Discussion:
npf and carp
(too old to reply)
Mindaugas Rasiukevicius
2015-05-27 21:10:05 UTC
Permalink
I am trying to get npf to play nicely with a carp interface and am
having trouble. The basic setup is that two hosts share in IP via carp
and I want to connect to that interface (i.e., either host) via ssh.
- Carp will switch the interface from host to host
- Ssh connects to either host via its native IP
- Ssh connects to a carp IP only if npf is not active; this is the
problem.
Hmm. Perhaps it is a bug in network stack bug and the packet gets
associated with a different network interface. Just a random guess.
Indeed, the traffic looks asymmetric. The packet filters (not only NPF)
see the outgoing packets on the physical interface. It is reset here:

http://nxr.netbsd.org/xref/src/sys/net/if_ethersubr.c?r=1.209#222
--
Mindaugas

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Christos Zoulas
2015-05-28 02:05:01 UTC
Permalink
Post by Mindaugas Rasiukevicius
I am trying to get npf to play nicely with a carp interface and am
having trouble. The basic setup is that two hosts share in IP via carp
and I want to connect to that interface (i.e., either host) via ssh.
- Carp will switch the interface from host to host
- Ssh connects to either host via its native IP
- Ssh connects to a carp IP only if npf is not active; this is the
problem.
Hmm. Perhaps it is a bug in network stack bug and the packet gets
associated with a different network interface. Just a random guess.
Indeed, the traffic looks asymmetric. The packet filters (not only NPF)
http://nxr.netbsd.org/xref/src/sys/net/if_ethersubr.c?r=1.209#222
Try s/ifp/ifp0/g at line 430...

christos


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...