Discussion:
-current kernel + -7 userland + carp + ipf = failure
(too old to reply)
Stephen Borrill
2017-05-12 07:33:57 UTC
Permalink
I'm continuing trying to get carp(4) + default gateway working as
described in:
http://mail-index.netbsd.org/tech-net/2017/03/14/msg006283.html

I was trying to test whether carp(4) worked any better in -current, so
built a -current XEN3_DOMU kernel with carp added.

Firstly, I noticed that I had no network access at all. carp had
successfully negotiated MASTER and BACKUP statuses on the hosts, but I
could not ping anything:

xennet0: flags=8963<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,SIMPLEX>
xennet0: flags=8963<MULTICAST> mtu 1500
capabilities=2800<TCP4CSUM_Tx,UDP4CSUM_Tx>
enabled=0
ec_capabilities=1<VLAN_MTU>
ec_enabled=0
address: d6:41:19:58:cc:d5
inet6 fe80::d441:19ff:fe58:ccd5%xennet0 prefixlen 64 scopeid 0x2
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
capabilities=2800<TCP4CSUM_Tx,UDP4CSUM_Tx>
enabled=0
carp: MASTER carpdev xennet0 vhid 1 advbase 1 advskew 0
address: 00:00:5e:00:01:01
inet 192.168.1.88 netmask 0xffffff00 broadcast 192.168.1.255

If I configure an IP address directly on xennet0 it works.

Secondly, I ran ipf -D and got the following:

panic: kernel diagnostic assertion "(flags & ~PFIL_ALL) == 0" failed: file
"/usr/src/current/sys/net/pfil.c", line 363
fatal breakpoint trap in supervisor mode
trap type 1 code 0 rip 0xffffffff80206365 cs 0xe030 rflags 0x246 cr2
0x71fad3ece8b0 ilevel 0 rsp 0xffffa0000cd33440
curlwp 0xffffa00000cd25a0 pid 644.1 lowest kstack 0xffffa0000cd302c0
Stopped in pid 644.1 (ipf) at netbsd:breakpoint+0x5: leave
breakpoint() at netbsd:breakpoint+0x5
vpanic() at netbsd:vpanic+0x140
nd6_hint() at netbsd:nd6_hint
pfil_remove_hook() at netbsd:pfil_remove_hook+0xc1
ipfdetach() at netbsd:ipfdetach+0xb1
ipf_ipf_ioctl() at netbsd:ipf_ipf_ioctl+0x6bb
ipfioctl() at netbsd:ipfioctl+0x8c
cdev_ioctl() at netbsd:cdev_ioctl+0x88
VOP_IOCTL() at netbsd:VOP_IOCTL+0x3b
vn_ioctl() at netbsd:vn_ioctl+0xa6
sys_ioctl() at netbsd:sys_ioctl+0x101
syscall() at netbsd:syscall+0x9c
--- syscall (number 54) ---
71fad3ece8ba:
ds f008
es 3400
fs 3450
gs 8
rdi 0
rsi a
rbp ffffa0000cd33440
rbx 104
rdx ffffffff806f5480 cpu_info_primary
rcx 0
rax 1
r8 ffffffff806f5480 cpu_info_primary
r9 8080808080808080
r10 ffffa0000cd333c0
r11 e033
r12 ffffffff806141a8 ostype+0xa68
r13 ffffa0000cd33488
r14 ffffa000008ef008
r15 10
rip ffffffff80206365 breakpoint+0x5
cs e030
rflags 246
rsp ffffa0000cd33440
ss e02b

