From owner-freebsd-net@freebsd.org Sun Dec 11 06:01:10 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5344BC715DA for ; Sun, 11 Dec 2016 06:01:10 +0000 (UTC) (envelope-from dkleinh@phy.ucsf.edu) Received: from mail.cin.ucsf.edu (ns.cin.ucsf.edu [169.230.188.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 37F2A773 for ; Sun, 11 Dec 2016 06:01:09 +0000 (UTC) (envelope-from dkleinh@phy.ucsf.edu) Received: by mail.cin.ucsf.edu (Postfix, from userid 33) id C887D140D26; Sat, 10 Dec 2016 21:54:05 -0800 (PST) Received: from adsl-71-131-0-97.dsl.sntc01.pacbell.net (adsl-71-131-0-97.dsl.sntc01.pacbell.net [71.131.0.97]) by keck.ucsf.edu (Horde Framework) with HTTP; Sat, 10 Dec 2016 21:54:05 -0800 Message-ID: <20161210215405.886061vp9d04ld6l@keck.ucsf.edu> Date: Sat, 10 Dec 2016 21:54:05 -0800 From: dkleinh@phy.ucsf.edu To: freebsd-net@freebsd.org Subject: tcp between tap interfaces MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.11) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Dec 2016 06:01:10 -0000 I'm trying to setup a private testing environment using the bhyve hypervisor and some virtual machines connected with tap interfaces to a bridge. My network configuration for this environment looks like this: I have a bridge interface with 5 tap interfaces, but no real interface as this is to be virtual. The bridge interface has interface: 192.168.1.1 This is the gateway for the VMs. Each tap interface on the (virtual) bridge to each VM is on the 192.168.1.0/24 network. I nat the private network out through a real interface on the host. I use the pf packet filter and nat is working great, each VM can connect out to the world. The host can connect into each VM through the bridge and icmp and udp seem to work great between the VMs on the private network, but tcp does not seem to work. That is, I cannot ssh between the VMs, but ping works and I've setup a DNS server on one of the VMs and that works for resolving the different private VM host names and external names. The host can ssh into each VM OK. I'm totally at a loss where to go with this. I'm running FreeBSD 10.1 on the host. From owner-freebsd-net@freebsd.org Sun Dec 11 09:14:24 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DA7FEC726F3 for ; Sun, 11 Dec 2016 09:14:24 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 795A4FCD; Sun, 11 Dec 2016 09:14:23 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id uBB9E73D010099 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 11 Dec 2016 10:14:08 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: ae@FreeBSD.org Received: from [10.58.0.10] (dadvw [10.58.0.10]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id uBB9DwCP069160 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 11 Dec 2016 16:13:58 +0700 (KRAT) (envelope-from eugen@grosbein.net) Subject: Re: [RFC/RFT] projects/ipsec To: "Andrey V. Elsukov" , freebsd-net@FreeBSD.org References: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> From: Eugene Grosbein Message-ID: <584D18D1.8090400@grosbein.net> Date: Sun, 11 Dec 2016 16:13:53 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Dec 2016 09:14:25 -0000 11.12.2016 6:07, Andrey V. Elsukov пишет: > * use transport mode IPsec for forwarded IPv4 packets now unsupported. > This matches the IPv6 behavior, and since we can handle the replies, I > think it is useless. Does it include a case of packets going from LAN and forwarded into gif(4) tunnel connected to remote IPSEC gateway and encrypted with transport mode? That is, will this configuration break? Eugene From owner-freebsd-net@freebsd.org Sun Dec 11 11:34:20 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0CA4BC72121 for ; Sun, 11 Dec 2016 11:34:20 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from butcher-nb.yandex.net (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) by mx1.freebsd.org (Postfix) with ESMTP id 4355E1099; Sun, 11 Dec 2016 11:34:19 +0000 (UTC) (envelope-from ae@FreeBSD.org) Subject: Re: [RFC/RFT] projects/ipsec To: Eugene Grosbein , freebsd-net@FreeBSD.org References: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> <584D18D1.8090400@grosbein.net> From: "Andrey V. Elsukov" Message-ID: <36fa749c-f284-1d96-704c-b7118a574dd0@FreeBSD.org> Date: Sun, 11 Dec 2016 14:33:43 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <584D18D1.8090400@grosbein.net> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="AbDHjIgxxd6SerGnmaXIOHU7GJJe0v8DR" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Dec 2016 11:34:20 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --AbDHjIgxxd6SerGnmaXIOHU7GJJe0v8DR Content-Type: multipart/mixed; boundary="HRXvULsnAqHhvVG8SIp2hBFjetsJDFlbj"; protected-headers="v1" From: "Andrey V. Elsukov" To: Eugene Grosbein , freebsd-net@FreeBSD.org Message-ID: <36fa749c-f284-1d96-704c-b7118a574dd0@FreeBSD.org> Subject: Re: [RFC/RFT] projects/ipsec References: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> <584D18D1.8090400@grosbein.net> In-Reply-To: <584D18D1.8090400@grosbein.net> --HRXvULsnAqHhvVG8SIp2hBFjetsJDFlbj Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 11.12.2016 12:13, Eugene Grosbein wrote: > 11.12.2016 6:07, Andrey V. Elsukov =D0=BF=D0=B8=D1=88=D0=B5=D1=82: >=20 >> * use transport mode IPsec for forwarded IPv4 packets now unsupported.= >> This matches the IPv6 behavior, and since we can handle the replies, I= >> think it is useless. >=20 > Does it include a case of packets going from LAN and forwarded into > gif(4) tunnel > connected to remote IPSEC gateway and encrypted with transport mode? >=20 > That is, will this configuration break? No. An encapsulated by gif(4) packet is considered as own packet. The described change is related to transport mode policies, that are match forwarded packets, i.e. when source and destination addresses are not our own. In this case we can't handle the returned packets. --=20 WBR, Andrey V. Elsukov --HRXvULsnAqHhvVG8SIp2hBFjetsJDFlbj-- --AbDHjIgxxd6SerGnmaXIOHU7GJJe0v8DR Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEsBAEBCAAWBQJYTTmXDxxhZUBmcmVlYnNkLm9yZwAKCRABxeoEEMihejlKB/91 4n77xTT77u8yX4QEr9g8mhnb/4RnAyowFYKE2S8c93eK4D9GIac55y21Im+MQws5 zBvfW9vTcJJ5oOZscgYnzMd3uomPxxeDY5IBrQlj0bIW6fobt8/1wDfvZ3edZUx4 f9oLBQaPUIptdOjDEFVponFMrJw2338xULkn0fEpPeS1hwkda/Tn6CHjCLWC00dh 5gUlCfCB6ppdcPWmsXwAzK6E7r3Kl0secwipdyJlYGMZAkGb26g3NTRP0buqdkNp TbNkJeq769diuecDaCKilQCQHWhExsIrj9sBMtz4Ka4Ad2QxzB6Xgxl4mell33WJ UHJc+8J1YKaD1GqlLwBG =4oOc -----END PGP SIGNATURE----- --AbDHjIgxxd6SerGnmaXIOHU7GJJe0v8DR-- From owner-freebsd-net@freebsd.org Sun Dec 11 11:58:14 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D4BDBC726D8 for ; Sun, 11 Dec 2016 11:58:14 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 989D4189C; Sun, 11 Dec 2016 11:58:14 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1cG2lW-0003Ix-Lt; Sun, 11 Dec 2016 14:58:02 +0300 Date: Sun, 11 Dec 2016 14:58:02 +0300 From: Slawa Olhovchenkov To: "Andrey V. Elsukov" Cc: Eugene Grosbein , freebsd-net@FreeBSD.org Subject: Re: [RFC/RFT] projects/ipsec Message-ID: <20161211115802.GD31311@zxy.spb.ru> References: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> <584D18D1.8090400@grosbein.net> <36fa749c-f284-1d96-704c-b7118a574dd0@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <36fa749c-f284-1d96-704c-b7118a574dd0@FreeBSD.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Dec 2016 11:58:14 -0000 On Sun, Dec 11, 2016 at 02:33:43PM +0300, Andrey V. Elsukov wrote: > On 11.12.2016 12:13, Eugene Grosbein wrote: > > 11.12.2016 6:07, Andrey V. Elsukov : > > > >> * use transport mode IPsec for forwarded IPv4 packets now unsupported. > >> This matches the IPv6 behavior, and since we can handle the replies, I > >> think it is useless. > > > > Does it include a case of packets going from LAN and forwarded into > > gif(4) tunnel > > connected to remote IPSEC gateway and encrypted with transport mode? > > > > That is, will this configuration break? > > No. An encapsulated by gif(4) packet is considered as own packet. The > described change is related to transport mode policies, that are match > forwarded packets, i.e. when source and destination addresses are not > our own. In this case we can't handle the returned packets. What difference with source packets? Whu you can handle sourced and can't handle returned packets? From owner-freebsd-net@freebsd.org Sun Dec 11 12:10:04 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E4C56C6F2E5 for ; Sun, 11 Dec 2016 12:10:04 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from butcher-nb.yandex.net (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) by mx1.freebsd.org (Postfix) with ESMTP id ED80686; Sun, 11 Dec 2016 12:10:03 +0000 (UTC) (envelope-from ae@FreeBSD.org) Subject: Re: [RFC/RFT] projects/ipsec To: Slawa Olhovchenkov References: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> <584D18D1.8090400@grosbein.net> <36fa749c-f284-1d96-704c-b7118a574dd0@FreeBSD.org> <20161211115802.GD31311@zxy.spb.ru> Cc: freebsd-net@FreeBSD.org, Eugene Grosbein From: "Andrey V. Elsukov" Message-ID: <4f8ad6e3-8028-8656-d286-caa391960632@FreeBSD.org> Date: Sun, 11 Dec 2016 15:09:28 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <20161211115802.GD31311@zxy.spb.ru> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="364mLvVx6ANsJmdcdTHvNNwnwCoRRFGCv" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Dec 2016 12:10:05 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --364mLvVx6ANsJmdcdTHvNNwnwCoRRFGCv Content-Type: multipart/mixed; boundary="W562hrvHdf2wfMdWHGdhiq4ncUO4EcnUW"; protected-headers="v1" From: "Andrey V. Elsukov" To: Slawa Olhovchenkov Cc: freebsd-net@FreeBSD.org, Eugene Grosbein Message-ID: <4f8ad6e3-8028-8656-d286-caa391960632@FreeBSD.org> Subject: Re: [RFC/RFT] projects/ipsec References: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> <584D18D1.8090400@grosbein.net> <36fa749c-f284-1d96-704c-b7118a574dd0@FreeBSD.org> <20161211115802.GD31311@zxy.spb.ru> In-Reply-To: <20161211115802.GD31311@zxy.spb.ru> --W562hrvHdf2wfMdWHGdhiq4ncUO4EcnUW Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 11.12.2016 14:58, Slawa Olhovchenkov wrote: >> No. An encapsulated by gif(4) packet is considered as own packet. The >> described change is related to transport mode policies, that are match= >> forwarded packets, i.e. when source and destination addresses are not >> our own. In this case we can't handle the returned packets. >=20 > What difference with source packets? > Whu you can handle sourced and can't handle returned packets? IPsec is a set of protocol handlers - ESP/AH/IPcomp. Inbound packets are handled by security association with given destination address and SPI. If returned packets aren't destined to your address, protocol handlers will not handle them. Outbound packets are handled by matching security policy. A needed security association are looking using the address selector from security policy. If security association that matches to a packet is found, a packet will be handled by protocol handler. --=20 WBR, Andrey V. Elsukov --W562hrvHdf2wfMdWHGdhiq4ncUO4EcnUW-- --364mLvVx6ANsJmdcdTHvNNwnwCoRRFGCv Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEsBAEBCAAWBQJYTUH4DxxhZUBmcmVlYnNkLm9yZwAKCRABxeoEEMiheqXhB/9a 6mRzs8M5VqiLWk+3DbOaLYNK+kVBcZfaKu+TFMatViI2emu/NlFtkEZCKmCaNhuf AcmUT/5lelMv7wHp4JKdIW3msL9JC6uy6QoevJu3rTBN7PKOV1309WkMEHQ/O6Pm f1lqvROvZZAuy+CFICh0nDbkC1v80HSXUo6VBh6SnADcKPsX/Ot8KrTqJsayhb+a q3a0sC8qjuBEGbzfpB2dhegUPOma3QTxAd5P5ebsd1Ta9RXQQDz/ycKwcxz4Yxbl Z2IwnZtBwp5kn2jLDHVMSc+K7DqKdxnhl0k4YYr6qbaYHGa2i3rn1KjEg8I6vacV f2PfDEns5i3kCyhA+4Dk =LPWo -----END PGP SIGNATURE----- --364mLvVx6ANsJmdcdTHvNNwnwCoRRFGCv-- From owner-freebsd-net@freebsd.org Sun Dec 11 12:15:17 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6365FC6F67B for ; Sun, 11 Dec 2016 12:15:17 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2640482E; Sun, 11 Dec 2016 12:15:17 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1cG32B-0003op-7V; Sun, 11 Dec 2016 15:15:15 +0300 Date: Sun, 11 Dec 2016 15:15:15 +0300 From: Slawa Olhovchenkov To: "Andrey V. Elsukov" Cc: freebsd-net@FreeBSD.org, Eugene Grosbein Subject: Re: [RFC/RFT] projects/ipsec Message-ID: <20161211121515.GE31311@zxy.spb.ru> References: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> <584D18D1.8090400@grosbein.net> <36fa749c-f284-1d96-704c-b7118a574dd0@FreeBSD.org> <20161211115802.GD31311@zxy.spb.ru> <4f8ad6e3-8028-8656-d286-caa391960632@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4f8ad6e3-8028-8656-d286-caa391960632@FreeBSD.