From owner-freebsd-net@freebsd.org Sun Nov 3 01:59:07 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6A02F17FD90 for ; Sun, 3 Nov 2019 01:59:07 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (mail.karels.net [216.160.39.52]) by mx1.freebsd.org (Postfix) with ESMTP id 475Jy15vxFz4TjT for ; Sun, 3 Nov 2019 01:59:05 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (localhost [127.0.0.1]) by mail.karels.net (8.15.2/8.15.2) with ESMTP id xA31x4he052393; Sat, 2 Nov 2019 20:59:04 -0500 (CDT) (envelope-from mike@karels.net) Message-Id: <201911030159.xA31x4he052393@mail.karels.net> To: "Rodney W. Grimes" cc: Victor Gamov , freebsd-net@freebsd.org From: Mike Karels Reply-to: mike@karels.net Subject: Re: FreeBSD as multicast router In-reply-to: Your message of Sat, 02 Nov 2019 15:43:33 -0700. <201911022243.xA2MhXIm093435@gndrsh.dnsmgr.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <52391.1572746344.1@mail.karels.net> Content-Transfer-Encoding: quoted-printable Date: Sat, 02 Nov 2019 20:59:04 -0500 X-Rspamd-Queue-Id: 475Jy15vxFz4TjT X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mike@karels.net designates 216.160.39.52 as permitted sender) smtp.mailfrom=mike@karels.net X-Spamd-Result: default: False [-3.93 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[mike@karels.net]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:216.160.39.52]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[karels.net]; REPLYTO_ADDR_EQ_FROM(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_SCORE(-1.73)[ip: (-5.87), ipnet: 216.160.0.0/15(-2.73), asn: 209(-0.02), country: US(-0.05)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:209, ipnet:216.160.0.0/15, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Nov 2019 01:59:07 -0000 > > Hi All > > = > > I have (noob) questions about multicast routing under FreeBSD. > > = > > I have FreeBSD box with two (or more) multicast enabled interfaces (e.= x. = > > vlan750 and vlan299). vlan750 connected to multicast source. > > = > > Then pimd installed and only this two interfaces enabled in pimd confi= g. = > > Multicast routes successfully installed by pimd and listed by `netstat= = > > -g -f inet` > > = > > Then client on vlan299 send IGMP-Join (this Join received by FreeBSD o= n = > > vlan299) > > = > > The question is: who will forward muilticast from one interface = > > (vlan750) to another (vlan299)? Is it kernel specific job or I need = > > additional software? > Please read the manpage multicast(4) "man 4 multicast", > you should need to build a custom kernel with the "options MROUTING" > to enable the multicast forwarding in the kernel. If "netstat -g" shows routes, the kernel must have been built with "option= s MROUTING". The kernel does the forwarding, according to those routing tables installe= d by pimd or another multicast routing program. Is it not working? It soun= ds like you are very close. > > Victor Gamov > -- = > Rod Grimes rgrimes@freeb= sd.org Mike From owner-freebsd-net@freebsd.org Sun Nov 3 02:09:15 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D6D611A13FD for ; Sun, 3 Nov 2019 02:09:15 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 475K9k6Hntz4VGb for ; Sun, 3 Nov 2019 02:09:14 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1]) by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id xA329AIP094173; Sat, 2 Nov 2019 19:09:10 -0700 (PDT) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: (from freebsd-rwg@localhost) by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id xA329AwE094172; Sat, 2 Nov 2019 19:09:10 -0700 (PDT) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <201911030209.xA329AwE094172@gndrsh.dnsmgr.net> Subject: Re: FreeBSD as multicast router In-Reply-To: <201911030159.xA31x4he052393@mail.karels.net> To: mike@karels.net Date: Sat, 2 Nov 2019 19:09:10 -0700 (PDT) CC: "Rodney W. Grimes" , freebsd-net@freebsd.org, Victor Gamov X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Rspamd-Queue-Id: 475K9k6Hntz4VGb X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd-rwg@gndrsh.dnsmgr.net has no SPF policy when checking 69.59.192.140) smtp.mailfrom=freebsd-rwg@gndrsh.dnsmgr.net X-Spamd-Result: default: False [-0.67 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.80)[-0.800,0]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[dnsmgr.net]; AUTH_NA(1.00)[]; NEURAL_HAM_LONG(-0.81)[-0.814,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:13868, ipnet:69.59.192.0/19, country:US]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.04)[ip: (0.14), ipnet: 69.59.192.0/19(0.07), asn: 13868(0.04), country: US(-0.05)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Nov 2019 02:09:15 -0000 > > > Hi All > > > > > > I have (noob) questions about multicast routing under FreeBSD. > > > > > > I have FreeBSD box with two (or more) multicast enabled interfaces (e.x. > > > vlan750 and vlan299). vlan750 connected to multicast source. > > > > > > Then pimd installed and only this two interfaces enabled in pimd config. > > > Multicast routes successfully installed by pimd and listed by `netstat > > > -g -f inet` > > > > > > Then client on vlan299 send IGMP-Join (this Join received by FreeBSD on > > > vlan299) > > > > > > The question is: who will forward muilticast from one interface > > > (vlan750) to another (vlan299)? Is it kernel specific job or I need > > > additional software? > > > Please read the manpage multicast(4) "man 4 multicast", > > you should need to build a custom kernel with the "options MROUTING" > > to enable the multicast forwarding in the kernel. > > If "netstat -g" shows routes, the kernel must have been built with "options > MROUTING". Indeed. > > The kernel does the forwarding, according to those routing tables installed > by pimd or another multicast routing program. Is it not working? It sounds > like you are very close. Could it be sysctl net.inet.ip.forwarding? Does that still apply to mroutes? > > > > Victor Gamov > > > -- > > Rod Grimes rgrimes@freebsd.org > > Mike > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- Rod Grimes rgrimes@freebsd.org From owner-freebsd-net@freebsd.org Sun Nov 3 05:22:10 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 281101A6D0B for ; Sun, 3 Nov 2019 05:22:10 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (mail.karels.net [216.160.39.52]) by mx1.freebsd.org (Postfix) with ESMTP id 475PSJ4Nh7z4fxf for ; Sun, 3 Nov 2019 05:22:08 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (localhost [127.0.0.1]) by mail.karels.net (8.15.2/8.15.2) with ESMTP id xA35M1fW052952; Sun, 3 Nov 2019 00:22:01 -0500 (CDT) (envelope-from mike@karels.net) Message-Id: <201911030522.xA35M1fW052952@mail.karels.net> To: "Rodney W. Grimes" cc: freebsd-net@freebsd.org, Victor Gamov From: Mike Karels Reply-to: mike@karels.net Subject: Re: FreeBSD as multicast router In-reply-to: Your message of Sat, 02 Nov 2019 19:09:10 -0700. <201911030209.xA329AwE094172@gndrsh.dnsmgr.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <52950.1572758521.1@mail.karels.net> Content-Transfer-Encoding: quoted-printable Date: Sun, 03 Nov 2019 00:22:01 -0500 X-Rspamd-Queue-Id: 475PSJ4Nh7z4fxf X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mike@karels.net designates 216.160.39.52 as permitted sender) smtp.mailfrom=mike@karels.net X-Spamd-Result: default: False [-3.97 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[mike@karels.net]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:216.160.39.52]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[karels.net]; REPLYTO_ADDR_EQ_FROM(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_SCORE(-1.77)[ip: (-5.97), ipnet: 216.160.0.0/15(-2.80), asn: 209(-0.02), country: US(-0.05)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:209, ipnet:216.160.0.0/15, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Nov 2019 05:22:10 -0000 > > > > Hi All > > > > = > > > > I have (noob) questions about multicast routing under FreeBSD. > > > > = > > > > I have FreeBSD box with two (or more) multicast enabled interfaces= (e.x. = > > > > vlan750 and vlan299). vlan750 connected to multicast source. > > > > = > > > > Then pimd installed and only this two interfaces enabled in pimd c= onfig. = > > > > Multicast routes successfully installed by pimd and listed by `net= stat = > > > > -g -f inet` > > > > = > > > > Then client on vlan299 send IGMP-Join (this Join received by FreeB= SD on = > > > > vlan299) > > > > = > > > > The question is: who will forward muilticast from one interface = > > > > (vlan750) to another (vlan299)? Is it kernel specific job or I ne= ed = > > > > additional software? > > = > > > Please read the manpage multicast(4) "man 4 multicast", > > > you should need to build a custom kernel with the "options MROUTING" > > > to enable the multicast forwarding in the kernel. > > = > > If "netstat -g" shows routes, the kernel must have been built with "op= tions > > MROUTING". > Indeed. > > = > > The kernel does the forwarding, according to those routing tables inst= alled > > by pimd or another multicast routing program. Is it not working? It = sounds > > like you are very close. > Could it be sysctl net.inet.ip.forwarding? Does that still apply to mro= utes? No, they are separate. The test is just whether MROUTING is enabled, and whether a multicast router like pimd is active. One other thing to check would be "netstat -gs" (multicast stats). > > = > > > > Victor Gamov > > = > > > -- = > > > Rod Grimes rgrimes@f= reebsd.org > > = > > Mike > -- = > Rod Grimes rgrimes@freeb= sd.org Mike From owner-freebsd-net@freebsd.org Sun Nov 3 21:00:36 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9B8611A2986 for ; Sun, 3 Nov 2019 21:00:36 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 475pH82cnsz3FWV for ; Sun, 3 Nov 2019 21:00:36 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.nyi.freebsd.org (Postfix) id 59BF11A297C; Sun, 3 Nov 2019 21:00:36 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 595F81A297B for ; Sun, 3 Nov 2019 21:00:36 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 475pH81jz2z3FVq for ; Sun, 3 Nov 2019 21:00:36 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 11E221991D for ; Sun, 3 Nov 2019 21:00:36 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA3L0ZCT072606 for ; Sun, 3 Nov 2019 21:00:35 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA3L0Zf6072598 for net@FreeBSD.org; Sun, 3 Nov 2019 21:00:35 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201911032100.xA3L0Zf6072598@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: net@FreeBSD.org Subject: Problem reports for net@FreeBSD.org that need special attention Date: Sun, 3 Nov 2019 21:00:35 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Nov 2019 21:00:36 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- In Progress | 221146 | [ixgbe] Problem with second laggport In Progress | 235700 | oce(4) driver causes fatal trap 12 on boot with e New | 204438 | setsockopt() handling of kern.ipc.maxsockbuf limi New | 205592 | TCP processing in IPSec causes kernel panic New | 213410 | [carp] service netif restart causes hang only whe Open | 193452 | Dell PowerEdge 210 II -- Kernel panic bce (broadc Open | 194485 | Userland cannot add IPv6 prefix routes Open | 200319 | Bridge+CARP crashes/freezes Open | 202510 | [CARP] advertisements sourced from CARP IP cause Open | 210726 | tcp connect() can return invalid EADDRINUSE (Eg: Open | 222273 | igb(4): Kernel panic (fatal trap 12) due to netwo Open | 225438 | panic in6_unlink_ifa() due to race Open | 227720 | Kernel panic in ppp server Open | 236888 | ppp daemon: Allow MTU to be overridden for PPPoE Open | 236983 | bnxt(4) VLAN not operational unless explicit "ifc Open | 237072 | netgraph(4): performance issue [on HardenedBSD]? Open | 237391 | route get returns no result for network addresses Open | 237840 | Removed dummynet dependency on ipfw Open | 238324 | Add XG-C100C/AQtion AQC107 10GbE NIC driver Open | 240530 | netgraph/ng_source: Allow ng_source to inject int Open | 240608 | if_vmx(4): iflib - Panic with INVARIANTS: Memory Open | 240944 | em(4): Crash with Intel 82571EB NIC with AMD Pile Open | 240969 | netinet6: Neighbour reachability detection broken Open | 241106 | tun/ppp: panic: vm_fault: fault on nofault entry Open | 241162 | Panic in closefp() triggered by nginx (uwsgi with Open | 241191 | route flush panic with RADIX_MPATH 26 problems total for which you should take action. From owner-freebsd-net@freebsd.org Mon Nov 4 10:50:47 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D236D17B99C for ; Mon, 4 Nov 2019 10:50:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4768j35Hwjz4GlJ for ; Mon, 4 Nov 2019 10:50:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id B5A5517B99A; Mon, 4 Nov 2019 10:50:47 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B55EF17B999 for ; Mon, 4 Nov 2019 10:50:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4768j34SmQz4GlD for ; Mon, 4 Nov 2019 10:50:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7DDA622DB9 for ; Mon, 4 Nov 2019 10:50:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA4AolOm093594 for ; Mon, 4 Nov 2019 10:50:47 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA4AolLj093593 for net@FreeBSD.org; Mon, 4 Nov 2019 10:50:47 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241704] if_tap: Not using random MAC upon creation Date: Mon, 04 Nov 2019 10:50:46 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_status cc short_desc flagtypes.name keywords assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Nov 2019 10:50:47 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241704 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Open CC| |kevans@freebsd.org, | |net@FreeBSD.org Summary|if_tap not using random MAC |if_tap: Not using random |upon creation |MAC upon creation Flags| |maintainer-feedback?(kevans | |@freebsd.org) Keywords| |needs-qa, regression Assignee|bugs@FreeBSD.org |net@FreeBSD.org --- Comment #1 from Kubilay Kocak --- Thank you for the report Zane Could you please provide additional information including: - Exact uname -a output - /etc/rc.conf output, (as an attachment), sanitized where necessary - /var/run/dmesg.boot output (as an attachment - openvpn configuration (as an attachment) sanitized for any key/password material and hostnames/ips) - The version of FreeBSD you were on prior to the update to stable/12 @ r35= 4217 --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Nov 4 11:14:12 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7133917C49E for ; Mon, 4 Nov 2019 11:14:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4769D42Q57z4J29 for ; Mon, 4 Nov 2019 11:14:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 50F7E17C49D; Mon, 4 Nov 2019 11:14:12 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 50B9917C49C for ; Mon, 4 Nov 2019 11:14:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4769D41V7Xz4J28 for ; Mon, 4 Nov 2019 11:14:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 16EBF2332C for ; Mon, 4 Nov 2019 11:14:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA4BEB95054803 for ; Mon, 4 Nov 2019 11:14:11 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA4BEBPU054801 for net@FreeBSD.org; Mon, 4 Nov 2019 11:14:11 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 236983] bnxt(4) VLAN not operational unless explicit "ifconfig promisc" is used on the physical IF Date: Mon, 04 Nov 2019 11:14:11 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.2-STABLE X-Bugzilla-Keywords: needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: bhargava.marreddy@broadcom.