From boris@ntmk.ru  Thu Jun 16 04:54:15 2005
Return-Path: <boris@ntmk.ru>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C02FF16A41C
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 16 Jun 2005 04:54:15 +0000 (GMT)
	(envelope-from boris@ntmk.ru)
Received: from mail.ntmk.ru (mail.ntmk.ru [217.114.241.6])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6DDCD43D48
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 16 Jun 2005 04:54:14 +0000 (GMT)
	(envelope-from boris@ntmk.ru)
Received: from boris.nikom.ru ([10.1.16.195])
	by mail.ntmk.ru with esmtp (Exim 4.51)
	id 1DimOL-0003Oq-0s
	for FreeBSD-gnats-submit@freebsd.org; Thu, 16 Jun 2005 10:54:13 +0600
Received: from boris by boris.nikom.ru with local (Exim 4.51 (FreeBSD))
	id 1DimOK-000LYC-UN
	for FreeBSD-gnats-submit@freebsd.org; Thu, 16 Jun 2005 10:54:12 +0600
Message-Id: <E1DimOK-000LYC-UN@boris.nikom.ru>
Date: Thu, 16 Jun 2005 10:54:12 +0600
From: Boris Kovalenko <boris@ntmk.ru>
Sender: User Boris <boris@ntmk.ru>
Reply-To: Boris Kovalenko <boris@tagnet.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: PPP ip-pool regression due CARP implementation
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         82306
>Category:       bin
>Synopsis:       PPP ip-pool regression due CARP implementation
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    glebius
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 16 05:00:43 GMT 2005
>Closed-Date:    Mon Aug 29 09:00:02 GMT 2005
>Last-Modified:  Mon Aug 29 09:00:02 GMT 2005
>Originator:     Boris Kovalenko
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
JSC "TAGNet"
>Environment:
System: FreeBSD boris.nikom.ru 5.4-STABLE FreeBSD 5.4-STABLE #1: Wed May 11 09:37:01 YEKST 2005 root@boris.nikom.ru:/usr/obj/usr/src/sys/BSYS i386
>Description:
	I use FreeBSD as PPPoE dialin server. The configuration is very simple
pppoe:
    enable pap
    disable chap
    allow mode direct
    set mru 1492
    set mtu 1492
    set speed sync
    set ifaddr x.x.x.254 x.x.x.225-x.x.x.250 255.255.255.255
    set dns x.x.x.1
    enable dns
    accept dns
    set timeout 3600
    enable lqr echo
    set lqrperiod  15
    set echoperiod 15

    There was no problems with this configuration in 4.9 and 5.2.1 branches. But when I
    have upgraded to 5.4 - ppp began to assign duplicate ips to clients!!! So, clients
    are stop working. Gleb Smirnoff explained that problem is with CARP implementation 
    where some check for duplicating ips was removed from kernel. But this makes 
    /usr/sbin/ppp ip-pool feature useless, and even this is regression! 
    Now we can not use ppp without RADIUS (which should support of ip-pool feature itself).
													
>How-To-Repeat:
	Try to make ppp dialin server with 5.4 and connect many clients to it
>Fix:
	Really don't know how. But IMHO we should introduce some option like (disable carp)
	and implement duplicate ip checking in ppp code.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->glebius 
Responsible-Changed-By: glebius 
Responsible-Changed-When: Mon Jun 20 08:59:14 GMT 2005 
Responsible-Changed-Why:  
Take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=82306 

From: Gleb Smirnoff <glebius@FreeBSD.org>
To: Boris Kovalenko <boris@tagnet.ru>
Cc: mlaier@FreeBSD.org, FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: bin/82306: PPP ip-pool regression due CARP implementation
Date: Mon, 20 Jun 2005 13:32:20 +0400

 --SLDf9lqlvOQaIe6s
 Content-Type: text/plain; charset=koi8-r
 Content-Disposition: inline
 
   Boris,
 
 can you please try out this patch? You need to apply it, recompile
 kernel, reboot and set 
 
 net.inet.ip.same_prefix_carp_only=1
 
 -- 
 Totus tuus, Glebius.
 GLEBIUS-RIPN GLEB-RIPE
 
 --SLDf9lqlvOQaIe6s
 Content-Type: text/plain; charset=koi8-r
 Content-Disposition: attachment; filename="in.c.diff"
 