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Dec 2016 12:15:17 -0000 On Sun, Dec 11, 2016 at 03:09:28PM +0300, Andrey V. Elsukov wrote: > On 11.12.2016 14:58, Slawa Olhovchenkov wrote: > >> No. An encapsulated by gif(4) packet is considered as own packet. The > >> described change is related to transport mode policies, that are match > >> forwarded packets, i.e. when source and destination addresses are not > >> our own. In this case we can't handle the returned packets. > > > > What difference with source packets? > > Whu you can handle sourced and can't handle returned packets? > > IPsec is a set of protocol handlers - ESP/AH/IPcomp. Inbound packets are > handled by security association with given destination address and SPI. > If returned packets aren't destined to your address, protocol handlers > will not handle them. SA can't contains not may address? Surpised to me. Or I missunderstund you. > Outbound packets are handled by matching security policy. A needed > security association are looking using the address selector from > security policy. If security association that matches to a packet is > found, a packet will be handled by protocol handler. > > -- > WBR, Andrey V. Elsukov > From owner-freebsd-net@freebsd.org Sun Dec 11 12:20:00 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3B711C6FB7F for ; Sun, 11 Dec 2016 12:20:00 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from butcher-nb.yandex.net (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) by mx1.freebsd.org (Postfix) with ESMTP id 3D43FC4A; Sun, 11 Dec 2016 12:19:59 +0000 (UTC) (envelope-from ae@FreeBSD.org) Subject: Re: [RFC/RFT] projects/ipsec To: Slawa Olhovchenkov References: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> <584D18D1.8090400@grosbein.net> <36fa749c-f284-1d96-704c-b7118a574dd0@FreeBSD.org> <20161211115802.GD31311@zxy.spb.ru> <4f8ad6e3-8028-8656-d286-caa391960632@FreeBSD.org> <20161211121515.GE31311@zxy.spb.ru> Cc: freebsd-net@FreeBSD.org, Eugene Grosbein From: "Andrey V. Elsukov" Message-ID: Date: Sun, 11 Dec 2016 15:19:24 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <20161211121515.GE31311@zxy.spb.ru> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="9KAPLNeNr92J9KNrioIB36OTBN89TQiol" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Dec 2016 12:20:00 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --9KAPLNeNr92J9KNrioIB36OTBN89TQiol Content-Type: multipart/mixed; boundary="4DT7ETlMixknbAu8Uc44TvtcFhPMkB6IC"; protected-headers="v1" From: "Andrey V. Elsukov" To: Slawa Olhovchenkov Cc: freebsd-net@FreeBSD.org, Eugene Grosbein Message-ID: Subject: Re: [RFC/RFT] projects/ipsec References: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> <584D18D1.8090400@grosbein.net> <36fa749c-f284-1d96-704c-b7118a574dd0@FreeBSD.org> <20161211115802.GD31311@zxy.spb.ru> <4f8ad6e3-8028-8656-d286-caa391960632@FreeBSD.org> <20161211121515.GE31311@zxy.spb.ru> In-Reply-To: <20161211121515.GE31311@zxy.spb.ru> --4DT7ETlMixknbAu8Uc44TvtcFhPMkB6IC Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 11.12.2016 15:15, Slawa Olhovchenkov wrote: >> IPsec is a set of protocol handlers - ESP/AH/IPcomp. Inbound packets a= re >> handled by security association with given destination address and SPI= =2E >> If returned packets aren't destined to your address, protocol handlers= >> will not handle them. >=20 > SA can't contains not may address? Surpised to me. > Or I missunderstund you. You can specify what you want, but this just will not work as you expect. A router usually must not handle all TCP sessions that it forwards. It routes IP packets, but it doesn't invoke tcp_input() for each TCP packet that it sees. --=20 WBR, Andrey V. Elsukov --4DT7ETlMixknbAu8Uc44TvtcFhPMkB6IC-- --9KAPLNeNr92J9KNrioIB36OTBN89TQiol Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEsBAEBCAAWBQJYTURMDxxhZUBmcmVlYnNkLm9yZwAKCRABxeoEEMihesDmB/9B kaDYY8KKV0YOICCG2bjn18qN4F/OoBi4jamEJzCRGgkDME8+H3LE/Ox7YUdJ80Qm BI2hivhwZmWwa9zpA+dnVJI8YwF2tGewS9ZrLTp2b2aDM4FyOt8JmnQ7wOebQz5G 3/y6XsvtplFjS3svumgNFIxm4T+qgLG8VNjZEANU/g0j9qwI7HIc7I8Hr+4wUGj3 5GhbcxuYhOTZiGW5+kVOh8mbD//MjJGTJ0a7e6dGOnXoHZpGFV+sROkGddq1jAXO XwqoDcvbniUP6XaXdoWDSz0gsU/E7Zai6cAE/bdUrhA5YemcsrK1dpmU2uLnkDh1 Bu6sIn8xmyAoT8Ut6bX/ =EtxY -----END PGP SIGNATURE----- --9KAPLNeNr92J9KNrioIB36OTBN89TQiol-- From owner-freebsd-net@freebsd.org Sun Dec 11 12:50:07 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 80F40C70858 for ; Sun, 11 Dec 2016 12:50:07 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 43BC91ABB; Sun, 11 Dec 2016 12:50:07 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1cG3Zt-0004qx-3e; Sun, 11 Dec 2016 15:50:05 +0300 Date: Sun, 11 Dec 2016 15:50:05 +0300 From: Slawa Olhovchenkov To: "Andrey V. Elsukov" Cc: freebsd-net@FreeBSD.org, Eugene Grosbein Subject: Re: [RFC/RFT] projects/ipsec Message-ID: <20161211125004.GF31311@zxy.spb.ru> References: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> <584D18D1.8090400@grosbein.net> <36fa749c-f284-1d96-704c-b7118a574dd0@FreeBSD.org> <20161211115802.GD31311@zxy.spb.ru> <4f8ad6e3-8028-8656-d286-caa391960632@FreeBSD.org> <20161211121515.GE31311@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Dec 2016 12:50:07 -0000 On Sun, Dec 11, 2016 at 03:19:24PM +0300, Andrey V. Elsukov wrote: > On 11.12.2016 15:15, Slawa Olhovchenkov wrote: > >> IPsec is a set of protocol handlers - ESP/AH/IPcomp. Inbound packets are > >> handled by security association with given destination address and SPI. > >> If returned packets aren't destined to your address, protocol handlers > >> will not handle them. > > > > SA can't contains not may address? Surpised to me. > > Or I missunderstund you. > > You can specify what you want, but this just will not work as you > expect. A router usually must not handle all TCP sessions that it You mean forward to IPSec system only packets with DST_IP = my_ip? I that case, why you talk only about not handled returned packets? Originated packets also don't address to me. > forwards. It routes IP packets, but it doesn't invoke tcp_input() for > each TCP packet that it sees. IPSec designed as router ignorance in all network devices I know. From owner-freebsd-net@freebsd.org Sun Dec 11 12:54:27 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 20595C70AEA for ; Sun, 11 Dec 2016 12:54:27 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from butcher-nb.yandex.net (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) by mx1.freebsd.org (Postfix) with ESMTP id 211E31E43; Sun, 11 Dec 2016 12:54:25 +0000 (UTC) (envelope-from ae@FreeBSD.org) Subject: Re: [RFC/RFT] projects/ipsec To: Slawa Olhovchenkov References: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> <584D18D1.8090400@grosbein.net> <36fa749c-f284-1d96-704c-b7118a574dd0@FreeBSD.org> <20161211115802.GD31311@zxy.spb.ru> <4f8ad6e3-8028-8656-d286-caa391960632@FreeBSD.org> <20161211121515.GE31311@zxy.spb.ru> <20161211125004.GF31311@zxy.spb.ru> Cc: freebsd-net@FreeBSD.org, Eugene Grosbein From: "Andrey V. Elsukov" Message-ID: Date: Sun, 11 Dec 2016 15:53:49 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <20161211125004.GF31311@zxy.spb.ru> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="OWwwP4iwO2dTkmWTBwRxJl9VS7pQWXgGX" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Dec 2016 12:54:27 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --OWwwP4iwO2dTkmWTBwRxJl9VS7pQWXgGX Content-Type: multipart/mixed; boundary="t3sUnOs3Hn5OXxi4cAXHTIheOoMTHFQ9j"; protected-headers="v1" From: "Andrey V. Elsukov" To: Slawa Olhovchenkov Cc: freebsd-net@FreeBSD.org, Eugene Grosbein Message-ID: Subject: Re: [RFC/RFT] projects/ipsec References: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> <584D18D1.8090400@grosbein.net> <36fa749c-f284-1d96-704c-b7118a574dd0@FreeBSD.org> <20161211115802.GD31311@zxy.spb.ru> <4f8ad6e3-8028-8656-d286-caa391960632@FreeBSD.org> <20161211121515.GE31311@zxy.spb.ru> <20161211125004.GF31311@zxy.spb.ru> In-Reply-To: <20161211125004.GF31311@zxy.spb.ru> --t3sUnOs3Hn5OXxi4cAXHTIheOoMTHFQ9j Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 11.12.2016 15:50, Slawa Olhovchenkov wrote: >> You can specify what you want, but this just will not work as you >> expect. A router usually must not handle all TCP sessions that it >=20 > You mean forward to IPSec system only packets with DST_IP =3D my_ip? > I that case, why you talk only about not handled returned packets? > Originated packets also don't address to me. I already described how it works and that you can configure what you want. https://lists.freebsd.org/pipermail/freebsd-net/2016-December/046616.ht= ml --=20 WBR, Andrey V. Elsukov --t3sUnOs3Hn5OXxi4cAXHTIheOoMTHFQ9j-- --OWwwP4iwO2dTkmWTBwRxJl9VS7pQWXgGX Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEsBAEBCAAWBQJYTUxeDxxhZUBmcmVlYnNkLm9yZwAKCRABxeoEEMihevWIB/4w 7agCdrCY7IiFkOPG+X4IevTIppeyzE1S6VOnXGr0rLFIwjjygkykJ85sNXCnGMjG /fHwpP+97sssMDvY3qR0QR/S0xCdNY4naNM4bkT7U4eX8AT0AHGcM/K+RfjvwdCC K+7JlMFEwPkKNQApBrRWEHXXhSy22n2kP+vCY5IYdLv375K5/UJdx+GZGlHyOiAb 7nDcuRN9vw030ZkHRT83dSDU6lJy2eO9TosQcor/PQkAKJK4QZ0Aq/CU8WV2Ju1I BonozereZPeZNY8p9y9hLMsF3bl/Kd07zhojnXHqPZJKZoR/yVUBD1wOEB0Nld8Q FGbN3f7lE3NSmbWEWPdq =h7eY -----END PGP SIGNATURE----- --OWwwP4iwO2dTkmWTBwRxJl9VS7pQWXgGX-- From owner-freebsd-net@freebsd.org Sun Dec 11 14:55:04 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2CE0EC71E7A for ; Sun, 11 Dec 2016 14:55:04 +0000 (UTC) (envelope-from tom.beard@public-internet.co.uk) Received: from relay01.mail.pblin.net (relay01.mail.pblin.net [80.82.244.144]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E7A04121A for ; Sun, 11 Dec 2016 14:55:02 +0000 (UTC) (envelope-from tom.beard@public-internet.co.uk) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=public-internet.co.uk; s=20150427; h=To:Date:Message-Id:Subject: Mime-Version:Content-Transfer-Encoding:Content-Type:From:Sender:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Sy5v7hYO3w6+VTwM8wo5ifXLcPEcKUpB4MEyqdxx7Gw=; b=ajKz1FGEepgJpSDBscW/ldKRC l+liAuUj7lO1stgHGzYv9vB4tkKNNVOwze8iXaTcP3LqOsDAkrmyPIxDUHZ+rqb/RPV5jbs6vDcN6 m4MtKnjbdCoMfepse5X4D8hqhGVVXuF9/0bG7ByofuAMpmnzMJHjviD62rqLdB3usB/e5DwOUAoCv Gi8nZ/W93Vi3fHcOGbX/IUfVSrCGWMaeXTzzsSPUatq6eerAUvQEVmh5KIdpnM02hveqS7dBROBNg oyFpxuSS2F7MYgIRh3vtPmtW9VxYyceGhtIz54IG8sta7SKIm6DUYsYK//zT+OqNpbfUZ3YHBycOK /AOf2ZETQ==; Received: from 33-254-82-80.in-addr.pblin.net ([80.82.254.33] helo=toms-macbook.lan) by relay01.mail.pblin.net with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.87) (envelope-from ) id 1cG5Md-0004PU-Jb for freebsd-net@freebsd.org; Sun, 11 Dec 2016 14:44:31 +0000 From: Tom Beard Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3257\)) Subject: bce vlan stripping limitations Message-Id: <1C233AAF-E7F3-4FE9-8936-A36F827F4137@public-internet.co.uk> Date: Sun, 11 Dec 2016 14:44:30 +0000 To: freebsd-net@freebsd.org X-Mailer: Apple Mail (2.3257) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Dec 2016 14:55:04 -0000 Hi all I=E2=80=99m having issues with vlan handling on a bce interface on = 11.0-RELEASE. =46rom what I=E2=80=99ve read, the bce driver supports = hardware vlan stripping and is indeed doing this. My intent was to = create a vlan interface bound to the bce interface and bridge this to a = tap interface to use with a bhyve VM (as below). =20 Outbound traffic from the VM is correctly bridged from tap1 to vlan1 = then tagged with vlan 304 and passed out on bce0 Inbound traffic tagged with vlan 304 on bce0 never makes it to vlan0. =46rom what I can tell this is caused by vlan stripping on the bce0 = interface and it looks like I can=E2=80=99t disable it leaving me with = little option but to buy a new network card. Can anyone validate that I=E2=80=99m correct here and this is a known = limitation or am I barking up completely the wrong tree? Thanks Tom bce0: mem = 0xda000000-0xdbffffff irq 36 at device 0.0 on pci1 bce0: flags=3D8943 = metric 0 mtu 1500 options=3D80028 ether 84:2b:2b:0b:b3:72 nd6 options=3D29 media: Ethernet autoselect (1000baseT ) status: active bridge1: flags=3D8843 metric 0 = mtu 1500 ether 02:eb:af:cf:7c:01 nd6 options=3D1 groups: bridge=20 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: tap1 flags=3D143 ifmaxaddr 0 port 11 priority 128 path cost 2000000 member: vlan1 flags=3D143 ifmaxaddr 0 port 9 priority 128 path cost 55 vlan1: flags=3D8102 metric 0 mtu 1500 ether 00:00:00:00:00:00 nd6 options=3D29 vlan: 0 vlanpcp: 0 parent interface: groups: vlan=20 tap1: flags=3D8943 = metric 0 mtu 1500 options=3D80000 ether 00:bd:3a:17:4c:02 nd6 options=3D29 media: Ethernet autoselect status: active groups: tap=20 Opened by PID 12880 From owner-freebsd-net@freebsd.org Sun Dec 11 15:27:09 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 80C22C7292C for ; Sun, 11 Dec 2016 15:27:09 +0000 (UTC) (envelope-from tom.beard@public-internet.co.uk) Received: from relay01.mail.pblin.net (relay01.mail.pblin.net [80.82.244.144]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 45DDD77D for ; Sun, 11 Dec 2016 15:27:08 +0000 (UTC) (envelope-from tom.beard@public-internet.co.uk) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=public-internet.co.uk; s=20150427; h=Message-Id:In-Reply-To:To:References: Date:Subject:Mime-Version:Content-Transfer-Encoding:Content-Type:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=oQJwqtP4qMpaDEE6yKw+OoOncGKZkpc9gRkh2WP5Rlw=; b=KtaSGerhjKl1cgsW6lHlRsIQNP 1H69LV7ynHd0CPsU90mu3HmljmWKEVXCpoCCJNxA/5+cwM4MmUV+vQslmfdeJEJU37WtYpLCXhRow FgwBVRitLXpTyugnGHjCC5NEYik6Fr+tTykJkKHJi2p4mVjZXQ22z7oaEc+a94Jb/kI+iDLRu4B+f a1Bsr30QITs0YajDBkhPgZNizH3Nw7RvpWzGGoHfZ48qx5s/+9I1k6/SxgYngddblLmiu2X/fsjCa