Saturday, March 28, 2020

Re: update request: net/mlvpn

On Sat, Mar 28, 2020 at 06:49:09PM +0100, Solene Rapenne wrote:
> On Sat, Mar 28, 2020 at 12:44:07PM +0100, Solene Rapenne wrote:
> > On Thu, Feb 20, 2020 at 11:48:01PM +0100, Laurent Coustet wrote:
> > > Hi ports@
> > >
> > > I've fixed the last version of net/mlvpn in order to support
> > > OpenBSD 6.6+.
> > >
> > > No major changes, just random fixes and version bump.
> > >
> > > Changes:
> > >
> > > - Send keepalives every 1s, detect timeouts at 2s (@stapelberg)
> > > - Fix calculation of loss ration with sequence of tunnel (@flohoff)
> > > - Fix compiler warning (switch fall through)
> > > - Fix: ERRMSGSIZ should be greather than PATHMAX
> > > - Fix: OpenBSD: fix bad usage of TUNSIFINFO: missing type
> > > - FIX: BSD: tun device name fix. (allow tun10+ to be used)
> > >
> > > --
> > > Laurent Coustet
> >
> > thank you for your update :)
> >
> > on -current I still can't run it (didn't try on 6.6 as a client). with
> > ktrace I found it was producing a .core file in /var/crash which may
> > help finding what the issue is.
> >
> > here is my client config
> >
> > [general]
> > statuscommand = "/etc/mlvpn/mlvpn_updown.sh"
> > loglevel = 5
> > mode = "client"
> > mtu = 1442
> > tuntap = "tun"
> > interface_name = "tun0"
> > timeout = 30
> >
> > password = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
> > cleartext_data = 0
> >
> > [iwm0]
> > bindhost = "0.0.0.0"
> > remotehost = "XXXXXXXXXXXXXXX"
> > remoteport = 5081
> > bindfib = 1
> >
> > [em0]
> > bindhost = "192.168.1.9"
> > remotehost = "XXXXXXXXXXXXXXX"
> > remoteport = 5080
> > bindfib = 0
> >
> > When I run it
> >
> > solene# mlvpn -c mlvpn.conf --debug -vvvvv -u _mlvpn
> > 2020-03-28T12:41:24 [ DBG] absolute maximum mtu: 1444
> > 2020-03-28T12:41:24 [INFO/config] new password set
> > 2020-03-28T12:41:24 [INFO/config] em0 tunnel added
> > 2020-03-28T12:41:24 [INFO] created interface `tun0'
> > 2020-03-28T12:41:24 [INFO] em0 bind to 192.168.1.9
> > solene#
> >
> >
> > In kdump output
> >
> > 18793 mlvpn GIO fd 2 wrote 62 bytes
> > "2020-03-28T12:34:22 \^[[1;34m[INFO]\^[[0m em0 bind to 192.168.1.9
> > "
> > 18793 mlvpn RET write 62/0x3e
> > 18793 mlvpn PSIG SIGSEGV SIG_DFL code SEGV_MAPERR<1> addr=0x161473675b trapno=6
> > 18793 mlvpn NAMI "/var/crash/mlvpn.core"
> > 26746 mlvpn RET read 0
> > 26746 mlvpn CALL close(3)
> > 26746 mlvpn RET close 0
> > 26746 mlvpn CALL kbind(0x7f7ffffd6158,24,0x5f32ced114736743)
> > 26746 mlvpn RET kbind 0
> > 26746 mlvpn CALL exit(1)
> >
> >
> > in egdb
> >
> > solene# egdb mlvpn /var/crash/mlvpn.core
> > GNU gdb (GDB) 7.12.1
> > Copyright (C) 2017 Free Software Foundation, Inc.
> > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> > This is free software: you are free to change and redistribute it.
> > There is NO WARRANTY, to the extent permitted by law. Type "show copying"
> > and "show warranty" for details.
> > This GDB was configured as "x86_64-unknown-openbsd6.6".
> > Type "show configuration" for configuration details.
> > For bug reporting instructions, please see:
> > <http://www.gnu.org/software/gdb/bugs/>.
> > Find the GDB manual and other documentation resources online at:
> > <http://www.gnu.org/software/gdb/documentation/>.
> > For help, type "help".
> > Type "apropos word" to search for commands related to "word"...
> > Reading symbols from mlvpn...(no debugging symbols found)...done.
> > [New process 365785]
> > Core was generated by `mlvpn'.
> > Program terminated with signal SIGSEGV, Segmentation fault.
> > #0 0x000015e641410250 in ?? ()
> > (gdb) bt
> > #0 0x000015e641410250 in ?? ()
> > #1 0x000015e64140e655 in ?? ()
> > #2 0x000015e92822b10f in ev_invoke_pending (loop=0x15e928234350 <default_loop_struct>) at ev.c:3372
> > #3 0x000015e92822c004 in ev_run (loop=0x15e928234350 <default_loop_struct>, flags=<optimized out>) at ev.c:3775