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable11? mfc-stable12? X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Nov 2019 11:14:12 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236983 Bhargava Chenna. Marreddy changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bhargava.marreddy@broadcom. | |com --- Comment #17 from Bhargava Chenna. Marreddy --- Stephen Hurd,=20 Thank you for the patch, Can you please let me know if this issue got resol= ved? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Nov 4 11:59:18 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0D97617DB4B for ; Mon, 4 Nov 2019 11:59:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 476BD56hKxz4LQ4 for ; Mon, 4 Nov 2019 11:59:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id E589217DB4A; Mon, 4 Nov 2019 11:59:17 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E552317DB49 for ; Mon, 4 Nov 2019 11:59:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 476BD55mjPz4LQ3 for ; Mon, 4 Nov 2019 11:59:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AAD8223A82 for ; Mon, 4 Nov 2019 11:59:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA4BxHMn080721 for ; Mon, 4 Nov 2019 11:59:17 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA4BxHrB080719 for net@FreeBSD.org; Mon, 4 Nov 2019 11:59:17 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241704] if_tap: Not using random MAC upon creation Date: Mon, 04 Nov 2019 11:59:17 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vvelox@vvelox.net X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Nov 2019 11:59:18 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241704 --- Comment #2 from Zane C. Bowers-Hadley --- Created attachment 208846 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D208846&action= =3Dedit relevant client rc.conf bits --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Nov 4 11:59:48 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 32C0017DBD2 for ; Mon, 4 Nov 2019 11:59:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 476BDh0d9xz4LTn for ; Mon, 4 Nov 2019 11:59:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 1580417DBD1; Mon, 4 Nov 2019 11:59:48 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1544217DBD0 for ; Mon, 4 Nov 2019 11:59:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 476BDg6syvz4LTm for ; Mon, 4 Nov 2019 11:59:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D025723A86 for ; Mon, 4 Nov 2019 11:59:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA4BxlQk081321 for ; Mon, 4 Nov 2019 11:59:47 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA4Bxli9081320 for net@FreeBSD.org; Mon, 4 Nov 2019 11:59:47 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241704] if_tap: Not using random MAC upon creation Date: Mon, 04 Nov 2019 11:59:48 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vvelox@vvelox.net X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Nov 2019 11:59:48 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241704 --- Comment #3 from Zane C. Bowers-Hadley --- Created attachment 208847 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D208847&action= =3Dedit relevant server rc.conf bits --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Nov 4 12:01:35 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0776617E5B3 for ; Mon, 4 Nov 2019 12:01:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 476BGk5LXHz4Lt4 for ; Mon, 4 Nov 2019 12:01:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id B75D217E5B1; Mon, 4 Nov 2019 12:01:34 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B716217E5B0 for ; Mon, 4 Nov 2019 12:01:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 476BGk4Ty7z4Lt2 for ; Mon, 4 Nov 2019 12:01:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7E9AE23BEA for ; Mon, 4 Nov 2019 12:01:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA4C1Yuj046786 for ; Mon, 4 Nov 2019 12:01:34 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA4C1YFR046780 for net@FreeBSD.org; Mon, 4 Nov 2019 12:01:34 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241704] if_tap: Not using random MAC upon creation Date: Mon, 04 Nov 2019 12:01:34 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vvelox@vvelox.net X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Nov 2019 12:01:35 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241704 --- Comment #4 from Zane C. Bowers-Hadley --- Created attachment 208848 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D208848&action= =3Dedit client openvpn config --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Nov 4 12:01:54 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 27BDE17E68C for ; Mon, 4 Nov 2019 12:01:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 476BH60MSsz4LyP for ; Mon, 4 Nov 2019 12:01:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 0C69D17E68B; Mon, 4 Nov 2019 12:01:54 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0C32217E68A for ; Mon, 4 Nov 2019 12:01:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 476BH56fg6z4LyN for ; Mon, 4 Nov 2019 12:01:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C78A923C0B for ; Mon, 4 Nov 2019 12:01:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA4C1rkl062278 for ; Mon, 4 Nov 2019 12:01:53 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA4C1r21062268 for net@FreeBSD.org; Mon, 4 Nov 2019 12:01:53 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241704] if_tap: Not using random MAC upon creation Date: Mon, 04 Nov 2019 12:01:53 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vvelox@vvelox.net X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Nov 2019 12:01:54 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241704 --- Comment #5 from Zane C. Bowers-Hadley --- Created attachment 208849 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D208849&action= =3Dedit server openvpn config --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Nov 4 12:02:31 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B149217E795 for ; Mon, 4 Nov 2019 12:02:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 476BHq4HFDz4MCN for ; Mon, 4 Nov 2019 12:02:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 92EDB17E791; Mon, 4 Nov 2019 12:02:31 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 92B1B17E790 for ; Mon, 4 Nov 2019 12:02:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 476BHq3S1cz4MCM for ; Mon, 4 Nov 2019 12:02:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5A8E923C54 for ; Mon, 4 Nov 2019 12:02:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA4C2VZf095628 for ; Mon, 4 Nov 2019 12:02:31 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA4C2Vaw095617 for net@FreeBSD.org; Mon, 4 Nov 2019 12:02:31 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241704] if_tap: Not using random MAC upon creation Date: Mon, 04 Nov 2019 12:02:31 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vvelox@vvelox.net X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Nov 2019 12:02:31 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241704 --- Comment #6 from Zane C. Bowers-Hadley --- Created attachment 208850 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D208850&action= =3Dedit client boot dmesg --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Nov 4 12:03:16 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2E74717E89C for ; Mon, 4 Nov 2019 12:03:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 476BJh0T1jz4MNC for ; Mon, 4 Nov 2019 12:03:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 1014117E89B; Mon, 4 Nov 2019 12:03:16 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0FD4D17E899 for ; Mon, 4 Nov 2019 12:03:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 476BJg6kwRz4MNB for ; Mon, 4 Nov 2019 12:03:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CBE8A23C5B for ; Mon, 4 Nov 2019 12:03:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA4C3Fv5029778 for ; Mon, 4 Nov 2019 12:03:15 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA4C3FGR029767 for net@FreeBSD.org; Mon, 4 Nov 2019 12:03:15 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241704] if_tap: Not using random MAC upon creation Date: Mon, 04 Nov 2019 12:03:15 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vvelox@vvelox.net X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Nov 2019 12:03:16 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241704 --- Comment #7 from Zane C. Bowers-Hadley --- Created attachment 208851 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D208851&action= =3Dedit server boot dmesg --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Nov 4 12:06:54 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CEBBD17EAC8 for ; Mon, 4 Nov 2019 12:06:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 476BNt58xmz4MYn for ; Mon, 4 Nov 2019 12:06:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id AF42817EAC7; Mon, 4 Nov 2019 12:06:54 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AF00017EAC6 for ; Mon, 4 Nov 2019 12:06:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 476BNt4GSTz4MYl for ; Mon, 4 Nov 2019 12:06:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7678723C63 for ; Mon, 4 Nov 2019 12:06:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA4C6sQd083803 for ; Mon, 4 Nov 2019 12:06:54 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA4C6stH083791 for net@FreeBSD.org; Mon, 4 Nov 2019 12:06:54 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241704] if_tap: Not using random MAC upon creation Date: Mon, 04 Nov 2019 12:06:54 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vvelox@vvelox.net X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Nov 2019 12:06:54 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241704 --- Comment #8 from Zane C. Bowers-Hadley --- Created attachment 208852 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D208852&action= =3Dedit kernel config... includes ALTQ bits and GENERIC --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Nov 4 12:15:35 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 387F317F239 for ; Mon, 4 Nov 2019 12:15:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 476BZv0mhGz4NDr for ; Mon, 4 Nov 2019 12:15:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 1890217F238; Mon, 4 Nov 2019 12:15:35 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 184BE17F237 for ; Mon, 4 Nov 2019 12:15:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 476BZt70Gjz4NDq for ; Mon, 4 Nov 2019 12:15:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D0A2023E49 for ; Mon, 4 Nov 2019 12:15:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA4CFY7P094108 for ; Mon, 4 Nov 2019 12:15:34 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA4CFYcj094097 for net@FreeBSD.org; Mon, 4 Nov 2019 12:15:34 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241704] if_tap: Not using random MAC upon creation Date: Mon, 04 Nov 2019 12:15:34 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vvelox@vvelox.net X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Nov 2019 12:15:35 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241704 --- Comment #9 from Zane C. Bowers-Hadley --- FreeBSD vixen42.vulpes.vvelox.net 12.1-STABLE FreeBSD 12.1-STABLE r354217 vixen42 amd64 Forget what the earlier version was. Was like a 12-STABLE from a few months back. Likely r346624 or around there. Tested on r346624 and it does not exh= ibit that behavior at all. Nothing though that should be causing this in the config. Was Same config p= rior to reboot. The openvpn stuff is irrelevant as well. For example openvpn will never have touched tap6 in the config and if I do ifconfig tap6 create it w= ill end up with the MAC 58:9c:fc:10:ff:86. --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Nov 4 17:39:47 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0054D1AA1EE for ; Mon, 4 Nov 2019 17:39:47 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from mail.otcnet.ru (mail.otcnet.ru [194.190.78.3]) by mx1.freebsd.org (Postfix) with ESMTP id 476Kmx0wwsz46jD for ; Mon, 4 Nov 2019 17:39:44 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from MacBook-Gamov.local (unknown [195.91.148.145]) by mail.otcnet.ru (Postfix) with ESMTPSA id 5375E72B99; Mon, 4 Nov 2019 20:39:36 +0300 (MSK) Subject: Re: FreeBSD as multicast router To: mike@karels.net, "Rodney W. Grimes" Cc: freebsd-net@freebsd.org References: <201911030522.xA35M1fW052952@mail.karels.net> From: Victor Gamov Organization: OstankinoTelecom Message-ID: <8401b22b-be4a-c10c-fb86-0b44beac57e0@otcnet.ru> Date: Mon, 4 Nov 2019 20:39:15 +0300 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: <201911030522.xA35M1fW052952@mail.karels.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 476Kmx0wwsz46jD X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of vit@otcnet.ru designates 194.190.78.3 as permitted sender) smtp.mailfrom=vit@otcnet.ru X-Spamd-Result: default: False [-5.52 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+a:mail.otcnet.ru]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[otcnet.ru]; TO_DN_SOME(0.00)[]; HAS_ORG_HEADER(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_SCORE(-3.32)[ip: (-8.75), ipnet: 194.190.78.0/24(-4.37), asn: 50822(-3.50), country: RU(0.01)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:50822, ipnet:194.190.78.0/24, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Nov 2019 17:39:47 -0000 On 03/11/2019 08:22, Mike Karels wrote: >>>>> Hi All >>>>> >>>>> I have (noob) questions about multicast routing under FreeBSD. >>>>> >>>>> I have FreeBSD box with two (or more) multicast enabled interfaces (e.x. >>>>> vlan750 and vlan299). vlan750 connected to multicast source. >>>>> >>>>> Then pimd installed and only this two interfaces enabled in pimd config. >>>>> Multicast routes successfully installed by pimd and listed by `netstat >>>>> -g -f inet` >>>>> >>>>> Then client on vlan299 send IGMP-Join (this Join received by FreeBSD on >>>>> vlan299) >>>>> >>>>> The question is: who will forward muilticast from one interface >>>>> (vlan750) to another (vlan299)? Is it kernel specific job or I need >>>>> additional software? >>> >>>> Please read the manpage multicast(4) "man 4 multicast", >>>> you should need to build a custom kernel with the "options MROUTING" >>>> to enable the multicast forwarding in the kernel. >>> >>> If "netstat -g" shows routes, the kernel must have been built with "options >>> MROUTING". > >> Indeed. > >>> >>> The kernel does the forwarding, according to those routing tables installed >>> by pimd or another multicast routing program. Is it not working? It sounds >>> like you are very close. > >> Could it be sysctl net.inet.ip.forwarding? Does that still apply to mroutes? > > No, they are separate. The test is just whether MROUTING is enabled, and > whether a multicast router like pimd is active. > > One other thing to check would be "netstat -gs" (multicast stats). Oops! ===== # netstat -f inet -gs No IPv4 MROUTING kernel support. ===== But I have ip_mroute.ko loaded and netstat -g shows something like ===== # netstat -f inet -g IPv4 Virtual Interface Table Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out 0 1 A.A.A.A 0 0 1 1 B.B.B.19 0 0 2 10 10.199.199.102 0 0 3 15 10.200.200.6 77440 0 4 1 A.A.A.A 0 77440 IPv4 Multicast Forwarding Table Origin Group Packets In-Vif Out-Vifs:Ttls 10.200.200.5 232.232.8.33 1844 3 4:1 10.200.200.5 232.232.8.171 1843 3 4:1 10.200.200.5 232.232.8.58 4609 3 4:1 10.200.200.5 232.232.8.154 1844 3 4:1 10.200.200.5 232.232.8.170 1844 3 4:1 ===== and ===== # pimd -r Virtual Interface Table ====================================================== Vif Local Address Subnet Thresh Flags Neighbors --- --------------- ------------------ ------ --------- ----------------- 0 A.A.A.A A.A.A.A/25 1 DR NO-NBR 1 B.B.B.19 B.B.B 1 DR NO-NBR 2 10.199.199.102 10.199.199.100/30 10 DR PIM 10.199.199.101 3 10.200.200.6 10.200.200/29 15 DR NO-NBR 4 A.A.A.A register_vif0 1 Vif SSM Group Sources Multicast Routing Table ====================================================== ----------------------------------- (S,G) ------------------------------------ Source Group RP Address Flags --------------- --------------- --------------- --------------------------- 10.200.200.5 232.232.8.33 SSM CACHE SG Joined oifs: ....j Pruned oifs: ..... Leaves oifs: ..... Asserted oifs: ..... Outgoing oifs: ....o Incoming : ...I. ===== A.A.A.A is external IP-address. No multicast trafic must be sended to this interface. 