d0eXoW5p5Vo2zcK+g3SeuQsRJ+ueWxnEHlZaTTjomHkRa89uGU7h+eA5l3sbyuGGigsYld3WsnlD5 +fVAT4Xw==; Received: from 33-254-82-80.in-addr.pblin.net ([80.82.254.33] helo=toms-macbook.lan) by relay01.mail.pblin.net with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.87) (envelope-from ) id 1cG61r-0007yH-99 for freebsd-net@freebsd.org; Sun, 11 Dec 2016 15:27:07 +0000 From: Tom Beard Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3257\)) Subject: Re: bce vlan stripping limitations Date: Sun, 11 Dec 2016 15:27:06 +0000 References: <1C233AAF-E7F3-4FE9-8936-A36F827F4137@public-internet.co.uk> To: freebsd-net@freebsd.org In-Reply-To: <1C233AAF-E7F3-4FE9-8936-A36F827F4137@public-internet.co.uk> Message-Id: X-Mailer: Apple Mail (2.3257) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Dec 2016 15:27:09 -0000 Keen observers will have noticed that I pasted the output from the wrong = vlan1. The correct output is below. vlan1: flags=3D8942 metric = 0 mtu 1500 ether 84:2b:2b:0b:b3:72 nd6 options=3D29 media: Ethernet autoselect (1000baseT ) status: active vlan: 304 vlanpcp: 0 parent interface: bce0 groups: vlan=20 > On 11 Dec 2016, at 14:44, Tom Beard via freebsd-net = wrote: >=20 > Hi all >=20 > I=E2=80=99m having issues with vlan handling on a bce interface on = 11.0-RELEASE. =46rom what I=E2=80=99ve read, the bce driver supports = hardware vlan stripping and is indeed doing this. My intent was to = create a vlan interface bound to the bce interface and bridge this to a = tap interface to use with a bhyve VM (as below). =20 >=20 > Outbound traffic from the VM is correctly bridged from tap1 to vlan1 = then tagged with vlan 304 and passed out on bce0 >=20 > Inbound traffic tagged with vlan 304 on bce0 never makes it to vlan0. >=20 > =46rom what I can tell this is caused by vlan stripping on the bce0 = interface and it looks like I can=E2=80=99t disable it leaving me with = little option but to buy a new network card. >=20 > Can anyone validate that I=E2=80=99m correct here and this is a known = limitation or am I barking up completely the wrong tree? >=20 > Thanks > Tom >=20 > bce0: mem = 0xda000000-0xdbffffff irq 36 at device 0.0 on pci1 >=20 > bce0: flags=3D8943 = metric 0 mtu 1500 > options=3D80028 > ether 84:2b:2b:0b:b3:72 > nd6 options=3D29 > media: Ethernet autoselect (1000baseT ) > status: active >=20 > bridge1: flags=3D8843 metric 0 = mtu 1500 > ether 02:eb:af:cf:7c:01 > nd6 options=3D1 > groups: bridge=20 > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > member: tap1 flags=3D143 > ifmaxaddr 0 port 11 priority 128 path cost 2000000 > member: vlan1 flags=3D143 > ifmaxaddr 0 port 9 priority 128 path cost 55 >=20 > vlan1: flags=3D8102 metric 0 mtu 1500 > ether 00:00:00:00:00:00 > nd6 options=3D29 > vlan: 0 vlanpcp: 0 parent interface: > groups: vlan=20 >=20 > tap1: flags=3D8943 = metric 0 mtu 1500 > options=3D80000 > ether 00:bd:3a:17:4c:02 > nd6 options=3D29 > media: Ethernet autoselect > status: active > groups: tap=20 > Opened by PID 12880 >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@freebsd.org Sun Dec 11 15:28:10 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E1EB7C729FC for ; Sun, 11 Dec 2016 15:28:10 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9FA8A89C; Sun, 11 Dec 2016 15:28:10 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1cG62o-0009UK-Kj; Sun, 11 Dec 2016 18:28:06 +0300 Date: Sun, 11 Dec 2016 18:28:06 +0300 From: Slawa Olhovchenkov To: "Andrey V. Elsukov" Cc: freebsd-net@FreeBSD.org, Eugene Grosbein Subject: Re: [RFC/RFT] projects/ipsec Message-ID: <20161211152806.GG31311@zxy.spb.ru> References: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> <584D18D1.8090400@grosbein.net> <36fa749c-f284-1d96-704c-b7118a574dd0@FreeBSD.org> <20161211115802.GD31311@zxy.spb.ru> <4f8ad6e3-8028-8656-d286-caa391960632@FreeBSD.org> <20161211121515.GE31311@zxy.spb.ru> <20161211125004.GF31311@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Dec 2016 15:28:11 -0000 On Sun, Dec 11, 2016 at 03:53:49PM +0300, Andrey V. Elsukov wrote: > On 11.12.2016 15:50, Slawa Olhovchenkov wrote: > >> You can specify what you want, but this just will not work as you > >> expect. A router usually must not handle all TCP sessions that it > > > > You mean forward to IPSec system only packets with DST_IP = my_ip? > > I that case, why you talk only about not handled returned packets? > > Originated packets also don't address to me. > > I already described how it works and that you can configure what > you want. > > https://lists.freebsd.org/pipermail/freebsd-net/2016-December/046616.html This is don't clean about "we can't handle the returned packets". If we can handle originated packets (encryped by outbound police, yes?) what is problem handle returned packets by other outbound police and decrypt it? From owner-freebsd-net@freebsd.org Sun Dec 11 15:30:19 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 06063C72B6F for ; Sun, 11 Dec 2016 15:30:19 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from butcher-nb.yandex.net (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) by mx1.freebsd.org (Postfix) with ESMTP id 0F2BD9E2; Sun, 11 Dec 2016 15:30:17 +0000 (UTC) (envelope-from ae@FreeBSD.org) Subject: Re: [RFC/RFT] projects/ipsec To: Slawa Olhovchenkov References: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> <584D18D1.8090400@grosbein.net> <36fa749c-f284-1d96-704c-b7118a574dd0@FreeBSD.org> <20161211115802.GD31311@zxy.spb.ru> <4f8ad6e3-8028-8656-d286-caa391960632@FreeBSD.org> <20161211121515.GE31311@zxy.spb.ru> <20161211125004.GF31311@zxy.spb.ru> <20161211152806.GG31311@zxy.spb.ru> Cc: freebsd-net@FreeBSD.org, Eugene Grosbein From: "Andrey V. Elsukov" Message-ID: <93a5c244-baf4-834b-039a-724386aecd3d@FreeBSD.org> Date: Sun, 11 Dec 2016 18:29:42 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <20161211152806.GG31311@zxy.spb.ru> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="GOfenFh5GVI1N6r33ngU2gxfvCtkTcOaV" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Dec 2016 15:30:19 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --GOfenFh5GVI1N6r33ngU2gxfvCtkTcOaV Content-Type: multipart/mixed; boundary="f7xVhFrdTnnjDaVLqhLAnfFLgnvp1eDAl"; protected-headers="v1" From: "Andrey V. Elsukov" To: Slawa Olhovchenkov Cc: freebsd-net@FreeBSD.org, Eugene Grosbein Message-ID: <93a5c244-baf4-834b-039a-724386aecd3d@FreeBSD.org> Subject: Re: [RFC/RFT] projects/ipsec References: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> <584D18D1.8090400@grosbein.net> <36fa749c-f284-1d96-704c-b7118a574dd0@FreeBSD.org> <20161211115802.GD31311@zxy.spb.ru> <4f8ad6e3-8028-8656-d286-caa391960632@FreeBSD.org> <20161211121515.GE31311@zxy.spb.ru> <20161211125004.GF31311@zxy.spb.ru> <20161211152806.GG31311@zxy.spb.ru> In-Reply-To: <20161211152806.GG31311@zxy.spb.ru> --f7xVhFrdTnnjDaVLqhLAnfFLgnvp1eDAl Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 11.12.2016 18:28, Slawa Olhovchenkov wrote: >> I already described how it works and that you can configure what >> you want. >> >> https://lists.freebsd.org/pipermail/freebsd-net/2016-December/046616= =2Ehtml >=20 > This is don't clean about "we can't handle the returned packets". > If we can handle originated packets (encryped by outbound police, > yes?) what is problem handle returned packets by other outbound police > and decrypt it? Slawa, there are no problems, just do it :) --=20 WBR, Andrey V. Elsukov --f7xVhFrdTnnjDaVLqhLAnfFLgnvp1eDAl-- --GOfenFh5GVI1N6r33ngU2gxfvCtkTcOaV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEsBAEBCAAWBQJYTXDmDxxhZUBmcmVlYnNkLm9yZwAKCRABxeoEEMiheh+lB/4v VNzSyW1UyfzSpNtele/v8N6Bn7SeXh926/r41tAu9DfxS/El2uvP3Y+TjkNSi0zN G5bobvFzicyixxKYkxoPC2IUaCnlAFhDVbkSsOh7vFjxbwydXLsLjHQjwPyZ4DaE 3w98ISCbT+Lx4PEIWTdkd4Lxy3aBzDwpwDkVNSa6obAUWWbH7UpJodGT1UU9/ukU oiF07Y/mZ0wrL9h1ISXRhX0hEVjnmjihasV7RGKBoAGaHeJHWe97BWQZIb+1r3Nh NIk+SwhzLUzg5E0zYeQdSFsHtKZ0bz79kH6lLMlKTCBUs5hgaK55ONfJPAAcanjx c/atig/euJ6+GtBnSpmO =rLD6 -----END PGP SIGNATURE----- --GOfenFh5GVI1N6r33ngU2gxfvCtkTcOaV-- From owner-freebsd-net@freebsd.org Sun Dec 11 17:34:50 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DD148C7236A for ; Sun, 11 Dec 2016 17:34:50 +0000 (UTC) (envelope-from tetragir@fastmail.fm) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B26DE1EEC for ; Sun, 11 Dec 2016 17:34:50 +0000 (UTC) (envelope-from tetragir@fastmail.fm) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 9BC29207B7 for ; Sun, 11 Dec 2016 12:34:49 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute1.internal (MEProxy); Sun, 11 Dec 2016 12:34:49 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.fm; h= content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=xjVeXd2loxjO8Cm Gdk9OLI/IlqA=; b=cql6jncwLjoVg4wIgg4n7GecQI5LWS6F3kK3BjC0IRbQa2L cGkV0SF5y1YA1VomVrMFCMiWO5EXdiDEgY731ikdYSslrHfBV2kZ59P8Sp8LZbth aZPJD9+2Ip38p+I2thnEEVxXlW6dcO0Gd/yY/3dY9AEPc0R0v4M2ZUQX9hWc= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s= smtpout; bh=xjVeXd2loxjO8CmGdk9OLI/IlqA=; b=DRuNZK+oQlJmmP5IMWsM DwyLsAqr2bJtPl4Jtb8WYD1feOlb7NtT3fD0MyJ8grSvkfiH4LbVepIORlNSeJQ3 xuEpfAqR1RMvd4+1XUWN4aAbn7nOwwYmV1+cZeiOQIXvMC67yYhoLEYk26sMau7Z N0n/jbvmNzHf6Yu9eNR/4O4= X-ME-Sender: X-Sasl-enc: AfMOtUz96w+hO69Qd3wZbaMZq49PVaQxceBlmXTiEsev 1481477689 Received: from cerebro.tetragir.local (hsi-kbw-046-005-000-129.hsi8.kabel-badenwuerttemberg.de [46.5.0.129]) by mail.messagingengine.com (Postfix) with ESMTPA id 2C0477E808 for ; Sun, 11 Dec 2016 12:34:49 -0500 (EST) Message-ID: <1481477688.1299.6.camel@fastmail.fm> Subject: Re: bce vlan stripping limitations From: Daniel Tihanyi To: freebsd-net@freebsd.org Date: Sun, 11 Dec 2016 18:34:48 +0100 In-Reply-To: References: <1C233AAF-E7F3-4FE9-8936-A36F827F4137@public-internet.co.uk> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.22.2 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Dec 2016 17:34:51 -0000 Hi, Hardware VLAN stripping is not really what you need right now, you are looking for VLAN tagging. If a network interface can send and receive tagged packets, it looks something like this: %ifconfig em0 inet em0: flags=8843 metric 0 mtu 1500 options=4219b Despite the network interface not supporting hardware VLAN tagging you can still use VLANs, but it will be done in software. 1. Add the following line to /boot/loader.conf: if_vlan_load="YES" 2. Reboot, or load the kernel module manually: # kldload if_vlan 3. To create the VLAN interface, add the following line to /etc/rc.conf: vlans_bce0="304" ifconfig_bce0_304="up" This interface will be named named bce0.304 4. Add this interface to bridge1, again in /etc/rc.conf: cloned_interfaces="bridge1 tap1" ifconfig_bridge1="addm bce0.304 addm tap1" 5. Reboot, or issue this command: # service netif restart This way every packet coming from the bhyve guest will be tagged with VLAN 304 by the host and also every packet which comes tagged with VLAN 304 will be passed to tap1. Daniel On Sun, 2016-12-11 at 15:27 +0000, Tom Beard via freebsd-net wrote: > Keen observers will have noticed that I pasted the output from the > wrong vlan1.  The correct output is below. > > vlan1: flags=8942 metric > 0 mtu 1500 >         ether 84:2b:2b:0b:b3:72 >         nd6 options=29 >         media: Ethernet autoselect (1000baseT ) >         status: active >         vlan: 304 vlanpcp: 0 parent interface: bce0 >         groups: vlan  > > > On 11 Dec 2016, at 14:44, Tom Beard via freebsd-net > eebsd.org> wrote: > > > > Hi all > > > > I’m having issues with vlan handling on a bce interface on 11.0- > > RELEASE.  From what I’ve read, the bce driver supports hardware > > vlan stripping and is indeed doing this.  My intent was to create a > > vlan interface bound to the bce interface and bridge this to a tap > > interface to use with a bhyve VM (as below).   > > > > Outbound traffic from the VM is correctly bridged from tap1 to > > vlan1 then tagged with vlan 304 and passed out on bce0 > > > > Inbound traffic tagged with vlan 304 on bce0 never makes it to > > vlan0. > > > > From what I can tell this is caused by vlan stripping on the bce0 > > interface and it looks like I can’t disable it leaving me with > > little option but to buy a new network card. > > > > Can anyone validate that I’m correct here and this is a known > > limitation or am I barking up completely the wrong tree? > > > > Thanks > > Tom > > > > bce0: mem 0xda000000- > > 0xdbffffff irq 36 at device 0.0 on pci1 > > > > bce0: flags=8943 > > metric 0 mtu 1500 > >        options=80028 > >        ether 84:2b:2b:0b:b3:72 > >        nd6 options=29 > >        media: Ethernet autoselect (1000baseT ) > >        status: active > > > > bridge1: flags=8843 metric > > 0 mtu 1500 > >        ether 02:eb:af:cf:7c:01 > >        nd6 options=1 > >        groups: bridge  > >        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > >        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 > >        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > >        member: tap1 flags=143 > >                ifmaxaddr 0 port 11 priority 128 path cost 2000000 > >        member: vlan1 flags=143 > >                ifmaxaddr 0 port 9 priority 128 path cost 55 > > > > vlan1: flags=8102 metric 0 mtu 1500 > >        ether 00:00:00:00:00:00 > >        nd6 options=29 > >        vlan: 0 vlanpcp: 0 parent interface: > >        groups: vlan  > > > > tap1: flags=8943 > > metric 0 mtu 1500 > >        options=80000 > >        ether 00:bd:3a:17:4c:02 > >        nd6 options=29 > >        media: Ethernet autoselect > >        status: active > >        groups: tap  > >        Opened by PID 12880 > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.o > > rg" > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org > " From owner-freebsd-net@freebsd.org Sun Dec 11 21:00:44 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D03F7C726FA for ; Sun, 11 Dec 2016 21:00:44 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C372D9E for ; Sun, 11 Dec 2016 21:00:44 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBBL014L056066 for ; Sun, 11 Dec 2016 21:00:44 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201612112100.uBBL014L056066@kenobi.freebsd.org> From: bugzilla-noreply@FreeBSD.org To: freebsd-net@FreeBSD.org Subject: Problem reports for freebsd-net@FreeBSD.org that need special attention Date: Sun, 11 Dec 2016 21:00:44 +0000 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Dec 2016 21:00:45 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- In Progress | 165622 | [ndis][panic][patch] Unregistered use of FPU in k In Progress | 203422 | mpd/ppoe not working with re(4) with revision 285 In Progress | 206581 | bxe_ioctl_nvram handler is faulty New | 204438 | setsockopt() handling of kern.ipc.maxsockbuf limi New | 205592 | TCP processing in IPSec causes kernel panic New | 206053 | kqueue support code of netmap causes panic New | 213410 | [carp] service netif restart causes hang only whe Open | 148807 | [panic] "panic: sbdrop" and "panic: sbsndptr: soc Open | 193452 | Dell PowerEdge 210 II -- Kernel panic bce (broadc Open | 194485 | Userland cannot add IPv6 prefix routes Open | 194515 | Fatal Trap 12 Kernel with vimage Open | 199136 | [if_tap] Added down_on_close sysctl variable to t Open | 202510 | [CARP] advertisements sourced from CARP IP cause Open | 206544 | sendmsg(2) (sendto(2) too?) can fail with EINVAL; Open | 211031 | [panic] in ng_uncallout when argument is NULL Open | 211962 | bxe driver queue soft hangs and flooding tx_soft_ Open | 212018 | Enable IPSEC_NAT_T in GENERIC kernel configuratio 17 problems total for which you should take action. From owner-freebsd-net@freebsd.org Mon Dec 12 12:43:56 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CB465C73BC2 for ; Mon, 12 Dec 2016 12:43:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BA91C173F for ; Mon, 12 Dec 2016 12:43:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBCChtmv093480 for ; Mon, 12 Dec 2016 12:43:56 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 128030] [ipsec] Enable IPSec in GENERIC kernel configuration Date: Mon, 12 Dec 2016 12:43:55 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: feature, patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: gnn@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: gnn@FreeBSD.org X-Bugzilla-Flags: mfc-stable9? mfc-stable10? mfc-stable11? X-Bugzilla-Changed-Fields: resolution bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Dec 2016 12:43:56 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D128030 George V. Neville-Neil changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|In Progress |Closed --- Comment #29 from George V. Neville-Neil --- Any additional updates related to IPSEC can be their own PRs. The work spo= ken of here is now complete. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Dec 12 12:44:01 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9C10DC73BED for ; Mon, 12 Dec 2016 12:44:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8B6A21766 for ; Mon, 12 Dec 2016 12:44:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBCChtnZ093480 for ; Mon, 12 Dec 2016 12:44:01 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 212018] Enable IPSEC_NAT_T in GENERIC kernel configuration Date: Mon, 12 Dec 2016 12:44:01 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: dep_changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: feature, needs-patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: gnn@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: mfc-stable10? mfc-stable11? X-Bugzilla-Changed-Fields: bug_status resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Dec 2016 12:44:01 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212018 Bug 212018 depends on bug 128030, which changed state. Bug 128030 Summary: [ipsec] Enable IPSec in GENERIC kernel configuration https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D128030 What |Removed |Added ---------------------------------------------------------------------------- Status|In Progress |Closed Resolution|--- |FIXED --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 13 03:05:10 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B5A97C73DB1 for ; Tue, 13 Dec 2016 03:05:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A496D964 for ; Tue, 13 Dec 2016 03:05:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBD35A3U004149 for ; Tue, 13 Dec 2016 03:05:10 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 215256] FreeBSD 11.0 Problem with natd + carp Date: Tue, 13 Dec 2016 03:05:10 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: 11.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Dec 2016 03:05:10 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215256 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-net@FreeBSD.org CC|freebsd-amd64@FreeBSD.org | --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 13 13:45:51 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 77F45C742B2; Tue, 13 Dec 2016 13:45:51 +0000 (UTC) (envelope-from cochard@gmail.com) Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 207E48E3; Tue, 13 Dec 2016 13:45:51 +0000 (UTC) (envelope-from cochard@gmail.com) Received: by mail-wm0-x22d.google.com with SMTP id g23so110512796wme.1; Tue, 13 Dec 2016 05:45:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=eUCrU9y5ivlLpQNNxzv2J1kaNYPooHkG+3QgjP5xIL8=; b=s5zyGPI0sMuUKFdtSEoX8Htt2On3084p2QrCyFxUjoUo8JfjbmrbHdo/Xj8V7jhQPJ d8oQCDXdyj+asO8tWORRU9VIRNFrykhED15F3B0mB651z4NV5sX1RW3zEb01PFucuXhE pKFuNTNzkyyBieOA1YU5YAPH1csQnVaicZ2FfPM1Ca8ZxOPezjCl1/TLWfaU6mGRWoAm 5eSqCAmR/pUQYec9wDo7OeSo6C2yni/r95QSlDCluCCkJ59JuGXPeLjDCvmo5eYQyGqw b2kpGWVRfLTFcsijpQNWT6Rv0FLcm2QsG9P7z4x2UqCbtl+UjndV4FmsPgqG88YZzmqa WTtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=eUCrU9y5ivlLpQNNxzv2J1kaNYPooHkG+3QgjP5xIL8=; b=ZhhMxsRqGDfKfsTKCarGDQD7tucIjU9qC12F7vkgp4omaX0Go1piHaEVgTubjoxd8S HQouRrctALV7lDdRYpFYjioFMZtnpDgiwcEarvdrbaY7hRwgD9zf/f1LrWP/XozCr6eU fJBDt6Iln+XkdblnE6sg2yYn898wJ36dkQaNfTXOYyTlTFZSVReimmLDcU78PC5DWHlH FnUSrlXKQ38MOnz7zcb1CN9npXZeQvLXDoj0X+AYtyQL/Y8qh7r83ClqGZYL/tQzgoAF f4Kdk+pJVxSoZGtaEcBv/9jqpwPt+TNIEM2HPzEB8MdYKcMtMJZhI0Y31wroIC4z3wes XKyw== X-Gm-Message-State: AKaTC023wrjX3UG88mMqCc9xODMe2pYgLKdPzvyTYAAXmPlR+aLHpvJzPu95G/lYUswRCUED/Gkyz3AAjQwwvQ== X-Received: by 10.28.230.197 with SMTP id e66mr2888318wmi.12.1481636749447; Tue, 13 Dec 2016 05:45:49 -0800 (PST) MIME-Version: 1.0 Sender: cochard@gmail.com Received: by 10.194.14.197 with HTTP; Tue, 13 Dec 2016 05:45:28 -0800 (PST) In-Reply-To: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> References: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> From: =?UTF-8?Q?Olivier_Cochard=2DLabb=C3=A9?= Date: Tue, 13 Dec 2016 14:45:28 +0100 X-Google-Sender-Auth: 2i472WSMo25LPwPk4IWHNWCw86M Message-ID: Subject: Re: [RFC/RFT] projects/ipsec To: "Andrey V. Elsukov" Cc: "freebsd-current@freebsd.org" , "freebsd-net@freebsd.org" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Dec 2016 13:45:51 -0000 On Sun, Dec 11, 2016 at 12:07 AM, Andrey V. Elsukov wrote: > Hi All, > > I am pleased to announce that projects/ipsec, that I started several > months ago is ready for testing and review. > The main goals were: > * rework locking to make IPsec code more friendly for concurrent > processing; > * make lookup in SADB/SPDB faster; > * revise PFKEY implementation, remove stale code, make it closer > to RFC; > * implement IPsec VTI (virtual tunneling interface); > * make IPsec code loadable as kernel module. > > =E2=80=8BI've got a very simple configuration (static key),but I like the performance improvement brings by projects/ipsec :-) A simple packet-per-second using null encryption should be enough for benching the improvement, but my IPSec lab (using Equilibrium methodology) did a little more. https://github.com/ocochard/netbenches/blob/master/AMD_GX- 412TC_4Cores_Intel_i210AT/ipsec/results/fbsd12.projects- ipsec.equilibrium/graph.png Thanks for your work! Olivier From owner-freebsd-net@freebsd.org Tue Dec 13 21:05:24 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CDDBBC7659E for ; Tue, 13 Dec 2016 21:05:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BCEA11D1A for ; Tue, 13 Dec 2016 21:05:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBDL5OWa089682 for ; Tue, 13 Dec 2016 21:05:24 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 215101] [ixgbe] Intel X552 SFP+ fails to initialize when no SFP module is plugged in Date: Tue, 13 Dec 2016 21:05:24 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: IntelNetworking, patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: sbruno@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Dec 2016 21:05:24 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215101 Sean Bruno changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sbruno@FreeBSD.org --- Comment #1 from Sean Bruno --- Ah, interesting. I'll take a look at this one. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 13 21:05:31 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DD231C765B2 for ; Tue, 13 Dec 2016 21:05:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CC64C1D4D for ; Tue, 13 Dec 2016 21:05:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBDL5VGu089886 for ; Tue, 13 Dec 2016 21:05:31 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 215101] [ixgbe] Intel X552 SFP+ fails to initialize when no SFP module is plugged in Date: Tue, 13 Dec 2016 21:05:32 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: IntelNetworking, patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: sbruno@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: sbruno@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Dec 2016 21:05:32 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215101 Sean Bruno changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-net@FreeBSD.org |sbruno@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Dec 14 13:58:29 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3291EC77BAB for ; Wed, 14 Dec 2016 13:58:29 +0000 (UTC) (envelope-from rachel.watson564@gmail.com) Received: from mail-pf0-x244.google.com (mail-pf0-x244.google.com [IPv6:2607:f8b0:400e:c00::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 03B541ADE for ; Wed, 14 Dec 2016 13:58:29 +0000 (UTC) (envelope-from rachel.watson564@gmail.com) Received: by mail-pf0-x244.google.com with SMTP id c4so1233438pfb.3 for ; Wed, 14 Dec 2016 05:58:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:message-id:mime-version:thread-index :content-language; bh=xahll+snlX1IHusJ48Bt5qV5lKeo1pSZMmOw35kvM6U=; b=0cRLI5btvP/zBxMKZ57/UxMAg6iOl6Ib2k8V//WfLqwltxE6JzzZXbCQV/bXoyQ3sX h5YPGo80WrRu5EJV5jeGRbeHnQYoTdHomlYF+ofTodRTVoIi5JCfb1tmZDiwx0nN84kZ Ti+2eyVYfjadP4I+BONUpageXYKtRWnFtvj/a3IymhqA86aGF8vkoOD8MNnj72MGx25t Bj6O6zLIBLkANXUK2lH9kn0vnACTpQRfkrTDz0kayVXJHRwq8yVXxdft12PypCGY9QQI GGdu/D0ISNAT6PJdq+cQhOCSVPCvLtmDubfB+L+fWdRW+g8o6xG0Qk2AhSbgXlD29gEg 0rlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :thread-index:content-language; bh=xahll+snlX1IHusJ48Bt5qV5lKeo1pSZMmOw35kvM6U=; b=f6ob5QiwXJjBQ1NeDmzZFANu6k1KBi09bH6Hg0+3BqJEfdWQRyKGf+e1PVRtJTOBen nv30Ww4AiLqImK7vPuZCgGHAZymhAHSiuv/goBYjzFUzOQ4FK7w/aLR1o1tjnBqywcft Z03Sc9mtlLvDA4119MC1a+7UTLhOdngeAOMGHUGtN8iYyJXDtle6+kDLg1KzqvmijX3S o16Uunsx1bHO51B3VFyyobA3dpQ6J8iPORUSIutW2qfl9I0crNXtkmkUJz0Ng182ZLST ErmIvMI79Frjp/0SxE83xuNKJEbLAg+o79GV8LOSB2K1/RWP53pieJ2xjFB9WIsMQbAU xQhA== X-Gm-Message-State: AKaTC01mg4DVjCYcQ9uL/swai4Xhxhw10FVD+q1irbQCMa7yDMda4teVdkcU2qZQJ30BpA== X-Received: by 10.84.197.131 with SMTP id n3mr122100124pld.6.1481723908397; Wed, 14 Dec 2016 05:58:28 -0800 (PST) Received: from ShahFahedPC ([103.5.133.6]) by smtp.gmail.com with ESMTPSA id p1sm88279316pgc.29.2016.12.14.05.58.26 for (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 14 Dec 2016 05:58:27 -0800 (PST) From: "rachel.watson564" To: Subject: Re:Infor Users List Date: Wed, 14 Dec 2016 08:57:02 -0500 Message-ID: <0a5f01d25612$2a6b97a0$7f42c6e0$@gmail.com> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 15.0 Thread-Index: AdJWEWzz4oYJjA5FSZOXMX9OyccKhg== Content-Language: en-us Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Dec 2016 13:58:29 -0000 Hello, Would you be interested in acquiring newly updated Infor Users