 Index: in.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/netinet/in.c,v
 retrieving revision 1.85
 diff -u -r1.85 in.c
 --- in.c	2 Jun 2005 00:04:08 -0000	1.85
 +++ in.c	20 Jun 2005 09:20:41 -0000
 @@ -67,6 +67,10 @@
  static int subnetsarelocal = 0;
  SYSCTL_INT(_net_inet_ip, OID_AUTO, subnets_are_local, CTLFLAG_RW,
  	&subnetsarelocal, 0, "Treat all subnets as directly connected");
 +static int sameprefixcarponly = 0;
 +SYSCTL_INT(_net_inet_ip, OID_AUTO, same_prefix_carp_only, CTLFLAG_RW,
 +	&sameprefixcarponly, 0, "Refuse to create same prefixes on different"
 +	" interfaces");
  
  struct in_multihead in_multihead; /* XXX BSS initialization */
  
 @@ -813,8 +817,12 @@
  
  		/*
  		 * If we got a matching prefix route inserted by other
 -		 * interface address, we are done here.
 +		 * interface address, we are done here. If we are
 +		 * configured to refuse such configuration, then refuse.
  		 */
 +		if (sameprefixcarponly && ia->ia_ifp->if_type != IFT_CARP)
 +			return EEXIST;
 +
  		if (ia->ia_flags & IFA_ROUTE)
  			return 0;
  	}
 
 --SLDf9lqlvOQaIe6s--

From: Boris Kovalenko <boris@tagnet.ru>
To: bug-followup@FreeBSD.org,  glebius@FreeBSD.org
Cc:  
Subject: Re: bin/82306: PPP ip-pool regression due CARP implementation
Date: Mon, 20 Jun 2005 17:55:57 +0600

 Hello!
 
 	Reporting quickly. This patch totaly breaks my vlan enviroment. I can't 
 not configure IP addresses on vlans - always getting "Already exist" 
 error. Of course when net.inet.ip.same_prefix_carp_only=0 the system 
 returns to old behavior.
 
 With respect,
 	Boris Kovalenko

From: Max Laier <max@love2party.net>
To: bug-followup@freebsd.org,
 boris@tagnet.ru
Cc:  
Subject: Re: bin/82306: PPP ip-pool regression due CARP implementation
Date: Tue, 16 Aug 2005 15:42:40 +0200

 --Boundary-00=_X1eADytOmCGuaiF
 Content-Type: text/plain;
   charset="us-ascii"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 How about this one instead?
 
 -- 
  Max
 
 --Boundary-00=_X1eADytOmCGuaiF
 Content-Type: text/x-diff;
   charset="us-ascii";
   name="in.c.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 	filename="in.c.diff"
 
 Index: in.c
 ===================================================================
 RCS file: /usr/store/mlaier/fcvs/src/sys/netinet/in.c,v
 retrieving revision 1.85
 diff -u -r1.85 in.c
 --- in.c	2 Jun 2005 00:04:08 -0000	1.85
 +++ in.c	16 Aug 2005 13:41:08 -0000
 @@ -67,6 +67,10 @@
  static int subnetsarelocal = 0;
  SYSCTL_INT(_net_inet_ip, OID_AUTO, subnets_are_local, CTLFLAG_RW,
  	&subnetsarelocal, 0, "Treat all subnets as directly connected");
 +static int sameprefixcarponly = 0;
 +SYSCTL_INT(_net_inet_ip, OID_AUTO, same_prefix_carp_only, CTLFLAG_RW,
 +	&sameprefixcarponly, 0,
 +	"Refuse to create same prefixes on different interfaces");
  
  struct in_multihead in_multihead; /* XXX BSS initialization */
  
 @@ -815,8 +819,15 @@
  		 * If we got a matching prefix route inserted by other
  		 * interface address, we are done here.
  		 */
 -		if (ia->ia_flags & IFA_ROUTE)
 -			return 0;
 +		if (ia->ia_flags & IFA_ROUTE) {
 +			if (sameprefixcarponly &&
 +			    target->ia_ifp->if_type != IFT_CARP &&
 +			    ia->ia_ifp->if_type != IFT_CARP)
 +				return (0);
 +			else
 +				return (EEXIST);
 +		} else
 +			continue;
  	}
  
  	/*
 
 --Boundary-00=_X1eADytOmCGuaiF--

From: Boris Kovalenko <boris@tagnet.ru>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/82306: PPP ip-pool regression due CARP implementation
Date: Wed, 17 Aug 2005 09:32:13 +0600

 Hello!
 
