Hi Maxim et al,
I have found a (nasty) bug in VTUN. (Anyway I think I have :-)
When one network card has a second alias, the TCP --> UDP switch picks
the wrong IP address, as seen below.
Nasty isn't? :-)
Setup:
=====
- 1 box
- 1 network card with 1 alias on the interface
213.132.176.25 with ALIAS 213.132.176.27
Server running:
/usr/src/redhat/BUILD/vtun-3.0.1/vtund -n -s -f /etc/vtund.27.conf -P
5000 -L 213.132.176.27
Client Running:
vtund -n -f /etc/vtund.conf -P 5000 ppptunnel2 213.132.176.27
Wrong connection (using 213.132.176.27 the alias):
========================================
23:35:23.527590 IP 62.140.132.29.1101 > 213.132.176.27.5000: S
723854646:723854646(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0>
23:35:23.527635 IP 213.132.176.27.5000 > 62.140.132.29.1101: S
1295389453:1295389453(0) ack 723854647 win 5840 <mss
1460,nop,nop,sackOK,nop,wscale 7>
23:35:23.817614 IP 62.140.132.29.1101 > 213.132.176.27.5000: . ack 1 win
5840
[23:35:23.818037 IP 213.132.176.27.5000 > 62.140.132.29.1101: P 1:51(50)
ack 1 win 46
23:35:24.122639 IP 62.140.132.29.1101 > 213.132.176.27.5000: . ack 51
win 5840
23:35:24.250557 IP 62.140.132.29.1101 > 213.132.176.27.5000: P 1:51(50)
ack 51 win 5840
23:35:24.250580 IP 213.132.176.27.5000 > 62.140.132.29.1101: . ack 51
win 46
23:35:24.251056 IP 213.132.176.27.5000 > 62.140.132.29.1101: P
51:101(50) ack 51 win 46
23:35:24.389942 IP 62.140.132.86.1085 > 213.132.176.25.5001: UDP, length
2
23:35:24.626779 IP 62.140.132.29.1101 > 213.132.176.27.5000: P
51:101(50) ack 101 win 5840
23:35:24.627995 IP 213.132.176.27.5000 > 62.140.132.29.1101: P
101:151(50) ack 101 win 46
23:35:24.924797 IP 62.140.132.29.1101 > 213.132.176.27.5000: P
101:103(2) ack 151 win 5840
23:35:24.924829 IP 213.132.176.27.5000 > 62.140.132.29.1101: P
151:153(2) ack 103 win 46
23:35:24.924948 IP 213.132.176.27.5000 > 62.140.132.29.1101: F
153:153(0) ack 103 win 46
[Here the connection turns into UDP, this one uses wrong src IP address!
After switching]
23:35:24.926417 IP 213.132.176.25.5000 > 62.140.132.29.1101: UDP, length
2
23:35:24.927203 IP 213.132.176.25.5000 > 62.140.132.29.1101: UDP, length
69
23:35:25.240566 IP 62.140.132.29.1101 > 213.132.176.27.5000: F
103:103(0) ack 153 win 5840
23:35:25.240602 IP 213.132.176.27.5000 > 62.140.132.29.1101: . ack 104
win 46
23:35:25.240820 IP 62.140.132.29.1101 > 213.132.176.27.5000: UDP, length
2
23:35:25.240871 IP 213.132.176.27 > 62.140.132.29: ICMP 213.132.176.27
udp port 5000 unreachable, length 38
[Of course this triggers ICMP unreachable from incoming client
connections]
23:35:25.307014 IP 62.140.132.29.1101 > 213.132.176.27.5000: . ack 154
win 5840
23:35:25.601321 IP 62.140.132.29.1101 > 213.132.176.27.5000: UDP, length
61
23:35:25.601351 IP 213.132.176.27 > 62.140.132.29: ICMP 213.132.176.27
udp port 5000 unreachable, length 97
23:35:25.601322 IP 62.140.132.29.1101 > 213.132.176.27.5000: UDP, length
2
23:35:25.601384 IP 213.132.176.27 > 62.140.132.29: ICMP 213.132.176.27
udp port 5000 unreachable, length 38
Well going Connection example (Using 213.132.176.25):
=============================================
23:50:43.770992 IP 62.140.132.86.1109 > 213.132.176.25.5001: S
1323377764:1323377764(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0>
23:50:43.771048 IP 213.132.176.25.5001 > 62.140.132.86.1109: S
2850636428:2850636428(0) ack 1323377765 win 5840 <mss
1460,nop,nop,sackOK,nop,wscale 7>
23:50:44.030350 IP 62.140.132.86.1109 > 213.132.176.25.5001: . ack 1 win
5840
23:50:44.030779 IP 213.132.176.25.5001 > 62.140.132.86.1109: P 1:51(50)
ack 1 win 46
23:50:44.301597 IP 62.140.132.86.1109 > 213.132.176.25.5001: . ack 51
win 5840
23:50:44.420518 IP 62.140.132.86.1109 > 213.132.176.25.5001: P 1:51(50)
ack 51 win 5840
23:50:44.420540 IP 213.132.176.25.5001 > 62.140.132.86.1109: . ack 51
win 46
23:50:44.421010 IP 213.132.176.25.5001 > 62.140.132.86.1109: P
51:101(50) ack 51 win 46
23:50:44.771790 IP 62.140.132.86.1109 > 213.132.176.25.5001: P
51:101(50) ack 101 win 5840
