From owner-freebsd-net@freebsd.org Sun Nov 12 04:30:52 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 76AC0E6810B for ; Sun, 12 Nov 2017 04:30:52 +0000 (UTC) (envelope-from kmacybsd@gmail.com) Received: from mail-ot0-x233.google.com (mail-ot0-x233.google.com [IPv6:2607:f8b0:4003:c0f::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 38BCF7BAB6 for ; Sun, 12 Nov 2017 04:30:52 +0000 (UTC) (envelope-from kmacybsd@gmail.com) Received: by mail-ot0-x233.google.com with SMTP id n74so11213692ota.8 for ; Sat, 11 Nov 2017 20:30:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=noPIjcHqDcKCNeu7LmTJGGMjc0sg29afbqtJelzDNho=; b=o1vruBp4kMoPdT/tnwQzMcOsC5nwBiI5ulVcOX74ti8jTBf+M/lLJQOIldddoo4NwI kk0dx4SOG+0JK886IHoTAFidEu1vvbDBCL3k0dirI/iS4H7umplg5Uk1+T0NaO7TdCTm x5mO92+J/JYZ7AWvqPV5dgIkHC5ng/niNuskfQcEXxLUuWBRM+fTspAaq23/8xnRb47b ODpj3tGe7Kn7RUAUQtQBJAX1ddNLEu1o3T1u9WDVZiQ+yPmPWj7zarPex/gJUxB+jGy5 gG/sKyfW5ro9rDISTwycRBqK+U8VXTt9yd3UmZOnLP1IsgDbiEc7mbdc56hhBIWnn69M Kt4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=noPIjcHqDcKCNeu7LmTJGGMjc0sg29afbqtJelzDNho=; b=mcsYiO60RQJJbSjXkgoZirx8PVM78+miRz14OJlW4uYl86vcm7gU6iE1A86rS++RZL JX03/rCDLZ1uF5kENUQvMsnIxrLfOmVVFndmHVmMp/xOc7pFWoreGkGNfFmpBeBAUrzx vz+WPif2KVThx5F1lP+LX/PI4bJd4D72jqCFwo9Nz69ULx1GTHkUi32MCo/aewRjWWal byBc4uBdc7wIFW7Xtia3tXnieOqNwHEmNPUrz/ArgqkXYYZ/FL7vF+A6iENZVZ17vh5i xsf2oPmEu2DLkNxFrZvxeT0C4sMbYpWvdDaFKLPnaBF1O8PNIoPFP+b51clDxSNIsCjn lImA== X-Gm-Message-State: AJaThX7SjX7dicQTgJ79wrFOGBm8jzcoubznYmXL1HDESTewzEltRx9H d2TqTBwpQ/y7qLJqpFX7Wn6wwsM1R/7vFT/QHDM= X-Google-Smtp-Source: AGs4zMYQJg4P9YilgSYIzdvtMFzOYE45YxdkCFTik9Ic6OADTUxRMrSB+UezVi4L2rFLSqRnWcHzGY4BH2M/xHGfg/0= X-Received: by 10.157.6.198 with SMTP id 64mr1957095otx.460.1510461051274; Sat, 11 Nov 2017 20:30:51 -0800 (PST) MIME-Version: 1.0 Sender: kmacybsd@gmail.com Received: by 10.157.31.89 with HTTP; Sat, 11 Nov 2017 20:30:50 -0800 (PST) In-Reply-To: References: <5A01ED27.60900@cox.net> From: "K. Macy" Date: Sat, 11 Nov 2017 20:30:50 -0800 X-Google-Sender-Auth: tcD0Da_M8eML32nBU4RR_WquUE8 Message-ID: Subject: Re: netmap scatter/gather? To: Vincenzo Maffione Cc: "Joseph H. Buehler" , "freebsd-net@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 04:30:52 -0000 On Tue, Nov 7, 2017 at 9:32 AM, Vincenzo Maffione wrote: > Hi, > In general netmap adapters (i.e. netmap ports) may support NS_MOREFRAG. > But in practice this is mainly supported on VALE ports. > So if you don't want to add the missing support by yourself you can simply > change the netmap buffer size by tuning the sysctl dev.netmap.buf_size, and > increase it to 9600. > When doing vxlan that allows me to avoid copies on encap, but I don't see any mechanism to avoid a (second) copy on decap where what I'd like to do is to indicate to VALE that the packet starts at a certain offset. Am I missing something? Thanks. From owner-freebsd-net@freebsd.org Sun Nov 12 05:19:13 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8613EE68C72 for ; Sun, 12 Nov 2017 05:19:13 +0000 (UTC) (envelope-from kmacybsd@gmail.com) Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com [IPv6:2607:f8b0:4003:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4870A7CA2F for ; Sun, 12 Nov 2017 05:19:13 +0000 (UTC) (envelope-from kmacybsd@gmail.com) Received: by mail-oi0-x236.google.com with SMTP id r128so9331420oig.9 for ; Sat, 11 Nov 2017 21:19:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=THRsyE+AWU0R5MEfQ6tAd9MfztnQvB/4rxVAQBNT7+c=; b=pFCB0V9sKNQCzezrwRjYBApAW1+7Cctc4FAMQMu8v5rIoQvIeeXbNhOns+hfRcYgcQ KmO52V2xphN1s4CX37pNlMnw/rVs4dnRDe/qz0diuu9Z9Dqsw43LYtGOvPvDd8+a3Ycr yQvw6dCDgMSWZ8Zgo1nmoXJd90mRcxKsdhiQubqkdDc9KDrLDnUlJ7g9GJM/j3nfjOHS vUo3CDjV+s5mwp6ovGZum1vEG+Zioy92l+j98w7BV2YW1JMwqArlbDMbeakL5RdDGE0s Ggs8+IYXNOFgC3oyHhz+/tXvfKo26ZYKiQTRwc9pqljfsvahX75jvitxf5RSOD00qc0t qLAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=THRsyE+AWU0R5MEfQ6tAd9MfztnQvB/4rxVAQBNT7+c=; b=VtR+jFsaGs9/+OGq2owLZDtIYOg2YDm4YqfMIWdKsg/D18WuoL6Y+/MWEogj5p3O1U ylzkPagCGg1YeQ6g9/i9XLN+WYi6VdmczlhMpk2RM2ryL6UqmHkfltGpt70H1tT187VA Xup4nRWXgpajhx8MWcz9H5Ne+4+5MjHMQep9W/6WsTeJ4b3bf+t2iA0da6d1cgq4oEu4 J5k8+jdpmoLkGVngV1HS1sZ9ce9Qx5NkDNtql8OLGOgGXpvv5XD/cP+ufq7xV1sSQzlD loul2TILeXOuIUbpBIqifl0GkNMFqTCj9M1VWH5MxcuXGZ8O3E2VYbLMaXaACQ53YOdr lFkg== X-Gm-Message-State: AJaThX4LV2Mlua9YTZRy6OhAW5bTgKWdu5N0jso8b35uFkWpvuFmqEzk YRPYOBDj/zn9VESUXpEWb+AlytmvgQGntoz1lKY= X-Google-Smtp-Source: AGs4zMasFxTjkOQCcyRkjdVYmWoXcGIcyHUqytvyUt1aurOgeyTe0QQNabz3QBWOStBDsp02I2c7jNfardQAzhFvXAY= X-Received: by 10.202.166.218 with SMTP id t87mr2065592oij.420.1510463952444; Sat, 11 Nov 2017 21:19:12 -0800 (PST) MIME-Version: 1.0 Sender: kmacybsd@gmail.com Received: by 10.157.31.89 with HTTP; Sat, 11 Nov 2017 21:19:12 -0800 (PST) In-Reply-To: References: <5A01ED27.60900@cox.net> From: "K. Macy" Date: Sat, 11 Nov 2017 21:19:12 -0800 X-Google-Sender-Auth: dO8qhh4SDrNQh4lY5DUI2LwZl74 Message-ID: Subject: Re: netmap scatter/gather? To: Vincenzo Maffione Cc: "Joseph H. Buehler" , "freebsd-net@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 05:19:13 -0000 On Sat, Nov 11, 2017 at 8:30 PM, K. Macy wrote: > On Tue, Nov 7, 2017 at 9:32 AM, Vincenzo Maffione wrote: >> Hi, >> In general netmap adapters (i.e. netmap ports) may support NS_MOREFRAG. >> But in practice this is mainly supported on VALE ports. >> So if you don't want to add the missing support by yourself you can simply >> change the netmap buffer size by tuning the sysctl dev.netmap.buf_size, and >> increase it to 9600. >> > > When doing vxlan that allows me to avoid copies on encap, but I don't > see any mechanism to avoid a (second) copy on decap where what I'd > like to do is to indicate to VALE that the packet starts at a certain > offset. Am I missing something? It looks like if you'd just change NETMAP_BUF to take an offset as well it would mostly just work if I could pass on offset in netmap_slot: idx = ring->slot[i].buf_idx; d->hdr.slot = &ring->slot[i]; d->hdr.buf = (u_char *)NETMAP_BUF(ring, idx); -> idx = ring->slot[i].buf_idx; off = ring->slot[i].buf_off; /* new */ d->hdr.slot = &ring->slot[i]; d->hdr.buf = (u_char *)NETMAP_BUF(ring, idx, off); > > > Thanks. From owner-freebsd-net@freebsd.org Sun Nov 12 17:54:24 