10.200.200.6 -- vlan750, multicast comes from here 10.199.199.102 -- vlan299, multicast must be forfarded here after IGMP-Join received from 10.199.199.101/30 So, kernel with MROUTING options must be configured/installed or ip_mroute.ko is enough? P.S. FreeBSD 11.3-STABLE #0 r351605M -- CU, Victor Gamov From owner-freebsd-net@freebsd.org Mon Nov 4 19:46:47 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EFD0E1AE7FA for ; Mon, 4 Nov 2019 19:46:47 +0000 (UTC) (envelope-from pi@freebsd.org) Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 476NbW4mGPz4GK2 for ; Mon, 4 Nov 2019 19:46:47 +0000 (UTC) (envelope-from pi@freebsd.org) Received: from pi by home.opsec.eu with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iRiJB-000M0S-FD for freebsd-net@freebsd.org; Mon, 04 Nov 2019 20:46:37 +0100 Date: Mon, 4 Nov 2019 20:46:37 +0100 From: Kurt Jaeger To: freebsd-net@freebsd.org Subject: 10g IPsec ? Message-ID: <20191104194637.GA71627@home.opsec.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Rspamd-Queue-Id: 476NbW4mGPz4GK2 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-1.95 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-0.95)[-0.952,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; ASN(0.00)[asn:12502, ipnet:2001:14f8::/32, country:DE] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Nov 2019 19:46:48 -0000 Hi! Has anyone experience with operating a highspeed IPsec connection up to 10gigabit/s between 2 FreeBSD hosts ? Is that speed achievable ? How much tuning is necessary ? -- pi@opsec.eu +49 171 3101372 One year to go ! From owner-freebsd-net@freebsd.org Tue Nov 5 04:31:48 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8BE241BD339 for ; Tue, 5 Nov 2019 04:31:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 476cFJ3FZXz3Jpm for ; Tue, 5 Nov 2019 04:31:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 6F7301BD338; Tue, 5 Nov 2019 04:31:48 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6F34A1BD337 for ; Tue, 5 Nov 2019 04:31:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 476cFJ2Q8Sz3Jpl for ; Tue, 5 Nov 2019 04:31:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 37F667498 for ; Tue, 5 Nov 2019 04:31:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA54VmsE061475 for ; Tue, 5 Nov 2019 04:31:48 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA54Vmtg061474 for net@FreeBSD.org; Tue, 5 Nov 2019 04:31:48 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241704] if_tap: Not using random MAC upon creation Date: Tue, 05 Nov 2019 04:31:46 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Nov 2019 04:31:48 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241704 Eugene Grosbein changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |eugen@freebsd.org --- Comment #10 from Eugene Grosbein --- The driver tap(4) was recently rewritten and merged with tun(4) driver to single if_tuntap(4) driver. This may be reason behaviour change. The code n= ow tries to create unique but stable (non-random) MAC adress based on interface name and contents of sysctl kern.hostuuid of the host or jail owning the interface. Please verify if all your systems have different kern.hostuuid or not and report back. --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Nov 5 04:42:08 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3397F1BD679 for ; Tue, 5 Nov 2019 04:42:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 476cTD0Z0Pz3KDD for ; Tue, 5 Nov 2019 04:42:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 136381BD678; Tue, 5 Nov 2019 04:42:08 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 132A91BD677 for ; Tue, 5 Nov 2019 04:42:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 476cTC6YxHz3KDB for ; Tue, 5 Nov 2019 04:42:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C4A867684 for ; Tue, 5 Nov 2019 04:42:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA54g73F094471 for ; Tue, 5 Nov 2019 04:42:07 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA54g7hG094470 for net@FreeBSD.org; Tue, 5 Nov 2019 04:42:07 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241704] if_tap: Not using random MAC upon creation Date: Tue, 05 Nov 2019 04:42:07 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vvelox@vvelox.net X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Nov 2019 04:42:08 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241704 --- Comment #11 from Zane C. Bowers-Hadley --- It is the same on every machine. That said I compile the world and kernel on one build system and use that f= or every where. --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Nov 5 04:52:31 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E70E71BDAD7 for ; Tue, 5 Nov 2019 04:52:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 476cjC5tqJz3KZg for ; Tue, 5 Nov 2019 04:52:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id C54B51BDAD6; Tue, 5 Nov 2019 04:52:31 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C51431BDAD5 for ; Tue, 5 Nov 2019 04:52:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 476cjC3SC1z3KZZ for ; Tue, 5 Nov 2019 04:52:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5A57D785A for ; Tue, 5 Nov 2019 04:52:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA54qVQO021162 for ; Tue, 5 Nov 2019 04:52:31 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA54qV5T021161 for net@FreeBSD.org; Tue, 5 Nov 2019 04:52:31 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241704] if_tap: Not using random MAC upon creation Date: Tue, 05 Nov 2019 04:52:30 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kevans@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Nov 2019 04:52:32 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241704 --- Comment #12 from Kyle Evans --- (In reply to Zane C. Bowers-Hadley from comment #11) Interesting! That's not supposed to happen. =3D( Some follow-up questions: 1. You don't inadvertently copy a /etc/hostid from one machine to many othe= rs, correct? 2. Is smbios data sane/populated on these systems? In particular, kenv smbios.system.uuid Thanks, and sorry for the breakage. =3D( --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Nov 5 05:06:26 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EF0831BDF9C for ; Tue, 5 Nov 2019 05:06:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 476d1G67sqz3L3x for ; Tue, 5 Nov 2019 05:06:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id D0DCB1BDF9B; Tue, 5 Nov 2019 05:06:26 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D09D61BDF9A for ; Tue, 5 Nov 2019 05:06:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 476d1G3fmXz3L3s for ; Tue, 5 Nov 2019 05:06:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5E3317A25 for ; Tue, 5 Nov 2019 05:06:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA556QDb051506 for ; Tue, 5 Nov 2019 05:06:26 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA556Qhu051505 for net@FreeBSD.org; Tue, 5 Nov 2019 05:06:26 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241704] if_tap: Not using random MAC upon creation Date: Tue, 05 Nov 2019 05:06:26 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vvelox@vvelox.net X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Nov 2019 05:06:27 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241704 --- Comment #13 from Zane C. Bowers-Hadley --- Hmm... Strange. Yeah, that file is the same on affected machines. I don't recall copying it though. smbios.system.uuid is not populated... actually it does not even exist, even after loading smbios(not tried it post rebooting). --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Nov 5 05:15:55 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 513991BE344 for ; Tue, 5 Nov 2019 05:15:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 476dDC1F08z3LQR for ; Tue, 5 Nov 2019 05:15:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 288AE1BE343; Tue, 5 Nov 2019 05:15:55 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 284BF1BE342 for ; Tue, 5 Nov 2019 05:15:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 476dDC0Fq8z3LQP for ; Tue, 5 Nov 2019 05:15:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E16327BF6 for ; Tue, 5 Nov 2019 05:15:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA55FsZi079889 for ; Tue, 5 Nov 2019 05:15:54 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA55Fs2W079888 for net@FreeBSD.org; Tue, 5 Nov 2019 05:15:54 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241704] if_tap: Not using random MAC upon creation Date: Tue, 05 Nov 2019 05:15:54 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Nov 2019 05:15:55 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241704 --- Comment #14 from Eugene Grosbein --- (In reply to Zane C. Bowers-Hadley from comment #13) The file is generated at boot time if it does not exists. Your hardware see= ms to have identical/incorrect SMBIOS data, so host id/uuid generated does not differ. Maybe you should perform one-time manual randomization for /etc/hostid beca= use you could get into other problems due to non-unique host identifiers that a= re supposed to be unique. --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Nov 5 06:09:43 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 54C9C1BF453 for ; Tue, 5 Nov 2019 06:09:43 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (mail.karels.net [216.160.39.52]) by mx1.freebsd.org (Postfix) with ESMTP id 476fQF6gklz3N8w for ; Tue, 5 Nov 2019 06:09:41 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (localhost [127.0.0.1]) by mail.karels.net (8.15.2/8.15.2) with ESMTP id xA569XEr061715; Tue, 5 Nov 2019 00:09:34 -0600 (CST) (envelope-from mike@karels.net) Message-Id: <201911050609.xA569XEr061715@mail.karels.net> To: Victor Gamov cc: freebsd-net@freebsd.org From: Mike Karels Reply-to: mike@karels.net Subject: Re: FreeBSD as multicast router In-reply-to: Your message of Mon, 04 Nov 2019 20:39:15 +0300. <8401b22b-be4a-c10c-fb86-0b44beac57e0@otcnet.ru> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <61713.1572934173.1@mail.karels.net> Content-Transfer-Encoding: quoted-printable Date: Tue, 05 Nov 2019 00:09:33 -0600 X-Rspamd-Queue-Id: 476fQF6gklz3N8w X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mike@karels.net designates 216.160.39.52 as permitted sender) smtp.mailfrom=mike@karels.net X-Spamd-Result: default: False [-4.03 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[mike@karels.net]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:216.160.39.52]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[karels.net]; REPLYTO_ADDR_EQ_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-1.83)[ip: (-6.15), ipnet: 216.160.0.0/15(-2.94), asn: 209(-0.02), country: US(-0.05)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:209, ipnet:216.160.0.0/15, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Nov 2019 06:09:43 -0000 > On 03/11/2019 08:22, Mike Karels wrote: > >>>>> Hi All > >>>>> > >>>>> I have (noob) questions about multicast routing under FreeBSD. > >>>>> > >>>>> I have FreeBSD box with two (or more) multicast enabled interfaces= (e.x. > >>>>> vlan750 and vlan299). vlan750 connected to multicast source. > >>>>> > >>>>> Then pimd installed and only this two interfaces enabled in pimd c= onfig. > >>>>> Multicast routes successfully installed by pimd and listed by `net= stat > >>>>> -g -f inet` > >>>>> > >>>>> Then client on vlan299 send IGMP-Join (this Join received by FreeB= SD on > >>>>> vlan299) > >>>>> > >>>>> The question is: who will forward muilticast from one interface > >>>>> (vlan750) to another (vlan299)? Is it kernel specific job or I ne= ed > >>>>> additional software? > >>> > >>>> Please read the manpage multicast(4) "man 4 multicast", > >>>> you should need to build a custom kernel with the "options MROUTING= " > >>>> to enable the multicast forwarding in the kernel. > >>> > >>> If "netstat -g" shows routes, the kernel must have been built with "= options > >>> MROUTING". > > = > >> Indeed. > > = > >>> > >>> The kernel does the forwarding, according to those routing tables in= stalled > >>> by pimd or another multicast routing program. Is it not working? I= t sounds > >>> like you are very close. > > = > >> Could it be sysctl net.inet.ip.forwarding? Does that still apply to = mroutes? > > = > > No, they are separate. The test is just whether MROUTING is enabled, = and > > whether a multicast router like pimd is active. > > = > > One other thing to check would be "netstat -gs" (multicast stats). > Oops! > =3D=3D=3D=3D=3D > # netstat -f inet -gs > No IPv4 MROUTING kernel support. > =3D=3D=3D=3D=3D This looks like a bug in netstat; it is doing a test that is wrong for the loadable module. > But I have ip_mroute.ko loaded and netstat -g shows something like > =3D=3D=3D=3D=3D > # netstat -f inet -g > IPv4 Virtual Interface Table > Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out > 0 1 A.A.A.A 0 0 > 1 1 B.B.B.19 0 0 > 2 10 10.199.199.102 0 0 > 3 15 10.200.200.6 77440 0 > 4 1 A.A.A.A 0 77440 > IPv4 Multicast Forwarding Table > Origin Group Packets In-Vif Out-Vifs:Ttls > 10.200.200.5 232.232.8.33 1844 3 4:1 > 10.200.200.5 232.232.8.171 1843 3 4:1 > 10.200.200.5 232.232.8.58 4609 3 4:1 > 10.200.200.5 232.232.8.154 1844 3 4:1 > 10.200.200.5 232.232.8.170 1844 3 4:1 > =3D=3D=3D=3D=3D > and > =3D=3D=3D=3D=3D > # pimd -r > Virtual Interface Table = > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > Vif Local Address Subnet Thresh Flags Neighbors > --- --------------- ------------------ ------ --------- = > ----------------- > 0 A.A.A.A A.A.A.A/25 1 DR NO-NBR > 1 B.B.B.19 B.B.B 1 DR NO-NBR > 2 10.199.199.102 10.199.199.100/30 10 DR PIM = > 10.199.199.101 > 3 10.200.200.6 10.200.200/29 15 DR NO-NBR > 4 A.A.A.A register_vif0 1 > Vif SSM Group Sources > Multicast Routing Table = > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > ----------------------------------- (S,G) = > ------------------------------------ > Source Group RP Address Flags > --------------- --------------- --------------- = > --------------------------- > 10.200.200.5 232.232.8.33 SSM CACHE SG > Joined oifs: ....j > Pruned oifs: ..... > Leaves oifs: ..... > Asserted oifs: ..... > Outgoing oifs: ....o > Incoming : ...I. > =3D=3D=3D=3D=3D > A.A.A.A is external IP-address. No multicast trafic must be sended to = > this interface. > 10.200.200.6 -- vlan750, multicast comes from here > 10.199.199.102 -- vlan299, multicast must be forfarded here after = > IGMP-Join received from 10.199.199.101/30 > So, kernel with MROUTING options must be configured/installed or = > ip_mroute.ko is enough? A kernel with MROUTING would let you see stats, but ip_mroute.ko should be enough to function (although I haven't tested that). I'm not familiar with the pimd output, but it seems plausible. I am assuming that the multicasts are not getting to the vlan299 network? Have you looked at the incoming traffic with tcpdump? Use the -p