Solved dnsmasq TFTP service not working any longer

DaveMueller

New Member


Messages: 7

After upgrading from FreeBSD-11.2 to FreeBSD-11.3, access to the dnsmasq TFTP service does not seem to be working any longer.

The problem seems to be related somehow to the kernel as shown below:

1. Install FreeBSD-11.2
2. Install, configure and enable dnsmasq TFTP service as follows:
in /usr/local/etc/dnsmasq.conf
Code:
enable-tftp
tftp-root=/tmp
in /etc/rc.conf
Code:
dnsmasq_enable="YES"
create small file using echo "Test" > /tmp/test.file

3. Check TFTP functionality by using tftp localhost -> OK
Code:
root@test:~ # uname -a
FreeBSD test.local 11.2-RELEASE-p14 FreeBSD 11.2-RELEASE-p14 #0: Mon Aug 19 22:38:50 UTC 2019     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
root@test:~ # netstat -ap udp | fgrep tftp
udp6       0      0 *.tftp                 *.*                   
udp4       0      0 *.tftp                 *.*                   
root@test:~ # tftp localhost
tftp> get test.file
Received 5 bytes during 0.0 seconds in 1 blocks
tftp> quit
4. upgrade to FreeBSD-11.3

5. Check TFTP functionality by using tftp localhost again -> FAIL
Code:
root@test:~ # uname -a
FreeBSD test.local 11.3-RELEASE-p3 FreeBSD 11.3-RELEASE-p3 #0: Mon Aug 19 21:08:43 UTC 2019     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
root@test:~ # netstat -ap udp | fgrep tftp
udp6       0      0 *.tftp                 *.*                   
udp4       0      0 *.tftp                 *.*                   
root@test:~ # tftp localhost
tftp> get test.file
receive_packet: timeout
Try 1, didn't receive answer from remote.
receive_packet: timeout
Try 2, didn't receive answer from remote.
^C
tftp> quit
6. reboot system and in the boot loader menu, press 'k' to select kernel.old

7. Check TFTP functionality by using tftp localhost again -> OK

Any idea what this could be?
 

gpw928

Active Member

Reaction score: 73
Messages: 223

It would help to know exactly what is listening on port 69:
Code:
lsof -i UDP:tftp
Assuming it's dnsmasq listening, there are some options that you should check in dnsmasq.conf, e.g.
Code:
# Enable dnsmasq's built-in TFTP server
#enable-tftp
# Set the root directory for files available via FTP.
#tftp-root=/var/ftpd
# Make the TFTP server more secure: with this set, only files owned by
# the user dnsmasq is running as will be send over the net.
#tftp-secure
So the UID of dnsmasq may may matter.
Are there any clues in /var/log?
 
OP
OP
D

DaveMueller

New Member


Messages: 7

Hello

It would help to know exactly what is listening on port 69:
Code:
lsof -i UDP:tftp
In the working case:
Code:
COMMAND PID   USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
dnsmasq 877 nobody    6u  IPv4 0xfffff800083c6f80      0t0  UDP *:tftp
dnsmasq 877 nobody    9u  IPv6 0xfffff800083c6f40      0t0  UDP *:tftp
In the non-working case:
Code:
COMMAND PID   USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
dnsmasq 874 nobody    6u  IPv4 0xfffff80007f6ef80      0t0  UDP *:tftp
dnsmasq 874 nobody    9u  IPv6 0xfffff80007f6ef40      0t0  UDP *:tftp
Assuming it's dnsmasq listening, there are some options that you should check in dnsmasq.conf, e.g.
As mentioned previously, I have enabled a "minimal" TFTP dnsmasq setup.
In the meantime, I have added
Code:
log-facility=/var/log/dnsmasq.log
as well. This results in the following log files:

Working case:
Code:
Sep 28 07:45:13 dnsmasq[875]: started, version 2.80 cachesize 150
Sep 28 07:45:13 dnsmasq[875]: compile time options: IPv6 GNU-getopt no-DBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect no-inotify dumpfile
Sep 28 07:45:13 dnsmasq-tftp[875]: TFTP root is /tmp
Sep 28 07:45:13 dnsmasq[875]: reading /etc/resolv.conf
Sep 28 07:45:13 dnsmasq[875]: using nameserver 192.168.3.36#53
Sep 28 07:45:13 dnsmasq[875]: using nameserver 192.168.1.28#53
Sep 28 07:45:13 dnsmasq[875]: read /etc/hosts - 2 addresses
Sep 28 07:45:51 dnsmasq-tftp[875]: sent /tmp/test.file to 127.0.0.1
Not-working case:
Code:
Sep 28 07:50:15 dnsmasq[1098]: started, version 2.80 cachesize 150
Sep 28 07:50:15 dnsmasq[1098]: compile time options: IPv6 GNU-getopt no-DBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect no-inotify dumpfile
Sep 28 07:50:15 dnsmasq-tftp[1098]: TFTP root is /tmp
Sep 28 07:50:15 dnsmasq[1098]: reading /etc/resolv.conf
Sep 28 07:50:15 dnsmasq[1098]: using nameserver 192.168.3.36#53
Sep 28 07:50:15 dnsmasq[1098]: using nameserver 192.168.1.28#53
Sep 28 07:50:15 dnsmasq[1098]: read /etc/hosts - 2 addresses
Sep 28 07:50:31 dnsmasq[1098]: failed to send packet: Can't assign requested address
Sep 28 07:50:31 dnsmasq[1098]: failed to send packet: Can't assign requested address
Are there any clues in /var/log?
The line
Code:
failed to send packet: Can't assign requested address
looks interesting, but I'm not sure if this is not just a symptom of the actual problem.
 