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 716F4C31CF1 for ; Sun, 12 Nov 2017 17:54:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5FFE06F2C0 for ; Sun, 12 Nov 2017 17:54:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vACHsNqG021781 for ; Sun, 12 Nov 2017 17:54:24 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 191916] pflogd(8) eats cpu and hangs with net.bpf.zerocopy_enable=0 Date: Sun, 12 Nov 2017 17:54:23 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.3-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: mg@fork.pl X-Bugzilla-Status: Closed X-Bugzilla-Resolution: Overcome By Events X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 17:54:24 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D191916 Marcin Gryszkalis changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mg@fork.pl --- Comment #4 from Marcin Gryszkalis --- Note for those with similar problem: I just noticed same effect (pflogd eat= ing 100% cpu on initializing). It was because mistake in newsyslog.conf that stopped /var/log/pflog rotation and the log file grown to over 20GB.=20 As pflogd(8) says: pflogd tries to preserve the integrity of the log file against I/O errors. Furthermore, integrity of an existing log file is verified before appending. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Nov 13 13:55:34 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6C4C9DBB216 for ; Mon, 13 Nov 2017 13:55:34 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 36F316F39C; Mon, 13 Nov 2017 13:55:33 +0000 (UTC) (envelope-from des@des.no) Received: from desk.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id BE19710CFE; Mon, 13 Nov 2017 13:55:26 +0000 (UTC) Received: by desk.des.no (Postfix, from userid 1001) id 0F0A061D9; Mon, 13 Nov 2017 13:55:25 +0000 (UTC) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Andriy Gapon Cc: freebsd-net@FreeBSD.org Subject: Re: local_unbound, resolvconf, vpn References: <5689438f-6734-6b57-b700-d70ee2b7578a@FreeBSD.org> Date: Mon, 13 Nov 2017 14:55:24 +0100 In-Reply-To: <5689438f-6734-6b57-b700-d70ee2b7578a@FreeBSD.org> (Andriy Gapon's message of "Wed, 8 Nov 2017 13:38:28 +0200") Message-ID: <86a7zq8er7.fsf@desk.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 13:55:34 -0000 Andriy Gapon writes: > First, there is now an automatically generated /etc/resolvconf.conf. > It has the following comment: > # This file was generated by local-unbound-setup. > # Modifications will be overwritten. > Is that comment really true? > What and when is going to overwrite my modifications? service local_unbound setup > Next. The auto-generated resolvconf.conf has this trick to prevent modifi= cations > of resolv.conf: resolv_conf=3D"/dev/null" > The trick works but it causes some small noise when resolvconf is run, li= ke > cannot copy /dev/null to /dev/null.bak. > I think that a nicer solution is to just set name_servers=3D127.0.0.1: No, if we let resolvconf overwrite resolv.conf then we lose "options edns0". What it boils down to is that resolvconf is a piece of shit and the only way to get it to do what we want would be to write a special backend for the local_unbound case (see /libexec/resolvconf). > unbound: [7457:0] error: cannot chdir to directory: (No such file or dir= ectory) This error is emitted by the configuration parser when it encounters the "directory" directive in the "server" section and fails to chdir to the specified directory, but there should be a name there. Can you do: # service local_unbound stop # mv /var/unbound /var/unbound.orig # mtree -deU -f /etc/mtree/BSD.var.dist # service local_unbound setup # diff -ru /var/unbound.orig /var/unbound and tell me if there are any differences? DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-net@freebsd.org Mon Nov 13 17:29:04 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DED4EDBFC93 for ; Mon, 13 Nov 2017 17:29:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CCF9C75F30 for ; Mon, 13 Nov 2017 17:29:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vADHT2dq071142 for ; Mon, 13 Nov 2017 17:29:04 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 221146] [ixgbe] Problem with second laggport Date: Mon, 13 Nov 2017 17:29:02 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: cramerj@intel.com X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: mfc-stable11? X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 17:29:05 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D221146 Jeb Cramer changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cramerj@intel.com --- Comment #20 from Jeb Cramer --- (In reply to Sean Bruno from comment #19) I'm not saying it won't help, but it also opens the door for the reasons we moved it to the beginning of attach() in the first place. The firmware ten= ds to not honor the synchronization bits until the driver has taken over (via = the DRV_LOAD bit). --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Nov 13 18:58:24 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 039DDDC17DD for ; Mon, 13 Nov 2017 18:58:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E629E78C9D for ; Mon, 13 Nov 2017 18:58:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vADIwMGC018531 for ; Mon, 13 Nov 2017 18:58:23 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 221146] [ixgbe] Problem with second laggport Date: Mon, 13 Nov 2017 18:58:23 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: sbruno@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: mfc-stable11? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 18:58:24 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D221146 --- Comment #21 from Sean Bruno --- (In reply to Jeb Cramer from comment #20) Until I get confirmation from a failure case, I'm not going to do anything = with this at this time. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Nov 13 20:14:13 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 72BBBDD4766 for ; Mon, 13 Nov 2017 20:14:13 +0000 (UTC) (envelope-from driesmp@hotmail.com) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-oln040092067026.outbound.protection.outlook.com [40.92.67.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D96357C533 for ; Mon, 13 Nov 2017 20:14:11 +0000 (UTC) (envelope-from driesmp@hotmail.