option to avoid promiscuous mode to see that the input NIC is receiving those multicasts, and check the TTL of the incoming multicast packets. (If it is 1, the packets will not be forwarded.) > P.S. FreeBSD 11.3-STABLE #0 r351605M > -- > CU, > Victor Gamov Mike From owner-freebsd-net@freebsd.org Tue Nov 5 08:46:07 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DAF5517C8B4 for ; Tue, 5 Nov 2019 08:46:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 476jtl5RZdz41hN for ; Tue, 5 Nov 2019 08:46:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id BAC8017C8B3; Tue, 5 Nov 2019 08:46:07 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BA7E217C8B2 for ; Tue, 5 Nov 2019 08:46:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 476jtl4SDhz41hM for ; Tue, 5 Nov 2019 08:46:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7C8D5A194 for ; Tue, 5 Nov 2019 08:46:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA58k77t009549 for ; Tue, 5 Nov 2019 08:46:07 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA58k7ts009548 for net@FreeBSD.org; Tue, 5 Nov 2019 08:46:07 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241704] if_tap: Not using random MAC upon creation Date: Tue, 05 Nov 2019 08:46:06 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vvelox@vvelox.net X-Bugzilla-Status: Closed X-Bugzilla-Resolution: Works As Intended X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_status resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Nov 2019 08:46:07 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241704 Zane C. Bowers-Hadley changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Open |Closed Resolution|--- |Works As Intended --- Comment #15 from Zane C. Bowers-Hadley --- (In reply to Eugene Grosbein from comment #14) Just checked and removing it does result in it being regenerated with a new= and different ID. Looks like I did at some time accidentally copy it between all of them. And it does come up with a different MAC as well, so all good. :) --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Nov 5 16:09:11 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CDFEB1ABDB3 for ; Tue, 5 Nov 2019 16:09:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 476vjz53Ppz4cZj for ; Tue, 5 Nov 2019 16:09:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id ABBCB1ABDB2; Tue, 5 Nov 2019 16:09:11 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AB8641ABDB1 for ; Tue, 5 Nov 2019 16:09:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 476vjz49Kvz4cZh for ; Tue, 5 Nov 2019 16:09:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 73C72F321 for ; Tue, 5 Nov 2019 16:09:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA5G9BbZ006168 for ; Tue, 5 Nov 2019 16:09:11 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA5G9BST006167 for net@FreeBSD.org; Tue, 5 Nov 2019 16:09:11 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 231192] cxl: nic does not work after reboot Date: Tue, 05 Nov 2019 16:09:11 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.2-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: marius.halden@modirum.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: np@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Nov 2019 16:09:11 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D231192 --- Comment #1 from Marius Halden --- We still experience issues if we try to upgrade to the latest 1.23.0.0 firmware. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Nov 5 19:15:36 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9AEB41B1907 for ; Tue, 5 Nov 2019 19:15:36 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gate2.funkthat.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 476zs43Bn2z3Qy4; Tue, 5 Nov 2019 19:15:35 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.15.2/8.15.2) with ESMTPS id xA5JFEhp055187 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 5 Nov 2019 11:15:14 -0800 (PST) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.15.2/8.15.2/Submit) id xA5JFENj055186; Tue, 5 Nov 2019 11:15:14 -0800 (PST) (envelope-from jmg) Date: Tue, 5 Nov 2019 11:15:14 -0800 From: John-Mark Gurney To: Kurt Jaeger Cc: freebsd-net@freebsd.org Subject: Re: 10g IPsec ? Message-ID: <20191105191514.GG8521@funkthat.com> Mail-Followup-To: Kurt Jaeger , freebsd-net@freebsd.org References: <20191104194637.GA71627@home.opsec.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20191104194637.GA71627@home.opsec.eu> X-Operating-System: FreeBSD 11.0-RELEASE-p7 amd64 X-PGP-Fingerprint: D87A 235F FB71 1F3F 55B7 ED9B D5FF 5A51 C0AC 3D65 X-Files: The truth is out there X-URL: https://www.funkthat.com/ X-Resume: https://www.funkthat.com/~jmg/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.6.1 (2016-04-27) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (gold.funkthat.com [127.0.0.1]); Tue, 05 Nov 2019 11:15:14 -0800 (PST) X-Rspamd-Queue-Id: 476zs43Bn2z3Qy4 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-6.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Nov 2019 19:15:36 -0000 Kurt Jaeger wrote this message on Mon, Nov 04, 2019 at 20:46 +0100: > Has anyone experience with operating a highspeed IPsec connection > up to 10gigabit/s between 2 FreeBSD hosts ? > > Is that speed achievable ? How much tuning is necessary ? I haven't, but do know some hints. Make sure that you have a machine w/ AESNI, AND make sure you're using AES-GCM or AES-CTR.. Using AES-GCM is best as it avoids using a costly auth algorithm, as the AESNI instructions provide instructionts to make the GCM (auth) part of AES-GCM faster. AES-GCM can run at over 1GB/sec on a single core, so as long as the traffic can be processed by multiple threads (via multiple queues for example), it should be doable. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." From owner-freebsd-net@freebsd.org Tue Nov 5 21:41:43 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F3DC1178EA0 for ; Tue, 5 Nov 2019 21:41:43 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from mail.otcnet.ru (mail.otcnet.ru [194.190.78.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47735f6Jy5z45G3 for ; Tue, 5 Nov 2019 21:41:42 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from MacBook-Gamov.local (unknown [195.91.148.145]) by mail.otcnet.ru (Postfix) with ESMTPSA id C810D72CDA; Wed, 6 Nov 2019 00:41:34 +0300 (MSK) Subject: Re: FreeBSD as multicast router To: mike@karels.net Cc: freebsd-net@freebsd.org References: <201911050609.xA569XEr061715@mail.karels.net> From: Victor Gamov Organization: OstankinoTelecom Message-ID: Date: Wed, 6 Nov 2019 00:41:33 +0300 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: <201911050609.xA569XEr061715@mail.karels.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47735f6Jy5z45G3 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of vit@otcnet.ru designates 194.190.78.3 as permitted sender) smtp.mailfrom=vit@otcnet.ru X-Spamd-Result: default: False [-5.52 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a:mail.otcnet.ru]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[otcnet.ru]; HAS_ORG_HEADER(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-3.32)[ip: (-8.75), ipnet: 194.190.78.0/24(-4.37), asn: 50822(-3.50), country: RU(0.01)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:50822, ipnet:194.190.78.0/24, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Nov 2019 21:41:44 -0000 On 05/11/2019 09:09, Mike Karels wrote: >> On 03/11/2019 08:22, Mike Karels wrote: >>>>>>> Hi All >>>>>>> >>>>>>> I have (noob) questions about multicast routing under FreeBSD. >>>>>>> >>>>>>> I have FreeBSD box with two (or more) multicast enabled interfaces (e.x. >>>>>>> vlan750 and vlan299). vlan750 connected to multicast source. >>>>>>> >>>>>>> Then pimd installed and only this two interfaces enabled in pimd config. >>>>>>> Multicast routes successfully installed by pimd and listed by `netstat >>>>>>> -g -f inet` >>>>>>> >>>>>>> Then client on vlan299 send IGMP-Join (this Join received by FreeBSD on >>>>>>> vlan299) >>>>>>> >>>>>>> The question is: who will forward muilticast from one interface >>>>>>> (vlan750) to another (vlan299)? Is it kernel specific job or I need >>>>>>> additional software? >>>>> >>>>>> Please read the manpage multicast(4) "man 4 multicast", >>>>>> you should need to build a custom kernel with the "options MROUTING" >>>>>> to enable the multicast forwarding in the kernel. >>>>> >>>>> If "netstat -g" shows routes, the kernel must have been built with "options >>>>> MROUTING". >>> >>>> Indeed. >>> >>>>> >>>>> The kernel does the forwarding, according to those routing tables installed >>>>> by pimd or another multicast routing program. Is it not working? It sounds >>>>> like you are very close. >>> >>>> Could it be sysctl net.inet.ip.forwarding? Does that still apply to mroutes? >>> >>> No, they are separate. The test is just whether MROUTING is enabled, and >>> whether a multicast router like pimd is active. >>> >>> One other thing to check would be "netstat -gs" (multicast stats). > >> Oops! > >> ===== >> # netstat -f inet -gs >> No IPv4 MROUTING kernel support. >> ===== > > This looks like a bug in netstat; it is doing a test that is wrong for > the loadable module. > >> But I have ip_mroute.ko loaded and netstat -g shows something like > >> ===== >> # netstat -f inet -g > >> IPv4 Virtual Interface Table >> Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out >> 0 1 A.A.A.A 0 0 >> 1 1 B.B.B.19 0 0 >> 2 10 10.199.199.102 0 0 >> 3 15 10.200.200.6 77440 0 >> 4 1 A.A.A.A 0 77440 > >> IPv4 Multicast Forwarding Table >> Origin Group Packets In-Vif Out-Vifs:Ttls >> 10.200.200.5 232.232.8.33 1844 3 4:1 >> 10.200.200.5 232.232.8.171 1843 3 4:1 >> 10.200.200.5 232.232.8.58 4609 3 4:1 >> 10.200.200.5 232.232.8.154 1844 3 4:1 >> 10.200.200.5 232.232.8.170 1844 3 4:1 >> ===== > > >> and > >> ===== >> # pimd -r >> Virtual Interface Table >> ====================================================== >> Vif Local Address Subnet Thresh Flags Neighbors >> --- --------------- ------------------ ------ --------- >> ----------------- >> 0 A.A.A.A A.A.A.A/25 1 DR NO-NBR >> 1 B.B.B.19 B.B.B 1 DR NO-NBR >> 2 10.199.199.102 10.199.199.100/30 10 DR PIM >> 10.199.199.101 >> 3 10.200.200.6 10.200.200/29 15 DR NO-NBR >> 4 A.A.A.A register_vif0 1 > >> Vif SSM Group Sources > >> Multicast Routing Table >> ====================================================== >> ----------------------------------- (S,G) >> ------------------------------------ >> Source Group RP Address Flags >> --------------- --------------- --------------- >> --------------------------- >> 10.200.200.5 232.232.8.33 SSM CACHE SG >> Joined oifs: ....j >> Pruned oifs: ..... >> Leaves oifs: ..... >> Asserted oifs: ..... >> Outgoing oifs: ....o >> Incoming : ...I. >> ===== > > >> A.A.A.A is external IP-address. No multicast trafic must be sended to >> this interface. >> 10.200.200.6 -- vlan750, multicast comes from here >> 10.199.199.102 -- vlan299, multicast must be forfarded here after >> IGMP-Join received from 10.199.199.101/30 > > >> So, kernel with MROUTING options must be configured/installed or >> ip_mroute.ko is enough? > > A kernel with MROUTING would let you see stats, but ip_mroute.ko should > be enough to function (although I haven't tested that). > > I'm not familiar with the pimd output, but it seems plausible. I am > assuming that the multicasts are not getting to the vlan299 network? > Have you looked at the incoming traffic with tcpdump? Use the -p > option to avoid promiscuous mode to see that the input NIC is receiving > those multicasts, and check the TTL of the incoming multicast packets. > (If it is 1, the packets will not be forwarded.) Yes, multicast packets arrived to FBSD via vlan750 and TTL is 20. But no packets forwarded to vlan299 after IGMP-Join received: ===== 00:39:30.484901 IP (tos 0xc0, ttl 1, id 13571, offset 0, flags [none], proto IGMP (2), length 36, options (RA)) 10.199.199.102 > 224.0.0.1: igmp query v3 00:39:31.356732 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 56, options (RA)) 10.199.199.102 > 224.0.0.22: igmp v3 report, 3 group record(s) [gaddr 224.0.0.22 is_ex { }] [gaddr 224.0.0.2 is_ex { }] [gaddr 224.0.0.13 is_ex { }] 00:39:33.091330 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA)) 10.199.199.101 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 232.232.8.33 to_ex { }] 00:39:35.166091 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA)) 10.199.199.101 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 232.232.8.33 to_ex { }] ===== -- CU, Victor Gamov From owner-freebsd-net@freebsd.org Tue Nov 5 21:55:21 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6039217ADDC for ; Tue, 5 Nov 2019 21:55:21 +0000 (UTC) (envelope-from m.muenz@spam-fetish.org) Received: from mailout-02.maxonline.de (mailout-02.maxonline.de [81.24.66.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4773PN3NHPz46h3 for ; Tue, 5 Nov 2019 21:55:19 +0000 (UTC) (envelope-from m.muenz@spam-fetish.org) Received: from web03-01.max-it.de (web03-01.max-it.de [81.24.64.215]) by mailout-02.maxonline.de (Postfix) with ESMTPS id F2C50282 for ; Tue, 5 Nov 2019 22:55:11 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by web03-01.max-it.de (Postfix) with ESMTP id EA27128B84D for ; Tue, 5 Nov 2019 22:55:11 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at web03-01.max-it.de Received: from web03-01.max-it.de ([127.0.0.1]) by localhost (web03-01.max-it.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id zBcUEUoBPSUg for ; Tue, 5 Nov 2019 22:55:11 +0100 (CET) Received: from [172.24.68.132] (unknown [81.24.66.208]) (Authenticated sender: m.muenz@spam-fetish.org) by web03-01.max-it.de (Postfix) with ESMTPA id 8F96128B509 for ; Tue, 5 Nov 2019 22:55:11 +0100 (CET) Subject: Re: 10g IPsec ? To: freebsd-net@freebsd.org References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com> From: "Muenz, Michael" Message-ID: <9ebdf1d3-03da-6a4c-a9ea-aafee93eccd8@spam-fetish.org> Date: Tue, 5 Nov 2019 22:55:10 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <20191105191514.GG8521@funkthat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4773PN3NHPz46h3 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of m.muenz@spam-fetish.org designates 81.24.66.23 as permitted sender) smtp.mailfrom=m.muenz@spam-fetish.org X-Spamd-Result: default: False [-1.57 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; NEURAL_HAM_MEDIUM(-0.99)[-0.993,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:81.24.64.0/22]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.99)[-0.994,0]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[spam-fetish.org]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:24764, ipnet:81.24.64.0/20, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-0.28)[ipnet: 81.24.64.0/20(-0.77), asn: 24764(-0.62), country: DE(-0.01)] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Nov 2019 21:55:21 -0000 Am 05.11.2019 um 20:15 schrieb John-Mark Gurney: > Kurt Jaeger wrote this message on Mon, Nov 04, 2019 at 20:46 +0100: >> Has anyone experience with operating a highspeed IPsec connection >> up to 10gigabit/s between 2 FreeBSD hosts ? >> >> Is that speed achievable ? How much tuning is necessary ? > I haven't, but do know some hints. Make sure that you have a machine > w/ AESNI, AND make sure you're using AES-GCM or AES-CTR.. Using > AES-GCM is best as it avoids using a costly auth algorithm, as the > AESNI instructions provide instructionts to make the GCM (auth) part > of AES-GCM faster. > > AES-GCM can run at over 1GB/sec on a single core, so as long as the > traffic can be processed by multiple threads (via multiple queues > for example), it should be doable. > These were my short results via OPNsense on 4 year old XEONs. So its 11.2, mostly untuned and strongswan as IPsec implementation. If you need more detailed specs just drop me a line. https://www.routerperformance.net/comparing-opnsense-vpn-performance/ Best, Michael From owner-freebsd-net@freebsd.org Tue Nov 5 22:45:25 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D827C1A15AF for ; Tue, 5 Nov 2019 22:45:25 +0000 (UTC) (envelope-from olivier@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4774W95GsHz492w; Tue, 5 Nov 2019 22:45:25 +0000 (UTC) (envelope-from olivier@freebsd.org) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) (Authenticated sender: olivier/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 7317B3B70; Tue, 5 Nov 2019 22:45:25 +0000 (UTC) (envelope-from olivier@freebsd.org) Received: by mail-pf1-f176.google.com with SMTP id v19so17162545pfm.3; Tue, 05 Nov 2019 14:45:25 -0800 (PST) X-Gm-Message-State: APjAAAWYH2pw2Rl8fOE3+uXBdLGuz1Np9N0GbyKE0uorvcfgqk2KOmk2 4zPAXKE6ltHfsC7jrARfOOf10BcH6C+8bo7iRwM= X-Google-Smtp-Source: APXvYqz28BPa3GRhucwPP2+Biz2RBVD19GsSfk1NrBog3VzOmQyqywUAgqU4MCgmFxJbaHxTPObDY/vf/e3VYbQKmtg= X-Received: by 2002:a17:90a:2ec7:: with SMTP id h7mr1831438pjs.125.1572993924355; Tue, 05 Nov 2019 14:45:24 -0800 (PST) MIME-Version: 1.0 References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com> In-Reply-To: <20191105191514.GG8521@funkthat.com> From: =?UTF-8?Q?Olivier_Cochard=2DLabb=C3=A9?