gpw928

Active Member

Reaction score: 73
Messages: 223

Probably worth checking that the DNS server is actually working as expected in both cases:
Code:
$ nslookup localhost
Server:        127.0.0.1
Address:    127.0.0.1#53

Name:    localhost
Address: 127.0.0.1
Name:    localhost
Address: ::1
Given that the configuration files are all the same, the next step is to look for any differences in the network interfaces and routing tables:
Code:
ifconfig -a
netstat -rn
 
OP
OP
D

DaveMueller

New Member


Messages: 7

Probably worth checking that the DNS server is actually working as expected in both cases:
Code:
$ nslookup localhost
Server:        127.0.0.1
Address:    127.0.0.1#53

Name:    localhost
Address: 127.0.0.1
Name:    localhost
Address: ::1
This is identical in both cases:
Code:
root@test:~ # nslookup localhost
Server:         192.168.3.36
Address:        192.168.3.36#53

Name:   localhost
Address: 127.0.0.1
Name:   localhost
Address: ::1
Given that the configuration files are all the same, the next step is to look for any differences in the network interfaces and routing tables:
Code:
ifconfig -a
netstat -rn
Working case:
Code:
root@test:~ # ifconfig -a
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
        ether 00:60:c2:28:00:6e
        hwaddr 00:60:c2:28:00:6e
        inet 192.168.0.63 netmask 0xfffff000 broadcast 192.168.15.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
root@test:~ # netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.1.1        UGS         em0
127.0.0.1          link#2             UH          lo0
192.168.0.0/20     link#1             U           em0
192.168.0.63       link#1             UHS         lo0

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             ::1                           UGRS        lo0
::1                               link#2                        UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%lo0/64                     link#2                        U           lo0
fe80::1%lo0                       link#2                        UHS         lo0
ff02::/16                         ::1                           UGRS        lo0
Non-working case:
Code:
root@test:~ # ifconfig -a
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
        ether 00:60:c2:28:00:6e
        hwaddr 00:60:c2:28:00:6e
        inet 192.168.0.63 netmask 0xfffff000 broadcast 192.168.15.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
root@test:~ # netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.1.1        UGS         em0
127.0.0.1          link#2             UH          lo0
192.168.0.0/20     link#1             U           em0
192.168.0.63       link#1             UHS         lo0

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             ::1                           UGRS        lo0
::1                               link#2                        UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%lo0/64                     link#2                        U           lo0
fe80::1%lo0                       link#2                        UHS         lo0
ff02::/16                         ::1                           UGRS        lo0
The difference is the additional "LINKSTATE" in the lo0 options list.
 

gpw928

Active Member

Reaction score: 73
Messages: 223

I'll have to look into "LINKSTATE". All my FreeBSD systems have it set for lo0.

Your logs said that dnsmasq was reading /etc/hosts, suggesting it was being used as a name server (and adding the contents of /etc/hosts to the list hosts it knew about).

I therefore would have expected your name server to be identified as 127.0.0.1 (i.e. with dnsmasq listening on port 53, usually on all interfaces, and with "nameserver 127.0.0.1" in /etc/resolv.conf).

But your nslookup above is showing the DNS server as 192.168.3.36/20.

Please check the DNS configuration in dnsmasq.conf.

Which are you expecting to be used?
 
OP
OP
D

DaveMueller

New Member


Messages: 7

I'll have to look into "LINKSTATE". All my FreeBSD systems have it set for lo0.
Is this true even with kernel "FreeBSD 11.2-RELEASE-p14 #0:" or older?

Your logs said that dnsmasq was reading /etc/hosts, suggesting it was being used as a name server (and adding the contents of /etc/hosts to the list hosts it knew about).

I therefore would have expected your name server to be identified as 127.0.0.1 (i.e. with dnsmasq listening on port 53, usually on all interfaces, and with "nameserver 127.0.0.1" in /etc/resolv.conf).

But your nslookup above is showing the DNS server as 192.168.3.36/20.

Please check the DNS configuration in dnsmasq.conf.
In order to simplify debugging, I use a minimal dnsmasq setup.
My /usr/local/etc/dnsmasq.conf looks like this:
Code:
enable-tftp
tftp-root=/tmp
log-facility=/var/log/dnsmasq.log
As you can see, the DNS functionality of dnsmasq is NOT used.
And AFAIK "localhost" is resolved using /etc/host.conf and /etc/hosts which I haven't touched at all since the installation of the OS.
 

roccobaroccoSC

Aspiring Daemon

Reaction score: 145
Messages: 600

It looks to me your kernels have different permissions at runtime.
Compare the outputs of "sysctl -a" for both cases. Maybe some security feature got stricter in 11.3?
Also, check the Changelog in the Release notes of 11.3.
 

gpw928

Active Member

Reaction score: 73
Messages: 223

Is this true even with kernel "FreeBSD 11.2-RELEASE-p14 #0:" or older?
I resurrected some old VMs. Here is the survey:
Code:
FreeBSD 11.1: lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
FreeBSD 11.2: lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
FreeBSD 11.3: lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
FreeBSD 12.0: lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
Since I had those systems up and running, I confirmed your problem. i.e. I get exactly the same outcome as you.

