Re: sis(4) broken on 8.2 [Re: Carp seems completely broken on 8.2-RC2 and 8.2-PRERELEASE]
On Tue, Jan 18, 2011 at 03:37:48AM +0100, Paul Schenkeveld wrote: Hello, On Mon, Jan 17, 2011 at 02:26:24PM -0800, Pyun YongHyeon wrote: Since you didn't post dmesg output I'm not sure what kind of controller you have but I guess it would be NS8381[56]. I overhauled sis(4) to make it work on all architectures so one of change, probably r212119, could be cause of the issue. Due to lack of SiS controllers I didn't touch multicast handling part so some part of code still relies on old wrong behavior of driver. Would you try attached patch and let me know whether it makes any difference? Hmm, unfortunately it seems the patch above may not work since NS data sheet says that filter function should be disabled before touching other bits in the register. Try this one instead. As far as I can tell, both patches work for me. Your second patch is on my production firewalls now so if anthing comes up over the coming days I'll keep you informed. I've tested carp, both failover to backup and fallback (preemption) with IPv4 and with IPv6, all seems to work now. Thanks for testing. Committed to HEAD(r217548). Thannks again for your patches, hope you can get them into 8.2. I'm afraid it's too late. :-( Regards, Paul Schenkeveld ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
sis(4) broken on 8.2 [Re: Carp seems completely broken on 8.2-RC2 and 8.2-PRERELEASE]
On Sun, Jan 16, 2011 at 01:41:22PM +0100, Paul Schenkeveld wrote: Hi, Trying to upgrade two Soekris firewalls to 8-STABLE or 8.2-PRERELEASE it appears that carp doesn't work at all. I've set up carp like I've done on many firewall pairs before and they all work correctly. With google, nor in the mailing lists, I could find anything about changes in the way carp get configured but if I missed something I'd be happy to hear that it's my fault. Here's the setup: net5501 test3 10.4.0.4/24 | -+- | | net4801 net4801 test1 test2 sis4: 10.4.0.2/24 sis4: 10.4.0.3/24 carp4:10.4.0.1/24 carp4:10.4.0.1/24 | | | | | | | | | | | | | | | | sis[0-3] connected to other networks, see explanation below. When I ping from test3 to 10.4.0.1, I see the following traffic using tcpdump: test3 # tcpdump -e -n -i vr3 not vrrp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vr3, link-type EN10MB (Ethernet), capture size 96 bytes 12:09:35.121831 00:00:24:c9:30:ff ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.4.0.1 tell 10.4.0.4, length 46 12:09:35.122144 00:00:24:c3:49:91 00:00:24:c9:30:ff, ethertype ARP (0x0806), length 60: Reply 10.4.0.1 is-at 00:00:5e:00:01:68, length 46 12:09:35.122173 00:00:24:c9:30:ff 00:00:5e:00:01:68, ethertype IPv4 (0x0800), length 98: 10.4.0.4 10.4.0.1: ICMP echo request, id 40482, seq 0, length 64 test1 # tcpdump -e -n -i sis4 not vrrp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on sis4, link-type EN10MB (Ethernet), capture size 96 bytes 12:09:34.977570 00:00:24:c9:30:ff ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.4.0.1 tell 10.4.0.4, length 46 12:09:34.977705 00:00:24:c3:49:91 00:00:24:c9:30:ff, ethertype ARP (0x0806), length 42: Reply 10.4.0.1 is-at 00:00:5e:00:01:68, length 28 test2 # dump -e -n -i sis4 not vrrp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on sis4, link-type EN10MB (Ethernet), capture size 96 bytes 12:09:35.090050 00:00:24:c9:30:ff ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.4.0.1 tell 10.4.0.4, length 46 There is an ARP request which is replied to by the carp master (test). the ping to the carp address does not even