business contact database? Every contact from this database has completed verification on the 30th of Nov 2016 to give you 95%+ accuracy and ensure your message reaches the right contact from the right company. We only license this database 8 times a year, to ensure optimal email traffic to our subscribers so our clients can get the best results out of it. Please write back for further information or suggest a time for a convenient call. Appreciate your response. Thanks & regards, Rachel Watson Marketing Analyst From owner-freebsd-net@freebsd.org Wed Dec 14 16:52:48 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 52A74C80EE4; Wed, 14 Dec 2016 16:52:48 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: from elf.hq.norma.perm.ru (mail.norma.perm.ru [IPv6:2a00:7540:1::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.norma.perm.ru", Issuer "Vivat-Trade UNIX Root CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id D0B7B12ED; Wed, 14 Dec 2016 16:52:47 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: from [IPv6:2a02:2698:25:3ab8:f974:3d2c:f3c1:4d79] ([IPv6:2a02:2698:25:3ab8:f974:3d2c:f3c1:4d79]) (authenticated bits=0) by elf.hq.norma.perm.ru (8.15.2/8.15.2) with ESMTPSA id uBEGqgTj009311 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 14 Dec 2016 21:52:42 +0500 (YEKT) (envelope-from emz@norma.perm.ru) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=norma.perm.ru; s=key; t=1481734363; bh=cml99fktx70YHnro/pCyBFzELIlNv5MqJmtaQ1+UX5E=; h=Subject:To:References:From:Cc:Date:In-Reply-To; b=jO//swshNQeQ/YxbTeeiotghEUIISGlP7Cg7hr1k4NQPOm88HwBBgupt1URdAtVFM qixUMszRKlNk23mxCgP9cSAV+n9bWdMTsOi4hT1mUL3itniYyimQFlarQdx0a1GY6V D6vXKNXFNIHUZTwyzeJgN6+nJSBCwPehdr2DRmH8= Subject: Re: [RFC/RFT] projects/ipsec To: freebsd-current@freebsd.org References: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> From: "Eugene M. Zheganin" Cc: freebsd-net Message-ID: <5889f1f5-5585-95d4-beac-285dbc722b4e@norma.perm.ru> Date: Wed, 14 Dec 2016 21:52:43 +0500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: <2bd32791-944f-2417-41e9-e0fe1c705502@FreeBSD.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Dec 2016 16:52:48 -0000 Hi, On 11.12.2016 4:07, Andrey V. Elsukov wrote: > Hi All, > > I am pleased to announce that projects/ipsec, that I started several > months ago is ready for testing and review. > The main goals were: > * rework locking to make IPsec code more friendly for concurrent > processing; > * make lookup in SADB/SPDB faster; > * revise PFKEY implementation, remove stale code, make it closer > to RFC; > * implement IPsec VTI (virtual tunneling interface); > * make IPsec code loadable as kernel module. > > Currently all, except the last one is mostly done. So, I decided ask for > a help to test the what already done, while I will work on the last task. > Well, at last FreeBSD got one of the most anticipated features in it's ipsec stack. When I wrote the message in the freebsd-net ML in the middle of 2012 (https://lists.freebsd.org/pipermail/freebsd-net/2012-June/032556.html) I had a very little hope that someone will actually implement this, and now I'm very grateful that Andrey got the time to do this (and I'm really sorry for being such a pain in the ass, I'm saying so because I was bothering Andrey all this time in IRC). This isn't definitely a feature that every FreeBSD enthusiast will use, and, sadly, even not the feature that every network engineer that use ipsec in it's every day work will configure (many people still use obsoleted legacy interfaceless ipsec approach, not to mention weird and hybrid software routers like openvpn), but it's definitely a feature that will be appreciated by every skilled L3 VPN engineer that is using FreeBSD in it's operating stack. I've ran some tests in my production network and I should say that even on it's initial release state if_ipsec is fully operational with Juniper st tunnel on the other side, so I'm already running one FreeBSD <--> Juniper tunnel at my work: # ifconfig ipsec0 ipsec0: flags=8051 metric 0 mtu 1400 tunnel inet 128.127.144.19 --> 128.127.146.1 inet 172.16.3.104 --> 172.16.3.105 netmask 0xffffffff inet6 fe80::204:23ff:fec7:194d%ipsec0 prefixlen 64 scopeid 0x9 nd6 options=21 reqid: 16385 groups: ipsec racoon.conf: path pre_shared_key "/usr/local/etc/racoon/psk.txt"; padding { maximum_length 20; # maximum padding length. randomize off; # enable randomize length. strict_check off; # enable strict check. exclusive_tail off; # extract last one octet. } listen { isakmp 128.127.144.19 [500]; strict_address; # requires that all addresses must be bound. } timer { counter 5; interval 20 sec; persend 1; phase1 30 sec; phase2 15 sec; } # # SPb, Test # remote 128.127.146.1 { exchange_mode main; lifetime time 1 hour; my_identifier address 128.127.144.19; peers_identifier address 128.127.146.1; passive off; proposal_check obey; dpd_delay 20; proposal { encryption_algorithm des; hash_algorithm md5; authentication_method pre_shared_key; dh_group modp768; } } # # SPb, Test # sainfo address 0.0.0.0/0 [500] any address 0.0.0.0/0 [500] any { pfs_group modp768; lifetime time 60 min; encryption_algorithm des; authentication_algorithm non_auth; compression_algorithm deflate; } Juniper side: > show configuration interfaces st0.147 description "Perm, FreeBSD Test Server"; family inet { mtu 1455; address 172.16.3.105/32 { destination 172.16.3.104; } } > show configuration security ike policy kosm65 proposals norma-ike; pre-shared-key ascii-text "$9$-SV4ZUDkqPQUjBIclLXgoJUqf9CuESeAp-w2gGUjHqfQn"; ## SECRET-DATA > show configuration security ike gateway kosm65-freebsd-test ike-policy perm-freebsd-test; address 128.127.144.19; local-identity inet 128.127.146.1; remote-identity inet 128.127.144.19; external-interface reth1.2; > show configuration security ipsec vpn kosm65-freebsd-test bind-interface st0.147; ike { gateway kosm65-freebsd-test; ipsec-policy norma-policy; } > show configuration security ipsec policy norma-policy perfect-forward-secrecy { keys group1; } proposals norma-ipsec; > show configuration security ipsec proposal norma-ipsec protocol esp; encryption-algorithm des-cbc; lifetime-seconds 600; > show configuration security ike proposal norma-ike authentication-method pre-shared-keys; dh-group group1; authentication-algorithm md5; encryption-algorithm des-cbc; In it's initial state if_ipsec allows to use only one set of encryption parameters (because only one sainfo anonyumous is possible), so at this time it doesn't allow to create multiple tunnels with VPN hubs that use different cipers and/or transform sets, but as far as I understand this is subject to change and Andrey is already working on a support of this feature from ipsec-tools IKE daemon. But even in this state this feature is already useful and I'm excited to see it commited to HEAD and then MFC'd to 11.x, to start using it in my production network (as you may know, buiding gre/ipsec tunnels on Juniper is very hackish and tricky, bit I still have more than dozen of them). I've already saw a discussion on FreeBSD web forums, and people there are excited about if_ipsec too. Furthermore, I believe that guys using pfSense will be very happy about if_ipsec in their routers, because I saw several discussions mentioning missing VTI support there. It's very easy to configure, because it uses ifconfig syntax and it creates all the needed policies in the SADB automatically, so one less thing to bother with. And when I say "fully opertational with Juniper" I mean it: no tricky or hackish configuration directives are required oin the Juniper side, everything is like it's a Juniper or Cisco on the other side. So I'm pretty sure this will work with Cisco too (didn't run any test with Cisco though). Once again, I thank Andrey for this. Eugene. From owner-freebsd-net@freebsd.org Wed Dec 14 19:36:52 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F29F2C802D5 for ; Wed, 14 Dec 2016 19:36:52 +0000 (UTC) (envelope-from support@kanle.ru) Received: from mail.kanle.ru (mail.kanle.ru [31.41.46.170]) by mx1.freebsd.org (Postfix) with SMTP id 6FBB31B99 for ; Wed, 14 Dec 2016 19:36:45 +0000 (UTC) (envelope-from support@kanle.ru) Message-ID: <28D28E6881555FDC00054CFE2A8B768B@kanle.ru> From: =?windows-1251?B?1ODo7eA=?= To: Subject: =?windows-1251?B?zPsg8ODh7vLg5ewg7eAgwuD4IPPx7+X1Lg==?= Date: Thu, 15 Dec 2016 00:36:40 +0500 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; d=kanle.ru; s=mail; c=relaxed/relaxed; t=1481744200; h=message-id:from:to:subject:date:mime-version; bh=sfDtYN10gD9+hym/1mMXQKQU8yQhmHp6x9P73iLmRPA=; b=M12W4qCTy1Z2XS85JcST65Al1nKiE79bUK7CRuQrLzaCiFlOPnr8nXR69qsrzy 6ziCx98y3b+h8KQhBMUttW5mPq1Uo0DLJUFEDOynFvNPbBz1ODAdRcE+wFQoNmhJ SFNS9EdGkLuwAKTF648k82eXE3g4/n4x8JRIFtvPyDhV8= Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Dec 2016 19:36:53 -0000 @-=F0=E5=EA=EB=E0=EC=E0 =EF=EE =E2=FB=E3=EE=E4=ED=EE=E9 =F6=E5=ED=E5! =CF=EE=E4=F0=EE=E1=ED=EE=F1=F2=E8 =E2 =EF=F0=E8=F6=E5=EF=EA=E5 =EA =EF=E8= =F1=FC=EC=F3 From owner-freebsd-net@freebsd.org Wed Dec 14 21:30:17 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2CFF0C8051B for ; Wed, 14 Dec 2016 21:30:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1C61C1CBE for ; Wed, 14 Dec 2016 21:30:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBELUGWQ012304 for ; Wed, 14 Dec 2016 21:30:16 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 214832] if_pflog subrulenr incorrectly set Date: Wed, 14 Dec 2016 21:30:17 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: kp@freebsd.org X-Bugzilla-Flags: maintainer-feedback? mfc-stable9? mfc-stable10? mfc-stable11? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Dec 2016 21:30:17 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214832 --- Comment #6 from commit-hook@freebsd.org --- A commit references this bug: Author: kp Date: Wed Dec 14 21:29:12 UTC 2016 New revision: 310093 URL: https://svnweb.freebsd.org/changeset/base/310093 Log: MFC r309563: pflog: Correctly initialise subrulenr subrulenr is considered unset if it's set to -1, not if it's set to 1. See contrib/tcpdump/print-pflog.c pflog_print() for a user. This caused incorrect pflog output (tcpdump -n -e -ttt -i pflog0): rule 0..16777216(match) instead of the correct output of rule 0/0(match) PR: 214832 Submitted by: andywhite@gmail.com Changes: _U stable/11/ stable/11/sys/netpfil/pf/if_pflog.c --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Wed Dec 14 21:31:20 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 459FBC80640 for ; Wed, 14 Dec 2016 21:31:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 351431101 for ; Wed, 14 Dec 2016 21:31:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBELVJst018564 for ; Wed, 14 Dec 2016 21:31:20 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 214832] if_pflog subrulenr incorrectly set Date: Wed, 14 Dec 2016 21:31:20 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: kp@freebsd.org X-Bugzilla-Flags: maintainer-feedback? mfc-stable9? mfc-stable10? mfc-stable11? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Dec 2016 21:31:20 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214832 --- Comment #7 from commit-hook@freebsd.org --- A commit references this bug: Author: kp Date: Wed Dec 14 21:30:35 UTC 2016 New revision: 310094 URL: https://svnweb.freebsd.org/changeset/base/310094 Log: MFC r309563: pflog: Correctly initialise subrulenr subrulenr is considered unset if it's set to -1, not if it's set to 1. See contrib/tcpdump/print-pflog.c pflog_print() for a user. This caused incorrect pflog output (tcpdump -n -e -ttt -i pflog0): rule 0..16777216(match) instead of the correct output of rule 0/0(match) PR: 214832 Submitted by: andywhite@gmail.com Changes: _U stable/10/ stable/10/sys/netpfil/pf/if_pflog.c --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Wed Dec 14 23:12:32 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4EC03C7792D for ; Wed, 14 Dec 2016 23:12:32 +0000 (UTC) (envelope-from daemon-user@freebsd.org) Received: from reviews.nyi.freebsd.org (reviews.nyi.freebsd.org [IPv6:2610:1c1:1:607c::16:b]) by mx1.freebsd.org (Postfix) with ESMTP id 2AFAC177E for ; Wed, 14 Dec 2016 23:12:32 +0000 (UTC) (envelope-from daemon-user@freebsd.org) Received: by reviews.nyi.freebsd.org (Postfix, from userid 1346) id 76189259F9; Wed, 14 Dec 2016 23:12:31 +0000 (UTC) Date: Wed, 14 Dec 2016 23:12:31 +0000 To: freebsd-net@freebsd.org From: "kczekirda (Kamil Czekirda)" Reply-to: D8740+325+6bf741c8558a96f3@reviews.freebsd.org Subject: [Differential] D8740: remove network mask calculation for Classful network Message-ID: X-Priority: 3 X-Phabricator-Sent-This-Message: Yes X-Mail-Transport-Agent: MetaMTA X-Auto-Response-Suppress: All X-Phabricator-Mail-Tags: Thread-Topic: D8740: remove network mask calculation for Classful network X-Herald-Rules: none X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-Cc: Precedence: bulk In-Reply-To: References: Thread-Index: OGYzNDMxOTAzMWNkZjJkMDM4OTkxN2M0OTQ1IFhR0d8= MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Dec 2016 23:12:32 -0000 a2N6ZWtpcmRhIGFkZGVkIGEgcmV2aWV3ZXI6IGZyZWVic2QtbmV0LWxpc3QuCgpSRVZJU0lPTiBE RVRBSUwKICBodHRwczovL3Jldmlld3MuZnJlZWJzZC5vcmcvRDg3NDAKCkVNQUlMIFBSRUZFUkVO Q0VTCiAgaHR0cHM6Ly9yZXZpZXdzLmZyZWVic2Qub3JnL3NldHRpbmdzL3BhbmVsL2VtYWlscHJl ZmVyZW5jZXMvCgpUbzoga2N6ZWtpcmRhLCBiYXB0LCBpbXAsIGlhbiwgb3Nob2dibywgdHNvb21l LCAjbmV0d29yaywgZ2xlYml1cywgZnJlZWJzZC1uZXQtbGlzdApDYzogZ2xlYml1cwo= From owner-freebsd-net@freebsd.org Thu Dec 15 07:36:51 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ADAB2C81E14 for ; Thu, 15 Dec 2016 07:36:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 96276BA6 for ; Thu, 15 Dec 2016 07:36:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBF7annM031017 for ; Thu, 15 Dec 2016 07:36:51 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 211219] NIC status does not pass into a state of "no carrier" after disconnecting the cable. Date: Thu, 15 Dec 2016 07:36:49 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 10.3-RELEASE X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: franco@opnsense.