= Date: Tue, 5 Nov 2019 23:45:12 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: 10g IPsec ? To: John-Mark Gurney Cc: Kurt Jaeger , freebsd-net@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Nov 2019 22:45:25 -0000 On Tue, Nov 5, 2019 at 8:15 PM John-Mark Gurney wrote: > AES-GCM can run at over 1GB/sec on a single core, so as long as the > traffic can be processed by multiple threads (via multiple queues > for example), it should be doable. > > I didn't bench this setup (10Gb/s IPSec) but I believe we will have the same problem with IPSec as with all VPN setups (like PPPoE or GRE): the IPSec tunnel will generate one IP flow preventing load sharing between all the NIC's RSS queues. I'm not aware of improvement to remove this limitation. Regards, Olivier From owner-freebsd-net@freebsd.org Wed Nov 6 00:22:11 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AD71B1AAD5E for ; Wed, 6 Nov 2019 00:22:11 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4776fp43vSz4FD6 for ; Wed, 6 Nov 2019 00:22:10 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id xA60LvLG045108 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 6 Nov 2019 00:22:00 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: m.muenz@spam-fetish.org Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id xA60Lr9H073034 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 6 Nov 2019 07:21:53 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: 10g IPsec ? To: "Muenz, Michael" , freebsd-net@freebsd.org References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com> <9ebdf1d3-03da-6a4c-a9ea-aafee93eccd8@spam-fetish.org> From: Eugene Grosbein Message-ID: <36b236ce-cac3-f454-df9d-66483bf84128@grosbein.net> Date: Wed, 6 Nov 2019 07:21:47 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <9ebdf1d3-03da-6a4c-a9ea-aafee93eccd8@spam-fetish.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.0 SPF_PASS SPF: sender matches SPF record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 4776fp43vSz4FD6 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-2.71 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-1.61)[ip: (-4.10), ipnet: 2a01:4f8::/29(-2.24), asn: 24940(-1.69), country: DE(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Nov 2019 00:22:11 -0000 06.11.2019 4:55, Muenz, Michael wrote: > These were my short results via OPNsense on 4 year old XEONs. > So its 11.2, mostly untuned and strongswan as IPsec implementation. > If you need more detailed specs just drop me a line. > > https://www.routerperformance.net/comparing-opnsense-vpn-performance/ Was it strongswan in user-level IPsec processing mode or kernel-level? From owner-freebsd-net@freebsd.org Wed Nov 6 01:49:03 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AEE8C1B30A5 for ; Wed, 6 Nov 2019 01:49:03 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gate2.funkthat.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4778b33mHlz4Jls; Wed, 6 Nov 2019 01:49:03 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.15.2/8.15.2) with ESMTPS id xA61mmuZ068957 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 5 Nov 2019 17:48:48 -0800 (PST) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.15.2/8.15.2/Submit) id xA61mmEO068956; Tue, 5 Nov 2019 17:48:48 -0800 (PST) (envelope-from jmg) Date: Tue, 5 Nov 2019 17:48:48 -0800 From: John-Mark Gurney To: Olivier =?iso-8859-1?Q?Cochard-Labb=E9?= Cc: Kurt Jaeger , freebsd-net@freebsd.org Subject: Re: 10g IPsec ? Message-ID: <20191106014848.GI8521@funkthat.com> Mail-Followup-To: Olivier =?iso-8859-1?Q?Cochard-Labb=E9?= , Kurt Jaeger , freebsd-net@freebsd.org References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD 11.0-RELEASE-p7 amd64 X-PGP-Fingerprint: D87A 235F FB71 1F3F 55B7 ED9B D5FF 5A51 C0AC 3D65 X-Files: The truth is out there X-URL: https://www.funkthat.com/ X-Resume: https://www.funkthat.com/~jmg/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.6.1 (2016-04-27) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (gold.funkthat.com [127.0.0.1]); Tue, 05 Nov 2019 17:48:48 -0800 (PST) X-Rspamd-Queue-Id: 4778b33mHlz4Jls X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-6.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-0.995,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Nov 2019 01:49:03 -0000 Olivier Cochard-Labb wrote this message on Tue, Nov 05, 2019 at 23:45 +0100: > On Tue, Nov 5, 2019 at 8:15 PM John-Mark Gurney wrote: > > > AES-GCM can run at over 1GB/sec on a single core, so as long as the > > traffic can be processed by multiple threads (via multiple queues > > for example), it should be doable. > > > > > I didn't bench this setup (10Gb/s IPSec) but I believe we will have the > same problem with IPSec as with all VPN setups (like PPPoE or GRE): the > IPSec tunnel will generate one IP flow preventing load sharing between all > the NIC's RSS queues. > I'm not aware of improvement to remove this limitation. Can't the async crypto sysctl be used to help offload the crypto to other threads? if (V_async_crypto) crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER; But yes, I think the biggest limitation will be pushing all the data through a single queue... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." From owner-freebsd-net@freebsd.org Wed Nov 6 02:12:56 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3432B1B52A8 for ; Wed, 6 Nov 2019 02:12:56 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47796b0jVFz4Kpg; Wed, 6 Nov 2019 02:12:54 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id xA62AMnd045885 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 6 Nov 2019 02:10:24 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: olivier@freebsd.org Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id xA62AE9E074006 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 6 Nov 2019 09:10:14 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: 10g IPsec ? To: =?UTF-8?Q?Olivier_Cochard-Labb=c3=a9?= , John-Mark Gurney References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com> Cc: freebsd-net@freebsd.org, Kurt Jaeger From: Eugene Grosbein Message-ID: <1aa5b9f3-affb-1068-449a-385b18daa270@grosbein.net> Date: Wed, 6 Nov 2019 09:10:07 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.0 SPF_PASS SPF: sender matches SPF record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 47796b0jVFz4Kpg X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-2.70 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(-1.60)[ip: (-4.04), ipnet: 2a01:4f8::/29(-2.24), asn: 24940(-1.69), country: DE(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Nov 2019 02:12:56 -0000 06.11.2019 5:45, Olivier Cochard-Labb wrote: > On Tue, Nov 5, 2019 at 8:15 PM John-Mark Gurney wrote: > >> AES-GCM can run at over 1GB/sec on a single core, so as long as the >> traffic can be processed by multiple threads (via multiple queues >> for example), it should be doable. >> >> > I didn't bench this setup (10Gb/s IPSec) but I believe we will have the > same problem with IPSec as with all VPN setups (like PPPoE or GRE): the > IPSec tunnel will generate one IP flow preventing load sharing between all > the NIC's RSS queues. > I'm not aware of improvement to remove this limitation. Some speedup may be achieved switching from direct NETISR mode to deferred mode, so interrupt processing merely places traffic to the ISR queue. Several (net.isr.numthreads) other kernel threads will process incoming traffic later including bpf, IPSEC, filtering, routing lookups, NETGRAPH etc. From owner-freebsd-net@freebsd.org Wed Nov 6 02:41:43 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B2C5F1B7D14 for ; Wed, 6 Nov 2019 02:41:43 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (mail.karels.net [216.160.39.52]) by mx1.freebsd.org (Postfix) with ESMTP id 4779lp6yL2z4M6Q for ; Wed, 6 Nov 2019 02:41:42 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (localhost [127.0.0.1]) by mail.karels.net (8.15.2/8.15.2) with ESMTP id xA62fd40065707; Tue, 5 Nov 2019 20:41:40 -0600 (CST) (envelope-from mike@karels.net) Message-Id: <201911060241.xA62fd40065707@mail.karels.net> To: Victor Gamov cc: freebsd-net@freebsd.org From: Mike Karels Reply-to: mike@karels.net Subject: Re: FreeBSD as multicast router In-reply-to: Your message of Wed, 06 Nov 2019 00:41:33 +0300. MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <65705.1573008099.1@mail.karels.net> Content-Transfer-Encoding: quoted-printable Date: Tue, 05 Nov 2019 20:41:39 -0600 X-Rspamd-Queue-Id: 4779lp6yL2z4M6Q X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mike@karels.net designates 216.160.39.52 as permitted sender) smtp.mailfrom=mike@karels.net X-Spamd-Result: default: False [-4.09 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[mike@karels.net]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:216.160.39.52]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[karels.net]; REPLYTO_ADDR_EQ_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-1.89)[ip: (-6.31), ipnet: 216.160.0.0/15(-3.05), asn: 209(-0.02), country: US(-0.05)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:209, ipnet:216.160.0.0/15, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Nov 2019 02:41:43 -0000 > On 05/11/2019 09:09, Mike Karels wrote: > >> On 03/11/2019 08:22, Mike Karels wrote: > >>>>>>> Hi All > >>>>>>> > >>>>>>> I have (noob) questions about multicast routing under FreeBSD. > >>>>>>> > >>>>>>> I have FreeBSD box with two (or more) multicast enabled interfac= es (e.x. > >>>>>>> vlan750 and vlan299). vlan750 connected to multicast source. > >>>>>>> > >>>>>>> Then pimd installed and only this two interfaces enabled in pimd= config. > >>>>>>> Multicast routes successfully installed by pimd and listed by `n= etstat > >>>>>>> -g -f inet` > >>>>>>> > >>>>>>> Then client on vlan299 send IGMP-Join (this Join received by Fre= eBSD on > >>>>>>> vlan299) > >>>>>>> > >>>>>>> The question is: who will forward muilticast from one interface > >>>>>>> (vlan750) to another (vlan299)? Is it kernel specific job or I = need > >>>>>>> additional software? > >>>>> > >>>>>> Please read the manpage multicast(4) "man 4 multicast", > >>>>>> you should need to build a custom kernel with the "options MROUTI= NG" > >>>>>> to enable the multicast forwarding in the kernel. > >>>>> > >>>>> If "netstat -g" shows routes, the kernel must have been built with= "options > >>>>> MROUTING". > >>> > >>>> Indeed. > >>> > >>>>> > >>>>> The kernel does the forwarding, according to those routing tables = installed > >>>>> by pimd or another multicast routing program. Is it not working? = It sounds > >>>>> like you are very close. > >>> > >>>> Could it be sysctl net.inet.ip.forwarding? Does that still apply t= o mroutes? > >>> > >>> No, they are separate. The test is just whether MROUTING is enabled= , and > >>> whether a multicast router like pimd is active. > >>> > >>> One other thing to check would be "netstat -gs" (multicast stats). > > = > >> Oops! > > = > >> =3D=3D=3D=3D=3D > >> # netstat -f inet -gs > >> No IPv4 MROUTING kernel support. > >> =3D=3D=3D=3D=3D > > = > > This looks like a bug in netstat; it is doing a test that is wrong for > > the loadable module. I don't know how much the stats might help, but if you let me know what version you are running, I can build a fixed netstat. Or I can send a source patch. > >> But I have ip_mroute.ko loaded and netstat -g shows something like > > = > >> =3D=3D=3D=3D=3D > >> # netstat -f inet -g > > = > >> IPv4 Virtual Interface Table > >> Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Ou= t > >> 0 1 A.A.A.A 0 0 > >> 1 1 B.B.B.19 0 0 > >> 2 10 10.199.199.102 0 = 0 > >> 3 15 10.200.200.6 77440 = 0 > >> 4 1 A.A.A.A 0 77440 > > = > >> IPv4 Multicast Forwarding Table > >> Origin Group Packets In-Vif Out-Vifs:Ttls > >> 10.200.200.5 232.232.8.33 1844 3 4:1 > >> 10.200.200.5 232.232.8.171 1843 3 4:1 > >> 10.200.200.5 232.232.8.58 4609 3 4:1 > >> 10.200.200.5 232.232.8.154 1844 3 4:1 > >> 10.200.200.5 232.232.8.170 1844 3 4:1 I missed this before. Looks like the last column should include 2:1 in each case if pimd saw the join. The multicasts are only being sent to Vif 4, the register-vif (see below); the Pkts-Out for it is the same as the input on 3. I'm not familiar enough with pimd to guess what is wrong. > >> =3D=3D=3D=3D=3D > > = > > = > >> and > > = > >> =3D=3D=3D=3D=3D > >> # pimd -r > >> Virtual Interface Table > >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D > >> Vif Local Address Subnet Thresh Flags Neighbor= s > >> --- --------------- ------------------ ------ --------- > >> ----------------- > >> 0 A.A.A.A A.A.A.A/25 1 DR NO-NBR > >> 1 B.B.B.19 B.B.B 1 DR NO-NBR > >> 2 10.199.199.102 10.199.199.100/30 10 DR PIM > >> 10.199.199.101 > >> 3 10.200.200.6 10.200.200/29 15 DR NO-NBR > >> 4 A.A.A.A register_vif0 1 > > = > >> Vif SSM Group Sources > > = > >> Multicast Routing Table > >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D > >> ----------------------------------- (S,G) > >> ------------------------------------ > >> Source Group RP Address Flags > >> --------------- --------------- --------------- > >> --------------------------- > >> 10.200.200.5 232.232.8.33 SSM CACHE SG > >> Joined oifs: ....j > >> Pruned oifs: ..... > >> Leaves oifs: ..... > >> Asserted oifs: ..... > >> Outgoing oifs: ....o > >> Incoming : ...I. > >> =3D=3D=3D=3D=3D > > = > > = > >> A.A.A.A is external IP-address. No multicast trafic must be sended t= o > >> this interface. > >> 10.200.200.6 -- vlan750, multicast comes from here > >> 10.199.199.102 -- vlan299, multicast must be forfarded here after > >> IGMP-Join received from 10.199.199.101/30 > > = > > = > >> So, kernel with MROUTING options must be configured/installed or > >> ip_mroute.ko is enough? > > = > > A kernel with MROUTING would let you see stats, but ip_mroute.ko shoul= d > > be enough to function (although I haven't tested that). > > = > > I'm not familiar with the pimd output, but it seems plausible. I am > > assuming that the multicasts are not getting to the vlan299 network? > > Have you looked at the incoming traffic with tcpdump? Use the -p > > option to avoid promiscuous mode to see that the input NIC is receivin= g > > those multicasts, and check the TTL of the incoming multicast packets. > > (If it is 1, the packets will not be forwarded.) > Yes, multicast packets arrived to FBSD via vlan750 and TTL is 20. But = > no packets forwarded to vlan299 after IGMP-Join received: > =3D=3D=3D=3D=3D > 00:39:30.484901 IP (tos 0xc0, ttl 1, id 13571, offset 0, flags [none], = > proto IGMP (2), length 36, options (RA)) > 10.199.199.102 > 224.0.0.1: igmp query v3 > 00:39:31.356732 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto = > IGMP (2), length 56, options (RA)) > 10.199.199.102 > 224.0.0.22: igmp v3 report, 3 group record(s) = > [gaddr 224.0.0.22 is_ex { }] [gaddr 224.0.0.2 is_ex { }] [gaddr = > 224.0.0.13 is_ex { }] > 00:39:33.091330 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto = > IGMP (2), length 40, options (RA)) > 10.199.199.101 > 224.0.0.22: igmp v3 report, 1 group record(s) = > [gaddr 232.232.8.33 to_ex { }] > 00:39:35.166091 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto = > IGMP (2), length 40, options (RA)) > 10.199.199.101 > 224.0.0.22: igmp v3 report, 1 group record(s) = > [gaddr 232.232.8.33 to_ex { }] > =3D=3D=3D=3D=3D > -- = > CU, > Victor Gamov Mike From owner-freebsd-net@freebsd.org Wed Nov 6 11:29:05 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3D6441B3059 for ; Wed, 6 Nov 2019 11:29:05 +0000 (UTC) (envelope-from m.muenz@spam-fetish.org) Received: from mailout-02.maxonline.de (mailout-02.maxonline.de [81.24.66.