From owner-freebsd-stable@FreeBSD.ORG  Thu Sep 29 14:49:58 2011
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BCA83106566C
	for <freebsd-stable@freebsd.org>; Thu, 29 Sep 2011 14:49:58 +0000 (UTC)
	(envelope-from ml@my.gd)
Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50])
	by mx1.freebsd.org (Postfix) with ESMTP id 55CA08FC0A
	for <freebsd-stable@freebsd.org>; Thu, 29 Sep 2011 14:49:58 +0000 (UTC)
Received: by wwe3 with SMTP id 3so1079651wwe.31
	for <freebsd-stable@freebsd.org>; Thu, 29 Sep 2011 07:49:57 -0700 (PDT)
Received: by 10.227.6.11 with SMTP id 11mr11607271wbx.87.1317307797309;
	Thu, 29 Sep 2011 07:49:57 -0700 (PDT)
Received: from dfleuriot-at-hi-media.com ([83.167.62.196])
	by mx.google.com with ESMTPS id f26sm2821851wbp.7.2011.09.29.07.49.55
	(version=SSLv3 cipher=OTHER); Thu, 29 Sep 2011 07:49:56 -0700 (PDT)
Message-ID: <4E848592.5050300@my.gd>
Date: Thu, 29 Sep 2011 16:49:54 +0200
From: Damien Fleuriot <ml@my.gd>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
	rv:7.0) Gecko/20110922 Thunderbird/7.0
MIME-Version: 1.0
To: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org>
References: <4E71C059.5060404@hi-media.com> <4E84627B.2050609@my.gd>
	<CAE63ME71mXfHeV7hxvtkv8q-m0rVQ8-z7aNfF61Cb0poVJCpRQ@mail.gmail.com>
In-Reply-To: <CAE63ME71mXfHeV7hxvtkv8q-m0rVQ8-z7aNfF61Cb0poVJCpRQ@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: CARP interfaces and mastership issue
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2011 14:49:58 -0000

> 
> 
> 
> Quick follow-up again.
> 
> This is the code for sys/netinet/ip_carp.c on FreeBSD 8.2, OpenBSD
> 3.8, OpenBSD 3.9 in function carp_setrun(struct carp_softc *sc,
> sa_family_t af)
> 
> 
> 
> FREEBSD 8.2-PRERELEASE with init + preempt => auto MASTER bug
> Function starts at line 1371.
> ---
>         switch (sc->sc_state) {
>         case INIT:
>                 if (carp_opts[CARPCTL_PREEMPT] && !carp_suppress_preempt) {
>                         carp_send_ad_locked(sc);
>                         carp_send_arp(sc);
> #ifdef INET6
>                         carp_send_na(sc);
> #endif /* INET6 */
>                         CARP_LOG("%s: INIT -> MASTER (preempting)\n",
>                             SC2IFP(sc)->if_xname);
>                         carp_set_state(sc, MASTER);
>                         carp_setroute(sc, RTM_ADD);
>                 } else {
>                         CARP_LOG("%s: INIT -> BACKUP\n", SC2IFP(sc)->if_xname);
>                         carp_set_state(sc, BACKUP);
>                         carp_setroute(sc, RTM_DELETE);
>                         carp_setrun(sc, 0);
>                 }
>                 break;
> ---
> 
> OPENBSD 3.8 with init + preempt => auto MASTER bug
> Function starts at line 1293.
> ---
>         case INIT:
>                 if (carp_opts[CARPCTL_PREEMPT] && !carp_suppress_preempt) {
>                         carp_set_state(sc, MASTER);
>                         carp_setroute(sc, RTM_ADD);
>                         carp_send_ad(sc);
>                         carp_send_arp(sc);
> #ifdef INET6
>                         carp_send_na(sc);
> #endif /* INET6 */
>                 } else {
>                         carp_set_state(sc, BACKUP);
>                         carp_setroute(sc, RTM_DELETE);
>                         carp_setrun(sc, 0);
>                 }
>                 break;
> ---
> 
> 
> 
> OPENBSD 3.9 with bug fixed
> Function starts at line 1348.
> ---
>         switch (sc->sc_state) {
>         case INIT:
>                 carp_set_state(sc, BACKUP);
>                 carp_setroute(sc, RTM_DELETE);
>                 carp_setrun(sc, 0);
>                 break;
> ---
> 
> 
> It looks like the root cause is there.
> 
> I'll rebuild and test, keep you updated.




Find below my test results with the OpenBSD39 implementation which
forces an INIT -> BACKUP transition regardless of preempt.






# sysctl net.inet.carp.preempt
net.inet.carp.preempt: 1

# sysctl net.inet.carp.suppress_preempt
net.inet.carp.suppress_preempt: 0

# ifconfig carp17
carp17: flags=8<LOOPBACK> metric 0 mtu 1500
	inet 46.182.[snip] netmask 0xffffffff
	inet 46.182.[snip] netmask 0xffffffff
	inet 46.182.[snip] netmask 0xffffffff
	inet 46.182.[snip] netmask 0xffffffff
	inet 46.182.[snip] netmask 0xffffffff
	carp: INIT vhid 117 advbase 1 advskew 200

# ifconfig carp17 up; ./check_carp17_status.sh
count: 0	carp: BACKUP vhid 117 advbase 1 advskew 200
count: 1	carp: BACKUP vhid 117 advbase 1 advskew 200
count: 2	carp: BACKUP vhid 117 advbase 1 advskew 200
count: 3	carp: BACKUP vhid 117 advbase 1 advskew 200
count: 4	carp: BACKUP vhid 117 advbase 1 advskew 200
count: 5	carp: BACKUP vhid 117 advbase 1 advskew 200
count: 6	carp: BACKUP vhid 117 advbase 1 advskew 200
count: 7	carp: BACKUP vhid 117 advbase 1 advskew 200
count: 8	carp: BACKUP vhid 117 advbase 1 advskew 200
count: 9	carp: BACKUP vhid 117 advbase 1 advskew 200
count: 10	carp: BACKUP vhid 117 advbase 1 advskew 200

# dmesg
carp17: INIT -> BACKUP
carp17: link state changed to DOWN



Looks like it works.

I'm afraid I cannot test actual preemption by shutting down a physical
interface on the MASTER, because they're actually used in production and
I've got users logged in to their VPN on pf1.

I see no reason this should break anything however, it only forces the
CARP interface to assume a BACKUP state right after INIT, as it normally
should, regardless of preemption.

I'm filling a PR + patch.