Port-xen archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ssh client_loop send disconnnect from Dom0 -> DomU (NetBSD 10.0_BETA/Xen)



Hi,

On 26.06.23 10:41, RVP wrote:
On Sun, 25 Jun 2023, Matthias Petermann wrote:

Somewhere between 2) and 3) there should be the answer to the question.

```
08:52:07.595831 ARP, Request who-has vhost2.lan tell srv-net.lan, length 28
08:52:07.595904 ARP, Reply vhost2.lan is-at 88:ae:dd:02:a4:03 (oui Unknown), length 28 08:52:07.595919 ARP, Reply vhost2.lan is-at 88:ae:dd:02:a4:03 (oui Unknown), length 28 08:52:07.595921 ARP, Reply vhost2.lan is-at 88:ae:dd:02:a4:03 (oui Unknown), length 28 08:52:07.595921 ARP, Reply vhost2.lan is-at 88:ae:dd:02:a4:03 (oui Unknown), length 28 08:52:07.595926 ARP, Reply vhost2.lan is-at 88:ae:dd:02:a4:03 (oui Unknown), length 28
[...]
08:52:07.627118 IP srv-net.lan.ssh > vhost2.lan.54243: Flags [R], seq 3177171235, win 0, length 0
```

Well, this doesn't look like an ARP timeout issue. The DomU does the ARP-query and gets back an answer from the Dom0 right away. In fact the Dom0 sends multiple replies to the query (I don't know what that means nor if it's relevant to your issue...); then sshd on the DomU gets a EHOSTDOWN and exits, and the kernel sends
a reset TCP packet in response to more data coming to that socket.


Could it still be an ARP related issue? I did a simplified version of the test this morning:

```
ssh user@srv-net /bin/dd if=/dev/zero > test.img
```

while running tcpdump in the DomU. Exactly at the time where I got the "Connection to srv-net closed by remote host." on the client side, tcpdump shows a pattern very similiar to the tcpdump from yesterday:

```
14:02:39.132635 IP srv-net.lan.ssh > vhost2.lan.56867: Flags [P.], seq 1107922413:1107922961, ack 2414700, win 4197, options [nop,nop,TS val 7788 ecr 7786],
 length 548
14:02:39.132678 IP vhost2.lan.56867 > srv-net.lan.ssh: Flags [.], ack 1107922961, win 24609, options [nop,nop,TS val 7786 ecr 7788], length 0 14:02:39.132758 IP srv-net.lan.ssh > vhost2.lan.56867: Flags [P.], seq 1107922961:1107923509, ack 2414700, win 4197, options [nop,nop,TS val 7788 ecr 7786],
 length 548
14:02:39.132823 ARP, Request who-has vhost2.lan tell srv-net.lan, length 28
14:02:39.133234 ARP, Reply vhost2.lan is-at 88:ae:dd:02:a4:03 (oui Unknown), length 28 14:02:39.133237 ARP, Reply vhost2.lan is-at 88:ae:dd:02:a4:03 (oui Unknown), length 28 14:02:39.133238 ARP, Reply vhost2.lan is-at 88:ae:dd:02:a4:03 (oui Unknown), length 28 14:02:39.133239 ARP, Reply vhost2.lan is-at 88:ae:dd:02:a4:03 (oui Unknown), length 28 14:02:39.133240 ARP, Reply vhost2.lan is-at 88:ae:dd:02:a4:03 (oui Unknown), length 28 14:02:39.133241 ARP, Reply vhost2.lan is-at 88:ae:dd:02:a4:03 (oui Unknown), length 28 14:02:39.133251 IP srv-net.lan.ssh > vhost2.lan.56867: Flags [P.], seq 1107923509:1107924057, ack 2414700, win 4197, options [nop,nop,TS val 7788 ecr 7786],
 length 548
14:02:39.133289 IP vhost2.lan.56867 > srv-net.lan.ssh: Flags [.], ack 1107924057, win 24609, options [nop,nop,TS val 7786 ecr 7788], length 0 14:02:39.137375 IP srv-net.lan.ssh > vhost2.lan.56867: Flags [F.], seq 1107924057, ack 2414700, win 4197, options [nop,nop,TS val 7788 ecr 7786], length 0 14:02:39.137437 IP vhost2.lan.56867 > srv-net.lan.ssh: Flags [.], ack 1107924058, win 24677, options [nop,nop,TS val 7786 ecr 7788], length 0 14:02:39.137568 IP vhost2.lan.56867 > srv-net.lan.ssh: Flags [P.], seq 2414700:2414760, ack 1107924058, win 24677, options [nop,nop,TS val 7786 ecr 7788], l
ength 60
14:02:39.137588 IP srv-net.lan.ssh > vhost2.lan.56867: Flags [R], seq 645276183, win 0, length 0
```