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 477PSJ1NPkz3ygK for ; Wed, 6 Nov 2019 11:29:03 +0000 (UTC) (envelope-from m.muenz@spam-fetish.org) Received: from web03-01.max-it.de (web03-01.max-it.de [81.24.64.215]) by mailout-02.maxonline.de (Postfix) with ESMTPS id E87382DB for ; Wed, 6 Nov 2019 12:29:01 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by web03-01.max-it.de (Postfix) with ESMTP id DBF5528B8B9 for ; Wed, 6 Nov 2019 12:29:01 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at web03-01.max-it.de Received: from web03-01.max-it.de ([127.0.0.1]) by localhost (web03-01.max-it.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id oMiFk2wTFHgN for ; Wed, 6 Nov 2019 12:29:01 +0100 (CET) Received: from [172.24.68.132] (unknown [81.24.66.208]) (Authenticated sender: m.muenz@spam-fetish.org) by web03-01.max-it.de (Postfix) with ESMTPA id 91B4528B847 for ; Wed, 6 Nov 2019 12:29:01 +0100 (CET) Subject: Re: 10g IPsec ? To: freebsd-net@freebsd.org References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com> <9ebdf1d3-03da-6a4c-a9ea-aafee93eccd8@spam-fetish.org> <36b236ce-cac3-f454-df9d-66483bf84128@grosbein.net> From: "Muenz, Michael" Message-ID: <3cbb2b5e-8b4d-6a39-f35e-5f865ad2f829@spam-fetish.org> Date: Wed, 6 Nov 2019 12:29:00 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: <36b236ce-cac3-f454-df9d-66483bf84128@grosbein.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 477PSJ1NPkz3ygK X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of m.muenz@spam-fetish.org designates 81.24.66.23 as permitted sender) smtp.mailfrom=m.muenz@spam-fetish.org X-Spamd-Result: default: False [-1.57 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:81.24.64.0/22:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.99)[-0.995,0]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[spam-fetish.org]; SUBJECT_ENDS_QUESTION(1.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24764, ipnet:81.24.64.0/20, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-0.28)[ipnet: 81.24.64.0/20(-0.76), asn: 24764(-0.61), country: DE(-0.01)] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Nov 2019 11:29:05 -0000 Am 06.11.2019 um 01:21 schrieb Eugene Grosbein: > 06.11.2019 4:55, Muenz, Michael wrote: > >> These were my short results via OPNsense on 4 year old XEONs. >> So its 11.2, mostly untuned and strongswan as IPsec implementation. >> If you need more detailed specs just drop me a line. >> >> https://www.routerperformance.net/comparing-opnsense-vpn-performance/ > Was it strongswan in user-level IPsec processing mode or kernel-level? > Not really sure if I understand you right, encryption and ESP should run in kernel space, only IKE packets for SA handling run in user space. From owner-freebsd-net@freebsd.org Wed Nov 6 12:03:53 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6BDA81B465F for ; Wed, 6 Nov 2019 12:03:53 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 477QDS22Pjz41hr for ; Wed, 6 Nov 2019 12:03:51 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id xA6C3gSF057915 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 6 Nov 2019 12:03:45 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: m.muenz@spam-fetish.org Received: from [10.58.0.4] (dadv@[10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id xA6C3cZ4088272 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 6 Nov 2019 19:03:38 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: 10g IPsec ? To: "Muenz, Michael" , freebsd-net@freebsd.org References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com> <9ebdf1d3-03da-6a4c-a9ea-aafee93eccd8@spam-fetish.org> <36b236ce-cac3-f454-df9d-66483bf84128@grosbein.net> <3cbb2b5e-8b4d-6a39-f35e-5f865ad2f829@spam-fetish.org> From: Eugene Grosbein Message-ID: Date: Wed, 6 Nov 2019 19:03:37 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <3cbb2b5e-8b4d-6a39-f35e-5f865ad2f829@spam-fetish.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 477QDS22Pjz41hr X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-2.68 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-1.58)[ip: (-3.98), ipnet: 2a01:4f8::/29(-2.24), asn: 24940(-1.69), country: DE(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Nov 2019 12:03:53 -0000 06.11.2019 18:29, Muenz, Michael wrote: > Am 06.11.2019 um 01:21 schrieb Eugene Grosbein: >> 06.11.2019 4:55, Muenz, Michael wrote: >> >>> These were my short results via OPNsense on 4 year old XEONs. >>> So its 11.2, mostly untuned and strongswan as IPsec implementation. >>> If you need more detailed specs just drop me a line. >>> >>> https://www.routerperformance.net/comparing-opnsense-vpn-performance/ >> Was it strongswan in user-level IPsec processing mode or kernel-level? >> > > Not really sure if I understand you right, encryption and ESP should run in kernel space, only IKE packets for SA handling run in user space. AFAIK strongswan may process all traffic in user-land via tun(4) interface for some setups. It differs from racoon that never processes payload by itself. From owner-freebsd-net@freebsd.org Wed Nov 6 12:18:37 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AFDD01B4ACE for ; Wed, 6 Nov 2019 12:18:37 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from mail.otcnet.ru (mail.otcnet.ru [194.190.78.3]) by mx1.freebsd.org (Postfix) with ESMTP id 477QYS5m18z42Gh for ; Wed, 6 Nov 2019 12:18:36 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from MacBook-Gamov.local (unknown [195.91.148.145]) by mail.otcnet.ru (Postfix) with ESMTPSA id 4FF345C6EF for ; Wed, 6 Nov 2019 15:18:35 +0300 (MSK) Subject: Re: 10g IPsec ? To: freebsd-net@freebsd.org References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com> From: Victor Gamov Organization: OstankinoTelecom Message-ID: <2b59895d-cd21-6536-d57b-7d8b0e3310b2@otcnet.ru> Date: Wed, 6 Nov 2019 15:18:34 +0300 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 477QYS5m18z42Gh X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of vit@otcnet.ru designates 194.190.78.3 as permitted sender) smtp.mailfrom=vit@otcnet.ru X-Spamd-Result: default: False [-4.47 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a:mail.otcnet.ru]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; MIME_TRACE(0.00)[0:+]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; DMARC_NA(0.00)[otcnet.ru]; IP_SCORE(-3.27)[ip: (-8.61), ipnet: 194.190.78.0/24(-4.30), asn: 50822(-3.44), country: RU(0.01)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:50822, ipnet:194.190.78.0/24, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Nov 2019 12:18:37 -0000 On 06/11/2019 01:45, Olivier Cochard-Labbé wrote: > On Tue, Nov 5, 2019 at 8:15 PM John-Mark Gurney wrote: > >> AES-GCM can run at over 1GB/sec on a single core, so as long as the >> traffic can be processed by multiple threads (via multiple queues >> for example), it should be doable. >> >> > I didn't bench this setup (10Gb/s IPSec) but I believe we will have the > same problem with IPSec as with all VPN setups (like PPPoE or GRE): the > IPSec tunnel will generate one IP flow preventing load sharing between all > the NIC's RSS queues. > I'm not aware of improvement to remove this limitation. Is it possible to make load-sharing based on fmod(ipsec_seq_number / NUM_CPU_CORES) for example? -- CU, Victor Gamov From owner-freebsd-net@freebsd.org Wed Nov 6 12:20:29 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 445281B4BD8 for ; Wed, 6 Nov 2019 12:20:29 +0000 (UTC) (envelope-from m.muenz@spam-fetish.org) Received: from mailout-02.maxonline.de (mailout-02.maxonline.de [81.24.66.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 477Qbc3zLVz42NH for ; Wed, 6 Nov 2019 12:20:28 +0000 (UTC) (envelope-from m.muenz@spam-fetish.org) Received: from web03-01.max-it.de (web03-01.max-it.de [81.24.64.215]) by mailout-02.maxonline.de (Postfix) with ESMTPS id AB9CC2DE for ; Wed, 6 Nov 2019 13:20:26 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by web03-01.max-it.de (Postfix) with ESMTP id 99ABB28B8B9 for ; Wed, 6 Nov 2019 13:20:26 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at web03-01.max-it.de Received: from web03-01.max-it.de ([127.0.0.1]) by localhost (web03-01.max-it.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id PVrxwbQITEbP for ; Wed, 6 Nov 2019 13:20:26 +0100 (CET) Received: from [172.24.68.132] (unknown [81.24.66.208]) (Authenticated sender: m.muenz@spam-fetish.org) by web03-01.max-it.de (Postfix) with ESMTPA id 5AD4F28B847 for ; Wed, 6 Nov 2019 13:20:26 +0100 (CET) Subject: Re: 10g IPsec ? To: freebsd-net@freebsd.org References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com> <9ebdf1d3-03da-6a4c-a9ea-aafee93eccd8@spam-fetish.org> <36b236ce-cac3-f454-df9d-66483bf84128@grosbein.net> <3cbb2b5e-8b4d-6a39-f35e-5f865ad2f829@spam-fetish.org> From: "Muenz, Michael" Message-ID: <0880bc8b-d138-e4b0-0dfe-b07d01fea3da@spam-fetish.org> Date: Wed, 6 Nov 2019 13:20:25 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 477Qbc3zLVz42NH X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of m.muenz@spam-fetish.org designates 81.24.66.23 as permitted sender) smtp.mailfrom=m.muenz@spam-fetish.org X-Spamd-Result: default: False [-1.57 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:81.24.64.0/22:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.99)[-0.995,0]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[spam-fetish.org]; SUBJECT_ENDS_QUESTION(1.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24764, ipnet:81.24.64.0/20, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-0.28)[ipnet: 81.24.64.0/20(-0.76), asn: 24764(-0.61), country: DE(-0.01)] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Nov 2019 12:20:29 -0000 Am 06.11.2019 um 13:03 schrieb Eugene Grosbein: > 06.11.2019 18:29, Muenz, Michael wrote: > >> Am 06.11.2019 um 01:21 schrieb Eugene Grosbein: >>> 06.11.2019 4:55, Muenz, Michael wrote: >>> >>>> These were my short results via OPNsense on 4 year old XEONs. >>>> So its 11.2, mostly untuned and strongswan as IPsec implementation. >>>> If you need more detailed specs just drop me a line. >>>> >>>> https://www.routerperformance.net/comparing-opnsense-vpn-performance/ >>> Was it strongswan in user-level IPsec processing mode or kernel-level? >>> >> Not really sure if I understand you right, encryption and ESP should run in kernel space, only IKE packets for SA handling run in user space. > AFAIK strongswan may process all traffic in user-land via tun(4) interface for some setups. > It differs from racoon that never processes payload by itself. > I know that for route-based IPSEC strongswan creates a tun(4) interface, classic policy-based IPSEC is pushed via enc(4). Strongswan itself is not really clear about this and I never used racoon. Maybe Andrey Elsukov knows better. :) Michael From owner-freebsd-net@freebsd.org Wed Nov 6 13:22:00 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6504F1B5E77 for ; Wed, 6 Nov 2019 13:22:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 477Ryc24mvz45wv for ; Wed, 6 Nov 2019 13:22:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 457091B5E76; Wed, 6 Nov 2019 13:22:00 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 453301B5E75 for ; Wed, 6 Nov 2019 13:22:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 477Ryc1Bksz45wt for ; Wed, 6 Nov 2019 13:22:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0CA3725A32 for ; Wed, 6 Nov 2019 13:22:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA6DLxfM067215 for ; Wed, 6 Nov 2019 13:21:59 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA6DLxvt067175 for net@FreeBSD.org; Wed, 6 Nov 2019 13:21:59 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 240135] Correctness issue in IPv6 extension headers input processing routines Date: Wed, 06 Nov 2019 13:21:58 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: bz@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bz@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Nov 2019 13:22:00 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240135 Bjoern A. Zeeb changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Open Assignee|net@FreeBSD.org |bz@FreeBSD.org --- Comment #1 from Bjoern A. Zeeb --- I think I have fixed this in a local tree as part of removing most of the PULLDOWN_TEST and IP6_EXTHDR* foo. I'll hopefully upload a clean patch for review later today and will point y= ou at it. It's really helpful to have another pair of eyes on these things. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Nov 7 01:04:23 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 68E6C17EF2F for ; Thu, 7 Nov 2019 01:04:23 +0000 (UTC) (envelope-from SRS0=9TQT9z=Y7=codenetworks.net=sm@eigbox.net) Received: from bosmailout04.eigbox.net (bosmailout04.eigbox.net [66.96.189.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 477lY25htwz3PQN for ; Thu, 7 Nov 2019 01:04:22 +0000 (UTC) (envelope-from SRS0=9TQT9z=Y7=codenetworks.net=sm@eigbox.net) Received: from bosmailscan14.eigbox.net ([10.20.15.14]) by bosmailout04.eigbox.net with esmtp (Exim) id 1iSVyg-0007ZQ-UU for freebsd-net@freebsd.org; Wed, 06 Nov 2019 19:48:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=codenetworks.net; s=dkim; h=Sender:Content-Transfer-Encoding:Content-Type: MIME-Version:Date:Message-ID:To:Subject:From:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=EskPR9mYUMtY1s1iAm6LFaIyExvb0FDagULRq53p3RE=; b=DpWNKIn2/NvSdHv+4poPCC4Exn ugWhKC5HHUKX+g2KZpLywDwosBJnIOt5lS5TOp3jL/WW5s4eEszAWiTZ14bMSILotQxP2wlyL0R9j xBm57z/8umwTm9h8kIyj/3byQT/IT5H81pYoWDGsm0TSFxxeh0EIRa2yFNxc97MidqAp3mVR53WnL ILnuOzeeVafaVDQBmS/YK+f8SGVu36qlXVX+NqhHQthkx5bmgFlaqDDqMKTIrPnu2bbmBZ0e4BP/B xTB2Ja6kam0SqltnYuDDx16ZEctjxOVCrVcf2onyft197k1bSIAHHEsWJvNYM0FGacli4WvDePz+6 rzaX1MRQ==; Received: from [10.115.3.31] (helo=bosimpout11) by bosmailscan14.eigbox.net with esmtp (Exim) id 1iSVyg-0002LD-G9 for freebsd-net@freebsd.org; Wed, 06 Nov 2019 19:48:46 -0500 Received: from bosauthsmtp15.yourhostingaccount.com ([10.20.18.15]) by bosimpout11 with id Nooj210060KWaAJ01oom1M; Wed, 06 Nov 2019 19:48:46 -0500 X-Authority-Analysis: v=2.2 cv=RKvDJ8q+ c=1 sm=1 tr=0 a=6thTdk0GfRoQwv0zj4iWMg==:117 a=Nzp8aqzG5mkBmvR+bY3zzA==:17 a=IkcTkHD0fZMA:10 a=MeAgGD-zjQ4A:10 a=fcpqne9gOWkA:10 a=Xbotj0GpEp9z0EyVe1IA:9 a=QEXdDO2ut3YA:10 Received: from cpc149630-rdng29-2-0-cust146.15-3.cable.virginm.net ([82.19.160.147]:13953 helo=[192.168.0.100]) by bosauthsmtp15.eigbox.