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Dec 2016 07:36:51 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211219 --- Comment #9 from Franco Fichtner --- To reiterate... setting the following in loader.conf works as previously suggested: hw.em.enable_msix=3D0 But since this has a performance impact, is there any news here? Thanks, Franco --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Dec 15 08:51:11 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 344E0C759A3 for ; Thu, 15 Dec 2016 08:51:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 238F813A for ; Thu, 15 Dec 2016 08:51:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBF8pAIh034276 for ; Thu, 15 Dec 2016 08:51:10 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 214832] if_pflog subrulenr incorrectly set Date: Thu, 15 Dec 2016 08:51:11 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: kp@freebsd.org X-Bugzilla-Flags: maintainer-feedback? mfc-stable9? mfc-stable10? mfc-stable11? X-Bugzilla-Changed-Fields: resolution bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Dec 2016 08:51:11 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214832 Kristof Provost changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|In Progress |Closed --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Thu Dec 15 12:23:50 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C2B3FC76878; Thu, 15 Dec 2016 12:23:50 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: from elf.hq.norma.perm.ru (mail.norma.perm.ru [IPv6:2a00:7540:1::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.norma.perm.ru", Issuer "Vivat-Trade UNIX Root CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 1F67684C; Thu, 15 Dec 2016 12:23:49 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: from bsdrookie.norma.com. (pc846408.norma.com [IPv6:fd00::73d] (may be forged)) by elf.hq.norma.perm.ru (8.15.2/8.15.2) with ESMTPS id uBFCNjuY071972 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 15 Dec 2016 17:23:45 +0500 (YEKT) (envelope-from emz@norma.perm.ru) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=norma.perm.ru; s=key; t=1481804626; bh=NC//jDDMx/0fZeorJ0T85xz5v/5vQNOjyUdDMyA3La0=; h=To:Cc:From:Subject:Date; b=fLN6myE84D09j1eEVQ5E35HSqV51qgWIRx4mzJ+8s7ow/9NkUEnrePwKHkfkXIDf2 hPVNHbPLG2OuGW9RKUOvjgFasrnlXzb4WslQQFHViY3qTH+sGSOlaH+8H7FJkLKcub utRSGke1157q0G3v6HNAlM/3nqdjBK4WICG+QYsU= To: freebsd-stable@freebsd.org Cc: freebsd-net From: "Eugene M. Zheganin" Subject: sonewconn: pcb [...]: Listen queue overflow to human-readable form Message-ID: <58528B50.8030600@norma.perm.ru> Date: Thu, 15 Dec 2016 17:23:44 +0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.7.0 MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Dec 2016 12:23:50 -0000 Hi. Sometimes on one of my servers I got dmesg full of sonewconn: pcb 0xfffff80373aec000: Listen queue overflow: 49 already in queue awaiting acceptance (6 occurrences) sonewconn: pcb 0xfffff80373aec000: Listen queue overflow: 49 already in queue awaiting acceptance (2 occurrences) sonewconn: pcb 0xfffff80373aec000: Listen queue overflow: 49 already in queue awaiting acceptance (1 occurrences) sonewconn: pcb 0xfffff80373aec000: Listen queue overflow: 49 already in queue awaiting acceptance (15 occurrences) sonewconn: pcb 0xfffff80373aec000: Listen queue overflow: 49 already in queue awaiting acceptance (12 occurrences) sonewconn: pcb 0xfffff80373aec000: Listen queue overflow: 49 already in queue awaiting acceptance (10 occurrences) sonewconn: pcb 0xfffff80373aec000: Listen queue overflow: 49 already in queue awaiting acceptance (16 occurrences) sonewconn: pcb 0xfffff80373aec000: Listen queue overflow: 49 already in queue awaiting acceptance (16 occurrences) sonewconn: pcb 0xfffff80373aec000: Listen queue overflow: 49 already in queue awaiting acceptance (22 occurrences) sonewconn: pcb 0xfffff80373aec000: Listen queue overflow: 49 already in queue awaiting acceptance (6 occurrences) sonewconn: pcb 0xfffff80373aec000: Listen queue overflow: 49 already in queue awaiting acceptance (6 occurrences) sonewconn: pcb 0xfffff80373aec000: Listen queue overflow: 49 already in queue awaiting acceptance (1 occurrences) sonewconn: pcb 0xfffff80373aec000: Listen queue overflow: 49 already in queue awaiting acceptance (9 occurrences) sonewconn: pcb 0xfffff80373aec000: Listen queue overflow: 49 already in queue awaiting acceptance (5 occurrences) sonewconn: pcb 0xfffff80373aec000: Listen queue overflow: 49 already in queue awaiting acceptance (18 occurrences) sonewconn: pcb 0xfffff80373aec000: Listen queue overflow: 49 already in queue awaiting acceptance (4 occurrences) but at the time of investigation the socket is already closed and lsof cannot show me the owner. I wonder if the kernel can itself decode this output and write it in the human-readable form ? Thanks. Eugene. From owner-freebsd-net@freebsd.org Thu Dec 15 12:28:43 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C42F3C76B00; Thu, 15 Dec 2016 12:28:43 +0000 (UTC) (envelope-from egrosbein@rdtc.ru) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 60682B3C; Thu, 15 Dec 2016 12:28:42 +0000 (UTC) (envelope-from egrosbein@rdtc.ru) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id uBFCSVAJ032879 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 15 Dec 2016 13:28:32 +0100 (CET) (envelope-from egrosbein@rdtc.ru) X-Envelope-From: egrosbein@rdtc.ru X-Envelope-To: emz@norma.perm.ru Received: from eg.sd.rdtc.ru (eugen@localhost [127.0.0.1]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTP id uBFCSREw071153; Thu, 15 Dec 2016 19:28:27 +0700 (KRAT) (envelope-from egrosbein@rdtc.ru) Subject: Re: sonewconn: pcb [...]: Listen queue overflow to human-readable form To: "Eugene M. Zheganin" , freebsd-stable@freebsd.org References: <58528B50.8030600@norma.perm.ru> Cc: freebsd-net From: Eugene Grosbein Message-ID: <58528C6B.8070800@rdtc.ru> Date: Thu, 15 Dec 2016 19:28:27 +0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <58528B50.8030600@norma.perm.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=1.2 required=5.0 tests=BAYES_00, DATE_IN_FUTURE_96_Q, RP_MATCHES_RCVD, SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * 2.8 DATE_IN_FUTURE_96_Q Date: is 4 days to 4 months after Received: date * 0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-Spam-Level: * X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Dec 2016 12:28:43 -0000 On 15.12.2016 19:23, Eugene M. Zheganin wrote: > but at the time of investigation the socket is already closed and lsof > cannot show me the owner. I wonder if the kernel can itself decode this > output and write it in the human-readable form ? Until that's not implemented, you can monitor "netstat -Lan" output and continuously save it for later analisys and/or draw graphs. From owner-freebsd-net@freebsd.org Thu Dec 15 15:58:34 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 742C0C81486; Thu, 15 Dec 2016 15:58:34 +0000 (UTC) (envelope-from artem@viklenko.net) Received: from alf.viklenko.net (alf.viklenko.net [82.117.235.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.viklenko.net", Issuer "Art&Co. CA Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 007901113; Thu, 15 Dec 2016 15:58:33 +0000 (UTC) (envelope-from artem@viklenko.net) Received: from alf.viklenko.net (alf.viklenko.net [192.168.32.61]) (authenticated bits=0) by alf.viklenko.net (8.14.9/8.14.9) with ESMTP id uBFFR2aq018020 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 15 Dec 2016 17:27:02 +0200 (EET) (envelope-from artem@viklenko.net) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Thu, 15 Dec 2016 17:27:02 +0200 From: Artem Viklenko To: Eugene Grosbein Cc: "Eugene M. Zheganin" , freebsd-stable@freebsd.org, freebsd-net , owner-freebsd-net@freebsd.org Subject: Re: sonewconn: pcb [...]: Listen queue overflow to human-readable form Organization: Art&Co. In-Reply-To: <58528C6B.8070800@rdtc.ru> References: <58528B50.8030600@norma.perm.ru> <58528C6B.8070800@rdtc.ru> Message-ID: <7f33d47e2014d9c994f8b2003b011ba3@mail.viklenko.net> X-Sender: artem@viklenko.net User-Agent: Roundcube Webmail/1.1.4 X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (alf.viklenko.net [192.168.32.61]); Thu, 15 Dec 2016 17:27:02 +0200 (EET) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Dec 2016 15:58:34 -0000 2016-12-15 14:28, Eugene Grosbein написав: > On 15.12.2016 19:23, Eugene M. Zheganin wrote: > >> but at the time of investigation the socket is already closed and lsof >> cannot show me the owner. I wonder if the kernel can itself decode >> this >> output and write it in the human-readable form ? > > Until that's not implemented, you can monitor "netstat -Lan" output and > continuously save it for later analisys and/or draw graphs. > netstat -LanA -f inet ? > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- Regards! From owner-freebsd-net@freebsd.org Thu Dec 15 16:05:59 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8ABF1C8191E; Thu, 15 Dec 2016 16:05:59 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from mail.in-addr.com (mail.in-addr.com [IPv6:2a01:4f8:191:61e8::2525:2525]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5632B18EE; Thu, 15 Dec 2016 16:05:59 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from gjp by mail.in-addr.com with local (Exim 4.87 (FreeBSD)) (envelope-from ) id 1cHYXd-0007KH-1y; Thu, 15 Dec 2016 16:05:57 +0000 Date: Thu, 15 Dec 2016 16:05:57 +0000 From: Gary Palmer To: Artem Viklenko Cc: Eugene Grosbein , freebsd-net , "Eugene M. Zheganin" , freebsd-stable@freebsd.org, owner-freebsd-net@freebsd.org Subject: Re: sonewconn: pcb [...]: Listen queue overflow to human-readable form Message-ID: <20161215160557.GC7032@in-addr.com> References: <58528B50.8030600@norma.perm.ru> <58528C6B.8070800@rdtc.ru> <7f33d47e2014d9c994f8b2003b011ba3@mail.viklenko.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7f33d47e2014d9c994f8b2003b011ba3@mail.viklenko.net> X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: gpalmer@freebsd.org X-SA-Exim-Scanned: No (on mail.in-addr.com); SAEximRunCond expanded to false X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Dec 2016 16:05:59 -0000 On Thu, Dec 15, 2016 at 05:27:02PM +0200, Artem Viklenko wrote: > 2016-12-15 14:28, Eugene Grosbein ??????????????: > > On 15.12.2016 19:23, Eugene M. Zheganin wrote: > > > >> but at the time of investigation the socket is already closed and lsof > >> cannot show me the owner. I wonder if the kernel can itself decode > >> this > >> output and write it in the human-readable form ? > > > > Until that's not implemented, you can monitor "netstat -Lan" output and > > continuously save it for later analisys and/or draw graphs. > > > > netstat -LanA -f inet ? That's only IPv4 sockets (or sockets that are listening on both families at the same time). If you are dual stack with IPv6, you'd probably also need to capture netstat -LanA -f inet6 Regards, Gary From owner-freebsd-net@freebsd.org Thu Dec 15 17:38:13 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 86D56C81EA1; Thu, 15 Dec 2016 17:38:13 +0000 (UTC) (envelope-from artem@viklenko.net) Received: from alf.viklenko.net (alf.viklenko.net [82.117.235.