU2).

Since you have the situation happening, can I ask you to do two tests.
Use ktrace against dhclient (without the recent execve change), and also
against dhcpleased.  then use kdump with the -R and -T options, and look
at the timestamps to study dhcpleased's timing behaviour for querying.
If there are lessons found in the timing of dhclient, maybe dhcpleased
can become more forgiving.

Re: dhcpleased and ifstated

2022-07-14 Thread Christer Solskogen 
On Thu, Jul 14, 2022 at 1:23 AM Theo de Raadt  wrote:

> Is this specific to a particular network driver?
>
>
Probably not, but I can't be sure as I haven't tried all of them but it
happens on both re (APU1) and em(APU2).

-- 
chs

Re: dhcpleased and ifstated

2022-07-14 Thread Florian Obser 
On 2022-07-13 17:23 -06, "Theo de Raadt"  wrote:
> Christer Solskogen  wrote:
>
>> This happens every time with dhcpleased and my ISP and it didn't with
>> dhclient, and what I do see now, that I didn't see with dhclient,
>> is that during the negotiation ifconfig says that the interface has
>> "status: no carrier" for 2-3 seconds. Which explains why I don't get a
>> DHCPACK within 1 second.
>
> Is this specific to a particular network driver?
>
> I am suggesting some drivers may have shitty / sloppy coming-up behaviour.
> Or, that dhcpleased is going to need to be more forgiving.  Or maybe
> as a

both dhcpleased and dhclient start working when LINK_STATE_IS_UP is true
(defined in net/if.h). I actually got this wrong at first and then
checked what dhclient is doing. So if it takes 2-3 seconds for the link
to come up it will take 2-3 seconds to get a lease, nothing we can do
about that.

> result of the timeout policy it practices, it works different than dhclient
> did, and maybe that is not surprising?
>

Now, if the driver reports the link is up but it doesn't pass any traffic we
hit a different timeout behaviour. IIRC dhclient sends the first 10
packets with a timeout of 1 second.
I considered that a bit anti-social on wifi where we have seen dhcp
servers taking a few seconds to respond. There is no need to blast the
network. dhcpleased does an exponetial backoff, i.e. timeout of 1, 2, 4,
8... seconds.

-- 
I'm not entirely sure you are real.

Re: dhcpleased and ifstated

2022-07-13 Thread Theo de Raadt 
Christer Solskogen  wrote:

> This happens every time with dhcpleased and my ISP and it didn't with
> dhclient, and what I do see now, that I didn't see with dhclient,
> is that during the negotiation ifconfig says that the interface has
> "status: no carrier" for 2-3 seconds. Which explains why I don't get a
> DHCPACK within 1 second.

Is this specific to a particular network driver?

I am suggesting some drivers may have shitty / sloppy coming-up behaviour.
Or, that dhcpleased is going to need to be more forgiving.  Or maybe as a
result of the timeout policy it practices, it works different than dhclient
did, and maybe that is not surprising?

Re: dhcpleased and ifstated

2022-07-09 Thread Christer Solskogen 
This happens every time with dhcpleased and my ISP and it didn't with
dhclient, and what I do see now, that I didn't see with dhclient,
is that during the negotiation ifconfig says that the interface has
"status: no carrier" for 2-3 seconds. Which explains why I don't get a
DHCPACK within 1 second.

Re: dhcpleased and ifstated

2022-07-09 Thread Florian Obser 
On 2022-07-06 21:05 +02, Christer Solskogen  
wrote:
> On Wed, Jul 6, 2022 at 4:47 PM Florian Obser  wrote:
>
>>
>> Are you comparing the same thing? I.e. did dhcpleased get a lease before
>> and does /var/db/dhcpleased/$IF exist?
>>
>
> Both nodes have /var/db/dhcpleased/$IF. If I reboot both firewalls only the
> master have gotten the lease, until I do a switch over.
> During a switchover I get this with debug on:
>
> tugs# dhcpleased -d -v -v
> changed iface: re2[3]
> state_transition[re2] Down -> Down, timo: -1
>
> (when doing the switchover)
>
> state_transition[re2] Down -> Down, timo: -1
> state_transition[re2] Down -> Rebooting, timo: 1

interface coming up, setting timeout to 1 second

> DHCPREQUEST on re2

we are sending DHCPREQUEST

> iface_timeout[3]: Rebooting

we did not get a DHCPACK within 1 second

> state_transition[re2] Rebooting -> Rebooting, timo: 2

setting timeout to 2 seconds

> DHCPREQUEST on re2

send another DHCPREQUEST

Note that we are sending the DHCPREQUEST immediately and then wait at
most 2 seconds.