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim) id 1iSVyd-0000iD-3O for freebsd-net@freebsd.org; Wed, 06 Nov 2019 19:48:43 -0500 From: Santiago Martinez Subject: Jails with VIMAGE and VLANS. To: FreeBSD Net Message-ID: Date: Thu, 7 Nov 2019 00:48:40 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-EN-UserInfo: d3bdfab0736480cedf04ed92aaea2ef5:931c98230c6409dcc37fa7e93b490c27 X-EN-AuthUser: sm@codenetworks.net Sender: Santiago Martinez X-EN-OrigIP: 82.19.160.147 X-EN-OrigHost: cpc149630-rdng29-2-0-cust146.15-3.cable.virginm.net X-Rspamd-Queue-Id: 477lY25htwz3PQN X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=none (invalid DKIM record) header.d=codenetworks.net header.s=dkim header.b=DpWNKIn2; spf=pass (mx1.freebsd.org: domain of SRS0=9TQT9z=Y7=codenetworks.net=sm@eigbox.net designates 66.96.189.4 as permitted sender) smtp.mailfrom=SRS0=9TQT9z=Y7=codenetworks.net=sm@eigbox.net X-Spamd-Result: default: False [2.45 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:66.96.128.0/18:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(1.06)[ipnet: 66.96.128.0/18(2.88), asn: 29873(2.49), country: US(-0.05)]; NEURAL_SPAM_MEDIUM(0.80)[0.799,0]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[codenetworks.net:~]; NEURAL_SPAM_LONG(0.59)[0.585,0]; RCVD_IN_DNSWL_NONE(0.00)[4.189.96.66.list.dnswl.org : 127.0.5.0]; R_DKIM_PERMFAIL(0.00)[codenetworks.net:s=dkim]; FORGED_SENDER(0.30)[sm@codenetworks.net,SRS0=9TQT9z=Y7=codenetworks.net=sm@eigbox.net]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:29873, ipnet:66.96.128.0/18, country:US]; FROM_NEQ_ENVFROM(0.00)[sm@codenetworks.net,SRS0=9TQT9z=Y7=codenetworks.net=sm@eigbox.net]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Nov 2019 01:04:23 -0000 Hi everyone, how you are doing well. During the last months, I have been working with JAIL and VIMAGE to perform some network test/validations. I have been facing the following weird behaviour that while it has been happening before, it used to be once in a while but now it is happening almost all the time. When a jail is stopped, it seems that the interface associated with it is not released/de-associated to the no longer existing jail. This makes the system (no jailed) not to see the interface (using netstat / ifconfig) however it cannot destroy it or create it again (as it already exists). Sometimes after a few minutes, the interface is "released" and it is visible again to ifconfig or netstat. Is anybody else having the same issues? Any hints on how to debug this? Best regards. Santiago Environment details: -------------------------------------------------------------------- OS : FreeBSD 13.0-CURRENT (NEC) #70 r354360M net config : bxe1 with bxe1.70 and bxe1.80 Jail setup :  IPERF_TEST_ZONE1 (bxe1.70)  / IPERF_TEST_ZONE2 (bxe1.80) Trigger : start jails, move some traffic, stop jails. -------------------------------------------------------------------- From owner-freebsd-net@freebsd.org Thu Nov 7 01:36:42 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 685901A241E for ; Thu, 7 Nov 2019 01:36:42 +0000 (UTC) (envelope-from lstewart@freebsd.org) Received: from lauren.room52.net (lauren.room52.net [45.63.28.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 477mGK4Ppwz3wwJ; Thu, 7 Nov 2019 01:36:41 +0000 (UTC) (envelope-from lstewart@freebsd.org) Received: by lauren.room52.net (Postfix) with ESMTPSA id 5011D87D; Thu, 7 Nov 2019 12:36:32 +1100 (AEDT) Subject: Re: 10g IPsec ? To: =?UTF-8?Q?Olivier_Cochard-Labb=c3=a9?= , John-Mark Gurney Cc: freebsd-net@freebsd.org, Kurt Jaeger References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com> From: Lawrence Stewart Autocrypt: addr=lstewart@freebsd.org; prefer-encrypt=mutual; keydata= mQINBFNq7K8BEADQFhZprR6joPIvqFonlsbZ0M72rkzHkCtGzk+hiE/TZh8df32VaGhXvgAH yP9ictqRai6lYRhO5LyjwR4ysBu4jAZlLCwWWBMY8l2JjuOohsv2+87+hQy+F1nVcPYuNJ4O Eqvqmi/RTU2+kZYGT2kbsSYVWiCUqwzSNWsbVZ8Sw1+ds2e380655Cstm+Ewn3gmX/wXPn3Y 22M+h5KRj3yDn8aJ439lUTcVDQ+Dah/7h4DTn3cXfZdKFSb3HEoiwPh78R3dyQGOQgYnJ3Fp KfKu5gRlXMyB1+6wUBh7G1henvYFrN+HClr+z1fBmsm22Lb7LLs/g6p0FtWslnNxA2CvIC9I Q1nbBoA0bKji/f0S3K7LlAIv/scUqPChfp1EkBvkTOek9N0znzcVCwJTjRjfS0uu6TMWuMXr qpCCrGKonN3gdqKW9pdWmn33kDt0GaESIPOgIRwBk8Ak9/j9Hd/vdtyHab1GKGJTZfIvnJB6 xVy/zwBhUIK/h5dboYqYZds+Ky5g+j+Q4j4bsKdgwjlrRO+eGQTCjRcZoiE0M2PZGK/dt/eS zuHWv0l6r7NkQXn5RBU+5JpdzECyyolKoBrDhHMDdI+Cc3KeQfMSkftKV7UwkScoplI86pLg yKHNxyrmqp3NTE04yxpY1KlEAUv3I/lnkikpj6j1PzGXyReMewARAQABtCpMYXdyZW5jZSBB LiBTdGV3YXJ0IDxsc3Rld2FydEBmcmVlYnNkLm9yZz6JAkAEEwEKACoCGwMFCRLMAwAFCwkI BwMFFQoJCAsFFgMCAQACHgECF4AFAlNq7/0CGQEACgkQmlC8/PQNmwmFSQ/+MpZl3Ysk1D8o FzhmuL5gHyMKWhM6lFGgRVzYW219CyJlxw/twkrdTjZ8YQBTCNnjOLg4ecV+0RQGsRzczfnW 1faBGEOC9CDInwuL00M+sybbiAylotEI54yR+ey0MRcCMuP1+y4LoHLZsCoOOa3PgR5ZrTUq 3Zlq2Zfhq9dq/zrdorWyGxrynlrmZFMqkf1F3ZsHkIvyOkfoJ8+icf/nAcbzsNJP7JMYE1fP PbqbLTR2jRSbHFOu9J1+3yumA5WNbTvHwEgOmxqA20XtGxlpwXXciWWzTN2RJ3EFqCjCiTFC mtYt9/zelkOnLncVQ9s1JHbs6vr4sYNST8bA9LvGOn2BZMDmECoazHfdmM3Q+hcnPYDX8W5h FKqgV049gQZItdZpMuSQ5xgx3K2EkwI5e63XK+SNcC/PUrmbmsAHHhwlrDbBy9LQ6DFQ5uf+ yX3J3+4f4MqSRNQJ4GaLIJXz1lII+CZ3iSEVIJyFMYK2eFlxxo1g26g2USSC0gxxyL4vuz9v GHk90aGPnz6ci0JZiTcBaXr7ObdZoHgDxKjWOq8Mg0juVj5S7Dcwa3vulf5N0Iq0hFffxfoM AAy6Pa+OxKVP6sz1VltTflM73ZqVM+30FLe96iAXzhe/Ku+zI19mJ/87ZKo/5b1lKgDu3II6 dV3IwSQFrV/S0lZEsYBOMw25Ag0EU2rsrwEQALlqsHLKoqF/jfV6O3Nn9MY8r9qeO5tc7jWA lg04uM83itX/E+1ci/V2EqVmsTQFEq2TdGzhxSU1FzoKRxJrsP4dSbazOK54xiXhWMA0fMOL DkM94DXlJwV1+9aamfHshcEHdp6V6nV6YIG7lDD0RDLeTeEtMaK+nSHPWN6beJpRBdLNP+/k 9jtW4Jw/sFXSD1vq7Eb871d9sxY31LijqR+6AJrQ0vJmSH6b8gpr23pslU2f/9utQPFT6tqH H2ZoQoIyGYjyWv6IlYS33/9Idl/A8Zdcsk+aelK/1gzhKwMxvJM7dLCckS8Ir6OTl/72bMZ0 Kb/bFDx0OVPZYhOu53SfUqy8eqhy7KIN6iOgd0mn4rH9+FiJuONq0hMe+Q2NVP7392CRGXXc zgTTwcVc3Nm4zAmEF0h/JpWZWN/AjA9+8zetMnCFjivkr68DGZHLyhbgj+TGan56cTayLLvY Zc/KVfAsI3nGmwMrQhysXZo9JdHPGJwBfTqZOsTDUbrcT4DbU56/1xt3/zpoajnJu+RcfLSd k1TXWzly/BZY60TxewDWxK0f10MzZd7mzidFdvyZKEL6lTkwzZ/kAaqLy4inpqdkicskg020 +kqKxlaCHPFedXLbwfMTthi67jwO8+ZOA7/QWChPL6bmNgZlK7VMHoi7uu+vwCgeh/H3xrMH ABEBAAGJAiUEGAEKAA8FAlNq7K8CGwwFCRLMAwAACgkQmlC8/PQNmwkOWQ//Xxuo/LWfNlqI lsvpnlPgEhVaDQX3vhuru/nMiZ7wq0eTmCD011eHw8wIaF7aOjs6zKM8sf/TpfF30V3GAQSL MpzeebSHWvBfN+XQSgMmwzgrKeQd6kTUf1I501rlzX0vz2NrUqUxktaLMZd6K/1hu7smDHEx fX8SZddz124QpjQJlmCZ0ewFKJ+bMz9W3prdCwV45Gu+glWYnREIXnMd1sXtbQMiu4Z+3CTG VOXmDj14lM3KnO2Vuc6IZTf9LeEeXM5Kvy4JCH4PK3DVInv+1e7KWqFo8KIapUumLxpGHg4c OG+3LTpLg+HTFiuSKqutZU2MDjp49/YdYAGLCEHgQ4rAUWqPNLzva+fbcHIuV/RpjJd6amNC LvtjsizvpE78TzACDtUV8mAHxrVXyrukvHHl+kJVfBH0XpKXxVT1aup+O4eBj5celCNaHF2z m2nKdJW/zjO8lr17Z1q/AxFgHb0blaKNqrpauKC3QUaHjbQEKxTxQXebKrfBdhDg/nG3Qiw9 4NYb/n84KIZMgzXN9OqoOlKgiaLDJ7ijH359GQAhl3UB1Nezfg0BcuxGORlkC063279ilBkE Pw5TRO/8gJH0+We+2unIqUZyHj4P4SLk2xXeyJxqoH+WUNCJBK3IItBQYLb2v0vsutbT193j xwpvFODEWa5OVDC+bcpRp1M= Message-ID: Date: Thu, 7 Nov 2019 12:36:31 +1100 User-Agent: Not your concern MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 477mGK4Ppwz3wwJ X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-1.86 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-0.86)[-0.864,0]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; ASN(0.00)[asn:20473, ipnet:45.63.24.0/21, country:US] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Nov 2019 01:36:42 -0000 On 6/11/19 9:45 am, Olivier Cochard-Labbé wrote: > On Tue, Nov 5, 2019 at 8:15 PM John-Mark Gurney wrote: > >> AES-GCM can run at over 1GB/sec on a single core, so as long as the >> traffic can be processed by multiple threads (via multiple queues >> for example), it should be doable. >> >> > I didn't bench this setup (10Gb/s IPSec) but I believe we will have the > same problem with IPSec as with all VPN setups (like PPPoE or GRE): the > IPSec tunnel will generate one IP flow preventing load sharing between all > the NIC's RSS queues. > I'm not aware of improvement to remove this limitation. I never understood why the IPsec SPI couldn't be used to shard traffic... does anyone know if there is a technical reason why doing so would be problematic? Cheers, Lawrence From owner-freebsd-net@freebsd.org Thu Nov 7 01:53:21 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A46471A304B for ; Thu, 7 Nov 2019 01:53:21 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 477mdX36Flz3xqV; Thu, 7 Nov 2019 01:53:20 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id xA71r31Q065152 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 7 Nov 2019 01:53:05 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: lstewart@freebsd.org Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id xA71qtF3095699 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 7 Nov 2019 08:52:55 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: 10g IPsec ? To: Lawrence Stewart , =?UTF-8?Q?Olivier_Cochard-Labb=c3=a9?= , John-Mark Gurney References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com> Cc: freebsd-net@freebsd.org, Kurt Jaeger From: Eugene Grosbein Message-ID: <261b842d-51eb-4522-6ef5-0672e5d1594e@grosbein.net> Date: Thu, 7 Nov 2019 08:52:48 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.0 SPF_PASS SPF: sender matches SPF record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 477mdX36Flz3xqV X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-2.67 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[grosbein.net]; RCPT_COUNT_FIVE(0.00)[5]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(-1.58)[ip: (-3.93), ipnet: 2a01:4f8::/29(-2.24), asn: 24940(-1.69), country: DE(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Nov 2019 01:53:21 -0000 07.11.2019 8:36, Lawrence Stewart wrote: >>> AES-GCM can run at over 1GB/sec on a single core, so as long as the >>> traffic can be processed by multiple threads (via multiple queues >>> for example), it should be doable. >>> >>> >> I didn't bench this setup (10Gb/s IPSec) but I believe we will have the >> same problem with IPSec as with all VPN setups (like PPPoE or GRE): the >> IPSec tunnel will generate one IP flow preventing load sharing between all >> the NIC's RSS queues. >> I'm not aware of improvement to remove this limitation. > > I never understood why the IPsec SPI couldn't be used to shard > traffic... does anyone know if there is a technical reason why doing so > would be problematic? Generic way do distribute load over CPUs is distinct hardware receive queues of NIC using distinct interrupts to deliver packets to the host while interrupts are bound to distinct CPU cores. It needs hardware capable of splitting packet stream by IPsec SPI and I'm aware of only some 40Gpbs Intel NICs that can be programmed to do so. From owner-freebsd-net@freebsd.org Thu Nov 7 02:04:18 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A073E1A35CE for ; Thu, 7 Nov 2019 02:04:18 +0000 (UTC) (envelope-from lstewart@freebsd.org) Received: from lauren.room52.net (lauren.room52.net [45.63.28.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 477mtB1NgZz3yHB; Thu, 7 Nov 2019 02:04:18 +0000 (UTC) (envelope-from lstewart@freebsd.org) Received: by lauren.room52.net (Postfix) with ESMTPSA id C213488F; Thu, 7 Nov 2019 13:04:14 +1100 (AEDT) Subject: Re: 10g IPsec ? To: Eugene Grosbein , =?UTF-8?Q?Olivier_Cochard-Labb=c3=a9?= , John-Mark Gurney Cc: freebsd-net@freebsd.org, Kurt Jaeger References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com> <261b842d-51eb-4522-6ef5-0672e5d1594e@grosbein.net> From: Lawrence Stewart Autocrypt: addr=lstewart@freebsd.org; prefer-encrypt=mutual; keydata= mQINBFNq7K8BEADQFhZprR6joPIvqFonlsbZ0M72rkzHkCtGzk+hiE/TZh8df32VaGhXvgAH yP9ictqRai6lYRhO5LyjwR4ysBu4jAZlLCwWWBMY8l2JjuOohsv2+87+hQy+F1nVcPYuNJ4O Eqvqmi/RTU2+kZYGT2kbsSYVWiCUqwzSNWsbVZ8Sw1+ds2e380655Cstm+Ewn3gmX/wXPn3Y 22M+h5KRj3yDn8aJ439lUTcVDQ+Dah/7h4DTn3cXfZdKFSb3HEoiwPh78R3dyQGOQgYnJ3Fp KfKu5gRlXMyB1+6wUBh7G1henvYFrN+HClr+z1fBmsm22Lb7LLs/g6p0FtWslnNxA2CvIC9I Q1nbBoA0bKji/f0S3K7LlAIv/scUqPChfp1EkBvkTOek9N0znzcVCwJTjRjfS0uu6TMWuMXr qpCCrGKonN3gdqKW9pdWmn33kDt0GaESIPOgIRwBk8Ak9/j9Hd/vdtyHab1GKGJTZfIvnJB6 xVy/zwBhUIK/h5dboYqYZds+Ky5g+j+Q4j4bsKdgwjlrRO+eGQTCjRcZoiE0M2PZGK/dt/eS zuHWv0l6r7NkQXn5RBU+5JpdzECyyolKoBrDhHMDdI+Cc3KeQfMSkftKV7UwkScoplI86pLg yKHNxyrmqp3NTE04yxpY1KlEAUv3I/lnkikpj6j1PzGXyReMewARAQABtCpMYXdyZW5jZSBB LiBTdGV3YXJ0IDxsc3Rld2FydEBmcmVlYnNkLm9yZz6JAkAEEwEKACoCGwMFCRLMAwAFCwkI BwMFFQoJCAsFFgMCAQACHgECF4AFAlNq7/0CGQEACgkQmlC8/PQNmwmFSQ/+MpZl3Ysk1D8o FzhmuL5gHyMKWhM6lFGgRVzYW219CyJlxw/twkrdTjZ8YQBTCNnjOLg4ecV+0RQGsRzczfnW 1faBGEOC9CDInwuL00M+sybbiAylotEI54yR+ey0MRcCMuP1+y4LoHLZsCoOOa3PgR5ZrTUq 3Zlq2Zfhq9dq/zrdorWyGxrynlrmZFMqkf1F3ZsHkIvyOkfoJ8+icf/nAcbzsNJP7JMYE1fP PbqbLTR2jRSbHFOu9J1+3yumA5WNbTvHwEgOmxqA20XtGxlpwXXciWWzTN2RJ3EFqCjCiTFC mtYt9/zelkOnLncVQ9s1JHbs6vr4sYNST8bA9LvGOn2BZMDmECoazHfdmM3Q+hcnPYDX8W5h FKqgV049gQZItdZpMuSQ5xgx3K2EkwI5e63XK+SNcC/PUrmbmsAHHhwlrDbBy9LQ6DFQ5uf+ yX3J3+4f4MqSRNQJ4GaLIJXz1lII+CZ3iSEVIJyFMYK2eFlxxo1g26g2USSC0gxxyL4vuz9v GHk90aGPnz6ci0JZiTcBaXr7ObdZoHgDxKjWOq8Mg0juVj5S7Dcwa3vulf5N0Iq0hFffxfoM AAy6Pa+OxKVP6sz1VltTflM73ZqVM+30FLe96iAXzhe/Ku+zI19mJ/87ZKo/5b1lKgDu3II6 dV3IwSQFrV/S0lZEsYBOMw25Ag0EU2rsrwEQALlqsHLKoqF/jfV6O3Nn9MY8r9qeO5tc7jWA lg04uM83itX/E+1ci/V2EqVmsTQFEq2TdGzhxSU1FzoKRxJrsP4dSbazOK54xiXhWMA0fMOL DkM94DXlJwV1+9aamfHshcEHdp6V6nV6YIG7lDD0RDLeTeEtMaK+nSHPWN6beJpRBdLNP+/k 9jtW4Jw/sFXSD1vq7Eb871d9sxY31LijqR+6AJrQ0vJmSH6b8gpr23pslU2f/9utQPFT6tqH H2ZoQoIyGYjyWv6IlYS33/9Idl/A8Zdcsk+aelK/1gzhKwMxvJM7dLCckS8Ir6OTl/72bMZ0 Kb/bFDx0OVPZYhOu53SfUqy8eqhy7KIN6iOgd0mn4rH9+FiJuONq0hMe+Q2NVP7392CRGXXc zgTTwcVc3Nm4zAmEF0h/JpWZWN/AjA9+8zetMnCFjivkr68DGZHLyhbgj+TGan56cTayLLvY Zc/KVfAsI3nGmwMrQhysXZo9JdHPGJwBfTqZOsTDUbrcT4DbU56/1xt3/zpoajnJu+RcfLSd k1TXWzly/BZY60TxewDWxK0f10MzZd7mzidFdvyZKEL6lTkwzZ/kAaqLy4inpqdkicskg020 +kqKxlaCHPFedXLbwfMTthi67jwO8+ZOA7/QWChPL6bmNgZlK7VMHoi7uu+vwCgeh/H3xrMH ABEBAAGJAiUEGAEKAA8FAlNq7K8CGwwFCRLMAwAACgkQmlC8/PQNmwkOWQ//Xxuo/LWfNlqI lsvpnlPgEhVaDQX3vhuru/nMiZ7wq0eTmCD011eHw8wIaF7aOjs6zKM8sf/TpfF30V3GAQSL MpzeebSHWvBfN+XQSgMmwzgrKeQd6kTUf1I501rlzX0vz2NrUqUxktaLMZd6K/1hu7smDHEx fX8SZddz124QpjQJlmCZ0ewFKJ+bMz9W3prdCwV45Gu+glWYnREIXnMd1sXtbQMiu4Z+3CTG VOXmDj14lM3KnO2Vuc6IZTf9LeEeXM5Kvy4JCH4PK3DVInv+1e7KWqFo8KIapUumLxpGHg4c OG+3LTpLg+HTFiuSKqutZU2MDjp49/YdYAGLCEHgQ4rAUWqPNLzva+fbcHIuV/RpjJd6amNC LvtjsizvpE78TzACDtUV8mAHxrVXyrukvHHl+kJVfBH0XpKXxVT1aup+O4eBj5celCNaHF2z m2nKdJW/zjO8lr17Z1q/AxFgHb0blaKNqrpauKC3QUaHjbQEKxTxQXebKrfBdhDg/nG3Qiw9 4NYb/n84KIZMgzXN9OqoOlKgiaLDJ7ijH359GQAhl3UB1Nezfg0BcuxGORlkC063279ilBkE Pw5TRO/8gJH0+We+2unIqUZyHj4P4SLk2xXeyJxqoH+WUNCJBK3IItBQYLb2v0vsutbT193j xwpvFODEWa5OVDC+bcpRp1M= Message-ID: Date: Thu, 7 Nov 2019 13:04:14 +1100 User-Agent: Not your concern MIME-Version: 1.0 In-Reply-To: <261b842d-51eb-4522-6ef5-0672e5d1594e@grosbein.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 477mtB1NgZz3yHB X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-1.87 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-0.87)[-0.871,0]; ASN(0.00)[asn:20473, ipnet:45.63.24.0/21, country:US]; NEURAL_HAM_LONG(-1.00)[-0.999,0] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Nov 2019 02:04:18 -0000 On 7/11/19 12:52 pm, Eugene Grosbein wrote: > 07.11.2019 8:36, Lawrence Stewart wrote: > >>>> AES-GCM can run at over 1GB/sec on a single core, so as long as the >>>> traffic can be processed by multiple threads (via multiple queues >>>> for example), it should be doable. >>>> >>>> >>> I didn't bench this setup (10Gb/s IPSec) but I believe we will have the >>> same problem with IPSec as with all VPN setups (like PPPoE or GRE): the >>> IPSec tunnel will generate one IP flow preventing load sharing between all >>> the NIC's RSS queues. >>> I'm not aware of improvement to remove this limitation. >> >> I never understood why the IPsec SPI couldn't be used to shard >> traffic... does anyone know if there is a technical reason why doing so >> would be problematic? > > Generic way do distribute load over CPUs is distinct hardware receive queues of NIC > using distinct interrupts to deliver packets to the host while interrupts are bound > to distinct CPU cores. It needs hardware capable of splitting packet stream by IPsec SPI > and I'm aware of only some 40Gpbs Intel NICs that can be programmed to do so. Right, a "consumers need to ask for it" issue more so than an inherently problematic approach. I assumed as much but wasn't sure. Cheers Lawrence From owner-freebsd-net@freebsd.org Thu Nov 7 07:33:17 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7A1521AA54D for ; Thu, 7 Nov 2019 07:33:17 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gate2.funkthat.