| [chrony-dev] chrony 3.4+ on multihomed machines forces wrong interface |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
- To: chrony-dev@xxxxxxxxxxxxxxxxxxxx
- Subject: [chrony-dev] chrony 3.4+ on multihomed machines forces wrong interface
- From: Arkadiusz Miśkiewicz <arekm@xxxxxxxx>
- Date: Tue, 28 Apr 2020 11:45:14 +0200
- Autocrypt: addr=arekm@xxxxxxxx; keydata= xsDiBDeGM8wRBACW2q58aSCXXgb1PSVOGSFAiQkh0J8mZO+eSawdkogv/J0W8fNWhtNuEYob czQUMZBe7GRD9KkeDROQx34agK7qWAhs3U5U1sPlczrxbwrsD0DbfKzCflEVxWL3QNy9IWZU ydHaoDSELvj55kIim+sVo1A2JeO1gZXDqYHOuZdTRwCg2u70NYS27Vks8MFroCHht6oeSo0D /02tBomjVzEluOQjGVG+Rg43y8vaMET8mHdc/aF4YMAv8VOgPQM6ztq68l2ze2t9Cx2g6klR laAFtECw8XtNlsZ3PH0ORfjqnNJ0gmMqUAcBVuZiTKh1E6J9aQVgf1ea6LPtu+YSKvLYTuYe YhQzVOsisYwT0eEMXfU5ywN8AQRnBACI7athvJ5mCyb10S/LoWguM7qIc2GxiDbKO+LCDIYr kIBDn6ElQUgBnBUeHoyMNWBQjR1JLY54gTj7SiOREAEmhS25edDuRmSjQQmWVFoMPzzfenHE CE36uBKVKG+PJitWfxNApSiaAWcKfOEiqfU8GQvMzflin/VB5MVJI4+SNs0lQXJrYWRpdXN6 IE1pc2tpZXdpY3ogPGFyZWttQG1hdmVuLnBsPsJgBBMRAgAgBQJHDIO6AhsDBgsJCAcDAgQV AggDBBYCAwECHgECF4AACgkQDKKLJD2xm71zowCgritIRHeLNGhqaEuOhfOXbpRGwLMAn2Se yUO91zgcK9Cr+bD4hYAL6OjyzsNNBEcMn/EQEAClMXJwoqfmUGD4uxv81dbgpIYbArGCsEfZ 7guiFI35HPcKNohtfttwywulHmM9i04yUAylBLuAq8HN08zJ2s4SP86MCrofs6YdLh2jM1qP R8cgKqV2JGmJ10C+Ez5PHsOaZQk4lXJFsVnYgexFANpylDYSpIXyx3nacHTfhJXLwP6djtV5 WJ2JoT8N6WBH6ISYVlp33c8E3j538xuqR4OisJhoXOgjWz/gJTu6igIdE8S7NntFR+9uH5ZI drtHsQ9K9E62Vv6XWdizu4+/sXeE46OfUjz6vqxn2Qk3LfnyYJd9F4ZDz9pUVMQ4BQCzp1I8 wKHUaKyPLNkm9MQTOSqwZwL0dZFL7giMDS0I7muaJ1XcOfw1Nb6E9ULSLR9KGDgAa8eHop5w mUKa09l4UwykeuR9ozI9FnCkrdZGaFZ/FRKOIEu9/bdwL8JYHwSD/2TbSky+cKIBcVrzynU1 BjAJ5TeKqY1dGtroVtzDjtq3iumql4GUr2gz341CgGykwiM7/0veXohESrpDjna66oZs8A0b zUwMEAiBpf8rJQO3VokKhK6juIkyETubLItnKwUWJ2PDROux1q+G4klSAXjKDOnWixliK17C lWCpIKUsgFF1JvkTheJN0UXD6VQPwXNZusLFj3ff06UmVbVsDf88tzHaTX9++dqTK0u7FKKR DwADBQ/7BeAibYcDHoPNQjQvhyeQ4+AFWlOBkGxGvU5JSaxvC3oYDhnsFiaCI/5EKQvwd5tJ KdhI33OqpbKpS/sXRfccsibpmYAU9JHrHRRFRpnI11W7cPE73ZRVe0IiI8RkEgshgrkVcShx 8l23GPc0UGULg5LcJzQHCwrUEG84aW4NuGsdQBCtg9U3dI8rBdOdrrU4jOXwDLfpwV4tv7bV ptlGIXaxnZljVNHSVgXXAOoBsuh5z+eG1VsPiWmIE/SO3+6vB0aUMoZVm457ZgW60Ar0ronb QItPWxObpn/V+yVYqGKAlli1kZoA5L9VBEw4hGHP0Wiz8gGjqjQhd6l+DQ2XIOfs0mSFNUl+ rSgYOxnOxHunTUIGOj4N4MdODuJKo+IhcsdgGl9Z0fS7uS6uES4k6ERw5mUOLdFKEwLfAIgr oi6Fqrhac7NSKJQgLdt40BkVJlbU+Tk/muWQMbTTeT+wbYnKscy5O2ErHAA308thjsth4AH9 3W72+L7vGJuAEcyG2d+s8pV6y2qVD6NIa7vCAMmcfqmF/Q1bzuhnUqt021agMfq4FihrKRfS z99SsNIFV8L209GMiWxeaQ6tWsA5nq1iizjmevpAsuM6V1Taxz4XNXd+uDkoS1gvUf7Nns2b 4bmT4a/mWWx1HgBp8L2T+0FJcnSZz9slWL1LjAt3DJPCSQQYEQIACQUCRwyf8QIbDAAKCRAM ooskPbGbveW8AKCg16mRAW7pWxVNifB32ebrtfrbOwCcCN1QEiO9ipQVIGQPN0UJdZvzvzQ=