> > #4 0x000015e64140f52b in ?? ()
> > #5 0x000015e64140613b in ?? ()
> > #6 0x0000000000000000 in ?? ()
> >
> >
> > I installed debug-mlvpn and devel-libev but the egdb output is still ??, I'm
> > stuck here, I don't understand how to get informations from egdb :/
> >
>
> I've made some progress. Building mlvpn without pledge feature stopped
> triggering a pledge error.
>
> And not defining bindhost for an interface on the client will default to
> "any" in the code and then the client can connect to server and exchange
> some data
>
> 2020-03-28T18:46:05 [INFO/protocol] dsl1 new connection -> XXXXXXXXXXXXXX:15559
> 2020-03-28T18:46:05 [ DBG/net] < dsl1 recv 46 bytes (type=0, seq=0, reorder=1)
> 2020-03-28T18:46:05 [ DBG/protocol] dsl1 sending 'OK'
> 2020-03-28T18:46:05 [INFO/protocol] dsl1 authenticated
> 2020-03-28T18:46:05 [ DBG/net] > dsl1 sent 46 bytes (size=2, type=1, seq=0, reorder=1)
> 2020-03-28T18:46:05 [INFO/protocol] 4g new connection -> XXXXXXXXXXXXX:9963
> 2020-03-28T18:46:05 [ DBG/net] < 4g recv 46 bytes (type=0, seq=0, reorder=1)
> 2020-03-28T18:46:05 [ DBG/protocol] 4g sending 'OK'
> 2020-03-28T18:46:05 [INFO/protocol] 4g authenticated
> 2020-03-28T18:46:05 [ DBG/net] > 4g sent 46 bytes (size=2, type=1, seq=0, reorder=1)
> 2020-03-28T18:46:06 [ DBG/reorder] adjusting reordering drain timeout to 180ms
> 2020-03-28T18:46:07 [ DBG/net] < dsl1 recv 44 bytes (type=2, seq=0, reorder=1)
> 2020-03-28T18:46:07 [ DBG/protocol] dsl1 keepalive received
> 2020-03-28T18:46:07 [ DBG/protocol] dsl1 sending keepalive
> 2020-03-28T18:46:07 [ DBG/net] < 4g recv 44 bytes (type=2, seq=0, reorder=1)
> 2020-03-28T18:46:07 [ DBG/protocol] 4g keepalive received
> 2020-03-28T18:46:07 [ DBG/protocol] 4g sending keepalive
> 2020-03-28T18:46:07 [ DBG/reorder] adjusting reordering drain timeout to 180ms
> 2020-03-28T18:46:07 [ DBG/net] > 4g sent 44 bytes (size=0, type=2, seq=0, reorder=1)
> 2020-03-28T18:46:07 [ DBG/net] > dsl1 sent 44 bytes (size=0, type=2, seq=0, reorder=1)
> 2020-03-28T18:46:08 [ DBG/rtt] dsl1 36ms srtt 34ms loss ratio: 0 seqvect: ffffffffffffffff
> 2020-03-28T18:46:08 [ DBG/net] < dsl1 recv 44 bytes (type=2, seq=0, reorder=1)
> 2020-03-28T18:46:08 [ DBG/protocol] dsl1 keepalive received
> 2020-03-28T18:46:08 [ DBG/protocol] dsl1 sending keepalive
> 2020-03-28T18:46:08 [ DBG/rtt] 4g 81ms srtt 71ms loss ratio: 0 seqvect: ffffffffffffffff
> 2020-03-28T18:46:08 [ DBG/net] < 4g recv 44 bytes (type=2, seq=0, reorder=1)
> 2020-03-28T18:46:08 [ DBG/protocol] 4g keepalive received
> 2020-03-28T18:46:08 [ DBG/protocol] 4g sending keepalive
> 2020-03-28T18:46:08 [ DBG/reorder] adjusting reordering drain timeout to 200ms
> 2020-03-28T18:46:08 [ DBG/net] > 4g sent 44 bytes (size=0, type=2, seq=0, reorder=1)
> 2020-03-28T18:46:08 [ DBG/net] > dsl1 sent 44 bytes (size=0, type=2, seq=0, reorder=1)
> 2020-03-28T18:46:09 [ DBG/rtt] dsl1 38ms srtt 35ms loss ratio: 0 seqvect: ffffffffffffffff
> 2020-03-28T18:46:09 [ DBG/net] < dsl1 recv 44 bytes (type=2, seq=0, reorder=1)
> 2020-03-28T18:46:09 [ DBG/protocol] dsl1 keepalive received
> 2020-03-28T18:46:09 [ DBG/rtt] 4g 81ms srtt 72ms loss ratio: 0 seqvect: ffffffffffffffff
> 2020-03-28T18:46:09 [ DBG/net] < 4g recv 44 bytes (type=2, seq=0, reorder=1)
> 2020-03-28T18:46:09 [ DBG/protocol] 4g keepalive received
> 2020-03-28T18:46:09 [ DBG/reorder] adjusting reordering drain timeout to 212ms
> 2020-03-28T18:46:09 [ DBG/protocol] dsl1 sending keepalive
> 2020-03-28T18:46:09 [ DBG/protocol] 4g sending keepalive
> 2020-03-28T18:46:09 [ DBG/net] > 4g sent 44 bytes (size=0, type=2, seq=0, reorder=1)
> 2020-03-28T18:46:09 [ DBG/net] > dsl1 sent 44 bytes (size=0, type=2, seq=0, reorder=1)
>
>
> then the tun0 interface on both client and server doesn't have any ip, the
> mlvpn_updown.sh script only receive rtun_up and never a tuntap_up which should
> assign IP addresses and I can't find why at the moment.
>