I had to fetch the source code with the ports, so will have a look at what's happening. Might take an evening or two.

In the meantime, the advice from roccobaroccoSC is worth pursuing.
 
OP
OP
D

DaveMueller

New Member


Messages: 7

Hello
Compare the outputs of "sysctl -a" for both cases. Maybe some security feature got stricter in 11.3?
Below is a diff between the "sysctl -a" outputs of the "old" and the "new" kernel. I stripped off some (hopefully) irrelevant parts, mainly the "vm" and "vfs" sections:
Code:
--- sysctl_old    2019-10-01 09:46:57.818109000 +0200
+++ sysctl_new    2019-10-01 09:45:17.793628000 +0200
@@ -1,7 +1,7 @@
 kern.ostype: FreeBSD
-kern.osrelease: 11.2-RELEASE-p14
+kern.osrelease: 11.3-RELEASE-p3
 kern.osrevision: 199506
-kern.version: FreeBSD 11.2-RELEASE-p14 #0: Mon Aug 19 22:38:50 UTC 2019
+kern.version: FreeBSD 11.3-RELEASE-p3 #0: Mon Aug 19 21:08:43 UTC 2019
     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
 
 kern.maxvnodes: 209745
@@ -16,10 +16,10 @@
 kern.ngroups: 1023
 kern.job_control: 1
 kern.saved_ids: 0
-kern.boottime: { sec = 1569915952, usec = 69951 } Tue Oct  1 09:45:52 2019
+kern.boottime: { sec = 1569915791, usec = 785148 } Tue Oct  1 09:43:11 2019
 kern.domainname:
-kern.osreldate: 1102000
-kern.bootfile: /boot/kernel.old/kernel
+kern.osreldate: 1103000
+kern.bootfile: /boot/kernel/kernel
 kern.maxfilesperproc: 227997
 kern.maxprocperuid: 11970
 kern.ipc.maxsockbuf: 2097152
@@ -63,7 +63,7 @@
 kern.ipc.piperesizefail: 0
 kern.ipc.pipeallocfail: 0
 kern.ipc.pipefragretry: 0
-kern.ipc.pipekva: 69632
+kern.ipc.pipekva: 53248
 kern.ipc.maxpipekva: 129703936
 kern.ipc.umtx_max_robust: 1000
 kern.ipc.umtx_vnode_persistent: 0
@@ -85,8 +85,8 @@
 kern.metadelay: 28
 kern.dirdelay: 29
 kern.filedelay: 30
-kern.tty_nout: 3835
-kern.tty_nin: 106
+kern.tty_nout: 126637
+kern.tty_nin: 150
 kern.tty_inq_flush_secure: 1
 kern.tty_drainwait: 300
 kern.trap_enotcap: 0
@@ -102,6 +102,7 @@
 kern.always_console_output: 0
 kern.log_console_add_linefeed: 0
 kern.log_console_output: 1
+kern.boot_tag:
 kern.vm_guest: none
 kern.sgrowsiz: 131072
 kern.maxssiz: 536870912
@@ -118,8 +119,7 @@
 kern.hz: 1000
 kern.msgbuf_show_timestamp: 0
 kern.log_wakeups_per_second: 5
-kern.kobj_methodcount: 290
-kern.hintmode: 0
+kern.kobj_methodcount: 293
 kern.devstat.version: 6
 kern.devstat.generation: 117
 kern.devstat.numdevs: 3
@@ -188,19 +188,19 @@
 kern.timecounter.stepwarnings: 0
 kern.timecounter.tc.ACPI-fast.quality: 900
 kern.timecounter.tc.ACPI-fast.frequency: 3579545
-kern.timecounter.tc.ACPI-fast.counter: 6613924
+kern.timecounter.tc.ACPI-fast.counter: 14791058
 kern.timecounter.tc.ACPI-fast.mask: 16777215
 kern.timecounter.tc.i8254.quality: 0
 kern.timecounter.tc.i8254.frequency: 1193182
-kern.timecounter.tc.i8254.counter: 16883
+kern.timecounter.tc.i8254.counter: 5966
 kern.timecounter.tc.i8254.mask: 65535
 kern.timecounter.tc.HPET.quality: 950
 kern.timecounter.tc.HPET.frequency: 24000000
-kern.timecounter.tc.HPET.counter: 1942452472
+kern.timecounter.tc.HPET.counter: 3570035899
 kern.timecounter.tc.HPET.mask: 4294967295
 kern.timecounter.tc.TSC.quality: 1000
-kern.timecounter.tc.TSC.frequency: 1704112998
-kern.timecounter.tc.TSC.counter: 1482642160
+kern.timecounter.tc.TSC.frequency: 1704105224
+kern.timecounter.tc.TSC.counter: 1223418334
 kern.timecounter.tc.TSC.mask: 4294967295
 kern.fscale: 2048
 kern.corefile: %N.core
@@ -551,14 +551,14 @@
 kern.supported_archs: amd64 i386
 kern.maxusers: 830
-kern.compiler_version: FreeBSD clang version 6.0.0 (tags/RELEASE_600/final 326565) (based on LLVM 6.0.0)
+kern.compiler_version: FreeBSD clang version 8.0.0 (tags/RELEASE_800/final 356365) (based on LLVM 8.0.0)
 kern.ident: GENERIC
 kern.malloc_count: 408
-kern.module_path: /boot/kernel.old;/boot/modules;/boot/dtb;/boot/dtb/overlays
+kern.module_path: /boot/kernel;/boot/modules;/boot/dtb;/boot/dtb/overlays
 kern.ktrace.request_pool: 100
 kern.ktrace.genio_size: 4096
 kern.randompid: 0
-kern.lastpid: 733
+kern.lastpid: 780
 kern.disallow_high_osrel: 0
 kern.ps_arg_cache_limit: 256
 kern.stackprot: 7
@@ -580,17 +580,17 @@
 kern.eventtimer.et.HPET.frequency: 24000000
 kern.eventtimer.et.HPET.flags: 7
 kern.eventtimer.et.LAPIC.quality: 600
-kern.eventtimer.et.LAPIC.frequency: 1704112998
+kern.eventtimer.et.LAPIC.frequency: 1704105224
 kern.eventtimer.et.LAPIC.flags: 7
-kern.openfiles: 76
+kern.openfiles: 72
 kern.chroot_allow_open_directories: 1
 kern.vty: vt
 kern.constty_wakeups_per_second: 5
 kern.consmsgbuf_size: 8192
 kern.consmute: 0
 kern.console: ttyv0,/ttyv0,
-kern.cp_times: 5 0 25 50 8126 11 0 12 0 8177 12 0 20 4 8164 14 0 27 7 8160 6 0 17 2 8180 9 0 40 2 8155 5 0 15 6 8177 4 0 31 2 8169
-kern.cp_time: 66 0 187 73 65308
+kern.cp_times: 7 0 17 95 15741 11 0 46 0 15805 8 0 16 0 15796 4 0 37 10 15811 14 0 26 2 15820 11 0 21 7 15804 7 0 24 8 15823 2 0 53 3 15797
+kern.cp_time: 64 0 240 125 126397
 kern.acct_suspended: 0
 kern.acct_configured: 0
 kern.acct_chkfreq: 15
@@ -1121,6 +1122,7 @@
 kern.cam.enc.emulate_array_devices: 1
 kern.cam.sa.allow_io_split: 0
 kern.cam.da.default_softtimeout: 0
+kern.cam.da.disable_wp_detection: 0
 kern.cam.da.send_ordered: 1
 kern.cam.da.default_timeout: 60
 kern.cam.da.retry_count: 4
@@ -1802,6 +1840,7 @@
 net.inet.ip.no_same_prefix: 0
 net.inet.icmp.maskrepl: 0
 net.inet.icmp.icmplim: 200
+net.inet.icmp.error_keeptags: 0
 net.inet.icmp.tstamprepl: 1
 net.inet.icmp.bmcastecho: 0
 net.inet.icmp.quotelen: 8
@@ -1851,7 +1890,7 @@
 net.inet.tcp.syncache.rexmtlimit: 3
 net.inet.tcp.syncache.hashsize: 512
 net.inet.tcp.syncache.count: 0
-net.inet.tcp.syncache.cachelimit: 15364
+net.inet.tcp.syncache.cachelimit: 15375
 net.inet.tcp.syncache.bucketlimit: 30
 net.inet.tcp.syncookies_only: 0
 net.inet.tcp.syncookies: 1
@@ -1872,9 +1911,11 @@
 net.inet.tcp.sack.globalmaxholes: 65536
 net.inet.tcp.sack.maxholes: 128
 net.inet.tcp.sack.enable: 1
+net.inet.tcp.reass.queueguard: 16
+net.inet.tcp.reass.new_limit: 0
 net.inet.tcp.reass.maxqueuelen: 100
 net.inet.tcp.reass.cursegments: 0
-net.inet.tcp.reass.maxsegments: 30700
+net.inet.tcp.reass.maxsegments: 30710
 net.inet.tcp.sendbuf_max: 2097152
 net.inet.tcp.sendbuf_inc: 8192
 net.inet.tcp.sendbuf_auto: 1
@@ -2307,7 +2348,7 @@
 debug.crypto_timing: 0
 debug.nlm_debug: 0
 debug.if_tun_debug: 0
-debug.vn_io_faults: 453
+debug.vn_io_faults: 463
 debug.vn_io_fault_prefault: 0
 debug.vn_io_fault_enable: 1
 debug.max_vnlru_free: 10000
@@ -2316,8 +2357,8 @@
 debug.disablefullpath: 0
 debug.disablecwd: 0
 debug.vfscache: 1
-debug.numcachehv: 65
-debug.numcache: 560
+debug.numcachehv: 64
+debug.numcache: 563
 debug.numneg: 46
 debug.nchash: 262143
 debug.devfs_iosize_max_clamp: 1
@@ -2346,6 +2387,7 @@
 debug.sx.retries: 10
 debug.ncores: 5
 debug.trace_on_panic: 1
+debug.debugger_on_trap: 0
 debug.debugger_on_panic: 1
 debug.rwlock.delay_max: 4096
 debug.rwlock.delay_base: 4
@@ -2450,7 +2492,7 @@
 hw.ncpu: 8
 hw.byteorder: 1234
 hw.physmem: 8301260800
-hw.usermem: 8039886848
+hw.usermem: 8039591936
 hw.pagesize: 4096
 hw.floatingpoint: 1
 hw.machine_arch: amd64
@@ -2570,6 +2612,7 @@
 hw.ixl.shared_debug_mask: 0
 hw.ixl.core_debug_mask: 0
 hw.ixl.enable_head_writeback: 1
+hw.ixl.i2c_access_method: 0
 hw.ixl.enable_tx_fc_filter: 1
 hw.ixl.max_queues: 0
 hw.ixl.rx_ring_size: 1024
@@ -2705,6 +2748,7 @@
 hw.pci.enable_pcie_hp: 1
 hw.pci.clear_pcib: 0
 hw.pci.iov_max_config: 1048576
+hw.pci.clear_aer_on_attach: 0
 hw.pci.enable_ari: 1
 hw.pci.clear_buses: 0
 hw.pci.clear_bars: 0
@@ -2732,6 +2776,7 @@
 hw.mwl.txbuf: 256
 hw.mwl.rxbuf: 640
 hw.mwl.rxdesc: 256
+hw.mmcsd.cache: 1
 hw.mmc.debug: 0
 hw.mfi.mrsas_enable: 0
 hw.mfi.msi: 1
@@ -2816,10 +2861,11 @@
 hw.an.an_dump: off
 hw.amr.force_sg32: 0
 hw.aac.enable_msi: 1
-machdep.tsc_freq: 1704112998
+machdep.tsc_freq: 1704105224
 machdep.disable_tsc_calibration: 0
 machdep.disable_tsc: 0
 machdep.disable_msix_migration: 0
+machdep.num_msi_irqs: 512
 machdep.hyperthreading_allowed: 1
 machdep.disable_mtrrs: 0
 machdep.kdb_on_nmi: 1
@@ -2831,6 +2877,7 @@
 machdep.idle_mwait: 1
 machdep.i8254_freq: 1193182
 machdep.acpi_root: 2344947712
+machdep.nmi_flush_l1d_sw: 0
 machdep.uprintf_signal: 0
 machdep.prot_fault_translation: 0
 machdep.max_ldt_segment: 512
@@ -3717,22 +3765,22 @@
 dev.netmap.ring_num: 200
 dev.netmap.ring_curr_size: 0
 dev.netmap.ring_size: 36864
-dev.netmap.priv_if_num: 1
+dev.netmap.priv_if_num: 2
 dev.netmap.priv_if_size: 1024
 dev.netmap.if_curr_num: 0
 dev.netmap.if_num: 100
 dev.netmap.if_curr_size: 0
 dev.netmap.if_size: 1024
+dev.netmap.ptnet_vnet_hdr: 1
 dev.netmap.generic_rings: 1
 dev.netmap.generic_ringsize: 1024
 dev.netmap.generic_mit: 100000
+dev.netmap.generic_hwcsum: 0
 dev.netmap.admode: 0
 dev.netmap.fwd: 0
-dev.netmap.flags: 0
-dev.netmap.adaptive_io: 0
 dev.netmap.txsync_retry: 2
-dev.netmap.no_pendintr: 1
 dev.netmap.mitigate: 1
+dev.netmap.no_pendintr: 1
 dev.netmap.no_timestamp: 0
 dev.netmap.verbose: 0
 dev.netmap.ix_rx_miss_bufs: 0
@@ -3747,12 +3795,12 @@
 security.bsd.unprivileged_get_quota: 0
 security.bsd.hardlink_check_gid: 0
 security.bsd.hardlink_check_uid: 0
-security.bsd.unprivileged_read_msgbuf: 1
 security.bsd.unprivileged_idprio: 0
 security.bsd.unprivileged_proc_debug: 1
 security.bsd.conservative_signals: 1
 security.bsd.see_other_gids: 1
 security.bsd.see_other_uids: 1
+security.bsd.unprivileged_read_msgbuf: 1
 security.bsd.unprivileged_mlock: 1
 security.bsd.suser_enabled: 1
 security.bsd.map_at_zero: 0
@@ -3768,6 +3816,7 @@
 security.jail.param.allow.mount.fdescfs: 0
 security.jail.param.allow.mount.devfs: 0
 security.jail.param.allow.mount.: 0
+security.jail.param.allow.read_msgbuf: 0
 security.jail.param.allow.socket_af: 0
 security.jail.param.allow.quotas: 0
 security.jail.param.allow.chflags: 0
Also, check the Changelog in the Release notes of 11.3.
I already checked the Release notes, but I haven't found anything relevant so far.
 

roccobaroccoSC

Aspiring Daemon

Reaction score: 145
Messages: 600

Hello

Below is a diff between the "sysctl -a" outputs of the "old" and the "new" kernel. I stripped off some (hopefully) irrelevant parts, mainly the "vm" and "vfs" sections:
Code:
--- sysctl_old    2019-10-01 09:46:57.818109000 +0200
+++ sysctl_new    2019-10-01 09:45:17.793628000 +0200
@@ -1,7 +1,7 @@
kern.ostype: FreeBSD
-kern.osrelease: 11.2-RELEASE-p14
+kern.osrelease: 11.3-RELEASE-p3
kern.osrevision: 199506
-kern.version: FreeBSD 11.2-RELEASE-p14 #0: Mon Aug 19 22:38:50 UTC 2019
+kern.version: FreeBSD 11.3-RELEASE-p3 #0: Mon Aug 19 21:08:43 UTC 2019
     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC

kern.maxvnodes: 209745
@@ -16,10 +16,10 @@
kern.ngroups: 1023
kern.job_control: 1
kern.saved_ids: 0
-kern.boottime: { sec = 1569915952, usec = 69951 } Tue Oct  1 09:45:52 2019
+kern.boottime: { sec = 1569915791, usec = 785148 } Tue Oct  1 09:43:11 2019
kern.domainname:
-kern.osreldate: 1102000
-kern.bootfile: /boot/kernel.old/kernel
+kern.osreldate: 1103000
+kern.bootfile: /boot/kernel/kernel
kern.maxfilesperproc: 227997
kern.maxprocperuid: 11970
kern.ipc.maxsockbuf: 2097152
@@ -63,7 +63,7 @@
kern.ipc.piperesizefail: 0
kern.ipc.pipeallocfail: 0
kern.ipc.pipefragretry: 0
-kern.ipc.pipekva: 69632
+kern.ipc.pipekva: 53248
kern.ipc.maxpipekva: 129703936
kern.ipc.umtx_max_robust: 1000
kern.ipc.umtx_vnode_persistent: 0
@@ -85,8 +85,8 @@
kern.metadelay: 28
kern.dirdelay: 29
kern.filedelay: 30
-kern.tty_nout: 3835
-kern.tty_nin: 106
+kern.tty_nout: 126637
+kern.tty_nin: 150
kern.tty_inq_flush_secure: 1
kern.tty_drainwait: 300
kern.trap_enotcap: 0
@@ -102,6 +102,7 @@
kern.always_console_output: 0
kern.log_console_add_linefeed: 0
kern.log_console_output: 1
+kern.boot_tag:
kern.vm_guest: none
kern.sgrowsiz: 131072
kern.maxssiz: 536870912
@@ -118,8 +119,7 @@
kern.hz: 1000
kern.msgbuf_show_timestamp: 0
kern.log_wakeups_per_second: 5
-kern.kobj_methodcount: 290
-kern.hintmode: 0
+kern.kobj_methodcount: 293
kern.devstat.version: 6
kern.devstat.generation: 117
kern.devstat.numdevs: 3
@@ -188,19 +188,19 @@
kern.timecounter.stepwarnings: 0
kern.timecounter.tc.ACPI-fast.quality: 900
kern.timecounter.tc.ACPI-fast.frequency: 3579545
-kern.timecounter.tc.ACPI-fast.counter: 6613924
+kern.timecounter.tc.ACPI-fast.counter: 14791058
kern.timecounter.tc.ACPI-fast.mask: 16777215
kern.timecounter.tc.i8254.quality: 0
kern.timecounter.tc.i8254.frequency: 1193182
-kern.timecounter.tc.i8254.counter: 16883
+kern.timecounter.tc.i8254.counter: 5966
kern.timecounter.tc.i8254.mask: 65535
kern.timecounter.tc.HPET.quality: 950
kern.timecounter.tc.HPET.frequency: 24000000
-kern.timecounter.tc.HPET.counter: 1942452472
+kern.timecounter.tc.HPET.counter: 3570035899
kern.timecounter.tc.HPET.mask: 4294967295
kern.timecounter.tc.TSC.quality: 1000
-kern.timecounter.tc.TSC.frequency: 1704112998
-kern.timecounter.tc.TSC.counter: 1482642160
+kern.timecounter.tc.TSC.frequency: 1704105224
+kern.timecounter.tc.TSC.counter: 1223418334
kern.timecounter.tc.TSC.mask: 4294967295
kern.fscale: 2048
kern.corefile: %N.core
@@ -551,14 +551,14 @@
kern.supported_archs: amd64 i386
kern.maxusers: 830
-kern.compiler_version: FreeBSD clang version 6.0.0 (tags/RELEASE_600/final 326565) (based on LLVM 6.0.0)
+kern.compiler_version: FreeBSD clang version 8.0.0 (tags/RELEASE_800/final 356365) (based on LLVM 8.0.0)
kern.ident: GENERIC
kern.malloc_count: 408
-kern.module_path: /boot/kernel.old;/boot/modules;/boot/dtb;/boot/dtb/overlays
+kern.module_path: /boot/kernel;/boot/modules;/boot/dtb;/boot/dtb/overlays
kern.ktrace.request_pool: 100
kern.ktrace.genio_size: 4096
kern.randompid: 0
-kern.lastpid: 733
+kern.lastpid: 780
kern.disallow_high_osrel: 0
kern.ps_arg_cache_limit: 256
kern.stackprot: 7
@@ -580,17 +580,17 @@
kern.eventtimer.et.HPET.frequency: 24000000
kern.eventtimer.et.HPET.flags: 7
kern.eventtimer.et.LAPIC.quality: 600
-kern.eventtimer.et.LAPIC.frequency: 1704112998
+kern.eventtimer.et.LAPIC.frequency: 1704105224
kern.eventtimer.et.LAPIC.flags: 7
-kern.openfiles: 76
+kern.openfiles: 72
kern.chroot_allow_open_directories: 1
kern.vty: vt
kern.constty_wakeups_per_second: 5
kern.consmsgbuf_size: 8192
kern.consmute: 0
kern.console: ttyv0,/ttyv0,
-kern.cp_times: 5 0 25 50 8126 11 0 12 0 8177 12 0 20 4 8164 14 0 27 7 8160 6 0 17 2 8180 9 0 40 2 8155 5 0 15 6 8177 4 0 31 2 8169
-kern.cp_time: 66 0 187 73 65308
+kern.cp_times: 7 0 17 95 15741 11 0 46 0 15805 8 0 16 0 15796 4 0 37 10 15811 14 0 26 2 15820 11 0 21 7 15804 7 0 24 8 15823 2 0 53 3 15797
+kern.cp_time: 64 0 240 125 126397
kern.acct_suspended: 0
kern.acct_configured: 0
kern.acct_chkfreq: 15
@@ -1121,6 +1122,7 @@
kern.cam.enc.emulate_array_devices: 1
kern.cam.sa.allow_io_split: 0
kern.cam.da.default_softtimeout: 0
+kern.cam.da.disable_wp_detection: 0
kern.cam.da.send_ordered: 1
kern.cam.da.default_timeout: 60
kern.cam.da.retry_count: 4
@@ -1802,6 +1840,7 @@
net.inet.ip.no_same_prefix: 0
net.inet.icmp.maskrepl: 0
net.inet.icmp.icmplim: 200
+net.inet.icmp.error_keeptags: 0
net.inet.icmp.tstamprepl: 1
net.inet.icmp.bmcastecho: 0
net.inet.icmp.quotelen: 8
@@ -1851,7 +1890,7 @@
net.inet.tcp.syncache.rexmtlimit: 3
net.inet.tcp.syncache.hashsize: 512
net.inet.tcp.syncache.count: 0
-net.inet.tcp.syncache.cachelimit: 15364
+net.inet.tcp.syncache.cachelimit: 15375
net.inet.tcp.syncache.bucketlimit: 30
net.inet.tcp.syncookies_only: 0
net.inet.tcp.syncookies: 1
@@ -1872,9 +1911,11 @@
net.inet.tcp.sack.globalmaxholes: 65536
net.inet.tcp.sack.maxholes: 128
net.inet.tcp.sack.enable: 1
+net.inet.tcp.reass.queueguard: 16
+net.inet.tcp.reass.new_limit: 0
net.inet.tcp.reass.maxqueuelen: 100
net.inet.tcp.reass.cursegments: 0
-net.inet.tcp.reass.maxsegments: 30700
+net.inet.tcp.reass.maxsegments: 30710
net.inet.tcp.sendbuf_max: 2097152
net.inet.tcp.sendbuf_inc: 8192
net.inet.tcp.sendbuf_auto: 1
@@ -2307,7 +2348,7 @@
debug.crypto_timing: 0
debug.nlm_debug: 0
debug.if_tun_debug: 0
-debug.vn_io_faults: 453
+debug.vn_io_faults: 463
debug.vn_io_fault_prefault: 0
debug.vn_io_fault_enable: 1
debug.max_vnlru_free: 10000
@@ -2316,8 +2357,8 @@
debug.disablefullpath: 0
debug.disablecwd: 0
debug.vfscache: 1
-debug.numcachehv: 65
-debug.numcache: 560
+debug.numcachehv: 64
+debug.numcache: 563
debug.numneg: 46
debug.nchash: 262143
debug.devfs_iosize_max_clamp: 1
@@ -2346,6 +2387,7 @@
debug.sx.retries: 10
debug.ncores: 5
debug.trace_on_panic: 1
+debug.debugger_on_trap: 0
debug.debugger_on_panic: 1
debug.rwlock.delay_max: 4096
debug.rwlock.delay_base: 4
@@ -2450,7 +2492,7 @@
hw.ncpu: 8
hw.byteorder: 1234
hw.physmem: 8301260800
-hw.usermem: 8039886848
+hw.usermem: 8039591936
hw.pagesize: 4096
hw.floatingpoint: 1
hw.machine_arch: amd64
@@ -2570,6 +2612,7 @@
hw.ixl.shared_debug_mask: 0
hw.ixl.core_debug_mask: 0
hw.ixl.enable_head_writeback: 1
+hw.ixl.i2c_access_method: 0
hw.ixl.enable_tx_fc_filter: 1
hw.ixl.max_queues: 0
hw.ixl.rx_ring_size: 1024
@@ -2705,6 +2748,7 @@
hw.pci.enable_pcie_hp: 1
hw.pci.clear_pcib: 0
hw.pci.iov_max_config: 1048576
+hw.pci.clear_aer_on_attach: 0
hw.pci.enable_ari: 1
hw.pci.clear_buses: 0
hw.pci.clear_bars: 0
@@ -2732,6 +2776,7 @@
hw.mwl.txbuf: 256
hw.mwl.rxbuf: 640
hw.mwl.rxdesc: 256
+hw.mmcsd.cache: 1
hw.mmc.debug: 0
hw.mfi.mrsas_enable: 0
hw.mfi.msi: 1
@@ -2816,10 +2861,11 @@
hw.an.an_dump: off
hw.amr.force_sg32: 0
hw.aac.enable_msi: 1
-machdep.tsc_freq: 1704112998
+machdep.tsc_freq: 1704105224
machdep.disable_tsc_calibration: 0
machdep.disable_tsc: 0
machdep.disable_msix_migration: 0
+machdep.num_msi_irqs: 512
machdep.hyperthreading_allowed: 1
machdep.disable_mtrrs: 0
machdep.kdb_on_nmi: 1
@@ -2831,6 +2877,7 @@
machdep.idle_mwait: 1
machdep.i8254_freq: 1193182
machdep.acpi_root: 2344947712
+machdep.nmi_flush_l1d_sw: 0
machdep.uprintf_signal: 0
machdep.prot_fault_translation: 0
machdep.max_ldt_segment: 512
@@ -3717,22 +3765,22 @@
dev.netmap.ring_num: 200
dev.netmap.ring_curr_size: 0
dev.netmap.ring_size: 36864
-dev.netmap.priv_if_num: 1
+dev.netmap.priv_if_num: 2
dev.netmap.priv_if_size: 1024
dev.netmap.if_curr_num: 0
dev.netmap.if_num: 100
dev.netmap.if_curr_size: 0
dev.netmap.if_size: 1024
+dev.netmap.ptnet_vnet_hdr: 1
dev.netmap.generic_rings: 1
dev.netmap.generic_ringsize: 1024
dev.netmap.generic_mit: 100000
+dev.netmap.generic_hwcsum: 0
dev.netmap.admode: 0
dev.netmap.fwd: 0
-dev.netmap.flags: 0
-dev.netmap.adaptive_io: 0
dev.netmap.txsync_retry: 2
-dev.netmap.no_pendintr: 1
dev.netmap.mitigate: 1
+dev.netmap.no_pendintr: 1
dev.netmap.no_timestamp: 0
dev.netmap.verbose: 0
dev.netmap.ix_rx_miss_bufs: 0
@@ -3747,12 +3795,12 @@
security.bsd.unprivileged_get_quota: 0
security.bsd.hardlink_check_gid: 0
security.bsd.hardlink_check_uid: 0
-security.bsd.unprivileged_read_msgbuf: 1
security.bsd.unprivileged_idprio: 0
security.bsd.unprivileged_proc_debug: 1
security.bsd.conservative_signals: 1
security.bsd.see_other_gids: 1
security.bsd.see_other_uids: 1
+security.bsd.unprivileged_read_msgbuf: 1
security.bsd.unprivileged_mlock: 1
security.bsd.suser_enabled: 1
security.bsd.map_at_zero: 0
@@ -3768,6 +3816,7 @@
security.jail.param.allow.mount.fdescfs: 0
security.jail.param.allow.mount.devfs: 0
security.jail.param.allow.mount.: 0
+security.jail.param.allow.read_msgbuf: 0
security.jail.param.allow.socket_af: 0
security.jail.param.allow.quotas: 0
security.jail.param.allow.chflags: 0
I already checked the Release notes, but I haven't found anything relevant so far.
I can't find anything in the diff. Sorry, no further ideas.
 

gpw928

Active Member

Reaction score: 73
Messages: 223

It's a bug in the IPV4 tftp code of dnsmasq. Certainly FreeBSD 11.3 and 12.0 are impacted. Probably everything since 11.2.

IPV6 does not appear to be impacted, at least with localhost. i.e. tftp ::1 works.

The problem arises in tftp.c at line 195, when the return is taken because if_index is zero, and can not be translated to a name:
Code:
if (!indextoname(listen->tftpfd, if_index, namebuff))
    return;
The root cause is that, for FreeBSD IPV4, if_index retains its default value of zero. i.e. it should be set (but is not) in the block of code commencing at line 159:
Code:
#elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
      if (listen->family == AF_INET)
        for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
          {
            union {
              unsigned char *c;
              struct in_addr *a;
              struct sockaddr_dl *s;
            } p;
            p.c = CMSG_DATA(cmptr);
            if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVDSTADDR)
              addr.in.sin_addr = *(p.a);
            else if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_RECVIF)
              if_index = p.s->sdl_index;
          }

#endif
This code is unchanged since FreeBSD 11.2, where the problem does not occur.
It's probably time to file a bug report.
 
OP
OP
D

DaveMueller

New Member


Messages: 7

The problem seems to be related to the amount of space reserved for the "control" messages around line 79 of tftp.c
C:
  union {
    struct cmsghdr align; /* this ensures alignment */
#ifdef HAVE_IPV6
    char control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
#endif
#if defined(HAVE_LINUX_NETWORK)
    char control[CMSG_SPACE(sizeof(struct in_pktinfo))];
#elif defined(HAVE_SOLARIS_NETWORK)
    char control[CMSG_SPACE(sizeof(unsigned int))];
#elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
    char control[CMSG_SPACE(sizeof(struct sockaddr_dl))];
#endif
  } control_u;

  msg.msg_controllen = sizeof(control_u);
  msg.msg_control = control_u.control;
If I increase the size of the "control" array, both of the "IP_RECVDSTADDR" and "IP_RECVIF" messages are available and handled correctly in the code at line 169-172.

I assume the "control" array should be declared like this:
C:
#elif defined(IP_RECVDSTADDR) && defined(IP_RECVIF)
    char control[CMSG_SPACE(sizeof(struct in_addr)) +      /* IP_RECVDSTADDR */
                 CMSG_SPACE(sizeof(struct sockaddr_dl))];  /* IP_RECVIF */
#endif
 
Top