> parse_dhcp, from: 00:02:00:01:00:01, to: ff:ff:ff:ff:ff:ff
> parse_dhcp: 79.160.116.238:67 -> 255.255.255.255:68
> 

we probably get a DHCPACK.

>
> It looks to me that it's rebooting twice?

yes, because it didn't get a DHCPACK for the first DHCPREQUEST. Maybe
the DHCP server was busy. I'm seeing this with my ISP's CPE once in a
while, too.

>
> What's the correct way of doing this with ifstated? run "ifconfig $IF down"
> or "ifconfig $IF delete"?

I have no idea, I've never used ifstated.

-- 
I'm not entirely sure you are real.

Re: dhcpleased and ifstated

2022-07-06 Thread Christer Solskogen 
On Wed, Jul 6, 2022 at 4:47 PM Florian Obser  wrote:

>
> Are you comparing the same thing? I.e. did dhcpleased get a lease before
> and does /var/db/dhcpleased/$IF exist?
>

Both nodes have /var/db/dhcpleased/$IF. If I reboot both firewalls only the
master have gotten the lease, until I do a switch over.
During a switchover I get this with debug on:

tugs# dhcpleased -d -v -v
changed iface: re2[3]
state_transition[re2] Down -> Down, timo: -1

(when doing the switchover)

state_transition[re2] Down -> Down, timo: -1
state_transition[re2] Down -> Rebooting, timo: 1
DHCPREQUEST on re2
iface_timeout[3]: Rebooting
state_transition[re2] Rebooting -> Rebooting, timo: 2
DHCPREQUEST on re2
parse_dhcp, from: 00:02:00:01:00:01, to: ff:ff:ff:ff:ff:ff
parse_dhcp: 79.160.116.238:67 -> 255.255.255.255:68


It looks to me that it's rebooting twice?

What's the correct way of doing this with ifstated? run "ifconfig $IF down"
or "ifconfig $IF delete"?

Re: dhcpleased and ifstated

2022-07-06 Thread Florian Obser 
On 2022-07-06 10:09 +02, Christer Solskogen  
wrote:
> On Tue, Jul 5, 2022 at 9:56 PM Christer Solskogen <
> christer.solsko...@gmail.com> wrote:
>
>> Now that dhclient is soon to be gone, I wanted to switch to dhcpleased.
>> But I do have a hard time understanding how I can get that to work together
>> with CARP and ifstated.
>> With dhclient, as soon as the master boots, the backup takes over and get
>> an ip address in an instant from my ISP, but dhcpleased does not. It don't
>> even get an ipaddress unless I run "dhcpleasectl -w 1 "
>> (dhcpleased runs in the background)
>>
>>
> Okay, I've obviously thought of dhcpleased wrong. Now dhcpleased works in
> the background all the time, and a simple "run ifconfig re0 up" instead of
> starting it in ifstated. But still, it takes 2-3 seconds to get a lease,
> while with dhclient it was instant.

Are you comparing the same thing? I.e. did dhcpleased get a lease before
and does /var/db/dhcpleased/$IF exist?
If it then tries to reaquire a lease it goes REBOOTING -> BOUND which
involves 2 packets, DHCPREQUEST and DHCPACK.
If you did not have a lease before you need to exchange 4 packets which
naturaly takes longer.  I have not found dhcpleased being faster or
slower than dhclient.

-- 
I'm not entirely sure you are real.

Re: dhcpleased and ifstated

2022-07-06 Thread Christer Solskogen 
On Tue, Jul 5, 2022 at 9:56 PM Christer Solskogen <
christer.solsko...@gmail.com> wrote:

> Now that dhclient is soon to be gone, I wanted to switch to dhcpleased.
> But I do have a hard time understanding how I can get that to work together
> with CARP and ifstated.
> With dhclient, as soon as the master boots, the backup takes over and get
> an ip address in an instant from my ISP, but dhcpleased does not. It don't
> even get an ipaddress unless I run "dhcpleasectl -w 1 "
> (dhcpleased runs in the background)
>
>
Okay, I've obviously thought of dhcpleased wrong. Now dhcpleased works in
the background all the time, and a simple "run ifconfig re0 up" instead of
starting it in ifstated. But still, it takes 2-3 seconds to get a lease,
while with dhclient it was instant.