I found a few issues that I'll report upstream, I got mlvpn to work! \o/

I faced a few issues, from documentation issue to code issue. With the
correct configuration file and the attached patch removing a pledge call
mlvpn works.

There are 2 pledge calls and I can't find why the one commented out in
the patch including "inet" produces this crash in dmesg, any clue? :)

mlvpn[77514]: pledge "inet", syscall 105


Removing this pledge call isn't ideal but allow mlvpn to work until it's
fixed, especially if 6.7 get released before.


Index: Makefile
===================================================================
RCS file: /data/cvs/ports/net/mlvpn/Makefile,v
retrieving revision 1.9
diff -u -p -r1.9 Makefile
--- Makefile 21 Feb 2020 16:51:52 -0000 1.9
+++ Makefile 28 Mar 2020 19:24:06 -0000
@@ -4,6 +4,7 @@ COMMENT = link-aggregation VPN software

V = 2.3.4
DISTNAME = mlvpn-$V
+REVISION = 0

CATEGORIES = net

Index: patches/patch-src_privsep_c
===================================================================
RCS file: patches/patch-src_privsep_c
diff -N patches/patch-src_privsep_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_privsep_c 28 Mar 2020 19:00:33 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+
+Index: src/privsep.c
+--- src/privsep.c.orig
++++ src/privsep.c
+@@ -190,9 +190,9 @@ priv_init(char *argv[], char *username)
+ close(socks[0]);
+ priv_fd = socks[1];
+ #ifdef HAVE_PLEDGE
+- if (pledge("stdio inet unix recvfd", NULL) != 0) {
++ /*if (pledge("stdio inet unix recvfd", NULL) != 0) {
+ err(1, "pledge");
+- }
++ }*/
+

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)