NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
10_beta and bridged network with NPF
Hello,
This morning, after a power outage, one of my NAS was not mounted by
system. Kernel was built yesterday from officiel -10_beta source tree.
With a kernel I have built last week, all NAS ran fine.
Network configuration :
- w0 and w1 : 192.168.12.1/24. w0 is connected to first NAS
(192.168.12.2), w1 is connected to second one (192.168.12.3) ;
- w2 : WAN (188.231.xxx.yyy) ;
- w3 and w4 : lagg0 (LAN 192.168.10.128/24) ;
- re0 : connection to DMZ (192.168.1.1/24).
First constatation :
legendre# nmap 192.168.12.2
Starting Nmap 7.94 ( https://nmap.org ) at 2023-08-25 09:24 CEST
Note: Host seems down. If it is really up, but blocking our ping probes,
try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 1.58 seconds
and I obtain in messages:
(sd0 bn 11514444578; cn 5622287 tn 25 sn 2)
[ 6350.615844] sd0d: error writing fsbn 11514444633 of
11514444633-11514444696 (sd0 bn 11514444633; cn 5622287 tn 26 sn 25)
[ 6350.615844] sd0d: error writing fsbn 11514444697 of
11514444697-11514444705 (sd0 bn 11514444697; cn 5622287 tn 28 sn 25)
[ 6350.615844] sd0d: error writing fsbn 11514444706 of
11514444706-11514444728 (sd0 bn 11514444706; cn 5622287 tn 29 sn 2)
[ 6350.615844] sd0d: error writing fsbn 11514444729 (sd0 bn
11514444729; cn 5622287 tn 29 sn 25)
Please not that 192.168.12.2 answer to ping:
legendre# ping 192.168.12.2
PING euclide.systella.fr (192.168.12.2): 56 data bytes
64 bytes from 192.168.12.2: icmp_seq=0 ttl=64 time=0.157942 ms
64 bytes from 192.168.12.2: icmp_seq=1 ttl=64 time=0.180560 ms
^C
----euclide.systella.fr PING Statistics----
and that I can open https console or do an ssh to 192.168.12.2 even if
nmap returns anything.
Second NAS (192.168.12.3):
legendre# nmap 192.168.12.3
Starting Nmap 7.94 ( https://nmap.org ) at 2023-08-25 09:27 CEST
Nmap scan report for leibnitz.systella.fr (192.168.12.3)
Host is up (0.000091s latency).
Not shown: 996 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open ssh
443/tcp open https
3260/tcp open iscsi
8080/tcp open http-proxy
MAC Address: 24:5E:BE:14:44:57 (Qnap Systems)
Nmap done: 1 IP address (1 host up) scanned in 1.36 seconds
legendre#
Of course, iSCSI run fine.
If I swap wm0 and wm1, first NAS runs as expected, second one doesn't.
Ethernet configuration:
legendre# cat ifconfig.wm0
inet 192.168.12.1 netmask 255.255.255.0
ip4csum tcp4csum udp4csum tcp6csum udp6csum
mtu 9000
up
legendre# cat ifconfig.wm1
mtu 9000
ip4csum tcp4csum udp4csum tcp6csum udp6csum
up
legendre# cat ifconfig.bridge0
create
mtu 9000
#inet6 2001:7a8:a8ed:1::2 prefixlen 64 alias
!brconfig $int add wm0
!brconfig $int add wm1
!brconfig $int up
legendre# ifconfig
wm0:
flags=0x8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
mtu 9000
capabilities=0x7ff80<TSO4,IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx>
capabilities=0x7ff80<TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx,TCP6CSUM_Rx>
capabilities=0x7ff80<TCP6CSUM_Tx,UDP6CSUM_Rx,UDP6CSUM_Tx,TSO6>
enabled=0x3ff00<IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx>
enabled=0x3ff00<UDP4CSUM_Rx,UDP4CSUM_Tx,TCP6CSUM_Rx,TCP6CSUM_Tx>
enabled=0x3ff00<UDP6CSUM_Rx,UDP6CSUM_Tx>
ec_capabilities=0x17<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,EEE>
ec_enabled=0x3<VLAN_MTU,VLAN_HWTAGGING>
address: b4:96:91:92:77:6e
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet6 fe80::b696:91ff:fe92:776e%wm0/64 flags 0 scopeid 0x1
inet 192.168.12.1/24 broadcast 192.168.12.255 flags 0
wm1:
flags=0x8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
mtu 9000
capabilities=0x7ff80<TSO4,IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx>
capabilities=0x7ff80<TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx,TCP6CSUM_Rx>
capabilities=0x7ff80<TCP6CSUM_Tx,UDP6CSUM_Rx,UDP6CSUM_Tx,TSO6>
enabled=0x3ff00<IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx>
enabled=0x3ff00<UDP4CSUM_Rx,UDP4CSUM_Tx,TCP6CSUM_Rx,TCP6CSUM_Tx>
enabled=0x3ff00<UDP6CSUM_Rx,UDP6CSUM_Tx>
ec_capabilities=0x17<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,EEE>
ec_enabled=0x3<VLAN_MTU,VLAN_HWTAGGING>
address: b4:96:91:92:77:6f
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet6 fe80::b696:91ff:fe92:776f%wm1/64 flags 0 scopeid 0x2
bridge0: flags=0x41<UP,RUNNING> mtu 9000
capabilities=0x3ff00<IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx>
capabilities=0x3ff00<UDP4CSUM_Rx,UDP4CSUM_Tx,TCP6CSUM_Rx,TCP6CSUM_Tx>
capabilities=0x3ff00<UDP6CSUM_Rx,UDP6CSUM_Tx>
enabled=0x3ff00<IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx>
enabled=0x3ff00<UDP4CSUM_Rx,UDP4CSUM_Tx,TCP6CSUM_Rx,TCP6CSUM_Tx>
enabled=0x3ff00<UDP6CSUM_Rx,UDP6CSUM_Tx>
status: active
Ethernet adapter (dual Intel I350) seems to run as expected as I can
access to both NAS, but only one iscsi runs as expected.