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ZlQ41jWEYx7s3Hp7njJBZbsz9JTpejl8X0CH5jHy1D4=; b=h3MPrNRIikovuKH60or2jkiedtvgDLQz8E3HoU0Hv/eYQPYLrHhfqgSXofopTwlEt5oJq+dPAQF/0YIyBhwz+IqG9m2rg9i7OPhXrF5lqG9LPskOosT6Hoax2I/TfyNw6QSqXMUMnnZ3Zd/M8h2o4yXgccOzygrhB51AwnXAb7ZPlNdmBiEhNpFHEyPNLST3iptmCZv3LIln92L8czcz84Hd3sKdsHpNRy3WJt1DEi1LarK94cIUMXzb3ISuzem2jeAQ86a8QfsDymVoBi0VUQOzsuD2nzG1hvmnD8gAnfDtB/ArR0prI1b2ePgu7XcgijsefrSGciiQvP2yDMRFTA== Received: from HE1EUR02FT045.eop-EUR02.prod.protection.outlook.com (10.152.10.56) by HE1EUR02HT179.eop-EUR02.prod.protection.outlook.com (10.152.11.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.197.9; Mon, 13 Nov 2017 20:14:09 +0000 Received: from DB6PR1001MB1238.EURPRD10.PROD.OUTLOOK.COM (10.152.10.56) by HE1EUR02FT045.mail.protection.outlook.com (10.152.11.238) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.20.197.9 via Frontend Transport; Mon, 13 Nov 2017 20:14:09 +0000 Received: from DB6PR1001MB1238.EURPRD10.PROD.OUTLOOK.COM ([fe80::c849:7164:6f82:6f55]) by DB6PR1001MB1238.EURPRD10.PROD.OUTLOOK.COM ([fe80::c849:7164:6f82:6f55%14]) with mapi id 15.20.0218.011; Mon, 13 Nov 2017 20:14:09 +0000 From: Dries Michiels To: "freebsd-net@freebsd.org" Subject: chroot implementation of bind and kea Thread-Topic: chroot implementation of bind and kea Thread-Index: AQHTXLqA7fta95F4fU+IlkN5JGtlKA== Date: Mon, 13 Nov 2017 20:14:09 +0000 Message-ID: Accept-Language: nl-BE, en-US Content-Language: nl-BE X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: freebsd.org; dkim=none (message not signed) header.d=none;freebsd.org; dmarc=none action=none header.from=hotmail.com; x-incomingtopheadermarker: OriginalChecksum:A81ACDD6D9574F61B1BBAE89F129809218BC38F40F9A9EF1770C25418E47C9C6; UpperCasedChecksum:51645F83E96C25058CEC976A54501A899B9AFB86CBDCF829E6FFBD312B154DF3; SizeAsReceived:6824; Count:43 x-tmn: [q6/LiqAoUWbwYxfq58FlwtCGfsw1ZlbK] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; HE1EUR02HT179; 6:X4dmf7i1nNlNO+7ZdnaxjlMFMipu9suWtL4nIPsJ66XP11uT1kPffVidD56ads0Fr0NGLhh65XsH57cU926zb18yJRswNFWr+krapm2tp/teD6EPDVPCuSpsLkZdPWriiMDN8XAerGwkGjVCx1Rx3gz7THHcpHzY8/7POMgiQSlTqtgl6wXb+3eXjT8F/Qv34Gpgs+VbLlSsCajJHzelpjo8SfekNwS9PAn37qNXZgdIhND07PbMbTlyM9vLZLhbmLybnlS+RxtbysNAsvrXyElr2qzsIaEgMMKVi7CXJus6oetd1rdA+LqN+eOEtw4QlF9jjRKD8nv8WS9vsxRggr3HhDJ4Taka6T+pYjvIs6E=; 5:/9dQbV1yzx5X5uTCQay0ymE8FoeA2O/59Ydc22Y1ZKlF7KbS+DUVgW5Foq+pO2hrZZSjyI2hkEfx2d6areumTYcEu1lB6+9jV0WGxXuFcMWne81qmC7HMz23k1yXEOXR+qissME6IYBuxb6F9RUFouDRz44SOhWggV2nlltbRs8=; 24:sfu1jroqiJRT8yB04z9xlditYb2PcN5udERm47DuXxhujt7F52pTB2GT9kH+1kf9CqZAwjBGiC53a4kUL7JmXJ8xSv9fYs51pmrNSg1sK4g=; 7:hneOgvXA8K9C7QQwFPXmUNIvhUT9MDjakXgLtuQiKr8AusZEJ/s7s7wl73iNb8+nfcpBJYAfoDY6LozTILRsgzBXsy9y5qyMzwi1Pc/h/KIZq/P8icX2x4FBOI7ECQsK+ep4Wrm2AcjFYT9Bs0eDVNBt6ypsXcqCPolw1Ari5OhTeWpqcg+9vUSj7ZRvq36YPyQFMJug1NTZvRLPSd5FcnqafwdEwwV1pOGoUHAA0EqGDp9Ezn5krR5CtSUlzmB/ x-incomingheadercount: 43 x-eopattributedmessage: 0 x-ms-office365-filtering-correlation-id: d6ffe24b-2637-446b-4c6d-08d52ad3193c x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1601125374)(1603101448)(1701031045); SRVR:HE1EUR02HT179; x-ms-traffictypediagnostic: HE1EUR02HT179: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444000031); SRVR:HE1EUR02HT179; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:HE1EUR02HT179; x-forefront-prvs: 0490BBA1F0 x-forefront-antispam-report: SFV:NSPM; SFS:(7070007)(98901004); DIR:OUT; SFP:1901; SCL:1; SRVR:HE1EUR02HT179; H:DB6PR1001MB1238.EURPRD10.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: hotmail.com X-MS-Exchange-CrossTenant-Network-Message-Id: d6ffe24b-2637-446b-4c6d-08d52ad3193c X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Nov 2017 20:14:09.2016 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1EUR02HT179 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 20:14:13 -0000 Dear net mailing list, At the moment BINDS=92s default chroot behavior is to move all necessary fi= les to a directory specified in rc.conf as named_chrootdir. Afterwards the RC script creates a symlink from /usr/local/etc/namedb/ to t= he named_chrootdir so that config files etc can still be modified from /usr= /local/etc/ as that is where they belong. However, I find the chroot implementation of isc-dhcpd better. That is, ins= tead of creating a symlink, copying the files over each time the program is= (re)started. This has the additional benefit that if files in the chroot are compromised= they get overwritten by the originals on service restart. Could this be im= plemented for BIND as well? Another little question regarding chroot, is it possible to make net/kea ch= rootable? There are currently no such options in the kea rc script. With regards, Dries From owner-freebsd-net@freebsd.org Mon Nov 13 20:45:06 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9525CDD535D for ; Mon, 13 Nov 2017 20:45:06 +0000 (UTC) (envelope-from freebsd@dukhovni.org) Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 466457D5C5 for ; Mon, 13 Nov 2017 20:45:06 +0000 (UTC) (envelope-from freebsd@dukhovni.org) Received: from [10.71.24.64] (unknown [38.86.167.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id 2B6EF7A3309 for ; Mon, 13 Nov 2017 20:39:29 +0000 (UTC) (envelope-from freebsd@dukhovni.org) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\)) Subject: Re: chroot implementation of bind and kea From: Viktor Dukhovni In-Reply-To: Date: Mon, 13 Nov 2017 15:38:04 -0500 Content-Transfer-Encoding: quoted-printable Reply-To: freebsd-net@freebsd.org Message-Id: References: To: freebsd-net@freebsd.org X-Mailer: Apple Mail (2.3445.4.7) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 20:45:06 -0000 > On Nov 13, 2017, at 3:14 PM, Dries Michiels = wrote: >=20 >=20 > At the moment BINDS=E2=80=99s default chroot behavior is to move all = necessary files to a directory specified in rc.conf as named_chrootdir. > Afterwards the RC script creates a symlink from /usr/local/etc/namedb/ = to the named_chrootdir so that config files etc can still be modified = from /usr/local/etc/ as that is where they belong. > However, I find the chroot implementation of isc-dhcpd better. That = is, instead of creating a symlink, copying the files over each time the = program is (re)started. > This has the additional benefit that if files in the chroot are = compromised they get overwritten by the originals on service restart. = Could this be implemented for BIND as well? > Another little question regarding chroot, is it possible to make = net/kea chrootable? There are currently no such options in the kea rc = script. One detail to keep in mind is that validating nameservers need to be able to make persistent updates to the root zone trust-anchor keys in accordance RFC 5011. The root KSK will be updated some time next year and ideally periodically there-after. So at least the root zone trust-anchor keys need to persist across restarts and not be reset to their initial state. --=20 Viktor. From owner-freebsd-net@freebsd.org Mon Nov 13 21:02:15 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 887C8DD5B37 for ; Mon, 13 Nov 2017 21:02:15 +0000 (UTC) (envelope-from SRS0=iVBU=CL=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5014D7E1F4 for ; Mon, 13 Nov 2017 21:02:14 +0000 (UTC) (envelope-from SRS0=iVBU=CL=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 50A5128416 for ; Mon, 13 Nov 2017 22:02:06 +0100 (CET) Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz [86.49.16.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id A37ED2840C for ; Mon, 13 Nov 2017 22:02:04 +0100 (CET) Subject: Re: chroot implementation of bind and kea To: freebsd-net@freebsd.org References: From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: <5A0A084C.2000703@quip.cz> Date: Mon, 13 Nov 2017 22:02:04 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:42.0) Gecko/20100101 Firefox/42.0 SeaMonkey/2.39 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 21:02:15 -0000 Viktor Dukhovni wrote on 2017/11/13 21:38: > > >> On Nov 13, 2017, at 3:14 PM, Dries Michiels wrote: >> >> >> At the moment BINDS’s default chroot behavior is to move all necessary files to a directory specified in rc.conf as named_chrootdir. >> Afterwards the RC script creates a symlink from /usr/local/etc/namedb/ to the named_chrootdir so that config files etc can still be modified from /usr/local/etc/ as that is where they belong. >> However, I find the chroot implementation of isc-dhcpd better. That is, instead of creating a symlink, copying the files over each time the program is (re)started. >> This has the additional benefit that if files in the chroot are compromised they get overwritten by the originals on service restart. Could this be implemented for BIND as well? >> Another little question regarding chroot, is it possible to make net/kea chrootable? There are currently no such options in the kea rc script. > > One detail to keep in mind is that validating nameservers need to be > able to make persistent updates to the root zone trust-anchor keys > in accordance RFC 5011. The root KSK will be updated some time next > year and ideally periodically there-after. So at least the root > zone trust-anchor keys need to persist across restarts and not > be reset to their initial state. I think keys can be updated by updating the port or by some dedicated periodic script. It seems safer to me. Miroslav Lachman From owner-freebsd-net@freebsd.org Mon Nov 13 21:07:56 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B2B46DD5D16 for ; Mon, 13 Nov 2017 21:07:56 +0000 (UTC) (envelope-from freebsd@dukhovni.org) Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 900717E3FC for ; Mon, 13 Nov 2017 21:07:56 +0000 (UTC) (envelope-from freebsd@dukhovni.org) Received: from [10.200.0.109] (unknown [8.2.105.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id D6A8B7A3309 for ; Mon, 13 Nov 2017 21:07:54 +0000 (UTC) (envelope-from freebsd@dukhovni.org) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\)) Subject: Re: chroot implementation of bind and kea From: Viktor Dukhovni In-Reply-To: <5A0A084C.2000703@quip.cz> Date: Mon, 13 Nov 2017 16:07:35 -0500 Content-Transfer-Encoding: 7bit Reply-To: freebsd-net@freebsd.org Message-Id: References: <5A0A084C.2000703@quip.cz> To: freebsd-net@freebsd.org X-Mailer: Apple Mail (2.3445.4.7) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 21:07:56 -0000 > On Nov 13, 2017, at 4:02 PM, Miroslav Lachman <000.fbsd@quip.cz> wrote: > > I think keys can be updated by updating the port or by some dedicated > periodic script. It seems safer to me. In theory it may be safer. In practice, it tends to not happen in a timely manner, leading to outages. Automated RFC 5011 key rollover is a necessity. The package needs to support it by default. -- Viktor. From owner-freebsd-net@freebsd.org Tue Nov 14 01:46:28 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 67BFEC7C127 for ; Tue, 14 Nov 2017 01:46:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5594666CA9 for ; Tue, 14 Nov 2017 01:46:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vAE1kRlj073297 for ; Tue, 14 Nov 2017 01:46:28 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 221146] [ixgbe] Problem with second laggport Date: Tue, 14 Nov 2017 01:46:28 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-STABLE X-Bugzilla-Keywords: IntelNetworking, regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: mfc-stable11? X-Bugzilla-Changed-Fields: keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 01:46:28 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D221146 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |IntelNetworking --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Nov 14 09:52:58 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E417DB98D3 for ; Tue, 14 Nov 2017 09:52:58 +0000 (UTC) (envelope-from freebsd@omnilan.de) Received: from mx0.gentlemail.de (mx0.gentlemail.de [IPv6:2a00:e10:2800::a130]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1CA8F77968 for ; Tue, 14 Nov 2017 09:52:57 +0000 (UTC) (envelope-from freebsd@omnilan.de) Received: from mh0.gentlemail.de (ezra.dcm1.omnilan.net [IPv6:2a00:e10:2800::a135]) by mx0.gentlemail.de (8.14.5/8.14.5) with ESMTP id vAE9qu7w053106 for ; Tue, 14 Nov 2017 10:52:56 +0100 (CET) (envelope-from freebsd@omnilan.de) Received: from titan.inop.mo1.omnilan.net (s1.omnilan.de [217.91.127.234]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mh0.gentlemail.de (Postfix) with ESMTPSA id 1FE2BA1E; Tue, 14 Nov 2017 10:52:56 +0100 (CET) Message-ID: <5A0ABCF7.6080606@omnilan.de> Date: Tue, 14 Nov 2017 10:52:55 +0100 From: Harry Schmalzbauer Organization: OmniLAN User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; de-DE; rv:1.9.2.8) Gecko/20100906 Lightning/1.0b2 Thunderbird/3.1.2 MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: userland shutdown(2)? Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (mx0.gentlemail.de [IPv6:2a00:e10:2800::a130]); Tue, 14 Nov 2017 10:52:56 +0100 (CET) X-Milter: Spamilter (Reciever: mx0.gentlemail.de; Sender-ip: ; Sender-helo: mh0.gentlemail.de; ) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 09:52:58 -0000 Hello, stoping jails leaves open sockets with no process attached. (sockstat shows like this line: ? ? ? ? tcp6 2001:db8::fedc:389 2001:db8::abcd:15666 ) Since I make use of mount lines in jail.conf, umounting the root filesystem of the jail fails because "device busy". To avoid dirty filesystems after reboot of the host, my modified rc.d/jail updates the corresponding filesystem to be mounted readonly, but that's not a great solution. I'd like to get all sockets killed before jail vanishes. There's shutdown(2), which seems to do exactly what I want, but where/how to implement? Is there any userland tool utilizing shutdown(2)? Thanks, -Harry From owner-freebsd-net@freebsd.org Thu Nov 16 13:16:42 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5944BDDD997 for ; Thu, 16 Nov 2017 13:16:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 476647A8A5 for ; Thu, 16 Nov 2017 13:16:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vAGDGfJU061261 for ; Thu, 16 Nov 2017 13:16:42 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 219428] em network driver broken in current Date: Thu, 16 Nov 2017 13:16:41 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: sergey.dyatko@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 13:16:42 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219428 Sergey V. Dyatko changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sergey.dyatko@gmail.com --- Comment #9 from Sergey V. Dyatko --- Hi, I have SuperMicro server=20 smbios.planar.product=3D"X9DRW-3LN4F+/X9DRW-3TF+" running FreeBSD st3.domain.tld 12.0-CURRENT FreeBSD 12.0-CURRENT #0 r325556: Sun No= v 12 22:39:29 MSK 2017=20=20=20=20 root@st3.domain.tld:/usr/obj/usr/src/amd64.amd64/sys/GENERIC-NODEBUG amd64 with igb(4): igb0@pci0:4:0:0: class=3D0x020000 card=3D0x152115d9 chip=3D0x1521808= 6 rev=3D0x01 hdr=3D0x00 vendor =3D 'Intel Corporation' device =3D 'I350 Gigabit Network Connection' class =3D network subclass =3D ethernet igb1@pci0:4:0:1: class=3D0x020000 card=3D0x152115d9 chip=3D0x1521808= 6 rev=3D0x01 hdr=3D0x00 vendor =3D 'Intel Corporation' device =3D 'I350 Gigabit Network Connection' class =3D network subclass =3D ethernet igb2@pci0:129:0:0: class=3D0x020000 card=3D0x152115d9 chip=3D0x1521808= 6 rev=3D0x01 hdr=3D0x00 vendor =3D 'Intel Corporation' device =3D 'I350 Gigabit Network Connection' class =3D network subclass =3D ethernet igb3@pci0:129:0:3: class=3D0x020000 card=3D0x152115d9 chip=3D0x1521808= 6 rev=3D0x01 hdr=3D0x00 vendor =3D 'Intel Corporation' device =3D 'I350 Gigabit Network Connection' class =3D network subclass =3D ethernet # grep lagg /etc/rc.conf cloned_interfaces=3D"lagg0 vlan2" ifconfig_lagg0=3D"laggproto lacp laggport igb0 laggport igb1 laggport igb2 laggport igb3 62.x.x.x netmask 255.255.255.224" ifconfig_vlan2=3D"vlan 2 vlandev lagg0 192.168.2.3/24" after reboot all works fine: lagg0: flags=3D8843 metric 0 mtu 15= 00 =20=20=20=20=20=20=20 options=3De505bb ether 0c:c4:7a:4c:11:d2 inet 62.x.x.x netmask 0xffffffe0 broadcast 62.x.x.x=20 nd6 options=3D29 media: Ethernet autoselect status: active groups: lagg=20 laggproto lacp lagghash l2,l3,l4 laggport: igb0 flags=3D1c laggport: igb1 flags=3D1c laggport: igb2 flags=3D1c laggport: igb3 flags=3D1c but, after a while I see in messages something like this: Nov 16 09:35:30 st3 kernel: igb1: Interface stopped DISTRIBUTING, possible flapping (always igb1) then, after a while the server become unavailable over the network, if I op= en console via IPMI I could see following: igb1: TX(3) desc avail =3D 1024, pidx =3D 0 igb1: TX(3) desc avail =3D 1024, pidx =3D 0 igb1: TX(3) desc avail =3D 1024, pidx =3D 0 igb1: TX(3) desc avail =3D 1024, pidx =3D 0 after reboot all works fine again... --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Nov 16 14:39:00 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7B5C5DDF757 for ; Thu, 16 Nov 2017 14:39:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 691D27D0FB for ; Thu, 16 Nov 2017 14:39:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vAGEcwak046810 for ; Thu, 16 Nov 2017 14:39:00 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 219428] em network driver broken in current Date: Thu, 16 Nov 2017 14:38:59 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: madpilot@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 14:39:00 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219428 Guido Falsi changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |madpilot@FreeBSD.org --- Comment #10 from Guido Falsi --- I'm also seeing similar errors, I have this hardware: em0@pci0:0:31:6: class=3D0x020000 card=3D0x86721043 chip=3D0x15b8808= 6 rev=3D0x31 hdr=3D0x00 vendor =3D 'Intel Corporation' device =3D 'Ethernet Connection (2) I219-V' class =3D network subclass =3D ethernet Running "ifconfig em0 -tso4" makes the machine stable for me. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Nov 16 17:51:54 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DDDFBDE4457 for ; Thu, 16 Nov 2017 17:51:54 +0000 (UTC) (envelope-from ml@netfence.it) Received: from smtp207.alice.it (smtp207.alice.it [82.57.200.103]) by mx1.freebsd.org (Postfix) with ESMTP id 748983EF3 for ; Thu, 16 Nov 2017 17:51:53 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.ventu (79.40.26.62) by smtp207.alice.it (8.6.060.28) id 5A0BFD7B0037E9D2 for freebsd-net@freebsd.org; Thu, 16 Nov 2017 18:51:47 +0100 Received: from alamar.ventu (alamar.local.netfence.it [10.1.2.18]) by soth.ventu (8.15.2/8.15.2) with ESMTP id vAGHpk0T021214 for ; Thu, 16 Nov 2017 18:51:46 +0100 (CET) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.ventu: Host alamar.local.netfence.it [10.1.2.18] claimed to be alamar.ventu From: Andrea Venturoli Subject: bridge0 not working when cable disconnected To: freebsd-net@freebsd.org Message-ID: <59452bf1-25fb-970d-1d8d-5ca1463da4fd@netfence.it> Date: Thu, 16 Nov 2017 18:51:38 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 17:51:55 -0000 Hello. I've got the following setup: re0: 192.168.x.1 (main IP) 192.168.x.2 (jail) 192.168.x.3 (jail) 192.168.x.4 (jail) tap0: VM-bhyve VM (using 192.168.x.9) bridge0: connecting re0 and tap0. The VM used to work properly. Now, however, I've got the network cable temporarily disconnected from re0 and the VM seems to be isolated: it can't reach 192.168.x.1 or any jail or anything else (192.168.x.1 is its gateway). tcpdump on tap0 or bridge0 show packets coming out of the VM, but no answer going in. Pinging 192.168.x.9 from the host yields "no route to host". Can the network cable disconnection be the reason? I'm asking here since the box is physically in another place and I cannot try this now, but would like to do some work before I go there. Any other hint, otherwise? bye & Thanks av. From owner-freebsd-net@freebsd.org Thu Nov 16 18:01:57 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EF9DEDE48D6 for ; Thu, 16 Nov 2017 18:01:57 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 82608636C3 for ; Thu, 16 Nov 2017 18:01:56 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id vAGI1ggi051727 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 16 Nov 2017 19:01:43 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: ml@netfence.it Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id vAGI1Zk8029394 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 17 Nov 2017 01:01:35 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: bridge0 not working when cable disconnected To: Andrea Venturoli , freebsd-net@freebsd.org References: <59452bf1-25fb-970d-1d8d-5ca1463da4fd@netfence.it> From: Eugene Grosbein Message-ID: <5A0DD27A.3010304@grosbein.net> Date: Fri, 17 Nov 2017 01:01:30 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <59452bf1-25fb-970d-1d8d-5ca1463da4fd@netfence.it> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.6 LOCAL_FROM From my domains X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 18:01:58 -0000 17.11.2017 0:51, Andrea Venturoli wrote: > Hello. > > I've got the following setup: > re0: 192.168.x.1 (main IP) > 192.168.x.2 (jail) > 192.168.x.3 (jail) > 192.168.x.4 (jail) > tap0: VM-bhyve VM (using 192.168.x.9) > bridge0: connecting re0 and tap0. > > The VM used to work properly. > Now, however, I've got the network cable temporarily disconnected from re0 and the VM seems to be isolated: it can't reach 192.168.x.1 or any jail or anything else (192.168.x.1 is its gateway). > tcpdump on tap0 or bridge0 show packets coming out of the VM, but no answer going in. > Pinging 192.168.x.9 from the host yields "no route to host". > Can the network cable disconnection be the reason? > I'm asking here since the box is physically in another place and I cannot try this now, but would like to do some work before I go there. > > Any other hint, otherwise? If you add an interface to a bridge, you should remove all IP addresses from it and assign them to the bridge itself instead. And you will be fine. From owner-freebsd-net@freebsd.org Fri Nov 17 15:33:52 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7D237DDCEED for ; Fri, 17 Nov 2017 15:33:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6B4C66AA7A for ; Fri, 17 Nov 2017 15:33:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vAHFXqaE007854 for ; Fri, 17 Nov 2017 15:33:52 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 222314] ifconfig epair create panics the kernel (arm64) Date: Fri, 17 Nov 2017 15:33:52 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: arm X-Bugzilla-Version: 11.1-STABLE X-Bugzilla-Keywords: vimage X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: emaste@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: rep_platform Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2017 15:33:52 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222314 Ed Maste changed: What |Removed |Added ---------------------------------------------------------------------------- Hardware|amd64 |arm64 --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Fri Nov 17 16:56:53 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B5450DDE8C2 for ; Fri, 17 Nov 2017 16:56:53 +0000 (UTC) (envelope-from freebsd@omnilan.de) Received: from mx0.gentlemail.de (mx0.gentlemail.de [IPv6:2a00:e10:2800::a130]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4CFB26D536 for ; Fri, 17 Nov 2017 16:56:53 +0000 (UTC) (envelope-from freebsd@omnilan.de) Received: from mh0.gentlemail.de (mh0.gentlemail.de [78.138.80.135]) by mx0.gentlemail.de (8.14.5/8.14.5) with ESMTP id vAHGuoYt008468 for ; Fri, 17 Nov 2017 17:56:50 +0100 (CET) (envelope-from freebsd@omnilan.de) Received: from titan.inop.mo1.omnilan.net (s1.omnilan.de [217.91.127.234]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mh0.gentlemail.de (Postfix) with ESMTPSA id 557381C8; Fri, 17 Nov 2017 17:56:50 +0100 (CET) Message-ID: <5A0F14CD.3040407@omnilan.de> Date: Fri, 17 Nov 2017 17:56:45 +0100 From: Harry Schmalzbauer Organization: OmniLAN User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; de-DE; rv:1.9.2.8) Gecko/20100906 Lightning/1.0b2 Thunderbird/3.1.2 MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: netmap/vale periodic deadlock Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Greylist: ACL 129 matched, not delayed by milter-greylist-4.2.7 (mx0.gentlemail.de [78.138.80.130]); Fri, 17 Nov 2017 17:56:50 +0100 (CET) X-Milter: Spamilter (Reciever: mx0.gentlemail.de; Sender-ip: 78.138.80.135; Sender-helo: mh0.gentlemail.de; ) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2017 16:56:53 -0000 Hello, sorry for annoying with another question/problem. I'm using netmap's vale (on stable/11) for bhyve(8) virtio-net backed SDN. The guests – unfortunately