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=maven.pl; s=maven; h=to:from:autocrypt:subject:message-id:date:user-agent:mime-version :content-language:content-transfer-encoding; bh=zyrAtxsGninBEaDY35oH+FT6yHL3efsMe2qXMMlhjaQ=; b=kNW2fyRuj23XMnLf8Ibq+9pAZ4iim+goalQ6fCOGC+AJVt5/Nol7hOshhZF1wzYr/Y CvhhoY4CW9PvdNicPnF/zgoa7Ybp8virJF1KhtzBC0QwsdgQtMIqcQ4m1Le2IdlIRIli v7BwNUMGwIYRCRcKLDjXndyBVPc24hpQeLiT0=
Hello.
I'm using chrony on a Linux router which has multiple addresses, BGP and
thus such scenario happens:
- packet comes in from IP address A via eth1.25 interface to B ipaddress
where chronyd listens
- chronyd wants to respond and forces eth1.25 interface
- BUT route to IP A network in kernel routing table is via eth1.15
interface (preferred route set by BGP daemon).
End result is that sendmsg() is called with A IP (which is ok) and
eth1.25 interface (which should work IMO but kernel doesn't send out the
packet).
sendmsg(5, {msg_name={sa_family=AF_INET, sin_port=htons(45794),
sin_addr=inet_addr("... A ...")}, msg_namelen=16,
msg_iov=[{iov_base="$\3\4\355\0\0\4\253\0\0\3\210[\324\362\25\342Rv\267\td\t\373\342Rv\311\n\304`\356\342Rv\311\f\3054,\342Rv\311\r\0306z",
iov_len=48}], msg_iovlen=1, msg_control=[{cmsg_len=24,
cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO,
cmsg_data={ipi_ifindex=if_nametoindex("eth1.25"),
ipi_spec_dst=inet_addr("one_of_my_local_ips"),
ipi_addr=inet_addr("0.0.0.0")}}], msg_controllen=24, msg_flags=0}, 0) = 48
According to tcpdump kernel 5.4.35 doesn't send such UDP packet via any
interface. My guess is that kernel sees that route to A network is via
eth1.15 and thus discard such eth1.25 request somehow.
If I force eth1.15 interface:
ipi->ipi_ifindex = if_nametoindex("eth1.15");
(instead of current ipi->ipi_ifindex = local_addr->if_index;)
then replies go out correctly and tcpdump sees these.
Now why kernel discards such sendmsg() without immediate error - no idea.
Bisecting shows commit below but commit log doesn't explain what's the
case when wrong interface being used (despite correct src address being
selected).
5fc7674e366fa1bfda162bdaba57243cff0a55a7 is the first bad commit
commit 5fc7674e366fa1bfda162bdaba57243cff0a55a7
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed Aug 29 10:56:14 2018 +0200
ntp: set interface index in IP*_PKTINFO when responding
When a server with multiple interfaces in the same network is sending a
response, setting the ipi_spec_dst/ipi6_addr field of the IP*_PKTINFO
control message selects the source address, but not necessarily the
interface. The packet has the expected source address, but it may be
sent by an interface that doesn't have the address.
Set the ipi_ifindex/ipi6_ifindex field to respond on the same interface
as the request was received from to avoid asymmetries in delay and
timestamping.
ntp_io.c | 4 ++++
1 file changed, 4 insertions(+)
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.