i386 -current Sloppy source-track Breaks?
Hi Misc@, I was upgrading my 5.0 i386 -stable to 5.1 i386 -stable. We use ECMP using ospfd, and asymmetric routing with bgpd. Strangely, keep state (sloppy source-track) flags any can't no longer pass icmp traffic. Traceroute, browsing etc works, though. Then, I decided to upgrade it to -current, which, doesn't seem solve the problem. This; pass in quick log on $core_if\ inet proto icmp to public_ip tag PING\ keep state (sloppy source-track global) flags any\ queue (CoreUp_icmp CoreUp_ack) pass in quick log on $core_if\ inet proto udp to public_ip port 33433 33626 tag PING\ keep state (sloppy source-track global) flags any\ queue (CoreUp_icmp CoreUp_ack) pass out quick log on $core_if\ inet tagged PING\ keep state (sloppy source-track global) flags any\ queue CoreUp_icmp pass out quick log on $core_if\ inet proto icmp from self\ keep state (sloppy source-track global) flags any\ queue CoreUp_icmp pass out quick log on $core_if\ inet proto udp from self to any port 33433 33626\ keep state (sloppy source-track global) flags any\ queue CoreUp_icmp pass in quick log on $serv_if\ inet proto icmp from public_ip\ keep state (sloppy source-track global) flags any\ queue ServDn_icmp tag PING pass in quick log on $serv_if\ inet proto udp to any port 33433 33626\ keep state (sloppy source-track global) flags any\ queue ServDn_icmp tag PING pass out quick log on $serv_if\ inet tagged PING\ keep state (sloppy source-track global) flags any\ queue ServDn_icmp pass out quick log on $serv_if\ inet proto icmp\ keep state (sloppy source-track global) flags any\ queue ServDn_icmp pass out quick log on $serv_if\ inet proto udp to any port 33433 33626\ keep state (sloppy source-track global) flags any\ queue ServDn_icmp I noticed that this ICMP traffic always gets a bad checksum leaving the router. sample: on routerA(accessRouter) $ ping 203.190.abc.xyz PING 203.190.abc.xyz: 56 data bytes 64 bytes from 203.190.abc.xyz: icmp_seq=0 ttl=58 time=6.215 ms 64 bytes from 203.190.abc.xyz: icmp_seq=42 ttl=58 time=6.604 ms 64 bytes from 203.190.abc.xyz: icmp_seq=72 ttl=58 time=5.823 ms On the routerB (edgeRouter) --- $sudo tcpdump -entvi pflog0 action pass and icmp and host 203.190.abc.xyz rule 119/(match) [uid 0, pid 14104] pass in on vlan11: abc.def.ghi.198 203.190.abc.xyz: icmp: echo request (id:285b seq:0) (ttl 254, id 59391, len 84) rule 157/(match) [uid 0, pid 14104] pass out on vlan97: abc.def.ghi.198 203.190.abc.xyz: icmp: echo request (id:285b seq:0) (ttl 253, id Doesn't behave consistently. Some hosts/packets gets block, some get through, randomly. Thanks, Insan Praja SW DMESG (identical machines): OpenBSD 5.1-current (GENERIC.MP) #0: Thu May 17 01:18:14 WIT 2012 r...@greenrouter-jkt02.mygreenlinks.net:/usr/src/sys/arch/i386/compile/GENERIC.MP RTC BIOS diagnostic error 3 cpu0: Intel(R) Pentium(R) D CPU 3.00GHz (GenuineIntel 686-class) 3.01 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR,PDCM,LAHF real mem = 2142687232 (2043MB) avail mem = 2096836608 (1999MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/26/07, SMBIOS rev. 2.4 @ 0x7fbe4000 (43 entries) bios0: vendor Intel Corporation version S3000.86B.02.00.0054.061120091710 date 06/11/2009 bios0: Intel S3000AH acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT SLIC FACP APIC WDDT HPET MCFG ASF! SSDT SSDT SSDT SSDT SSDT HEST BERT ERST EINJ acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S1) PEX4(S4) PEX5(S4) UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) AC9M(S4) AZAL(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Pentium(R) D CPU 3.00GHz (GenuineIntel 686-class) 3 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR,PDCM,LAHF ioapic0 at mainbus0: apid 5 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 5 acpihpet0 at acpi0: 14318179 Hz acpimcfg0 at acpi0 addr 0xf000, bus 0-127 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 4 (P32_) acpiprt2 at
Re: i386 -current Sloppy source-track Breaks?
