Date: Fri, 12 Feb 2010 19:22:56 -0700 From: Brett Glass <brett@lariat.net> To: "Li, Qing" <qing.li@bluecoat.com> Cc: "Li, Qing" <qing.li@bluecoat.com>, Luiz Otavio O Souza <lists.br@gmail.com>, net@freebsd.org Subject: RE: Routing problems on VPN servers running FreeBSD 8.0-RELEASE Message-ID: <201002130222.TAA19338@lariat.net> In-Reply-To: <B583FBF374231F4A89607B4D08578A4306932687@bcs-mail03.intern al.cacheflow.com> References: <201002122133.OAA16835@lariat.net> <25ff90d61002121409m6a9d7639qf254a754644a60ca@mail.gmail.com> <201002122240.PAA17544@lariat.net> <B583FBF374231F4A89607B4D08578A43046737C2@bcs-mail03.internal.cacheflow.com> <201002130004.RAA18387@lariat.net> <B583FBF374231F4A89607B4D08578A43046737C3@bcs-mail03.internal.cacheflow.com> <201002130041.RAA18639@lariat.net> <B583FBF374231F4A89607B4D08578A4306932687@bcs-mail03.internal.cacheflow.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This patch seems to have had a positive effect on ppp(8)/PoPToP, though more testing is needed. However, It appears that mpd uses arp(8) rather than the socket interface to set up proxy ARP. Here's the code (from the file iface.c in mpd 5.3): if (Enabled(&iface->options, IFACE_CONF_PROXY)) { if (u_addrempty(&iface->peer_addr)) { Log(LG_IFACE, ("[%s] IFACE: Can't proxy arp for %s", b->name, u_addrtoa(&iface->peer_addr,hisaddr,sizeof(hisaddr)))); } else if (GetEther(&iface->peer_addr, &hwa) < 0) { Log(LG_IFACE, ("[%s] IFACE: No interface to proxy arp on for %s", b->name, u_addrtoa(&iface->peer_addr,hisaddr,sizeof(hisaddr)))); } else { ether = (u_char *) LLADDR(&hwa); if (ExecCmdNosh(LG_IFACE2, b->name, "%s -S %s %x:%x:%x:%x:%x:%x pub", PATH_ARP, u_addrtoa(&iface->peer_addr,hisaddr,sizeof(hisaddr)), ether[0], ether[1], ether[2], ether[3], ether[4], ether[5]) == 0) iface->proxy_addr = iface->peer_addr; } } When this executes, I do not get an error message but nothing actually happens. Must something be done to arp(8) or to mpd to make the code above work? --Brett At 07:03 PM 2/12/2010, Li, Qing wrote: > > > > It'd be good to resolve this as soon as possible, because I have > > two clients who need servers installed this weekend. (They wanted > > them last week, but I was trapped away from the office by a >snowstorm.) > > > >Luiz Otavio and I have been discussing offline about an issue with >the file /usr.sbin/ppp/arp.c in the past week or so. The ARP related >code in arp.c was missing a flag bit called "RTF_LLDATA". > >Luiz Otavio and I just had a debug session on your issue. He was >able to reproduce it, and due to the missing RTF_LLDATA bit, the >proxy-arp entry made it into the routing table, which was not >suppose to happen. Since there is already a PPP host entry >for the remote end, you get the FILE EXIST error. >I believe the reason was due to its confusing the kernel code as >if mpd is installing a routing entry as in >"route add x.x.x.x/y -iface em0". > >So you can wait for Luiz's patch, or you could do it yourself >and try the following 1 line fix: > >======================================================================== >======== >-- usr.sbin/ppp/arp.c (revision 203430) >+++ usr.sbin/ppp/arp.c (working copy) >@@ -119,7 +119,7 @@ > return 0; > } > arpmsg.hdr.rtm_type = add ? RTM_ADD : RTM_DELETE; >- arpmsg.hdr.rtm_flags = RTF_ANNOUNCE | RTF_HOST | RTF_STATIC; >+ arpmsg.hdr.rtm_flags = RTF_ANNOUNCE | RTF_HOST | RTF_STATIC | >RTF_LLDATA; > arpmsg.hdr.rtm_version = RTM_VERSION; > arpmsg.hdr.rtm_seq = ++bundle->routing_seq; > arpmsg.hdr.rtm_addrs = RTA_DST | RTA_GATEWAY; >======================================================================== >======== > >I had to reintroduce the RTF_LLDATA flag for compatibility in r187094 >back >in Jan. 2009. This change appears to be missing from the ppp port. > >Please give the above fix a try and see if it resolves your issue. > >-- Qing
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201002130222.TAA19338>