openvpn in rdomain hangs

Wed, 05 Feb 2014 01:10:37 -0800 

hi misc,

i'm trying to run OpenBSD with two default gateways, one for openvpn and
another for everything else. openvpn is in rdomain 1 and everything works fine.

OpenBSD 5.5-beta (GENERIC.MP) #284: Mon Feb  3 07:57:32 MST 2014
    t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

# cat hostname.em1
!echo "starting em1"
rdomain 1
group vpn
inet yy.yy.yy.yy/28
!/sbin/route -T 1 add default yy.yy.yy.default
!echo -n "starting sshd in rdomain 1"
!route -T 1 exec /etc/rc.d/sshd start && echo "."
!echo -n "starting openvpn in rdomain 1"
!install -d -o _openvpn -g _openvpn -m 0755 /var/run/openvpn &&
/sbin/route -T 1 exec /usr/local/sbin/openvpn --daemon --config
/etc/openvpn/server.conf && echo "."

# cat hostname.tun0
!echo "starting tun0"
up
10.100.16.1 10.100.16.2 netmask 0xffffffff
!route add 10.100.16.0/24 10.100.16.2

however, openvpn cannot be restarted in multi-user mode. it hangs in
get_default_gateway().

http://www.openssh.com/cgi-bin/cvsweb/ports/net/openvpn/patches/patch-src_openvpn_route_c?rev=1.2;content-type=text%2Fplain

ktrace shows that read(2) to routing socket does not return.

 10068 openvpn  CALL  socket(PF_ROUTE,SOCK_RAW,0)
 10068 openvpn  RET   socket 3
 10068 openvpn  CALL  sigprocmask(SIG_BLOCK,~0<>)
 10068 openvpn  RET   sigprocmask 0<>
 10068 openvpn  CALL  mprotect(0x10ee093000,0x2000,0x3<PROT_READ|PROT_WRITE>)
 10068 openvpn  RET   mprotect 0
 10068 openvpn  CALL  mprotect(0x10ee093000,0x2000,0x1<PROT_READ>)
 10068 openvpn  RET   mprotect 0
 10068 openvpn  CALL  sigprocmask(SIG_SETMASK,0<>)
 10068 openvpn  RET   sigprocmask ~0x10100<SIGKILL|SIGSTOP>
 10068 openvpn  CALL  write(0x3,0x10ee1949c0,0x80)
 10068 openvpn  GIO   fd 3 wrote 128 bytes
       
"\M^@\0\^E\^D\0\0\0\0\0\0\0\0\^E\0\0\0\^C\0\0\0\0\0\0\0\0\0\0\0\^A\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
        
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\^P\^B\0\0\0\0\0\0\0\0\0\0\0\0\0\0\^P\^B\
        \0\0\0\0\0\0\0\0\0\0\0\0\0\000"
 10068 openvpn  RET   write 128/0x80
 10068 openvpn  CALL  sigprocmask(SIG_BLOCK,~0<>)
 10068 openvpn  RET   sigprocmask 0<>
 10068 openvpn  CALL  mprotect(0x10ee093000,0x2000,0x3<PROT_READ|PROT_WRITE>)
 10068 openvpn  RET   mprotect 0
 10068 openvpn  CALL  mprotect(0x10ee093000,0x2000,0x1<PROT_READ>)
 10068 openvpn  RET   mprotect 0
 10068 openvpn  CALL  sigprocmask(SIG_SETMASK,0<>)
 10068 openvpn  RET   sigprocmask ~0x10100<SIGKILL|SIGSTOP>
 10068 openvpn  CALL  read(0x3,0x10ee1949c0,0x260)

when invoked from hostname.em1 during boot, read(2) immediately returned with
ESRCH. according to route(4), messages written to the socket should be
returned. how can read(2) be blocked?
the behavior is same on 5.4, 5.3 and current.

-- 
Tomoyuki Sakurai

Reply via email to