in production already – quit network services (resp. are not able to transceive any packets anymore) after about 2 days; repeatedly and most likely not load related, since there is no significant load. Each guest is running fine, the host also runs without any other problem, no network problem elsewhere (different NICs; I use one dedicated NIC with vlan(4) children, each child connected to one vale switch). At some point, the complete netmap subsystem seems to deadlock: 'vale-ctl' hangs uninteruptable. Trying to attach a tcpdump to a vale switch also hands uninteruptable. Stoping (shuting down from inside) bhyve guests works up to the point where the vale port should be destroyed. I could continue the list of symptoms, but that doesn't help in any way I guess. My question is, where can I start finding out what happens with the netmap subsystem? There were no kernel messages right before or during the deadlock! The only userland tool I'm familar with (vale-ctl) isn't usable at all in that situation. Any hints what to try? Here's a excerpt of processes running when the netmap-lockuped host has all guests shut down, just before I rebooted. Snipped alot, the interesing ones are thos in state "netmap_g": … 0 14213 1 0 20 0 5864 0 wait IW 3 0:00,00 (sh) 0 14214 14213 0 -92 0 5358120 3586232 nm_kn_lo TC 3 148:02,02 bhyve: kallisto (bhyve) 0 14976 2522 0 20 0 6976 0 wait IW 3 0:00,00 su 0 14981 14976 0 20 0 8256 0 pause IW 3 0:00,00 _su (csh) 0 61615 14981 0 20 0 5864 0 wait IW 3 0:00,00 (sh) 0 61616 61615 0 52 0 2180648 1973252 netmap_g DEC 3 286:11,91 bhyve: preed (bhyve) 0 62845 14981 0 20 0 11624 3328 bdg lock L+ 3 0:00,01 tcpdump -n -e -s 150 -i vale1:test … 0 1390 1388 0 -92 0 2330024 767756 nm_kn_lo TC v0- 94:01,90 bhyve: styx0 (bhyve) 0 1401 1 0 52 0 5784 0 wait IW v0- 0:00,00 (sh) 0 1403 1401 0 20 0 368328 43444 - TC v0- 3:35,66 bhyve: korso (bhyve) … From owner-freebsd-net@freebsd.org Sat Nov 18 15:23:29 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 426D7DBD7E7 for ; Sat, 18 Nov 2017 15:23:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 30782733DF for ; Sat, 18 Nov 2017 15:23:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vAIFNSwL002500 for ; Sat, 18 Nov 2017 15:23:29 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 222314] ifconfig epair create panics the kernel (arm64) Date: Sat, 18 Nov 2017 15:23:28 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: arm X-Bugzilla-Version: 11.1-STABLE X-Bugzilla-Keywords: vimage X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: emaste@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: see_also Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 15:23:29 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222314 Ed Maste changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.freebsd.org/bu | |gzilla/show_bug.cgi?id=3D2= 236 | |70 --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Nov 18 16:58:52 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 864A7DBF837 for ; Sat, 18 Nov 2017 16:58:52 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) Received: from relay2.tomsk.ru (mail.sibptus.tomsk.ru [212.73.124.5]) by mx1.freebsd.org (Postfix) with ESMTP id 01D7C75F0F for ; Sat, 18 Nov 2017 16:58:50 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) X-Virus-Scanned: by clamd daemon 0.98.5_1 for FreeBSD at relay2.tomsk.ru Received: from [212.73.125.240] (HELO admin.sibptus.transneft.ru) by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.16) with ESMTPS id 39868839 for freebsd-net@freebsd.org; Sat, 18 Nov 2017 22:54:02 +0600 Received: from admin.sibptus.transneft.ru (sudakov@localhost [127.0.0.1]) by admin.sibptus.transneft.ru (8.15.2/8.15.2) with ESMTP id vAIGwj46073863 for ; Sat, 18 Nov 2017 23:58:47 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) Received: (from sudakov@localhost) by admin.sibptus.transneft.ru (8.15.2/8.15.2/Submit) id vAIGwhNO073862 for freebsd-net@freebsd.org; Sat, 18 Nov 2017 23:58:43 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) X-Authentication-Warning: admin.sibptus.transneft.ru: sudakov set sender to vas@mpeks.tomsk.su using -f Date: Sat, 18 Nov 2017 23:58:42 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: OpenVPN vs IPSec Message-ID: <20171118165842.GA73810@admin.sibptus.transneft.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: AO "Svyaztransneft", SibPTUS X-PGP-Key: http://www.dreamwidth.org/pubkey?user=victor_sudakov X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 16:58:52 -0000 Dear Colleagues, Is there any reason to prefer IPSec over OpenVPN for building VPNs between FreeBSD hosts and routers (and others compatible with OpenVPN like pfSense, OpenWRT etc)? I can see only advantages of OpenVPN (a single UDP port, a single userland daemon, no kernel rebuild required, a standard PKI, an easy way to push settings and routes to remote clients, nice monitoring feature etc). But maybe there is some huge advantage of IPSec I've skipped? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN AS43859 From owner-freebsd-net@freebsd.org Sat Nov 18 17:55:08 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1C4F1DC0922 for ; Sat, 18 Nov 2017 17:55:08 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A630777661 for ; Sat, 18 Nov 2017 17:55:06 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id vAIHsuvN073099 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 18 Nov 2017 18:54:56 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: vas@mpeks.tomsk.su Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id vAIHsq6U021442 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 19 Nov 2017 00:54:52 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: OpenVPN vs IPSec To: Victor Sudakov , freebsd-net@freebsd.org References: <20171118165842.GA73810@admin.sibptus.transneft.ru> From: Eugene Grosbein Message-ID: <5A1073E9.5050503@grosbein.net> Date: Sun, 19 Nov 2017 00:54:49 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <20171118165842.GA73810@admin.sibptus.transneft.ru> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 17:55:08 -0000 18.11.2017 23:58, Victor Sudakov wrote: > Is there any reason to prefer IPSec over OpenVPN for building VPNs > between FreeBSD hosts and routers (and others compatible with OpenVPN > like pfSense, OpenWRT etc)? > > I can see only advantages of OpenVPN (a single UDP port, a single > userland daemon, no kernel rebuild required, a standard PKI, an easy > way to push settings and routes to remote clients, nice monitoring > feature etc). But maybe there is some huge advantage of IPSec I've > skipped? OpenVPN may be fine for very simple setups. It is unusable for demanding cases like parallel site-to-site VPN tunnels with dynamic routing for same network prefix between such primary/backup tunnel; for other setups that need distinct full-blown network interface for each tunnel to process with SNMP agent/routing daemon/packet filters etc. because distinct OpenVPN instances cannot share routing correctly in beetween. In short, OpenVPN just is not designed to play nice and standard-compiliant way with other parts of the system and sometimes that's unacceptable. And sometimes that's irrelevant. From owner-freebsd-net@freebsd.org Sat Nov 18 18:26:09 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2AB1CDC1186 for ; Sat, 18 Nov 2017 18:26:09 +0000 (UTC) (envelope-from m.muenz@spam-fetish.org) Received: from mailout-02.maxonline.de (mailout-02.maxonline.de [81.24.66.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DDE8178324 for ; Sat, 18 Nov 2017 18:26:08 +0000 (UTC) (envelope-from m.muenz@spam-fetish.org) Received: from web03-01.max-it.de (web03-01.max-it.de [81.24.64.215]) by mailout-02.maxonline.de (Postfix) with ESMTPS id 813D767 for ; Sat, 18 Nov 2017 19:17:38 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by web03-01.max-it.de (Postfix) with ESMTP id 763EC28B83B for ; Sat, 18 Nov 2017 19:17:38 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at web03-01.max-it.de Received: from web03-01.max-it.de ([127.0.0.1]) by localhost (web03-01.max-it.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id JFKT5h9mDLlX for ; Sat, 18 Nov 2017 19:17:38 +0100 (CET) Received: from [81.24.66.132] (unknown [81.24.66.132]) (Authenticated sender: m.muenz@spam-fetish.org) by web03-01.max-it.de (Postfix) with ESMTPA id 40C1328B839 for ; Sat, 18 Nov 2017 19:17:38 +0100 (CET) Subject: Re: OpenVPN vs IPSec To: freebsd-net@freebsd.org References: <20171118165842.GA73810@admin.sibptus.transneft.ru> From: "Muenz, Michael" Message-ID: Date: Sat, 18 Nov 2017 19:17:37 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <20171118165842.GA73810@admin.sibptus.transneft.ru> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 18:26:09 -0000 Am 18.11.2017 um 17:58 schrieb Victor Sudakov: > Dear Colleagues, > > Is there any reason to prefer IPSec over OpenVPN for building VPNs > between FreeBSD hosts and routers (and others compatible with OpenVPN > like pfSense, OpenWRT etc)? > > I can see only advantages of OpenVPN (a single UDP port, a single > userland daemon, no kernel rebuild required, a standard PKI, an easy > way to push settings and routes to remote clients, nice monitoring > feature etc). But maybe there is some huge advantage of IPSec I've > skipped? > Hi, partners/customers with Cisco IOS or ASA wont be able to partner up without IPSEC. Michael From owner-freebsd-net@freebsd.org Sat Nov 18 22:49:42 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6D74EDDE492 for ; Sat, 18 Nov 2017 22:49:42 +0000 (UTC) (envelope-from jim@netgate.com) Received: from mail-ot0-x22a.google.com (mail-ot0-x22a.google.com [IPv6:2607:f8b0:4003:c0f::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2CAFD8053F for ; Sat, 18 Nov 2017 22:49:42 +0000 (UTC) (envelope-from jim@netgate.com) Received: by mail-ot0-x22a.google.com with SMTP id s4so4892730ote.4 for ; Sat, 18 Nov 2017 14:49:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netgate.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=2TvJVj8UJC4Mp2jiex7qFytCEM9o+JH+KfN7EmH1/so=; b=fiN4NgxS7c089eHhhLpDrfsjk2pcTqAEo1ZGGzs2N9jELQTK9LTQpgvrIznqGIPggp zkFTEGZkaXFeneyf0iTzrSvmuClvhhzprMs/Xs5O0HsPEU25rnZVYH4efv5aP9MY8VJv iTWbyB7qLuS2CP9uyzMRQbj+7ZC8pSnTVr+ZE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=2TvJVj8UJC4Mp2jiex7qFytCEM9o+JH+KfN7EmH1/so=; b=FTf5Ve+sYTs80m0Bh/zbQLa3Q2aUVQsV8Crj2v3Coi9kDRkJTfB+yQY+hWBk2Cg/4f hez8Z+AwEkUsskA8iEIPpAPT6PUYBuKWGVFix57dm8DFe9Jthe+6HTG/DY9TtVWpAfKm 3mravMKoxMAVASuEwFuJSFufsUBDN1O+JtRCX2lhhQNbjZgpvM9XqwlF++fdvPZv3RPn v9Qc3v+oneiAIa5HrF7CfMP49xzwHa215Yeu69gyPxvIk955w0DPhBgxVKu++qwL78NV l11rt3erafCKp70tBXQcoZ6YfACRgqTkeS0MCfOp8tu+rEBiCKa0Mfma+D1iCbDY/yxa H7xw== X-Gm-Message-State: AJaThX6hjWbOp+haFWfGcEfUvdjUq6pQ2xovXlMgrYCiTksvRjy7u58E Kw68r6DBBCZcCJLs299IshjQDkonH5Q= X-Google-Smtp-Source: AGs4zMZCJsxLZQBXxPDzm8v4tawmGRTtzXO+XELTeIF/FGVMRPTM78eBZxnG2Bc2flkI8o8qIcfYzQ== X-Received: by 10.157.12.150 with SMTP id b22mr5565128otb.390.1511045380922; Sat, 18 Nov 2017 14:49:40 -0800 (PST) Received: from [172.21.0.131] (65-36-116-65.dyn.grandenetworks.net. [65.36.116.65]) by smtp.gmail.com with ESMTPSA id 94sm3221659otq.16.2017.11.18.14.49.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 18 Nov 2017 14:49:40 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: OpenVPN vs IPSec From: Jim Thompson X-Mailer: iPhone Mail (15B93) In-Reply-To: <20171118165842.GA73810@admin.sibptus.transneft.ru> Date: Sat, 18 Nov 2017 16:49:39 -0600 Cc: freebsd-net@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20171118165842.GA73810@admin.sibptus.transneft.ru> To: Victor Sudakov X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 22:49:42 -0000 Performance is better with IPsec. It=E2=80=99s a standard, too.=20 > On Nov 18, 2017, at 10:58 AM, Victor Sudakov wrote: >=20 > Dear Colleagues, >=20 > Is there any reason to prefer IPSec over OpenVPN for building VPNs > between FreeBSD hosts and routers (and others compatible with OpenVPN > like pfSense, OpenWRT etc)? >=20 > I can see only advantages of OpenVPN (a single UDP port, a single > userland daemon, no kernel rebuild required, a standard PKI, an easy > way to push settings and routes to remote clients, nice monitoring > feature etc). But maybe there is some huge advantage of IPSec I've > skipped? >=20 > --=20 > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > AS43859 > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"