From owner-freebsd-net@FreeBSD.ORG Fri Jan 15 00:22:35 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ABCB6106568B for ; Fri, 15 Jan 2010 00:22:35 +0000 (UTC) (envelope-from julian@elischer.org) Received: from utility-0.aerioconnect.net (utility-0.aerioconnect.net [216.240.32.11]) by mx1.freebsd.org (Postfix) with ESMTP id 91EB68FC12 for ; Fri, 15 Jan 2010 00:22:35 +0000 (UTC) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by utility-0.aerioconnect.net (8.13.1/8.13.1) with ESMTP id o0F0MXDO027021; Thu, 14 Jan 2010 16:22:33 -0800 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id DD4192D6010; Thu, 14 Jan 2010 16:22:32 -0800 (PST) Message-ID: <4B4FB547.8000202@elischer.org> Date: Thu, 14 Jan 2010 16:22:31 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Erik Klavon References: <20100114224635.GA27139@malcolm.berkeley.edu> In-Reply-To: <20100114224635.GA27139@malcolm.berkeley.edu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: netgraph mkpeer and connect failures with ng_ipfw and ng_nat X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jan 2010 00:22:35 -0000 Erik Klavon wrote: > > Here are the hooks for one ng_nat(4) node of interest. At the time I > obtained this information, this node was working correctly. Everything > in this output looks correct. > > sudo ngctl show ipfw:202182138 > Name: WirelessNAT2182138 Type: nat ID: 000062ee Num hooks: 2 > Local hook Peer name Peer type Peer ID Peer hook > ---------- --------- --------- ------- --------- > in ipfw ipfw 00005a83 102182138 > out ipfw ipfw 00005a83 202182138 > > sudo ngctl msg ipfw:102182138 listredirects > Rec'd response "listredirects" (10) from "[62ee]:": > Args: { total_count=1 redirects=[ { id=1 local_addr=10.10.118.43 alias_addr=136.152.182.138 proto=259 description="Static NAT" } ] } > > Running show on ipfw:102174202, I see that this hook is pointing to > the above ng_nat(4) node WirelessNAT2182138. can you show that output? > > sudo ngctl show ipfw:102174202 > Name: WirelessNAT2182138 Type: nat ID: 000062ee Num hooks: 2 > Local hook Peer name Peer type Peer ID Peer hook > ---------- --------- --------- ------- --------- > in ipfw ipfw 00005a83 102182138 > out ipfw ipfw 00005a83 202182138 > > But WirelessNAT2182138 has no record of a hook102174202. Somehow, two > hooks used to refer to what should be two different NAT sessions are > pointing to the same ng_nat(4) object (i.e. one session). If I run > shutdown on ipfw:102174202, WirelessNAT2182138 goes away. Given the > above calls to ngctl(8), I don't know what is causing these two separate > hooks to refer to the same ng_nat(4) object. you might name the ipfw nodes to make the output clearer. I have not looked at the ipfw node type much but it is possible that is suffers from races. Especially in the face of ipfw rule changes. have you tried adding small delays (sleep 0.5) betwenn the calls by the way?