GitList

Browse code

Workaround FreeBSD 12+ race condition on tun/tap open with IPv6.

On FreeBSD 12 (tested and verified on 12.1-RELEASE-p2), after "ifconfig
inet6" for a tun/tap interface, there sometimes is a race condition
where the "IFDISABLED" flag shows up after a short time frame, under
a second, and never clears itself. This disables use of the configured
IPv6 address on the interface, breaking IPv6 over tun/tap operation.

This only happens if ipv6_activate_all_interfaces="YES" is not
set in /etc/rc.conf - but there might be reasons why this is not so.

As a workaround until this can be fixed on the FreeBSD side (or a
better workaround is found), sleep(1) after ifconfig, then call
"ifconfig $dev inet6 -ifdisable".

Yes, this is massively ugly but makes the problem completely go
away for my test systems.

(The same effect can be achieved with an --up script that does this,
but it's even less pretty - see trac ticket)

FreeBSD: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248172

v2: reword text, refer to FreeBSD bug with much more details

Trac: 1226
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20200723121949.78223-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20553.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 5e19cc2c1bf22d44f10dc585ba69d48951dc7a86)

Gert Doering authored on 2020/07/23 21:19:49
Showing 1 changed files

src/openvpn/tun.c

History View file @ 6dac334

@@ -1038,6 +1038,29 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, int tun_mtu,
                          openvpn_execve_check(&argv, es, S_FATAL,
                                               "generic BSD ifconfig inet6 failed");
                     +#if defined(TARGET_FREEBSD) && __FreeBSD_version >= 1200000
                     +    /* On FreeBSD 12 and up, there is ipv6_activate_all_interfaces="YES"
                     +     * in rc.conf, which is not set by default.  If it is *not* set,
                     +     * "all new interfaces that are not already up" are configured by
                     +     * devd + /etc/pccard_ether as "inet6 ifdisabled".
                     +     *
                     +     * The "is this interface already up?" test is a non-zero time window
                     +     * which we manage to hit with our ifconfig often enough to cause
                     +     * frequent fails in the openvpn test environment.
                     +     *
                     +     * Thus: assume that the system might interfere, wait for things to
                     +     * settle (it's a very short time window), and remove -ifdisable again.
                     +     *
                     +     * See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248172
                     +     */
                     +    sleep(1);
                     +    argv_printf(&argv, "%s %s inet6 -ifdisabled", IFCONFIG_PATH, ifname);
                     +    argv_msg(M_INFO, &argv);
+                    +
                     +    openvpn_execve_check(&argv, es, S_FATAL,
                     +                         "FreeBSD BSD 'ifconfig inet6 -ifdisabled' failed");
                     +#endif
+                    +
                      #if defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) \
                          || defined(TARGET_DARWIN)
                          /* and, hooray, we explicitly need to add a route... */