NetBSD 7.99.71 (XEN3_DOMUCARP) #0: Thu May 11 17:09:15 BST 2017
--
Stephen


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Christos Zoulas
2017-05-12 08:03:58 UTC
Permalink
Post by Stephen Borrill
I'm continuing trying to get carp(4) + default gateway working as
http://mail-index.netbsd.org/tech-net/2017/03/14/msg006283.html
I was trying to test whether carp(4) worked any better in -current, so
built a -current XEN3_DOMU kernel with carp added.
Firstly, I noticed that I had no network access at all. carp had
successfully negotiated MASTER and BACKUP statuses on the hosts, but I
xennet0: flags=8963<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,SIMPLEX>
xennet0: flags=8963<MULTICAST> mtu 1500
capabilities=2800<TCP4CSUM_Tx,UDP4CSUM_Tx>
enabled=0
ec_capabilities=1<VLAN_MTU>
ec_enabled=0
address: d6:41:19:58:cc:d5
inet6 fe80::d441:19ff:fe58:ccd5%xennet0 prefixlen 64 scopeid 0x2
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
capabilities=2800<TCP4CSUM_Tx,UDP4CSUM_Tx>
enabled=0
carp: MASTER carpdev xennet0 vhid 1 advbase 1 advskew 0
address: 00:00:5e:00:01:01
inet 192.168.1.88 netmask 0xffffff00 broadcast 192.168.1.255
If I configure an IP address directly on xennet0 it works.
I just fixed that one, thanks!

christos


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Stephen Borrill
2017-05-12 08:16:29 UTC
Permalink
On Fri, 12 May 2017, Christos Zoulas wrote:
[snip]
Post by Christos Zoulas
I just fixed that one, thanks!
Confirmed fixed.

carp still doesn't work, of course.
--
Stephen


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Hauke Fath
2017-05-12 19:18:34 UTC
Permalink
Post by Stephen Borrill
xennet0: flags=8963<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,SIMPLEX>
xennet0: flags=8963<MULTICAST> mtu 1500
capabilities=2800<TCP4CSUM_Tx,UDP4CSUM_Tx>
enabled=0
ec_capabilities=1<VLAN_MTU>
ec_enabled=0
address: d6:41:19:58:cc:d5
inet6 fe80::d441:19ff:fe58:ccd5%xennet0 prefixlen 64 scopeid 0x2
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
capabilities=2800<TCP4CSUM_Tx,UDP4CSUM_Tx>
enabled=0
carp: MASTER carpdev xennet0 vhid 1 advbase 1 advskew 0
address: 00:00:5e:00:01:01
inet 192.168.1.88 netmask 0xffffff00 broadcast 192.168.1.255
If I configure an IP address directly on xennet0 it works.
My understanding is that, behind a system of smoke and mirrors, carp
will add the primary address of a set of redundant machines in a subnet
as an alias to the active machine's interface. This appears to require
that the interface is configured. I have not checked whether you could
get away with rfc1918 addresses as primary addresses on the interfaces;
otherwise, it's (1 + # of machines) ip addresses per subnet.

Cheerio,
hauke
--
Hauke Fath <***@Espresso.Rhein-Neckar.DE>
Ernst-Ludwig-Straße 15
64625 Bensheim
Germany

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Stephen Borrill
2017-05-15 08:54:37 UTC
Permalink
Post by Hauke Fath
Post by Stephen Borrill
xennet0: flags=8963<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,SIMPLEX>
xennet0: flags=8963<MULTICAST> mtu 1500
capabilities=2800<TCP4CSUM_Tx,UDP4CSUM_Tx>
enabled=0
ec_capabilities=1<VLAN_MTU>
ec_enabled=0
address: d6:41:19:58:cc:d5
inet6 fe80::d441:19ff:fe58:ccd5%xennet0 prefixlen 64 scopeid 0x2
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
capabilities=2800<TCP4CSUM_Tx,UDP4CSUM_Tx>
enabled=0
carp: MASTER carpdev xennet0 vhid 1 advbase 1 advskew 0
address: 00:00:5e:00:01:01
inet 192.168.1.88 netmask 0xffffff00 broadcast 192.168.1.255
If I configure an IP address directly on xennet0 it works.
My understanding is that, behind a system of smoke and mirrors, carp
will add the primary address of a set of redundant machines in a subnet
as an alias to the active machine's interface. This appears to require
that the interface is configured. I have not checked whether you could
get away with rfc1918 addresses as primary addresses on the interfaces;
otherwise, it's (1 + # of machines) ip addresses per subnet.
You don't need to do any of the above. A single shared IP on carpX is
sufficient; no IP address is required on the base interface.

To confirm, my complaint here is that while the configuration works fine
in -7, with a -current kernel it does not.
--
Stephen


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...