appear on the sis4 interface of test1. This is the kernel config for test1 and test2: include GENERIC device carp makeoptions MODULES_OVERRIDE= The relevant rc.conf bits: on test1 hostname=test1 cloned_interfaces=carp1 carp2 carp3 carp4 ifconfig_sis0=xxx.xxx.xxx.41/26 ifconfig_sis1=10.1.0.2/24 ifconfig_sis2=10.2.0.2/24 ifconfig_sis3=10.3.0.2/24 ifconfig_sis4=10.4.0.2/24 ifconfig_carp1=10.1.0.1/24 vhid 101 pass abcd1234 advskew 0 ifconfig_carp2=10.2.0.1/24 vhid 102 pass abcd1234 advskew 0 ifconfig_carp3=10.3.0.1/24 vhid 103 pass abcd1234 advskew 0 ifconfig_carp4=10.4.0.1/24 vhid 104 pass abcd1234 advskew 0 on test2 hostname=test2 cloned_interfaces=carp1 carp2 carp3 carp4 ifconfig_sis0=xxx.xxx.xxx.42/26 ifconfig_sis1=10.1.0.3/24 ifconfig_sis2=10.2.0.3/24 ifconfig_sis3=10.3.0.3/24 ifconfig_sis4=10.4.0.3/24 ifconfig_carp1=10.1.0.1/24 vhid 101 pass abcd1234 advskew 100 ifconfig_carp2=10.2.0.1/24 vhid 102 pass abcd1234 advskew 100 ifconfig_carp3=10.3.0.1/24 vhid 103 pass abcd1234 advskew 100 ifconfig_carp4=10.4.0.1/24 vhid 104 pass abcd1234 advskew 100 In /etc/sysctl.conf: net.inet.carp.preempt=1 Ifconfig output: test1 # ifconfig sis4 sis4: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=83808VLAN_MTU,WOL_UCAST,WOL_MCAST,WOL_MAGIC,LINKSTATE ether 00:00:24:c3:49:91 inet 10.4.0.2 netmask 0xff00 broadcast 10.4.0.255 media: Ethernet autoselect (100baseTX full-duplex) status: active test1 # ifconfig carp4 carp4: flags=49UP,LOOPBACK,RUNNING metric 0 mtu 1500 inet 10.4.0.1 netmask 0xff00 carp: MASTER vhid 104 advbase 1 advskew 0 test2 # ifconfig sis4 sis4: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=83808VLAN_MTU,WOL_UCAST,WOL_MCAST,WOL_MAGIC,LINKSTATE ether 00:00:24:c3:49:7d inet 10.4.0.3 netmask 0xff00 broadcast
Re: sis(4) broken on 8.2 [Re: Carp seems completely broken on 8.2-RC2 and 8.2-PRERELEASE]
On Mon, Jan 17, 2011 at 08:56:15PM +0100, Paul Schenkeveld wrote: On Sun, Jan 16, 2011 at 01:41:22PM +0100, Paul Schenkeveld wrote: Hi, Trying to upgrade two Soekris firewalls to 8-STABLE or 8.2-PRERELEASE it appears that carp doesn't work at all. I've set up carp like I've done on many firewall pairs before and they all work correctly. With google, nor in the mailing lists, I could find anything about changes in the way carp get configured but if I missed something I'd be happy to hear that it's my fault. Here's the setup: net5501 test3 10.4.0.4/24 | -+- | | net4801 net4801 test1 test2 sis4: 10.4.0.2/24 sis4: 10.4.0.3/24 carp4:10.4.0.1/24 carp4:10.4.0.1/24 | | | | | | | | | | | | | | | | sis[0-3] connected to other networks, see explanation below. When I ping from test3 to 10.4.0.1, I see the following traffic using tcpdump: test3 # tcpdump -e -n -i vr3 not vrrp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vr3, link-type EN10MB (Ethernet), capture size 96 bytes 12:09:35.121831 00:00:24:c9:30:ff ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.4.0.1 tell 10.4.0.4, length 46 12:09:35.122144 00:00:24:c3:49:91 00:00:24:c9:30:ff, ethertype ARP (0x0806), length 60: Reply 10.4.0.1 is-at 00:00:5e:00:01:68, length 46 12:09:35.122173 00:00:24:c9:30:ff 00:00:5e:00:01:68, ethertype IPv4 (0x0800), length 98: 10.4.0.4 10.4.0.1: ICMP echo request, id 40482, seq 0, length 64 test1 # tcpdump -e -n -i sis4 not vrrp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on sis4, link-type EN10MB (Ethernet), capture size 96 bytes 12:09:34.977570 00:00:24:c9:30:ff ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.4.0.1 tell 10.4.0.4, length 46 12:09:34.977705 00:00:24:c3:49:91 00:00:24:c9:30:ff, ethertype ARP (0x0806), length 