> I may have to replicate your setup to dig into this. Maybe this weekend.
> Send
> instructions on how to set-up Xen. In the meantime, can you:
>
> 1. post the output of `ifconfig' on all your DomUs

```
❯ for i in srv-net srv-iot srv-mail srv-app srv-extra;do echo "--\n-- ifconfig of DomU $i\n--"; ssh user@$i /sbin/ifconfig -a;done
--
-- ifconfig of DomU srv-net
--
xennet0: flags=0x8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	capabilities=0x3fc00<TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx>
	capabilities=0x3fc00<TCP6CSUM_Rx,TCP6CSUM_Tx,UDP6CSUM_Rx,UDP6CSUM_Tx>
	enabled=0
	ec_capabilities=0x5<VLAN_MTU,JUMBO_MTU>
	ec_enabled=0
	address: 00:16:3e:00:00:01
	inet6 fe80::216:3eff:fe00:1%xennet0/64 flags 0 scopeid 0x1
	inet 192.168.2.51/24 broadcast 192.168.2.255 flags 0
lo0: flags=0x8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33624
	status: active
	inet6 ::1/128 flags 0x20<NODAD>
	inet6 fe80::1%lo0/64 flags 0 scopeid 0x2
	inet 127.0.0.1/8 flags 0
--
-- ifconfig of DomU srv-iot
--
xennet0: flags=0x8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	capabilities=0x3fc00<TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx>
	capabilities=0x3fc00<TCP6CSUM_Rx,TCP6CSUM_Tx,UDP6CSUM_Rx,UDP6CSUM_Tx>
	enabled=0
	ec_capabilities=0x5<VLAN_MTU,JUMBO_MTU>
	ec_enabled=0
	address: 00:16:3e:00:00:02
	inet6 fe80::216:3eff:fe00:2%xennet0/64 flags 0 scopeid 0x1
	inet 192.168.2.52/24 broadcast 192.168.2.255 flags 0
lo0: flags=0x8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33624
	status: active
	inet6 ::1/128 flags 0x20<NODAD>
	inet6 fe80::1%lo0/64 flags 0 scopeid 0x2
	inet 127.0.0.1/8 flags 0
--
-- ifconfig of DomU srv-mail
--
xennet0: flags=0x8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	capabilities=0x3fc00<TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx>
	capabilities=0x3fc00<TCP6CSUM_Rx,TCP6CSUM_Tx,UDP6CSUM_Rx,UDP6CSUM_Tx>
	enabled=0
	ec_capabilities=0x5<VLAN_MTU,JUMBO_MTU>
	ec_enabled=0
	address: 00:16:3e:00:00:03
	inet6 fe80::216:3eff:fe00:3%xennet0/64 flags 0 scopeid 0x1
	inet 192.168.2.53/24 broadcast 192.168.2.255 flags 0
lo0: flags=0x8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33624
	status: active
	inet6 ::1/128 flags 0x20<NODAD>
	inet6 fe80::1%lo0/64 flags 0 scopeid 0x2
	inet 127.0.0.1/8 flags 0
--
-- ifconfig of DomU srv-app
--
xennet0: flags=0x8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	capabilities=0x3fc00<TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx>
	capabilities=0x3fc00<TCP6CSUM_Rx,TCP6CSUM_Tx,UDP6CSUM_Rx,UDP6CSUM_Tx>
	enabled=0
	ec_capabilities=0x5<VLAN_MTU,JUMBO_MTU>
	ec_enabled=0
	address: 00:16:3e:00:00:04
	inet6 fe80::216:3eff:fe00:4%xennet0/64 flags 0 scopeid 0x1
	inet 192.168.2.54/24 broadcast 192.168.2.255 flags 0
lo0: flags=0x8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33624
	status: active
	inet6 ::1/128 flags 0x20<NODAD>
	inet6 fe80::1%lo0/64 flags 0 scopeid 0x2
	inet 127.0.0.1/8 flags 0
npflog0: flags=0x1<UP>
--
-- ifconfig of DomU srv-extra
--
xennet0: flags=0x8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	capabilities=0x3fc00<TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx>
	capabilities=0x3fc00<TCP6CSUM_Rx,TCP6CSUM_Tx,UDP6CSUM_Rx,UDP6CSUM_Tx>
	enabled=0
	ec_capabilities=0x5<VLAN_MTU,JUMBO_MTU>
	ec_enabled=0
	address: 00:16:3e:00:00:05
	inet6 fe80::216:3eff:fe00:5%xennet0/64 flags 0 scopeid 0x1
	inet 192.168.2.55/24 broadcast 192.168.2.255 flags 0
lo0: flags=0x8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33624
	status: active
	inet6 ::1/128 flags 0x20<NODAD>
	inet6 fe80::1%lo0/64 flags 0 scopeid 0x2
	inet 127.0.0.1/8 flags 0
```

> 2. tell me if `dhcpcd' is running on the DomUs?
>

No, dhcpcd is not running. All the DomUs have fixed IP addresses. I am not sure if this is relevant, but in srv-net there is my DHCP server dhcpd running.

Kind regards
Matthias

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature



Home | Main Index | Thread Index | Old Index