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.viklenko.net", Issuer "Art&Co. CA Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 0D14F285; Thu, 15 Dec 2016 17:38:12 +0000 (UTC) (envelope-from artem@viklenko.net) Received: from alf.viklenko.net (alf.viklenko.net [192.168.32.61]) (authenticated bits=0) by alf.viklenko.net (8.14.9/8.14.9) with ESMTP id uBFHc92N023082 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 15 Dec 2016 19:38:09 +0200 (EET) (envelope-from artem@viklenko.net) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Thu, 15 Dec 2016 19:38:09 +0200 From: Artem Viklenko To: Gary Palmer Cc: Eugene Grosbein , freebsd-net , "Eugene M. Zheganin" , freebsd-stable@freebsd.org, owner-freebsd-net@freebsd.org Subject: Re: sonewconn: pcb [...]: Listen queue overflow to human-readable form Organization: Art&Co. In-Reply-To: <20161215160557.GC7032@in-addr.com> References: <58528B50.8030600@norma.perm.ru> <58528C6B.8070800@rdtc.ru> <7f33d47e2014d9c994f8b2003b011ba3@mail.viklenko.net> <20161215160557.GC7032@in-addr.com> Message-ID: <5a9d2ce3069c2ae45ca1d722e6e19236@mail.viklenko.net> X-Sender: artem@viklenko.net User-Agent: Roundcube Webmail/1.1.4 X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (alf.viklenko.net [192.168.32.61]); Thu, 15 Dec 2016 19:38:09 +0200 (EET) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Dec 2016 17:38:13 -0000 2016-12-15 18:05, Gary Palmer написав: > On Thu, Dec 15, 2016 at 05:27:02PM +0200, Artem Viklenko wrote: >> 2016-12-15 14:28, Eugene Grosbein ??????????????: >> > On 15.12.2016 19:23, Eugene M. Zheganin wrote: >> > >> >> but at the time of investigation the socket is already closed and lsof >> >> cannot show me the owner. I wonder if the kernel can itself decode >> >> this >> >> output and write it in the human-readable form ? >> > >> > Until that's not implemented, you can monitor "netstat -Lan" output and >> > continuously save it for later analisys and/or draw graphs. >> > >> >> netstat -LanA -f inet ? > > That's only IPv4 sockets (or sockets that are listening on both > families > at the same time). If you are dual stack with IPv6, you'd probably > also > need to capture > > netstat -LanA -f inet6 > Sure, the point was that -A flag showes tcb addresses. :) > Regards, > > Gary -- Regards! From owner-freebsd-net@freebsd.org Thu Dec 15 17:51:47 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9718AC815E4; Thu, 15 Dec 2016 17:51:47 +0000 (UTC) (envelope-from hiren@strugglingcoder.info) Received: from mail.strugglingcoder.info (strugglingcoder.info [104.236.146.68]) by mx1.freebsd.org (Postfix) with ESMTP id 89D2C10EC; Thu, 15 Dec 2016 17:51:47 +0000 (UTC) (envelope-from hiren@strugglingcoder.info) Received: from localhost (unknown [10.1.1.3]) (Authenticated sender: hiren@strugglingcoder.info) by mail.strugglingcoder.info (Postfix) with ESMTPA id 4BDF6175D6; Thu, 15 Dec 2016 09:51:41 -0800 (PST) Date: Thu, 15 Dec 2016 09:51:41 -0800 From: hiren panchasara To: "Eugene M. Zheganin" Cc: freebsd-stable@freebsd.org, freebsd-net Subject: Re: sonewconn: pcb [...]: Listen queue overflow to human-readable form Message-ID: <20161215175141.GE82166@strugglingcoder.info> References: <58528B50.8030600@norma.perm.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="IU5/I01NYhRvwH70" Content-Disposition: inline In-Reply-To: <58528B50.8030600@norma.perm.ru> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Dec 2016 17:51:47 -0000 --IU5/I01NYhRvwH70 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 12/15/16 at 05:23P, Eugene M. Zheganin wrote: > Hi. >=20 > Sometimes on one of my servers I got dmesg full of >=20 > sonewconn: pcb 0xfffff80373aec000: Listen queue overflow: 49 already in > queue awaiting acceptance (6 occurrences) [skip] >=20 > but at the time of investigation the socket is already closed and lsof > cannot show me the owner. I wonder if the kernel can itself decode this > output and write it in the human-readable form ? I have this not-quite-correct patch that may help you. (If you follow the discussion there, you'd know why its not complete.)=20 https://lists.freebsd.org/pipermail/freebsd-net/2014-March/038074.html Cheers, Hiren --IU5/I01NYhRvwH70 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQF8BAABCgBmBQJYUtgpXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNEUyMEZBMUQ4Nzg4RjNGMTdFNjZGMDI4 QjkyNTBFMTU2M0VERkU1AAoJEIuSUOFWPt/lNpgH/25X//3jMEM8d6A2MtiqcfHY 4adY/ECiOG0xPzfks0K/ImcVt/ryt6B9KIept3duPnQ+iJlGKnrS2wP8Uci8SsEu /LLr2IIycaqCmU+Rpz2wAlAu6t6r4G4Ix9Yq6WoKDA1oZJhOXqPv076C1ue5FKt8 TJBMfESUMIVAUeD0a3XYcn4a2WRM/yzV8VetB9su1fMf4VwQphdOrhTzw1bwK34K TnfP0UxEn+920XmbIjUibnbL5icXLOrInpXCdAVOqMeD7duhNeEJT0Si/fNs0zk4 RHC2t+yKDJdNyo+Q2mxDrFnnxOlY2fnqjzXVDgC1ksDJ5QgnChdgUXd/njJZYdI= =D+cw -----END PGP SIGNATURE----- --IU5/I01NYhRvwH70-- From owner-freebsd-net@freebsd.org Thu Dec 15 18:55:54 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AC13DC8219C for ; Thu, 15 Dec 2016 18:55:54 +0000 (UTC) (envelope-from daemon-user@freebsd.org) Received: from reviews.nyi.freebsd.org (reviews.nyi.freebsd.org [IPv6:2610:1c1:1:607c::16:b]) by mx1.freebsd.org (Postfix) with ESMTP id 86B5C1ABA for ; Thu, 15 Dec 2016 18:55:54 +0000 (UTC) (envelope-from daemon-user@freebsd.org) Received: by reviews.nyi.freebsd.org (Postfix, from userid 1346) id EDA0B250AC; Thu, 15 Dec 2016 18:55:53 +0000 (UTC) Date: Thu, 15 Dec 2016 18:55:53 +0000 To: freebsd-net@freebsd.org From: "glebius (Gleb Smirnoff)" Reply-to: D8740+325+6bf741c8558a96f3@reviews.freebsd.org Subject: [Differential] D8740: remove network mask calculation for Classful network Message-ID: <9c2e6767b90c37c774ef864278310b30@localhost.localdomain> X-Priority: 3 X-Phabricator-Sent-This-Message: Yes X-Mail-Transport-Agent: MetaMTA X-Auto-Response-Suppress: All X-Phabricator-Mail-Tags: , , Thread-Topic: D8740: remove network mask calculation for Classful network X-Herald-Rules: none X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-Cc: Precedence: bulk In-Reply-To: References: Thread-Index: OGYzNDMxOTAzMWNkZjJkMDM4OTkxN2M0OTQ1IFhS5zk= MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Dec 2016 18:55:54 -0000 Z2xlYml1cyBhY2NlcHRlZCB0aGlzIHJldmlzaW9uLgpnbGViaXVzIGFkZGVkIGEgY29tbWVudC4K VGhpcyByZXZpc2lvbiBoYXMgYSBwb3NpdGl2ZSByZXZpZXcuCgoKICBUaGlzIGxvb2tzIGNvcnJl Y3QgdG8gbWUuIEJ1dCBJIGhhdmVuJ3QgcmV2aWV3ZWQgdGhlIGNvbnNlcXVlbmNlcyBvZiB3cml0 aW5nIGRpcmVjdGx5IHRvIHRoZSAibmV0bWFzayIsIHdoaWNoIGlzIGFsc28gc2hhcmVkIHdpdGgg cmFycC5jIGFuZCB1ZHAuYwogIAogIFRoYW5rcyEKClJFVklTSU9OIERFVEFJTAogIGh0dHBzOi8v cmV2aWV3cy5mcmVlYnNkLm9yZy9EODc0MAoKRU1BSUwgUFJFRkVSRU5DRVMKICBodHRwczovL3Jl dmlld3MuZnJlZWJzZC5vcmcvc2V0dGluZ3MvcGFuZWwvZW1haWxwcmVmZXJlbmNlcy8KClRvOiBr Y3pla2lyZGEsIGJhcHQsIGltcCwgaWFuLCBvc2hvZ2JvLCB0c29vbWUsIGZyZWVic2QtbmV0LWxp c3QsIGdsZWJpdXMsICNuZXR3b3JrCkNjOiBnbGViaXVzCg== From owner-freebsd-net@freebsd.org Thu Dec 15 20:49:45 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7A7FFC825A0 for ; Thu, 15 Dec 2016 20:49:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6A435335 for ; Thu, 15 Dec 2016 20:49:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBFKniXW051581 for ; Thu, 15 Dec 2016 20:49:45 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 200420] [igb] igb0: Watchdog timeout -- resetting Date: Thu, 15 Dec 2016 20:49:44 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: arcadiy@ivanovy.net X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Dec 2016 20:49:45 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D200420 --- Comment #9 from Arcadiy Ivanov --- With respect to X11SBA-F board, I can confirm that the issue arises from hardware version 1.01 of the board and is gone with 1.02. The issue with 1.= 01 is not rectifiable by any EEPROM, BIOS or other firmware updates. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Fri Dec 16 00:24:20 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8577BC81E17 for ; Fri, 16 Dec 2016 00:24:20 +0000 (UTC) (envelope-from anderson.ferreira@gmx.com) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DE5DD1293 for ; Fri, 16 Dec 2016 00:24:19 +0000 (UTC) (envelope-from anderson.ferreira@gmx.com) Received: from mac-mini.asfnet.org ([191.34.199.244]) by mail.gmx.com (mrgmx002 [212.227.17.184]) with ESMTPSA (Nemesis) id 0LeMij-1cyOaU23a9-00q9tZ for ; Fri, 16 Dec 2016 01:24:12 +0100 From: Anderson Soares Ferreira Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\)) Subject: Trouble with ipv6 routing through interface Message-Id: <780FE1FC-EA67-4593-BC0A-259F4B8E7FB5@gmx.com> Date: Thu, 15 Dec 2016 22:24:08 -0200 To: freebsd-net@freebsd.org X-Mailer: Apple Mail (2.3251) X-Provags-ID: V03:K0:30lpPMq3uzQKYmOB2m9EY9SKjTe/O0o2QR/df6/cWDFQ/y/K/v1 O9OypyyP64m4x5syZw2yKYFFepyCTBNEHmXXyxGQr7fQyIDQ4VuhzV6ow0zCyf+0THiT0XE LCaQyKhRFabkKfK1pl8AfzkwaiQdHbA8o79fGDPW38HuqB/xu9X06qQENx6KRqKi206IAEb TKe1Cqc7dupXSR9xFUX8A== X-UI-Out-Filterresults: notjunk:1;V01:K0:jKcOGBVcXu4=:mOIwWTGUQmLpb4mO3OAg6H xXMgAScyhyGWJKPfGfxWXO+dohI9xoSMS6POMhGNJ5AZH4DkVbfZoQQIE5wXMVpRoU/F53Rx5 f04mrxZ1ckTRmMyXvnuCGsgszVIB2Jzg+H4xe+BrJ+FJXfe+IST1SsMpbnskAKzRIMVEGpoQb Q7GiTMQQZuBnse44YSdQGHwBOba+FqipUdYJZE9zO1RFeYZeI+nPVdUzz82O0sTE+1hvs620f w1IAiymY/PNojjc3KQl4DbG6dzlsPfyJjmMl59rWeLurDPQLok90u0Q7NHk+IP7nfZTd8PsHb me6JKbyD/B9rKluH+Js3AREKVPky90bRDWU4gNVf6+yf0Okx8q7jcq5PF4Z/Ot3hzyfwMR3Jo TIlJsVrvDydEpEsvMYaMM0RtE5TxliGz17exRKrdLFSPBqZ4cUAQ0aSgMPUqSVRrWsOzJEM1F 8eCNbHMIt0ToGJ0HmZsiKbAgndz+YdAAKUbKenEoTZpAQoy8yPMLZbPPAFbPjomYUmT5vnwi9 dDLYKyIsObkthpJhrxsR6ZOHUXBaWegS4LWa8sY5kQqd7f35eo/juCv/ZjcHU7yoGU+YUrI4O q6sA/f7m0oSFJU0HKTjldqCYjCnWzpw3qFHl6UumQzgRltVauM4mC/iH2XQFkgPkXdlcmpXSI 38NMPh5Mv3FtEPXwLWfcMwql9xWu475ZY+iWWBFH1asPpIBUbpGtJPoNSQ6ossDoiakI9pLpC CqfADj8SbnKm/v6SWXqehOMWBnOK4PT3ULLvdHCO4kFTDsj6/tuCCg2weAHrPjeRXXCAgIwH9 sC+7FDg X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Dec 2016 00:24:20 -0000 Hello, I have a freebsd 11 box running as my network gateway and I=E2=80=99m = having some trouble trying to route ipv6 packets through an interface = with only linklocal address. In short, what I=E2=80=99m doing is: My freebsd gateway has one global scope address on lo0 interface, each = other interface has only a link local address fe80::1. Static routes for = the global scope subnets have been created, Each route was created using = the command: # route -6 add -net /64 -interface =20 The clients on each subnet have a global scope address and fe80::1 as = default gateway. What is happening with this approach is that my gateway can=E2=80=99t = reach the clients on the subnets. Ping tests from the gateway to the = client return the error "ping6: sendmsg: No buffer space available=E2=80=9D= . On the other hand, when I try to do a ping from client to gateway, the = packets from the client are received by the gateway but no response is = sent. In my tests using a linux gateway with the same approach, = everything worked fine . Is there something wrong with my setup? How can I get that approach = working using freebsd ? Thanks in advanced, Anderson=20 From owner-freebsd-net@freebsd.org Fri Dec 16 08:21:36 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 79176C82782; Fri, 16 Dec 2016 08:21:36 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward2j.cmail.yandex.net (forward2j.cmail.yandex.net [IPv6:2a02:6b8:0:1630::15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0D8C437E; Fri, 16 Dec 2016 08:21:35 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [77.88.29.86]) by forward2j.cmail.yandex.net (Yandex) with ESMTP id 59302212B5; Fri, 16 Dec 2016 11:21:32 +0300 (MSK) Received: from smtp3p.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp3p.mail.yandex.net (Yandex) with ESMTP id 9C27C1320264; Fri, 16 Dec 2016 11:21:29 +0300 (MSK) Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id fxPaBgd7bp-LSra8Y7O; Fri, 16 Dec 2016 11:21:28 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1481876488; bh=rueidvQP+8RqNOGn14hZdDX6T2JnSFYKbRgQCugHgWY=; h=Subject:To:References:Cc:From:Message-ID:Date:In-Reply-To; b=iYhP1a+y5YUAkQ9b9BlZE4Otsp+3M1VhtB/6+W+k/WKSk8Hjh6sjwOtDBOcxyHWtC RMl+B1LUvSxAfitgbkOsWdETDiGxLndwwDCbuckiO0FAAY9n/ABVjU8iXH1WJI1ckw Z8WFnamIX/AONiUtnXckgkmwWIC//ajdXGCoEmy4= Authentication-Results: smtp3p.mail.yandex.net; dkim=pass header.i=@yandex.ru X-Yandex-Suid-Status: 1 0,1 0,1 0,1 0 Subject: Re: sonewconn: pcb [...]: Listen queue overflow to human-readable form To: hiren panchasara , "Eugene M. Zheganin" References: <58528B50.8030600@norma.perm.ru> <20161215175141.GE82166@strugglingcoder.info> Cc: freebsd-net , freebsd-stable@freebsd.org From: "Andrey V. Elsukov" Message-ID: <010586a3-0d44-7f83-32f1-d3ad79788fad@yandex.ru> Date: Fri, 16 Dec 2016 11:20:43 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <20161215175141.GE82166@strugglingcoder.info> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="XMO3HW3IWVKvmWovhMWUWW1eVUF2IdRle" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Dec 2016 08:21:36 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --XMO3HW3IWVKvmWovhMWUWW1eVUF2IdRle Content-Type: multipart/mixed; boundary="0VRL1P2tmBNH52pvVl1ETgK3cICBVqO7I"; protected-headers="v1" From: "Andrey V. Elsukov" To: hiren panchasara , "Eugene M. Zheganin" Cc: freebsd-net , freebsd-stable@freebsd.org Message-ID: <010586a3-0d44-7f83-32f1-d3ad79788fad@yandex.ru> Subject: Re: sonewconn: pcb [...]: Listen queue overflow to human-readable form References: <58528B50.8030600@norma.perm.ru> <20161215175141.GE82166@strugglingcoder.info> In-Reply-To: <20161215175141.GE82166@strugglingcoder.info> --0VRL1P2tmBNH52pvVl1ETgK3cICBVqO7I Content-Type: multipart/mixed; boundary="------------6F38ED10A3D2AFFC6EB7E045" This is a multi-part message in MIME format. --------------6F38ED10A3D2AFFC6EB7E045 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 15.12.2016 20:51, hiren panchasara wrote: > On 12/15/16 at 05:23P, Eugene M. Zheganin wrote: >> Hi. >> >> Sometimes on one of my servers I got dmesg full of >> >> sonewconn: pcb 0xfffff80373aec000: Listen queue overflow: 49 already i= n >> queue awaiting acceptance (6 occurrences) > [skip] >> >> but at the time of investigation the socket is already closed and lsof= >> cannot show me the owner. I wonder if the kernel can itself decode thi= s >> output and write it in the human-readable form ? >=20 > I have this not-quite-correct patch that may help you. (If you follow t= he > discussion there, you'd know why its not complete.)