42: Reply 10.4.0.1 is-at 00:00:5e:00:01:68, length 28 test2 # dump -e -n -i sis4 not vrrp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on sis4, link-type EN10MB (Ethernet), capture size 96 bytes 12:09:35.090050 00:00:24:c9:30:ff ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.4.0.1 tell 10.4.0.4, length 46 There is an ARP request which is replied to by the carp master (test). the ping to the carp address does not even appear on the sis4 interface of test1. This is the kernel config for test1 and test2: include GENERIC device carp makeoptions MODULES_OVERRIDE= The relevant rc.conf bits: on test1 hostname=test1 cloned_interfaces=carp1 carp2 carp3 carp4 ifconfig_sis0=xxx.xxx.xxx.41/26 ifconfig_sis1=10.1.0.2/24 ifconfig_sis2=10.2.0.2/24 ifconfig_sis3=10.3.0.2/24 ifconfig_sis4=10.4.0.2/24 ifconfig_carp1=10.1.0.1/24 vhid 101 pass abcd1234 advskew 0 ifconfig_carp2=10.2.0.1/24 vhid 102 pass abcd1234 advskew 0 ifconfig_carp3=10.3.0.1/24 vhid 103 pass abcd1234 advskew 0 ifconfig_carp4=10.4.0.1/24 vhid 104 pass abcd1234 advskew 0 on test2 hostname=test2 cloned_interfaces=carp1 carp2 carp3 carp4 ifconfig_sis0=xxx.xxx.xxx.42/26 ifconfig_sis1=10.1.0.3/24 ifconfig_sis2=10.2.0.3/24 ifconfig_sis3=10.3.0.3/24 ifconfig_sis4=10.4.0.3/24 ifconfig_carp1=10.1.0.1/24 vhid 101 pass abcd1234 advskew 100 ifconfig_carp2=10.2.0.1/24 vhid 102 pass abcd1234 advskew 100 ifconfig_carp3=10.3.0.1/24 vhid 103 pass abcd1234 advskew 100 ifconfig_carp4=10.4.0.1/24 vhid 104 pass abcd1234 advskew 100 In /etc/sysctl.conf: net.inet.carp.preempt=1 Ifconfig output: test1 # ifconfig sis4 sis4: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=83808VLAN_MTU,WOL_UCAST,WOL_MCAST,WOL_MAGIC,LINKSTATE ether 00:00:24:c3:49:91 inet 10.4.0.2 netmask 0xff00 broadcast 10.4.0.255 media: Ethernet autoselect (100baseTX full-duplex) status: active test1 # ifconfig carp4 carp4: flags=49UP,LOOPBACK,RUNNING metric 0 mtu 1500 inet 10.4.0.1 netmask 0xff00 carp: MASTER vhid 104 advbase 1 advskew 0 test2 # ifconfig sis4 sis4: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500
Re: sis(4) broken on 8.2 [Re: Carp seems completely broken on 8.2-RC2 and 8.2-PRERELEASE]
On Mon, Jan 17, 2011 at 01:29:47PM -0800, Pyun YongHyeon wrote: On Mon, Jan 17, 2011 at 08:56:15PM +0100, Paul Schenkeveld wrote: On Sun, Jan 16, 2011 at 01:41:22PM +0100, Paul Schenkeveld wrote: Hi, Trying to upgrade two Soekris firewalls to 8-STABLE or 8.2-PRERELEASE it appears that carp doesn't work at all. I've set up carp like I've done on many firewall pairs before and they all work correctly. With google, nor in the mailing lists, I could find anything about changes in the way carp get configured but if I missed something I'd be happy to hear that it's my fault. Here's the setup: net5501 test3 10.4.0.4/24 | -+- | | net4801 net4801 test1 test2 sis4: 10.4.0.2/24 sis4: 10.4.0.3/24 carp4:10.4.0.1/24 carp4:10.4.0.1/24 | | | | | | | | | | | | | | | | sis[0-3] connected to other networks, see explanation below. When I ping from test3 to 10.4.0.1, I see the following traffic using tcpdump: test3 # tcpdump -e -n -i vr3 not vrrp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vr3, link-type EN10MB (Ethernet), capture size 96 bytes 12:09:35.121831 00:00:24:c9:30:ff ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.4.0.1 tell 10.4.0.4, length 46 12:09:35.122144 00:00:24:c3:49:91 00:00:24:c9:30:ff, ethertype ARP (0x0806), length 60: Reply 10.4.0.1 is-at 00:00:5e:00:01:68, length 46 12:09:35.122173 00:00:24:c9:30:ff 00:00:5e:00:01:68, ethertype IPv4 (0x0800), length 98: 10.4.0.4 10.4.0.1: ICMP echo request, id 40482, seq 0, length 64 test1 # tcpdump -e -n -i sis4 not vrrp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on sis4, link-type EN10MB (Ethernet), capture size 96 bytes 12:09:34.977570 00:00:24:c9:30:ff ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.4.0.1 tell 10.4.0.4, length 46 12:09:34.977705 00:00:24:c3:49:91 00:00:24:c9:30:ff, ethertype ARP (0x0806), length 42: Reply 10.4.0.1 is-at 00:00:5e:00:01:68, length 28 test2 # dump -e -n -i sis4 not vrrp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on sis4, link-type EN10MB (Ethernet), capture size 96 bytes 12:09:35.090050 00:00:24:c9:30:ff ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.4.0.1 tell 10.4.0.4, length 46 There is an ARP request which is replied to by the carp master (test). the ping to the carp address does not even appear on the sis4 interface of test1. This is the kernel config for test1 and test2: include GENERIC device carp makeoptions MODULES_OVERRIDE= The relevant rc.conf bits: on test1 hostname=test1 cloned_interfaces=carp1 carp2 carp3 carp4 ifconfig_sis0=xxx.xxx.xxx.41/26 ifconfig_sis1=10.1.0.2/24 ifconfig_sis2=10.2.0.2/24 ifconfig_sis3=10.3.0.2/24 ifconfig_sis4=10.4.0.2/24 ifconfig_carp1=10.1.0.1/24 vhid 101 pass abcd1234 advskew 0 ifconfig_carp2=10.2.0.1/24 vhid 102 pass abcd1234 advskew 0 ifconfig_carp3=10.3.0.1/24 vhid 103 pass abcd1234 advskew 0 ifconfig_carp4=10.4.0.1/24 vhid 104 pass abcd1234 advskew 0 on test2 hostname=test2 cloned_interfaces=carp1 carp2 carp3 carp4 ifconfig_sis0=xxx.xxx.xxx.42/26 ifconfig_sis1=10.1.0.3/24 ifconfig_sis2=10.2.0.3/24 ifconfig_sis3=10.3.0.3/24 ifconfig_sis4=10.4.0.3/24 ifconfig_carp1=10.1.0.1/24 vhid 101 pass abcd1234 advskew 100 ifconfig_carp2=10.2.0.1/24 vhid 102 pass abcd1234 advskew 100 ifconfig_carp3=10.3.0.1/24 vhid 103 pass abcd1234 advskew 100 ifconfig_carp4=10.4.0.1/24 vhid 104 pass abcd1234 advskew 100 In /etc/sysctl.conf: net.inet.carp.preempt=1 Ifconfig output: test1 # ifconfig sis4 sis4: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=83808VLAN_MTU,WOL_UCAST,WOL_MCAST,WOL_MAGIC,LINKSTATE ether 00:00:24:c3:49:91 inet 10.4.0.2 netmask 0xff00 broadcast 10.4.0.255 media: Ethernet autoselect (100baseTX full-duplex) status: active test1 # ifconfig carp4 carp4: flags=49UP,LOOPBACK,RUNNING metric 0 mtu 1500 inet 10.4.0.1 netmask 0xff00 carp: MASTER vhid
Re: sis(4) broken on 8.2 [Re: Carp seems completely broken on 8.2-RC2 and 8.2-PRERELEASE]
Hello, On Mon, Jan 17, 2011 at 02:26:24PM -0800, Pyun YongHyeon wrote: Since you didn't post dmesg output I'm not sure what kind of controller you have but I guess it would be NS8381[56]. I overhauled sis(4) to make it work on all architectures so one of change, probably r212119, could be cause of the issue. Due to lack of SiS controllers I didn't touch multicast handling part so some part of code still relies on old wrong behavior of driver. Would you try attached patch and let me know whether it makes any difference? Hmm, unfortunately it seems the patch above may not work since NS data sheet says that filter function should be disabled before touching other bits in the register. Try this one instead. As far as I can tell, both patches work for me. Your second patch is on my production firewalls now so if anthing comes up over the coming days I'll keep you informed. I've tested carp, both failover to backup and fallback (preemption) with IPv4 and with IPv6, all seems to work now. Thannks again for your patches, hope you can get them into 8.2. Regards, Paul Schenkeveld ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org