From owner-freebsd-net@FreeBSD.ORG Fri Jun 4 19:43:06 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3F2851065678; Fri, 4 Jun 2010 19:43:06 +0000 (UTC) (envelope-from bseklecki@collaborativefusion.com) Received: from collaborativefusion.com (pr40.pitbpa0.pub.collaborativefusion.com [206.210.89.202]) by mx1.freebsd.org (Postfix) with ESMTP id F11EC8FC1B; Fri, 4 Jun 2010 19:43:05 +0000 (UTC) Received: from [192.168.2.161] (soundwave.ws.pitbpa0.priv.collaborativefusion.com [192.168.2.161]) by relay.admin.pitbpa0.priv.collaborativefusion.com with esmtp; Fri, 04 Jun 2010 15:33:03 -0400 id 00000013.000000004C0954EF.0000C4ED From: "Brian A. Seklecki" To: freebsd-net Organization: Collaborative Fusion, Inc. Date: Fri, 04 Jun 2010 15:33:03 -0400 Message-ID: <1275679983.3910.134.camel@soundwave> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=_skyhopper-50413-1275679983-0001-2" X-Mailer: Evolution 2.30.1.2 (2.30.1.2-8.fc13) Cc: brooks@freebsd.org, Steve Polyack , Sean McAfee , jon.otterholm@ide.resurscentrum.se, jfvogel@gmail.com, samflanker@gmail.com, Zaphod Beeblebrox Subject: re: [trouble] restart network & vlan`s interface (if_vlan / conf/63700 redux) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bseklecki@collaborativefusion.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jun 2010 19:43:06 -0000 This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --=_skyhopper-50413-1275679983-0001-2 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable [Originally from freebsd-hackers@ / Feb 2008] All: =20 pf conf/63700 got the ball rolling on fixing cloned/VLAN=20 interface management with rc.d/netif, but problems still remain. =20 For example, adding an alias to a VLAN and running: /etc/rc.d/netif restart && /etc/rc.d/routing restart=20 is a failure. Take the following rc.conf(4) config: hostname=3D"sexdrugsandunix" cloned_interfaces=3D"vlan14" ifconfig_em0=3D"up media 100baseTX mediaopt full-duplex -tso" ifconfig_vlan14=3D"inet 1.2.3.4 netmask 255.255.255.128 vlan 14 vlandev em0 up" ifconfig_vlan14_alias0=3D"inet 1.2.3.5 netmask 255.255.255.255" Change it to include a second alias without a reboot, instead run 'rc.d/netif restart', as works on a physical interface: hostname=3D"sexdrugsandunix" cloned_interfaces=3D"vlan14" ifconfig_em0=3D"up media 100baseTX mediaopt full-duplex -tso" ifconfig_vlan14=3D"inet 1.2.3.4 netmask 255.255.255.128 vlan 14 vlandev em0 up" ifconfig_vlan14_alias0=3D"inet 1.2.3.5 netmask 255.255.255.255" ifconfig_vlan14_alias1=3D"inet 1.2.3.6 netmask 255.255.255.255" The result will be: % ifconfig vlan14 [bseklecki@sureshot ~]$ ifconfig vlan14 vlan14: flags=3D8843 metric 0 mtu= =20 inet 1.2.3.6 netmask 0xffffffff broadcast 192.168.158.152 inet 1.2.3.5 netmask 0xffffffff broadcast 192.168.158.255 1) I'm not sure where the .152 broadcast comes from. ?! 2) The new _alias1=3D data is now in the primary IP slot 3) The primary IP is lost, there is no routable IP 4) The original _alias0=3D data is now in the 1st alias slot 5) rc.d/routing fails because the interface lacks a routable IP with a valid netmask/broadcast combination. --------------------------- Problem #1: rc.d/netif::network_stop() The core problem is that rc.d/netif::network_stop() never calls network.subr::clone_down() in the same way that rc.d/netif::network_start() calls network.subr::cloned_up() I'd speculate that this is a design decision not to destroy=20 network interfaces that certain userland daemons (DHCP, RTADVD,=20 BPF) may be strictly bound to; I disagree. Even if you explicitly pass your VLAN interface to rc.d/netif, a stop doesn't call 'ifconfig VL destory', and, when 'rc.d/netif start' is called later, SIOCSETVLAN results. jail-host-80:/home/bseklecki% sudo ifconfig vlan666 destroy jail-host-80:/home/bseklecki% sudo ifconfig vlan666=20 create inet 1.2.3.4 netmask 255.255.255.0 vlan 666 vlandev em0 jail-host-80:/home/bseklecki% sudo ifconfig vlan666=20 create inet 1.2.3.4 netmask 255.255.255.0 vlan 666 vlandev em0 ifconfig: create: bad value A simple rc.d/network_stop() patch could fix this problem if=20 we can avoid bikeshedding. ------------------------------------------ Problem #2: VLAN interface data structures maintain configuration=20 data after being destroyed, *SOMETIMES* %ifconfig vlan666 vlan666: flags=3D8843 metric 0 mtu 1500 options=3D3 ether 00:0c:29:a1:4b:9d inet 192.168.15.54 netmask 0xffffff00 broadcast 192.168.15.255 media: Ethernet 1000baseT status: active vlan: 666 parent interface: em0 %sudo ifconfig vlan666 destroy %sudo ifconfig vlan666 create %ifconfig vlan666 vlan666: flags=3D8843 metric 0 mtu 1500 options=3D3 ether 00:0c:29:a1:4b:9d !!**?>> inet 192.168.15.54 netmask 0xffffff00 broadcast 192.168.15.255 media: Ethernet 1000baseT status: active vlan: 666 parent interface: em0 Now, that's something you don't see very day!! ---------------------------------------------------- NOTE: I can't get that persistent IP data problem to happen consistently, but its highly reproducible. I also have no idea on the fixes, I'll check this weekend, but I have a work-around. To avoid destroying your routing table after adding an alias to a VLAN interface in rc.conf(5), simply run: $ sudo /etc/rc.d/netif [VLAN####] start DO NOT RESTART, and you should be okay. ~BAS References: http://lists.freebsd.org/pipermail/freebsd-hackers/2008-February/023440.htm= l http://www.freebsd.org/cgi/query-pr.cgi?pr=3D63700&cat=3D (Circa 2004) http://lists.freebsd.org/pipermail/freebsd-net/2007-September/015447.html --=20 Brian A. Seklecki Collaborative Fusion, Inc. --=_skyhopper-50413-1275679983-0001-2 Content-Type: application/pgp-signature; name="signature.asc" Content-Transfer-Encoding: 7bit Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEABECAAYFAkwJVO8ACgkQCne6BNDQ+R8HwgCfT4bArdbmohpzNxPW2bqj0EJ7 YKoAn3uFMA0eEtgogxn1Ig+BjppHh9dD =oBT8 -----END PGP SIGNATURE----- --=_skyhopper-50413-1275679983-0001-2--