I have checked modified files between a running kernel and faulty one :
P sys/arch/amd64/conf/GENERIC
P sys/arch/x86/pci/amdsmn.c
P sys/arch/x86/pci/amdzentemp.c
P sys/arch/x86/pci/pci_machdep.c
P sys/dev/vnd.c
P sys/dev/pci/ahcisata_pci.c
P sys/dev/pci/ichsmb.c
P sys/dev/pci/ismt.c
P sys/dev/pci/pcidevs
P sys/dev/pci/pcidevs.h
P sys/dev/pci/pcidevs_data.h
P sys/dev/pci/sdhc_pci.c
P sys/external/bsd/drm2/dist/include/drm/drm_pciids.h
P sys/modules/Makefile
P sys/net/npf/npf_ruleset.c
P sys/net/npf/npf_tableset.c
Nothing is direclty related to bridge, but npf support was patched. NPF
is configured and active on this server :
$lan_if = "lagg0"
$wan_if = "wm2"
$bacula_if = "wm0"
$video_if = "wm1"
#$wan_if = "ppp0"
$ext_v4 = inet4($wan_if)
$dmz_if = "re0"
set bpf.jit on;
alg "icmp"
...
group "bacula" on $bacula_if {
pass final all
}
group "video" on $video_if {
pass final all
}
group default {
pass final on lo0 all
block all
}
If I replace group default by:
group default {
pass final on lo0 all
pass all
}
both NAS run fine:
legendre# smartctl -a -d scsi /dev/rsd0d
smartctl 7.3 2022-02-28 r5338 [NetBSD 10.0_BETA amd64] (local build)
Copyright (C) 2002-22, Bruce Allen, Christian Franke, www.smartmontools.org
=== START OF INFORMATION SECTION ===
Vendor: QNAP
Product: iSCSI Storage
Revision: 4.0
Compliance: SPC-3
User Capacity: 11,790,624,751,616 bytes [11.7 TB]
Logical block size: 512 bytes
LU is fully provisioned
Logical Unit id: 0x6e843b646b168c9da55fd4257da884d2
Serial number: 46b168c9-a55f-4257-a884-2a8f2ccba65c
Device type: disk
Transport protocol: iSCSI
Local Time is: Fri Aug 25 09:49:42 2023 CEST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
Temperature Warning: Disabled or Not Supported
=== START OF READ SMART DATA SECTION ===
SMART Health Status: OK
Current Drive Temperature: 0 C
Drive Trip Temperature: 0 C
Error Counter logging not supported
[GLTSD (Global Logging Target Save Disable) set. Enable Save with '-S on']
Device does not support Self Test logging
legendre# smartctl -a -d scsi /dev/rsd1d
smartctl 7.3 2022-02-28 r5338 [NetBSD 10.0_BETA amd64] (local build)
Copyright (C) 2002-22, Bruce Allen, Christian Franke, www.smartmontools.org
=== START OF INFORMATION SECTION ===
Vendor: QNAP
Product: iSCSI Storage
Revision: 4.0
Compliance: SPC-3
User Capacity: 11,798,543,597,568 bytes [11.7 TB]
Logical block size: 512 bytes
LU is fully provisioned
Logical Unit id: 0x6e843b63eced39fd0e2cd401ed92dfd5
Serial number: 3eced39f-0e2c-401e-92df-5e05394a420f
Device type: disk
Transport protocol: iSCSI
Local Time is: Fri Aug 25 09:49:44 2023 CEST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
Temperature Warning: Disabled or Not Supported
=== START OF READ SMART DATA SECTION ===
SMART Health Status: OK
Current Drive Temperature: 0 C
Drive Trip Temperature: 0 C
Error Counter logging not supported
[GLTSD (Global Logging Target Save Disable) set. Enable Save with '-S on']
Device does not support Self Test logging
legendre#
I suspect a mistake in npf kernel support introduced by last patches.
Best regards,
JKB
Home |
Main Index |
Thread Index |
Old Index