     The behavior has changed. Unfortunatelly I still can assign same ips 
 to the different interfaces but in routes table I see the first 
 installed route only. In other words - the patch did not help.
 
 With respect,
     Boris
 

From: Gleb Smirnoff <glebius@cell.sick.ru>
To: Boris Kovalenko <boris@tagnet.ru>
Cc: mlaier@FreeBSD.org, FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: bin/82306: PPP ip-pool regression due CARP implementation
Date: Wed, 17 Aug 2005 16:26:28 +0400

 --d01dLTUuW90fS44H
 Content-Type: text/plain; charset=koi8-r
 Content-Disposition: inline
 
 >     The behavior has changed. Unfortunatelly I still can assign same ips
 > to the different interfaces but in routes table I see the first
 > installed route only. In other words - the patch did not help.
 
 Max's idea is correct, but the patch is not - return values are confused
 one instead of the other. Try this patch.
 
 -- 
 Totus tuus, Glebius.
 GLEBIUS-RIPN GLEB-RIPE
 
 --d01dLTUuW90fS44H
 Content-Type: text/plain; charset=koi8-r
 Content-Disposition: attachment; filename="bin.82306.diff"
 
 Index: in.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/netinet/in.c,v
 retrieving revision 1.86
 diff -u -r1.86 in.c
 --- in.c	3 Aug 2005 19:29:46 -0000	1.86
 +++ in.c	17 Aug 2005 11:23:35 -0000
 @@ -67,6 +67,10 @@
  static int subnetsarelocal = 0;
  SYSCTL_INT(_net_inet_ip, OID_AUTO, subnets_are_local, CTLFLAG_RW,
  	&subnetsarelocal, 0, "Treat all subnets as directly connected");
 +static int sameprefixcarponly = 0;
 +SYSCTL_INT(_net_inet_ip, OID_AUTO, same_prefix_carp_only, CTLFLAG_RW,
 +	&sameprefixcarponly, 0,
 +	"Refuse to create same prefixes on different interfaces");
  
  /*
   * The IPv4 multicast list (in_multihead and associated structures) are
 @@ -824,8 +828,14 @@
  		 * If we got a matching prefix route inserted by other
  		 * interface address, we are done here.
  		 */
 -		if (ia->ia_flags & IFA_ROUTE)
 -			return 0;
 +		if (ia->ia_flags & IFA_ROUTE) {
 +			if (sameprefixcarponly &&
 +			    target->ia_ifp->if_type != IFT_CARP &&
 +			    ia->ia_ifp->if_type != IFT_CARP)
 +				return (EEXIST);
 +			else
 +				return (0);
 +		}
  	}
  
  	/*
 
 --d01dLTUuW90fS44H--

From: Boris Kovalenko <boris@tagnet.ru>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/82306: PPP ip-pool regression due CARP implementation
Date: Thu, 18 Aug 2005 08:35:06 +0600

 Hello!
 
     Yes, this patch is correct and do exactly what I need. Big thanks to 
 all!
 
 With respect,
     Boris
 
State-Changed-From-To: open->patched 
State-Changed-By: glebius 
State-Changed-When: Thu Aug 18 10:34:56 GMT 2005 
State-Changed-Why:  
Solved in CURRENT. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=82306 

From: "Daniel O'Connor" <doconnor@gsoft.com.au>
To: bug-followup@freebsd.org, boris@tagnet.ru
Cc:  
Subject: Re: bin/82306: PPP ip-pool regression due CARP implementation
Date: Fri, 26 Aug 2005 21:37:26 +0930

 Is there any reason this sysctl isn't set to net.inet.ip.same_prefix_carp_only 
 by default?
 It would appear to be a POLA violation otherwise.
State-Changed-From-To: patched->closed 
State-Changed-By: glebius 
State-Changed-When: Mon Aug 29 08:59:38 GMT 2005 
State-Changed-Why:  
Merged to STABLE branches. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=82306 
>Unformatted:
