ospfctl reload does not add virtual interfaces

[Marco Matarazzo]

Hi all,

I'm setupping a carp/pfsync firewall with ospf. We've have 40 vlans,
and we plan to add other later. Everything is working as expected,
except one thing. From time to time we have to add new vlans to the
setup, the procedure would be to create the relevant hostname.vlanxxx,
hostname.carpxxx, update the ospfd.conf with the new carped interface
to announce, issue an ospfctl reload voil`, i expect it to just work.
Instead, the reload of the configuration fails. To add the new
interface I've to kill the ospf parent process and reload the daemon!
Strangely enough, it works when the new interface is a physical
interface. Also adding a vlan on the fly does not work, so it could be
that every virtual interface cannot be added with a simple ospfctl
reload. Some details follow (excerpt taken from the backup firewall):

Dmesg
----------
OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008
    [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Xeon(R) CPU 3050 @ 2.13GHz ("GenuineIntel" 686-class) 2.13 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,
DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xT
PR
real mem  = 1072128000 (1022MB)
avail mem = 1028653056 (981MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 03/05/08, BIOS32 rev. 0 @
0xfd470, SMBIOS rev.
2.51 @ 0x3feea000 (31 entries)
bios0: vendor Phoenix Technologies LTD version "6.00" date 03/05/2008
bios0: Supermicro PDSMi
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP MCFG APIC BOOT ASF! SSDT
acpi0: wakeup devices DEV1(S5) EXP1(S5) PXHA(S5) EXP5(S5) EXP6(S5)
PCIB(S5) KBC0(S1)
MSE0(S1) COM1(S5) COM2(S5) USB1(S4) USB2(S4) USB3(S4) USB4(S4) EUSB(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (DEV1)
acpiprt2 at acpi0: bus 9 (EXP1)
acpiprt3 at acpi0: bus 10 (PXHA)
acpiprt4 at acpi0: bus 13 (EXP5)
acpiprt5 at acpi0: bus 14 (EXP6)
acpiprt6 at acpi0: bus 15 (PCIB)
acpicpu0 at acpi0
acpibtn0 at acpi0: PWRB
bios0: ROM list: 0xc0000/0xb000 0xcb000/0x1000 0xcc000/0x1000
ipmi at mainbus0 not configured
cpu0 at mainbus0
cpu0: Enhanced SpeedStep disabled by BIOS
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel E7230 Host" rev 0xc0
ppb0 at pci0 dev 1 function 0 "Intel E7230 PCIE" rev 0xc0: irq 11
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: irq 12
pci2 at ppb1 bus 9
ppb2 at pci2 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09
pci3 at ppb2 bus 10
ppb3 at pci3 dev 1 function 0 "Pericom PI7C21P100 PCIX-PCIX" rev 0x01
pci4 at ppb3 bus 11
em0 at pci4 dev 4 function 0 "Intel PRO/1000MT QP (82546GB)" rev 0x03:
irq 11, addres
s 00:1b:21:0a:af:a8
em1 at pci4 dev 4 function 1 "Intel PRO/1000MT QP (82546GB)" rev 0x03:
irq 12, addres
s 00:1b:21:0a:af:a9
em2 at pci4 dev 6 function 0 "Intel PRO/1000MT QP (82546GB)" rev 0x03:
irq 5, address
 00:1b:21:0a:af:aa
em3 at pci4 dev 6 function 1 "Intel PRO/1000MT QP (82546GB)" rev 0x03:
irq 11, addres
s 00:1b:21:0a:af:ab
"Intel IOxAPIC" rev 0x09 at pci2 dev 0 function 1 not configured
ppb4 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01: irq 12
pci5 at ppb4 bus 13
em4 at pci5 dev 0 function 0 "Intel PRO/1000MT (82573E)" rev 0x03: irq
11, address 00
:30:48:92:e3:36
ppb5 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01: irq 11
pci6 at ppb5 bus 14
em5 at pci6 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: irq
12, address 00
:30:48:92:e3:37
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: irq 10
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: irq 11
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: irq 5
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: irq 11
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: irq 10
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb6 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xe1
pci7 at ppb6 bus 15
vga1 at pci7 dev 0 function 0 "ATI ES1000" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 "Intel 82801GB LPC" rev 0x01: PM disabled
pciide0 at pci0 dev 31 function 2 "Intel 82801GB SATA" rev 0x01: DMA,
channel 0 wired
 to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <Hitachi HDS721616PLA380>
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <MATSHITA, DVD-ROM UJDA780, 1.50> SCSI0
5/cdrom removab
le
cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2
ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x01: irq 11
iic0 at ichiic0
lm1 at iic0 addr 0x2d: W83627HF
wbng0 at iic0 addr 0x2f: w83793g
iic0: addr 0x48 00=7f 02=4b 03=50 04=7f 06=4b 07=50 08=7f 0a=4b 0b=50
0c=7f 0e=4b 0f=
50 10=7f 12=4b 13=50 14=7f 16=4b 17=50 18=7f 1a=4b 1b=50 1c=7f 1e=4b
1f=50 20=7f 22=4
b 23=50 24=7f 26=4b 27=50 28=7f 2a=4b 2b=50 2c=7f 2e=4b 2f=50 30=7f
32=4b 33=50 34=7f
 36=4b 37=50 38=7f 3a=4b 3b=50 3c=7f 3e=4b 3f=50 40=7f 42=4b 43=50
44=7f 46=4b 47=50
48=7f 4a=4b 4b=50 4c=7f 4e=4b 4f=50 50=7f 52=4b 53=50 54=7f 56=4b
57=50 58=7f 5a=4b 5
b=50 5c=7f 5e=4b 5f=50 60=7f 62=4b 63=50 64=7f 66=4b 67=50 68=7f 6a=4b
6b=50 6c=7f 6e
=4b 6f=50 70=7f 72=4b 73=50 74=7f 76=4b 77=50 78=7f 7a=4b 7b=50 7c=7f
7e=4b 7f=50 80=
7f 82=4b 83=50 84=7f 86=4b 87=50 88=7f 8a=4b 8b=50 8c=7f 8e=4b 8f=50
90=7f 92=4b 93=5
0 94=7f 96=4b 97=50 98=7f 9a=4b 9b=50 9c=7f 9e=4b 9f=50 a0=7f a2=4b
a3=50 a4=7f a6=4b
 a7=50 a8=7f aa=4b ab=50 ac=7f ae=4b af=50 b0=7f b2=4b b3=50 b4=7f
b6=4b b7=50 b8=7f
ba=4b bb=50 bc=7f be=4b bf=50 c0=7f c2=4b c3=50 c4=7f c6=4b c7=50
c8=7f ca=4b cb=50 c
c=7f ce=4b cf=50 d0=7f d2=4b d3=50 d4=7f d6=4b d7=50 d8=7f da=4b db=50
dc=7f de=4b df
=50 e0=7f e2=4b e3=50 e4=7f e6=4b e7=50 e8=7f ea=4b eb=50 ec=7f ee=4b
ef=50 f0=7f f2=
4b f3=50 f4=7f f6=4b f7=50 f8=7f fa=4b fb=50 fc=7f fe=4b ff=50 words
00=7f00 01=00ff
02=4b00 03=5000 04=7f00 05=00ff 06=4b00 07=5000 08=7f00 09=00ff
0a=4b00 0b=5000 0c=7f
00 0d=00ff 0e=4b00 0f=5000
iic0: addr 0x49 00=7f 02=4b 03=50 04=7f 06=4b 07=50 08=7f 0a=4b 0b=50
0c=7f 0e=4b 0f=
50 10=7f 12=4b 13=50 14=7f 16=4b 17=50 18=7f 1a=4b 1b=50 1c=7f 1e=4b
1f=50 20=7f 22=4
b 23=50 24=7f 26=4b 27=50 28=7f 2a=4b 2b=50 2c=7f 2e=4b 2f=50 30=7f
32=4b 33=50 34=7f
 36=4b 37=50 38=7f 3a=4b 3b=50 3c=7f 3e=4b 3f=50 40=7f 42=4b 43=50
44=7f 46=4b 47=50
48=7f 4a=4b 4b=50 4c=7f 4e=4b 4f=50 50=7f 52=4b 53=50 54=7f 56=4b
57=50 58=7f 5a=4b 5
b=50 5c=7f 5e=4b 5f=50 60=7f 62=4b 63=50 64=7f 66=4b 67=50 68=7f 6a=4b
6b=50 6c=7f 6e
=4b 6f=50 70=7f 72=4b 73=50 74=7f 76=4b 77=50 78=7f 7a=4b 7b=50 7c=7f
7e=4b 7f=50 80=
7f 82=4b 83=50 84=7f 86=4b 87=50 88=7f 8a=4b 8b=50 8c=7f 8e=4b 8f=50
90=7f 92=4b 93=5
0 94=7f 96=4b 97=50 98=7f 9a=4b 9b=50 9c=7f 9e=4b 9f=50 a0=7f a2=4b
a3=50 a4=7f a6=4b
 a7=50 a8=7f aa=4b ab=50 ac=7f ae=4b af=50 b0=7f b2=4b b3=50 b4=7f
b6=4b b7=50 b8=7f
ba=4b bb=50 bc=7f be=4b bf=50 c0=7f c2=4b c3=50 c4=7f c6=4b c7=50
c8=7f ca=4b cb=50 c
c=7f ce=4b cf=50 d0=7f d2=4b d3=50 d4=7f d6=4b d7=50 d8=7f da=4b db=50
dc=7f de=4b df
=50 e0=7f e2=4b e3=50 e4=7f e6=4b e7=50 e8=7f ea=4b eb=50 ec=7f ee=4b
ef=50 f0=7f f2=
4b f3=50 f4=7f f6=4b f7=50 f8=7f fa=4b fb=50 fc=7f fe=4b ff=50 words
00=7f00 01=00ff
02=4b00 03=5000 04=7f00 05=00ff 06=4b00 07=5000 08=7f00 09=00ff
0a=4b00 0b=5000 0c=7f
00 0d=00ff 0e=4b00 0f=5000
spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM non-parity PC2-5300CL5
spdmem1 at iic0 addr 0x52: 512MB DDR2 SDRAM non-parity PC2-5300CL5
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x41
 port 0x295/2 not configured
lm0 at isa0 port 0x290/8: W83627HF
lm1 detached
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask ed65 netmask fd65 ttymask ffe7
mtrr: Pentium Pro MTRR support
softraid0 at root
root on wd0a swap on wd0b dump on wd0b

ospfd.conf
---------------
# global configuration

router-id 0.0.0.2

#redistribute connected

area 0.0.0.0 {
  auth-type crypt
  auth-md 1 "mySecret"
  auth-md-keyid 1

  # main link - To Primary router
  interface em3 { metric 10 }
  # backup link - To Secondary router
  interface em1 { metric 100 }
  interface em0
  # customer interfaces to advertise

interface carp3
interface carp4
interface carp6
interface carp7
interface carp8
interface carp9
interface carp10
interface carp11
interface carp12
interface carp13
interface carp14
interface carp15
interface carp161
interface carp194
interface carp203
interface carp204
interface carp205
interface carp206
interface carp208
interface carp212
interface carp217
interface carp223
interface carp314
interface carp315
interface carp316
interface carp317
interface carp318
interface carp321
interface carp322
interface carp323
interface carp324
interface carp325
interface carp326
interface carp327
interface carp328
interface carp329
interface carp330
interface carp331
interface carp332
interface carp333
interface carp334
interface carp400
}

# ospfctl sh int
Interface   Address            State  HelloTimer Linkstate  Uptime    nc  ac
carp400     a.b.x.d/28   DOWN   7101w3d0   master     00:00:00   0   0
carp334     a.b.y.d/25  DOWN   7101w3d0   backup     00:00:00   0   0
carp333     a.b.z.d/28    DOWN   7101w3d0   backup     00:00:00   0   0
[...etc...]
em0         1.2.3.4/26  DR     00:00:00   active     00:18:21   0   0
em1         5.6.7.8/30  BCKUP  00:00:09   active     00:18:21   1   1
em3         9.10.11.12/30  DR     00:00:04   active     00:18:21   1   1

This is the starting situation. Now I create a new vlan interface:

hostname.vlan192
--------------------------
inet 212.35.192.39 255.255.255.224 NONE vlan 192 vlandev em0

hostname.carp192
--------------------------
inet 212.35.192.33 255.255.255.224 NONE vhid 30 pass mySecret advbase
5 advskew 100 carpdev vlan192

I then make the interfaces up:
#sh netstart vlan192
#sh netstart carp192
#ifconfig vlan192
vlan192: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:1b:21:0a:af:a8
        vlan: 192 priority: 0 parent interface: em0
        groups: vlan
        inet6 fe80::21b:21ff:fe0a:afa8%vlan192 prefixlen 64 scopeid 0x13
        inet 212.35.192.39 netmask 0xffffffe0 broadcast 212.35.192.63
# ifconfig carp192
carp192: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:00:5e:00:01:1e
        carp: BACKUP carpdev vlan192 vhid 30 advbase 5 advskew 100
        groups: carp
        inet6 fe80::200:5eff:fe00:11e%carp192 prefixlen 64 scopeid 0x63
        inet 212.35.192.33 netmask 0xffffffe0 broadcast 212.35.192.63

I add the new carp interface to ospfctl.conf:

ospfd.conf
---------------
# global configuration

router-id 0.0.0.2

#redistribute connected

area 0.0.0.0 {
  auth-type crypt
  auth-md 1 "mySecret"
  auth-md-keyid 1

  # main link - To Primary router
  interface em3 { metric 10 }
  # backup link - To Secondary router
  interface em1 { metric 100 }
  interface em0
  # customer interfaces to advertise

interface carp3
interface carp4
interface carp6
interface carp7
interface carp8
interface carp9
interface carp10
interface carp11
interface carp12
interface carp13
interface carp14
interface carp15
interface carp161
interface carp192
interface carp194
interface carp203
interface carp204
interface carp205
interface carp206
interface carp208
interface carp212
interface carp217
interface carp223
interface carp314
interface carp315
interface carp316
interface carp317
interface carp318
interface carp321
interface carp322
interface carp323
interface carp324
interface carp325
interface carp326
interface carp327
interface carp328
interface carp329
interface carp330
interface carp331
interface carp332
interface carp333
interface carp334
interface carp400
}

Check that the configuration is good:
# ospfd -n
configuration OK
Issue a reload:
# ospfctl reload
# tail /var/log/messages
Aug 27 11:36:39 sfw2 ospfd[12857]: configuration reload failed

I then kill the process, restart it, and everything works fine:
# ospfctl sh int
Interface   Address            State  HelloTimer Linkstate  Uptime    nc  ac
carp400     a.b.x.d/28   DOWN   7101w3d0   master     00:00:00   0   0
carp334     a.b.y.d/25  DOWN   7101w3d0   backup     00:00:00   0   0
carp333     a.b.z.d/28    DOWN   7101w3d0   backup     00:00:00   0   0
carp192     a.b.j.d/27   DOWN    7101w3d0   backup     00:00:00   0   0
[...etc...]
em0         1.2.3.4/26  DR     00:00:00   active     00:1:10   0   0
em1         5.6.7.8/30  BCKUP  00:00:09   active     00:1:10   1   1
em3         9.10.11.12/30  DR     00:00:04   active     00:1:10   1   1

Of course killing the ospf process while the firewall is in production
is not desiderable, and I'd really prefer to avoid it. Am I missing
something?

Cheers,
--
I'm Winston Wolf, I solve problems.