Hi Misc@, I noticed that this ICMP traffic always gets a bad checksum leaving the router. sample: on routerA(accessRouter) $ ping 203.190.abc.xyz PING 203.190.abc.xyz: 56 data bytes 64 bytes from 203.190.abc.xyz: icmp_seq=0 ttl=58 time=6.215 ms 64 bytes from 203.190.abc.xyz: icmp_seq=42 ttl=58 time=6.604 ms 64 bytes from 203.190.abc.xyz: icmp_seq=72 ttl=58 time=5.823 ms On the routerB (edgeRouter) --- $sudo tcpdump -entvi pflog0 action pass and icmp and host 203.190.abc.xyz rule 119/(match) [uid 0, pid 14104] pass in on vlan11: abc.def.ghi.198 203.190.abc.xyz: icmp: echo request (id:285b seq:0) (ttl 254, id 59391, len 84) rule 157/(match) [uid 0, pid 14104] pass out on vlan97: abc.def.ghi.198 203.190.abc.xyz: icmp: echo request (id:285b seq:0) (ttl 253, id 59391, len 84, bad cksum 899d!) Thanks. Insan Praja On Thu, 17 May 2012 03:11:33 +0700, Insan Praja SW insan.pr...@gmail.com wrote: Hi Misc@, I was upgrading my 5.0 i386 -stable to 5.1 i386 -stable. We use ECMP using ospfd, and asymmetric routing with bgpd. Strangely, keep state (sloppy source-track) flags any can't no longer pass icmp traffic. Traceroute, browsing etc works, though. Then, I decided to upgrade it to -current, which, doesn't seem solve the problem. This; pass in quick log on $core_if\ inet proto icmp to public_ip tag PING\ keep state (sloppy source-track global) flags any\ queue (CoreUp_icmp CoreUp_ack) pass in quick log on $core_if\ inet proto udp to public_ip port 33433 33626 tag PING\ keep state (sloppy source-track global) flags any\ queue (CoreUp_icmp CoreUp_ack) pass out quick log on $core_if\ inet tagged PING\ keep state (sloppy source-track global) flags any\ queue CoreUp_icmp pass out quick log on $core_if\ inet proto icmp from self\ keep state (sloppy source-track global) flags any\ queue CoreUp_icmp pass out quick log on $core_if\ inet proto udp from self to any port 33433 33626\ keep state (sloppy source-track global) flags any\ queue CoreUp_icmp pass in quick log on $serv_if\ inet proto icmp from public_ip\ keep state (sloppy source-track global) flags any\ queue ServDn_icmp tag PING pass in quick log on $serv_if\ inet proto udp to any port 33433 33626\ keep state (sloppy source-track global) flags any\ queue ServDn_icmp tag PING pass out quick log on $serv_if\ inet tagged PING\ keep state (sloppy source-track global) flags any\ queue ServDn_icmp pass out quick log on $serv_if\ inet proto icmp\ keep state (sloppy source-track global) flags any\ queue ServDn_icmp pass out quick log on $serv_if\ inet proto udp to any port 33433 33626\ keep state (sloppy source-track global) flags any\ queue ServDn_icmp Doesn't behave consistently. Some hosts/packets gets block, some get through, randomly. Thanks, Insan Praja SW DMESG (identical machines): OpenBSD 5.1-current (GENERIC.MP) #0: Thu May 17 01:18:14 WIT 2012 r...@greenrouter-jkt02.mygreenlinks.net:/usr/src/sys/arch/i386/compile/GENERIC.MP RTC BIOS diagnostic error 3 cpu0: Intel(R) Pentium(R) D CPU 3.00GHz (GenuineIntel 686-class) 3.01 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR,PDCM,LAHF real mem = 2142687232 (2043MB) avail mem = 2096836608 (1999MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/26/07, SMBIOS rev. 2.4 @ 0x7fbe4000 (43 entries) bios0: vendor Intel Corporation version S3000.86B.02.00.0054.061120091710 date 06/11/2009 bios0: Intel S3000AH acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT SLIC FACP APIC WDDT HPET MCFG ASF! SSDT SSDT SSDT SSDT SSDT HEST BERT ERST EINJ acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S1) PEX4(S4) PEX5(S4) UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) AC9M(S4) AZAL(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Pentium(R) D CPU 3.00GHz (GenuineIntel 686-class) 3 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR,PDCM,LAHF ioapic0 at mainbus0: apid 5 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 5
i386 -current Sloppy source-track Breaks?