=20 >=20 > https://lists.freebsd.org/pipermail/freebsd-net/2014-March/038074.html Hi Hiren, I think the check for socket's domain should be enough? --=20 WBR, Andrey V. Elsukov --------------6F38ED10A3D2AFFC6EB7E045 Content-Type: text/x-patch; name="uipc_socket.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="uipc_socket.diff" Index: sys/kern/uipc_socket.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- sys/kern/uipc_socket.c (revision 309834) +++ sys/kern/uipc_socket.c (working copy) @@ -139,6 +139,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include =20 #include =20 @@ -577,10 +578,15 @@ sonewconn(struct socket *head, int connstatus) overcount++; =20 if (ratecheck(&lastover, &overinterval)) { - log(LOG_DEBUG, "%s: pcb %p: Listen queue overflow: " - "%i already in queue awaiting acceptance " - "(%d occurrences)\n", - __func__, head->so_pcb, head->so_qlen, overcount); + if (INP_CHECK_SOCKAF(head, AF_INET) || + INP_CHECK_SOCKAF(head, AF_INET6)) + over =3D ntohs(sotoinpcb(head)->inp_lport); + else + over =3D 0; + log(LOG_DEBUG, "%s: pcb %p: Listen queue overflow on " + "port %d: %i already in queue awaiting acceptance " + "(%d occurrences)\n", __func__, head->so_pcb, + over, head->so_qlen, overcount); =20 overcount =3D 0; } --------------6F38ED10A3D2AFFC6EB7E045-- --0VRL1P2tmBNH52pvVl1ETgK3cICBVqO7I-- --XMO3HW3IWVKvmWovhMWUWW1eVUF2IdRle Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEvBAEBCAAZBQJYU6PbEhxidTdjaGVyQHlhbmRleC5ydQAKCRABxeoEEMihemoH CACza54G8ZOh5wemtv3ETfDYHsDFiodrwsnoN7NOpF1AHz7Sqzm/a+wspXYPzOtW k4tT8bBTYidmCw0RzM3+Ee7S6KmwHw589B1ZmFi8Zaz21A3pKYuZG63w+LAckWHI x+zILL4vQ2Hcv4krrqfmPxo9+ZVSrfGJEkTS1X6bojYAHY+nQOylTzBoaGJZ0QRs 4s1txOXfzqpmQQ15FOEN/ZzPri411PM7W9k+cr6lPc0+z+gjg4NyeWZyyNPVkPK6 J1+soGmJb2eEZIb/WsxQcKn7j25nKAwPFtVUhzQVtvAnPLOcb6FO0YHm8KrAatnz r61qVePT6hNz3VMYHBN4jxA3 =ni2y -----END PGP SIGNATURE----- --XMO3HW3IWVKvmWovhMWUWW1eVUF2IdRle-- From owner-freebsd-net@freebsd.org Fri Dec 16 12:16:22 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A51ADC82EA8 for ; Fri, 16 Dec 2016 12:16:22 +0000 (UTC) (envelope-from admin@x154.save85off.com) Received: from x154.save85off.com (x154.save85off.com [43.240.238.154]) by mx1.freebsd.org (Postfix) with ESMTP id 70CAA1D81 for ; Fri, 16 Dec 2016 12:16:21 +0000 (UTC) (envelope-from admin@x154.save85off.com) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=save85off; d=x154.save85off.com; h=MIME-Version:From:To:Date:Subject:Content-Type:Content-Transfer-Encoding; i=admin@x154.save85off.com; bh=0CF8fdUrp/mMt78Youl6eMyMNGU=; b=ivXz1iJCM75WMDxhVUD3/K7eOKg+0huBgjZRsEUDLemPlNyYv21fV3xAda8+qeatSlBlWTgpx9ua Wn7DAAkTFB/XUlK3ll30I1fpYya/33STYgyhxDZ+pWjH6b3PhsRAlrms9IMgAcp5l3k1qmuZrRUR bo21Vu2cLtdXxSsEstI= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=save85off; d=x154.save85off.com; b=fx8d2NEZM6owVZgM0sSCxdjigfPS/O991X0K6HphCnq2u8v+/PXRm+ndtCuxanI1gM87ny7brXan E+MXRAeuMMtYRbUnFTOT2f9ysYAqY2RUV0JTOGJMHV309uIYtpRKxXkNFua/tD9uVk2w4kOT1CkL SmuBFlzaayI0ojjApC4=; From: "UGG Big Deals" To: freebsd-net@freebsd.org Date: 16 Dec 2016 20:04:16 +0800 Subject: Products Almost Sold Out!Christmas Prices + Free Shipping For A Few More Hours! win 86$ MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Dec 2016 12:16:22 -0000 From owner-freebsd-net@freebsd.org Fri Dec 16 12:31:35 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 10343C82120 for ; Fri, 16 Dec 2016 12:31:35 +0000 (UTC) (envelope-from contact@makz.me) Received: from ryuko.makz.me (ryuko.makz.me [176.31.133.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A0EA31063 for ; Fri, 16 Dec 2016 12:31:34 +0000 (UTC) (envelope-from contact@makz.me) Received: from localhost (localhost [127.0.0.1]) by ryuko.makz.me (Postfix) with ESMTP id 2CBC123B036A for ; Fri, 16 Dec 2016 13:24:56 +0100 (CET) Received: from ryuko.makz.me ([127.0.0.1]) by localhost (ryuko.makz.me [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id IgM8kztH-uLU for ; Fri, 16 Dec 2016 13:24:55 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by ryuko.makz.me (Postfix) with ESMTP id CD0E523B0366 for ; Fri, 16 Dec 2016 13:24:55 +0100 (CET) X-Virus-Scanned: amavisd-new at makz.me Received: from ryuko.makz.me ([127.0.0.1]) by localhost (ryuko.makz.me [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id VurgMAUkUKHa for ; Fri, 16 Dec 2016 13:24:55 +0100 (CET) Received: from ryuko.makz.me (ryuko.makz.me [10.10.0.8]) by ryuko.makz.me (Postfix) with ESMTP id 991CA23B0367 for ; Fri, 16 Dec 2016 13:24:55 +0100 (CET) Date: Fri, 16 Dec 2016 13:24:55 +0100 (CET) From: Maxence Sartiaux To: freebsd-net@freebsd.org Message-ID: <1372618005.12430.1481891095398.JavaMail.zimbra@makz.me> Subject: Policy base routing & GW on same subnet MIME-Version: 1.0 X-Originating-IP: [10.10.0.8] X-Mailer: Zimbra 8.7.0_GA_1659 (ZimbraWebClient - GC55 (Linux)/8.7.0_GA_1659) Thread-Index: yyON24dyLhDZwFZiMoF09AY/Q1ANDg== Thread-Topic: Policy base routing & GW on same subnet Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Dec 2016 12:31:35 -0000 Hello I've a problem with a pfsense, unfortunately, i've already asked to pfsense forum but nobody can respond me so i think it's more a bsd issue. I have multiple gateway, two of them are in the same subnet / interface (my default 192.168.0.5 & my second one 192.168.0.1) I create a rule base matching on source and route the traffic to my second gateway. (the rule match properly) But the traffic is always routed to my default gateway. When i use an other gateway which are on a different subnet, the traffic is properly routed to the other gateway. I've tried on differents subnet, differents interfaces, it look like bsd route the traffic to the latest added gateway when there are multiple gateway on a same subnet. Is it a BSD or pfSense issue ? Thank you. From owner-freebsd-net@freebsd.org Sat Dec 17 16:39:35 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 21068C84C19 for ; Sat, 17 Dec 2016 16:39:35 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from butcher-nb.yandex.net (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) by mx1.freebsd.org (Postfix) with ESMTP id 44D25153F; Sat, 17 Dec 2016 16:39:33 +0000 (UTC) (envelope-from ae@FreeBSD.org) Subject: Re: Trouble with ipv6 routing through interface To: Anderson Soares Ferreira , freebsd-net@freebsd.org References: <780FE1FC-EA67-4593-BC0A-259F4B8E7FB5@gmx.com> From: "Andrey V. Elsukov" Cc: "Alexander V. Chernikov" , "Bjoern A. Zeeb" , Hiroki Sato , Mark Johnston Message-ID: Date: Sat, 17 Dec 2016 19:38:43 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <780FE1FC-EA67-4593-BC0A-259F4B8E7FB5@gmx.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="0Ci9LEN5KmsP3q2STjP8HIimuMqB1oVP5" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Dec 2016 16:39:35 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --0Ci9LEN5KmsP3q2STjP8HIimuMqB1oVP5 Content-Type: multipart/mixed; boundary="raF9pboL6PTqJ5GWwSTKfNsx5O7b9Usqa"; protected-headers="v1" From: "Andrey V. Elsukov" To: Anderson Soares Ferreira , freebsd-net@freebsd.org Cc: "Alexander V. Chernikov" , "Bjoern A. Zeeb" , Hiroki Sato , Mark Johnston Message-ID: Subject: Re: Trouble with ipv6 routing through interface References: <780FE1FC-EA67-4593-BC0A-259F4B8E7FB5@gmx.com> In-Reply-To: <780FE1FC-EA67-4593-BC0A-259F4B8E7FB5@gmx.com> --raF9pboL6PTqJ5GWwSTKfNsx5O7b9Usqa Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 16.12.2016 03:24, Anderson Soares Ferreira wrote: > I have a freebsd 11 box running as my network gateway and I=E2=80=99m h= aving > some trouble trying to route ipv6 packets through an interface with > only linklocal address. In short, what I=E2=80=99m doing is: >=20 > My freebsd gateway has one global scope address on lo0 interface, > each other interface has only a link local address fe80::1. Static > routes for the global scope subnets have been created, Each route was > created using the command: >=20 > # route -6 add -net /64 -interface >=20 > The clients on each subnet have a global scope address and fe80::1 as > default gateway. >=20 > What is happening with this approach is that my gateway can=E2=80=99t r= each > the clients on the subnets. Ping tests from the gateway to the client > return the error "ping6: sendmsg: No buffer space available=E2=80=9D. O= n the Hi, this ENOBUFS error is returned from ND6 code. Due to the lack of prefixes, layer2 doesn't consider that destination address is a neighbor.= > other hand, when I try to do a ping from client to gateway, the > packets from the client are received by the gateway but no response > is sent. In my tests using a linux gateway with the same approach, > everything worked fine . I'm not sure how this should be fixed. --=20 WBR, Andrey V. Elsukov --raF9pboL6PTqJ5GWwSTKfNsx5O7b9Usqa-- --0Ci9LEN5KmsP3q2STjP8HIimuMqB1oVP5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEsBAEBCAAWBQJYVWoUDxxhZUBmcmVlYnNkLm9yZwAKCRABxeoEEMihevVsCACF KmcJOX/jVbbs9bU7XeckpLEpYvn+Cr1tBzfXI/dgO4OhKYCeagv+EvTXptFJl0w3 T2kMvtfP53kCxsJSwMFOK0oz+HLnnNiY6HuZiUDeU6tVrgl+lEgv/NKOyPGbBa8i wcPKlZj4n1vMhwbQVeIlAJzltgfFvWfcEA96sXyi+GKT8Is2xrKFPrkYBsG92/v/ PUTwy8X6JLiHCLJqh/NhYs9Lf9qzTsn923eD7sVUeg+PbxJ2QG93ckSjHbn5TjiX /nfGBkZ2zCj9byulOcrHgqZbRv8Hr2M6//kaoN+oeR2RqrqAIm+JJ1XXFSaD6YUS mZQd4jJHZiCZcsLEtHWZ =ABgl -----END PGP SIGNATURE----- --0Ci9LEN5KmsP3q2STjP8HIimuMqB1oVP5-- From owner-freebsd-net@freebsd.org Sat Dec 17 22:28:37 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DF0A8C8510D for ; Sat, 17 Dec 2016 22:28:37 +0000 (UTC) (envelope-from nparhar@gmail.com) Received: from mail-pg0-x241.google.com (mail-pg0-x241.google.com [IPv6:2607:f8b0:400e:c05::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BA5B681; Sat, 17 Dec 2016 22:28:37 +0000 (UTC) (envelope-from nparhar@gmail.com) Received: by mail-pg0-x241.google.com with SMTP id p66so13807135pga.2; Sat, 17 Dec 2016 14:28:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:subject:message-id:mail-followup-to :mime-version:content-disposition:user-agent; bh=o7tLOHVIUxgKyfp3vxVaZ0iw556Mx6ZcspncPYdv9UY=; b=AETSmp1rBFFi3HHFYGdzt/NuEEWY0Fyt9JiD25/TDgBjm7TEWRJk7rbkzm6y9zd65m z6szglXRKDgJSKja6lYi1emxd9CHsmcU8yLFR8DxeNxHB8RgKdEtUCzQVgbOUiocZYxP njjeQFs68yes35fXVyFutlY3EJM90vf/Mg7X5YyslXFVArRN0Bjj4IaY9adw6ssiRWuT S+ZasixbiBFz3rGHZgbxYR3kw2GWx/vHBZAGWAU8VxdJh4dkXcYhTIorrFsfslJpbUFu 0629Laxs32kTT3pmfDUiIiOWp0kW8rZltbfld1hdo2GZ6bukbOMa1c320ksajl6hmOgI k3uA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:subject:message-id :mail-followup-to:mime-version:content-disposition:user-agent; bh=o7tLOHVIUxgKyfp3vxVaZ0iw556Mx6ZcspncPYdv9UY=; b=ie1xJruUy8N6BMUr0kldroO9HVQBsVEplHnjw9vWm9BltMdsSu+6tBH3Pl73KuptPH e82gh/SpG37+zeXYC3L9bP0/7WDDtcsSJ7H0+y/rZnMNSPKmoOHJ2fcTAFyRawQS/p/5 kU2HDfPvJwK0ZeWL15/WvX2V/2LZnYdjsGGJ95lsany4hgAnipYzY8muZnnYl+j8nG73 IUJ8LWQpAYOK95G+BCROUAOLsZQ8cT9iDZPaDkza/zeX5ZpkkTBgH3gLWKCph3uIH9xq awdHQ+decM21ubHd4bFbMZAkyOu7jzRyLh6XV4t8lWKr7zkEijEzKOcrLswNidz6Onl0 Iaaw== X-Gm-Message-State: AKaTC01meI3He0Ep02z2h1nfch6OwmXkHzHwPnwYt/Uph/+9hgZ625o5+1zTJVKIPJOJvQ== X-Received: by 10.84.135.34 with SMTP id 31mr20531904pli.50.1482013717357; Sat, 17 Dec 2016 14:28:37 -0800 (PST) Received: from ox (c-73-93-112-83.hsd1.ca.comcast.net. [73.93.112.83]) by smtp.gmail.com with ESMTPSA id t20sm21002893pfk.48.2016.12.17.14.28.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 17 Dec 2016 14:28:35 -0800 (PST) Sender: Navdeep Parhar Date: Sat, 17 Dec 2016 14:28:27 -0800 From: Navdeep Parhar To: v.maffione@gmail.com, luigi@FreeBSD.org, freebsd-net@FreeBSD.org Subject: cxgbe's native netmap support broken since r307394 Message-ID: <20161217222812.GA4979@ox> Mail-Followup-To: v.maffione@gmail.com, luigi@FreeBSD.org, freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Dec 2016 22:28:38 -0000 Luigi, Vincenzo, The last major update to netmap (r307394 and followups) broke cxgbe's native netmap support. The problem is that netmap_hw_reg now holds an rw_lock around the driver's netmap_on/off routines. It has always been safe for the driver to sleep during these operations but now it panics instead. Why is IFNET_WLOCK needed here? It seems like a regression to disallow sleep on the control path. Regards, Navdeep begin_synchronized_op with the following non-sleepable locks held: exclusive rw ifnet_rw (ifnet_rw) r = 0 (0xffffffff8271d680) locked @ /root/ws/head/sys/dev/netmap/netmap_freebsd.c:95 stack backtrace: #0 0xffffffff810837a5 at witness_debugger+0xe5 #1 0xffffffff81084d88 at witness_warn+0x3b8 #2 0xffffffff83ef2bcc at begin_synchronized_op+0x6c #3 0xffffffff83f14beb at cxgbe_netmap_reg+0x5b #4 0xffffffff809846f1 at netmap_hw_reg+0x81 #5 0xffffffff809806de at netmap_do_regif+0x19e #6 0xffffffff8098121d at netmap_ioctl+0x7ad #7 0xffffffff8098682f at freebsd_netmap_ioctl+0x5f