23:50:44.772251 IP 213.132.176.25.5001 > 62.140.132.86.1109: P
101:151(50) ack 101 win 46
23:50:45.037797 IP 62.140.132.86.1109 > 213.132.176.25.5001: P
101:103(2) ack 151 win 5840
23:50:45.037830 IP 213.132.176.25.5001 > 62.140.132.86.1109: P
151:153(2) ack 103 win 46
23:50:45.037870 IP 213.132.176.25.5001 > 62.140.132.86.1109: F
153:153(0) ack 103 win 46
23:50:45.038477 IP 213.132.176.25.5001 > 62.140.132.86.1109: UDP, length
2
23:50:45.040197 IP 213.132.176.25.5001 > 62.140.132.86.1109: UDP, length
69
23:50:45.298103 IP 62.140.132.86.1109 > 213.132.176.25.5001: UDP, length
2
23:50:45.298105 IP 62.140.132.86.1109 > 213.132.176.25.5001: F
103:103(0) ack 153 win 5840
23:50:45.298155 IP 213.132.176.25.5001 > 62.140.132.86.1109: . ack 104
win 46
23:50:45.298164 IP 213.132.176.25.5001 > 62.140.132.86.1109: UDP, length
2
23:50:45.366304 IP 62.140.132.86.1109 > 213.132.176.25.5001: . ack 154
win 5840
23:50:45.599649 IP 62.140.132.86.1109 > 213.132.176.25.5001: UDP, length
61
23:50:45.599937 IP 213.132.176.25.5001 > 62.140.132.86.1109: UDP, length
61
23:50:48.041320 IP 213.132.176.25.5001 > 62.140.132.86.1109: UDP, length
69
23:50:48.316879 IP 62.140.132.86.1109 > 213.132.176.25.5001: UDP, length
27
23:50:48.317230 IP 213.132.176.25.5001 > 62.140.132.86.1109: UDP, length
62
23:50:48.434064 IP 62.140.132.86.1109 > 213.132.176.25.5001: UDP, length
61
23:50:48.434374 IP 213.132.176.25.5001 > 62.140.132.86.1109: UDP, length
61
23:50:48.735340 IP 62.140.132.86.1109 > 213.132.176.25.5001: UDP, length
62
23:50:48.756636 IP 213.132.176.25.5001 > 62.140.132.86.1109: UDP, length
56
23:50:48.799560 IP 62.140.132.86.1109 > 213.132.176.25.5001: UDP, length
31
23:50:48.799794 IP 213.132.176.25.5001 > 62.140.132.86.1109: UDP, length
25
23:50:49.024854 IP 62.140.132.86.1109 > 213.132.176.25.5001: UDP, length
19
23:50:49.025092 IP 213.132.176.25.5001 > 62.140.132.86.1109: UDP, length
19
23:50:49.081564 IP 62.140.132.86.1109 > 213.132.176.25.5001: UDP, length
23
23:50:49.081779 IP 213.132.176.25.5001 > 62.140.132.86.1109: UDP, length
23
23:50:49.209473 IP 62.140.132.86.1109 > 213.132.176.25.5001: UDP, length
31
Quick NO-FIX:
===========
Adding the following to the configuration doesn't help either.
~~
bindaddr { addr 213.132.176.27; };
~~
Analyse:
======
I think we must be looking for the error somewhere between udp_session()
and udp_write().
Inside udp_session the source ip address still looks OK to me.
~~
vtund[19673]: VTUN server ver 3.X 03/21/2008 (stand)
vtund[19673]: my_addr=213.132.176.27
vtund[19673]: Session ppptunnel2[62.140.132.29:1146] opened
vtund[19673]: 1 udp_write my_addr=244.15.131.0
vtund[19673]: Wrongly suggested local_addr=213.132.176.27?
vtund[19673]: 2 udp_write my_addr=213.132.176.27
vtund[19673]: UDP srcip=213.132.176.27
vtund[19673]: 3 udp_write my_addr=213.132.176.27
vtund[19673]: 4 udp_write my_addr=213.132.176.27
vtund[19673]: UDP UNK 213.132.176.27:5000 --> 62.140.132.29:1146
vtund[19673]: UDP connection initialized
vtund[19673]: TINGELING Can't get local socket address
bah: Invalid argument
~~
Unfortunately in udp_write i cannot check with getsockname() any longer
what the local src ip address is.
~~
struct sockaddr_in my_addr;
int opt;
if( getsockname(fd, (struct sockaddr *) &my_addr, &opt) < 0 ){
vtun_syslog(LOG_ERR, "TINGELING Can't get local socket
address");
perror("bah");
//exit(1);
} else
vtun_syslog(LOG_INFO, "TINGELING udp_write my_addr=%s",
inet_ntoa(my_addr.sin_addr));
~~
Questions:
========
- Do you know why I cannot do a getsockname() any more on the file
descriptor?
- Do you know the origin of the wrong src ip problem?
- Do you know a fix? ;-)
Thnx for your time!
--
Vriendelijke Groet,
Roderick
--
TRIPLE IT
straat://Pettemerstraat 12A
postcode://1823 CW
plaats://Alkmaar
tel://+31(0)72-5129516
fax://+31(0)72-5129520
http://www.triple-it.nl <http://www.triple-it.nl/> "Laat uw Net
Werken!"
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
VTun-devel mailing list
VTun-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/vtun-devel