Hi Misc@, I was upgrading my 5.0 i386 -stable to 5.1 i386 -stable. We use ECMP using ospfd, and asymmetric routing with bgpd. Strangely, keep state (sloppy source-track) flags any can't no longer pass icmp traffic. Traceroute, browsing etc works, though. Then, I decided to upgrade it to -current, which, doesn't seem solve the problem. This; pass in quick log on $core_if\ inet proto icmp to public_ip tag PING\ keep state (sloppy source-track global) flags any\ queue (CoreUp_icmp CoreUp_ack) pass in quick log on $core_if\ inet proto udp to public_ip port 33433 33626 tag PING\ keep state (sloppy source-track global) flags any\ queue (CoreUp_icmp CoreUp_ack) pass out quick log on $core_if\ inet tagged PING\ keep state (sloppy source-track global) flags any\ queue CoreUp_icmp pass out quick log on $core_if\ inet proto icmp from self\ keep state (sloppy source-track global) flags any\ queue CoreUp_icmp pass out quick log on $core_if\ inet proto udp from self to any port 33433 33626\ keep state (sloppy source-track global) flags any\ queue CoreUp_icmp pass in quick log on $serv_if\ inet proto icmp from public_ip\ keep state (sloppy source-track global) flags any\ queue ServDn_icmp tag PING pass in quick log on $serv_if\ inet proto udp to any port 33433 33626\ keep state (sloppy source-track global) flags any\ queue ServDn_icmp tag PING pass out quick log on $serv_if\ inet tagged PING\ keep state (sloppy source-track global) flags any\ queue ServDn_icmp pass out quick log on $serv_if\ inet proto icmp\ keep state (sloppy source-track global) flags any\ queue ServDn_icmp pass out quick log on $serv_if\ inet proto udp to any port 33433 33626\ keep state (sloppy source-track global) flags any\ queue ServDn_icmp Doesn't behave consistently. Some hosts/packets gets block, some get through, randomly. Thanks, Insan Praja SW DMESG (identical machines): OpenBSD 5.1-current (GENERIC.MP) #0: Thu May 17 01:18:14 WIT 2012 r...@greenrouter-jkt02.mygreenlinks.net:/usr/src/sys/arch/i386/compile/GENERIC.MP RTC BIOS diagnostic error 3 cpu0: Intel(R) Pentium(R) D CPU 3.00GHz (GenuineIntel 686-class) 3.01 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR,PDCM,LAHF real mem = 2142687232 (2043MB) avail mem = 2096836608 (1999MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/26/07, SMBIOS rev. 2.4 @ 0x7fbe4000 (43 entries) bios0: vendor Intel Corporation version S3000.86B.02.00.0054.061120091710 date 06/11/2009 bios0: Intel S3000AH acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT SLIC FACP APIC WDDT HPET MCFG ASF! SSDT SSDT SSDT SSDT SSDT HEST BERT ERST EINJ acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S1) PEX4(S4) PEX5(S4) UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) AC9M(S4) AZAL(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Pentium(R) D CPU 3.00GHz (GenuineIntel 686-class) 3 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR,PDCM,LAHF ioapic0 at mainbus0: apid 5 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 5 acpihpet0 at acpi0: 14318179 Hz acpimcfg0 at acpi0 addr 0xf000, bus 0-127 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 4 (P32_) acpiprt2 at acpi0: bus 1 (PEX0) acpiprt3 at acpi0: bus -1 (PEX1) acpiprt4 at acpi0: bus -1 (PEX2) acpiprt5 at acpi0: bus -1 (PEX3) acpiprt6 at acpi0: bus 2 (PEX4) acpiprt7 at acpi0: bus 3 (PEX5) acpicpu0 at acpi0: PSS acpicpu1 at acpi0: PSS acpibtn0 at acpi0: SLPB bios0: ROM list: 0xc/0x9000 0xc9000/0x4800 0xcd800/0x1000 0xce800/0x1000 cpu0: Enhanced SpeedStep 3000 MHz: speeds: 3000, 2400 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel E7230 Host rev 0x00 ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01: apic 5 int 17 pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01: apic 5 int 17 pci2 at ppb1 bus 2 em0 at pci2 dev 0 function 0 Intel PRO/1000 PT (82571EB) rev 0x06: apic 5 int 16, address 00:15:1a:6e:06:aa em1 at pci2 dev 0 function 1 Intel PRO/1000 PT (82571EB) rev