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 477w9n1TKqz4FHR; Thu, 7 Nov 2019 07:33:16 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.15.2/8.15.2) with ESMTPS id xA77WuFq041696 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 6 Nov 2019 23:32:56 -0800 (PST) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.15.2/8.15.2/Submit) id xA77WtMq041695; Wed, 6 Nov 2019 23:32:55 -0800 (PST) (envelope-from jmg) Date: Wed, 6 Nov 2019 23:32:55 -0800 From: John-Mark Gurney To: Lawrence Stewart Cc: Eugene Grosbein , Olivier =?iso-8859-1?Q?Cochard-Labb=E9?= , freebsd-net@freebsd.org, Kurt Jaeger Subject: Re: 10g IPsec ? Message-ID: <20191107073255.GU8521@funkthat.com> Mail-Followup-To: Lawrence Stewart , Eugene Grosbein , Olivier =?iso-8859-1?Q?Cochard-Labb=E9?= , freebsd-net@freebsd.org, Kurt Jaeger References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com> <261b842d-51eb-4522-6ef5-0672e5d1594e@grosbein.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD 11.0-RELEASE-p7 amd64 X-PGP-Fingerprint: D87A 235F FB71 1F3F 55B7 ED9B D5FF 5A51 C0AC 3D65 X-Files: The truth is out there X-URL: https://www.funkthat.com/ X-Resume: https://www.funkthat.com/~jmg/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.6.1 (2016-04-27) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (gold.funkthat.com [127.0.0.1]); Wed, 06 Nov 2019 23:32:56 -0800 (PST) X-Rspamd-Queue-Id: 477w9n1TKqz4FHR X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-6.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-0.997,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Nov 2019 07:33:17 -0000 Lawrence Stewart wrote this message on Thu, Nov 07, 2019 at 13:04 +1100: > On 7/11/19 12:52 pm, Eugene Grosbein wrote: > > 07.11.2019 8:36, Lawrence Stewart wrote: > > > >>>> AES-GCM can run at over 1GB/sec on a single core, so as long as the > >>>> traffic can be processed by multiple threads (via multiple queues > >>>> for example), it should be doable. > >>>> > >>>> > >>> I didn't bench this setup (10Gb/s IPSec) but I believe we will have the > >>> same problem with IPSec as with all VPN setups (like PPPoE or GRE): the > >>> IPSec tunnel will generate one IP flow preventing load sharing between all > >>> the NIC's RSS queues. > >>> I'm not aware of improvement to remove this limitation. > >> > >> I never understood why the IPsec SPI couldn't be used to shard > >> traffic... does anyone know if there is a technical reason why doing so > >> would be problematic? > > > > Generic way do distribute load over CPUs is distinct hardware receive queues of NIC > > using distinct interrupts to deliver packets to the host while interrupts are bound > > to distinct CPU cores. It needs hardware capable of splitting packet stream by IPsec SPI > > and I'm aware of only some 40Gpbs Intel NICs that can be programmed to do so. > > Right, a "consumers need to ask for it" issue more so than an inherently > problematic approach. I assumed as much but wasn't sure. Don't we have the option of doing soft re-classification? Where we recalculate the hash, and then do a netisr defer? I mean that'd burn a bunch of extra cpu cycles, but you gotta do what you gotta do. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." From owner-freebsd-net@freebsd.org Thu Nov 7 07:48:52 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 062E61AA966 for ; Thu, 7 Nov 2019 07:48:52 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 477wWk4vVZz4Fpr; Thu, 7 Nov 2019 07:48:50 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id xA77mgBe067827 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 7 Nov 2019 07:48:44 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: lstewart@freebsd.org Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id xA77mceo000428 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 7 Nov 2019 14:48:38 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: 10g IPsec ? To: Lawrence Stewart , =?UTF-8?Q?Olivier_Cochard-Labb=c3=a9?= , freebsd-net@freebsd.org, Kurt Jaeger References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com> <261b842d-51eb-4522-6ef5-0672e5d1594e@grosbein.net> <20191107073255.GU8521@funkthat.com> From: Eugene Grosbein Message-ID: <54db0c82-ad44-13ed-8e1f-702557f331e5@grosbein.net> Date: Thu, 7 Nov 2019 14:48:31 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20191107073255.GU8521@funkthat.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 477wWk4vVZz4Fpr X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-2.66 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[grosbein.net]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; IP_SCORE(-1.56)[ip: (-3.88), ipnet: 2a01:4f8::/29(-2.24), asn: 24940(-1.69), country: DE(-0.01)]; R_SPF_PERMFAIL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Nov 2019 07:48:52 -0000 07.11.2019 14:32, John-Mark Gurney wrote: > Don't we have the option of doing soft re-classification? Where we > recalculate the hash, and then do a netisr defer? I mean that'd burn > a bunch of extra cpu cycles, but you gotta do what you gotta do. If the host got a packet already, it can just process it without extra re-classification. The only case I know when such re-classification can be useful is assigning M_FLOWID to the mbuf so that lagg(4) using LACP could send it further using such M_FLOWID and maybe distribute distinct IPsec flows over distinct ports of LAGG group. I doubt this has much practical use :-) Generally we terminate IPsec locally or route packets to other hosts without need to differ them from other transit traffic. From owner-freebsd-net@freebsd.org Thu Nov 7 09:52:29 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AE5AD1AE95F for ; Thu, 7 Nov 2019 09:52:29 +0000 (UTC) (envelope-from damien.deville@stormshield.eu) Received: from work.stormshield.eu (gwlille.netasq.com [91.212.116.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 477zGN5nKDz4PtY; Thu, 7 Nov 2019 09:52:28 +0000 (UTC) (envelope-from damien.deville@stormshield.eu) Received: from work.stormshield.eu (localhost.localdomain [127.0.0.1]) by work.stormshield.eu (Postfix) with ESMTPS id AE41D3AA1EBC; Thu, 7 Nov 2019 10:52:11 +0100 (CET) Received: from localhost (localhost.localdomain [127.0.0.1]) by work.stormshield.eu (Postfix) with ESMTP id 9DA023AA1EBA; Thu, 7 Nov 2019 10:52:11 +0100 (CET) Received: from work.stormshield.eu ([127.0.0.1]) by localhost (work.stormshield.eu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id LkIbHEQNF37d; Thu, 7 Nov 2019 10:52:11 +0100 (CET) Received: from work.stormshield.eu (localhost.localdomain [127.0.0.1]) by work.stormshield.eu (Postfix) with ESMTP id 859D23ABE325; Thu, 7 Nov 2019 10:52:11 +0100 (CET) Date: Thu, 7 Nov 2019 10:52:11 +0100 (CET) From: Damien DEVILLE To: Eugene Grosbein Cc: Lawrence Stewart , olivier , freebsd-net@freebsd.org, Kurt Jaeger Message-ID: <972466586.1921723.1573120331472.JavaMail.zimbra@stormshield.eu> In-Reply-To: <54db0c82-ad44-13ed-8e1f-702557f331e5@grosbein.net> References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com> <261b842d-51eb-4522-6ef5-0672e5d1594e@grosbein.net> <20191107073255.GU8521@funkthat.com> <54db0c82-ad44-13ed-8e1f-702557f331e5@grosbein.net> Subject: Re: 10g IPsec ? MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Thread-Topic: 10g IPsec ? Thread-Index: BNxjSrxtFjpkQsM9dObwrNZIqo4JZA== X-Rspamd-Queue-Id: 477zGN5nKDz4PtY X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of damien.deville@stormshield.eu designates 91.212.116.1 as permitted sender) smtp.mailfrom=damien.deville@stormshield.eu X-Spamd-Result: default: False [1.91 / 15.00]; ARC_NA(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:91.212.116.1]; NEURAL_HAM_LONG(-0.02)[-0.019,0]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[stormshield.eu]; NEURAL_SPAM_MEDIUM(0.71)[0.707,0]; RCPT_COUNT_FIVE(0.00)[5]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[1.116.212.91.list.dnswl.org : 127.0.10.0]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:49068, ipnet:91.212.116.0/24, country:FR]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.52)[ip: (1.37), ipnet: 91.212.116.0/24(0.68), asn: 49068(0.55), country: FR(-0.00)] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Nov 2019 09:52:29 -0000 Hi freebsd-net, At Stormshield we have various patches related to that topic that we can sh= are. On the flow id part, we have a patch that recompute a new flowid for the IP= sec flow after encapsulation based on the spi. This force the usage of the same transmit queue on the network card side fo= r each tunnel/SPI. If you are interested i can make a review for this one to upstream it, it i= s a small and simple modification. On the single tunnel optimisation we recently took some time to optimize so= me code we made earlier and commited to FreeBSD 11 https://github.com/freebsd/freebsd/commit/fbc9da5dbe50b72a335de7a27b6834fba= 8ee3cf0 + https://github.com/freebsd/freebsd/commit/c8b6f569add600b6ce34184= 8bcc28a79fb5f273b The goal was to optimize this code in the context of a single IPsec tunnel = and a single network flow in that tunnel. On one of our high end hardware (Intel(R) Xeon(R) E-2176G with 6 cores / ix= l network cards), the previous code was running around 2.4Gbps using AES-GC= M with a mix of packet size whose average size was around 650 bytes. After various heavy optimization in opencrypto/crypto.c and on IPsec stack = we managed to increase the performance on the same test to around 5Gbps. Ta= ke care this is mainly targeted to the subset of opencrypto feature we are = using in our products (mainly IPsec with or without hardware cryptography) I can take some time to review and submit this big patch if there is some i= nterest in it. It will require some work on our side cause at the moment this patch is for= FreeBSD 10.3 and has some depencies to our custom polling code which is no= t in FreeBSD. We made the modification to work using kproc in the non polli= ng code but we have still to test those on an unmodified FreeBSD. I can also share the various benchmark we did to illustrate the impact of s= ome of the optimisation we did. Damien -- Damien Deville IPS Technical Leader http://www.stormshield.eu Stormshield 2/6 Avenue de l'Horizon, Bat. 6 - FR 59650 Villeneuve d'Ascq ----- Le 7 Nov 19, =C3=A0 8:48, Eugene Grosbein eugen@grosbein.net a =C3=A9= crit : | 07.11.2019 14:32, John-Mark Gurney wrote: |=20 |> Don't we have the option of doing soft re-classification? Where we |> recalculate the hash, and then do a netisr defer? I mean that'd burn |> a bunch of extra cpu cycles, but you gotta do what you gotta do. |=20 | If the host got a packet already, it can just process it without extra | re-classification. |=20 | The only case I know when such re-classification can be useful is assigni= ng | M_FLOWID to the mbuf | so that lagg(4) using LACP could send it further using such M_FLOWID and = maybe | distribute distinct IPsec flows over distinct ports of LAGG group. |=20 | I doubt this has much practical use :-) Generally we terminate IPsec loca= lly | or route packets to other hosts without need to differ them from other tr= ansit | traffic. |=20 | _______________________________________________ | freebsd-net@freebsd.org mailing list | https://lists.freebsd.org/mailman/listinfo/freebsd-net | To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@freebsd.org Thu Nov 7 10:41:41 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A0B271AFB8B for ; Thu, 7 Nov 2019 10:41:41 +0000 (UTC) (envelope-from pi@freebsd.org) Received: from fc.opsec.eu (fc.opsec.eu [IPv6:2001:14f8:200:4::4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4780M91wyqz4TNH; Thu, 7 Nov 2019 10:41:40 +0000 (UTC) (envelope-from pi@freebsd.org) Received: from pi by fc.opsec.eu with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iSfEG-0003wN-Ql; Thu, 07 Nov 2019 11:41:28 +0100 Date: Thu, 7 Nov 2019 11:41:28 +0100 From: Kurt Jaeger To: Damien DEVILLE Cc: Eugene Grosbein , Lawrence Stewart , olivier , freebsd-net@freebsd.org, Kurt Jaeger Subject: Re: 10g IPsec ? Message-ID: <20191107104128.GI1203@fc.opsec.eu> References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com> <261b842d-51eb-4522-6ef5-0672e5d1594e@grosbein.net> <20191107073255.GU8521@funkthat.com> <54db0c82-ad44-13ed-8e1f-702557f331e5@grosbein.net> <972466586.1921723.1573120331472.JavaMail.zimbra@stormshield.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <972466586.1921723.1573120331472.JavaMail.zimbra@stormshield.eu> X-Rspamd-Queue-Id: 4780M91wyqz4TNH X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-1.85 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-0.85)[-0.853,0]; ASN(0.00)[asn:12502, ipnet:2001:14f8::/32, country:DE]; NEURAL_HAM_LONG(-1.00)[-0.999,0] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Nov 2019 10:41:41 -0000 Hi! > At Stormshield we have various patches related to that topic that we can share. > > On the flow id part, we have a patch that recompute a new flowid for the IPsec flow after encapsulation based on the spi. > This force the usage of the same transmit queue on the network card side for each tunnel/SPI. > > If you are interested i can make a review for this one to upstream it, it is a small and simple modification. Yes, please. If you have the review, please add me to it. > On one of our high end hardware (Intel(R) Xeon(R) E-2176G with 6 cores / ixl network cards), the previous code was running around 2.4Gbps using AES-GCM with a mix of packet size whose average size was around 650 bytes. > After various heavy optimization in opencrypto/crypto.c and on IPsec stack we managed to increase the performance on the same test to around 5Gbps. Take care this is mainly targeted to the subset of opencrypto feature we are using in our products (mainly IPsec with or without hardware cryptography) > > I can take some time to review and submit this big patch if there is some interest in it. I would appreciate this -- would it help if my company pays some money for this to make it happen ? > It will require some work on our side cause at the moment this patch is for FreeBSD 10.3 and has some depencies to our custom polling code which is not in FreeBSD. We made the modification to work using kproc in the non polling code but we have still to test those on an unmodified FreeBSD. Again, depending on the amount of work: it would definitly be interesting. > I can also share the various benchmark we did to illustrate the impact of some of the optimisation we did. That would be very interesting. The final point would be: How interoperable is the resulting IPsec connect with non-FreeBSD counterparts 8-} ? -- pi@FreeBSD.org +49 171 3101372 One year to go ! From owner-freebsd-net@freebsd.org Thu Nov 7 13:06:03 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 67C441B375F for ; Thu, 7 Nov 2019 13:06:03 +0000 (UTC) (envelope-from SRS0=9TQT9z=Y7=codenetworks.net=sm@eigbox.net) Received: from bosmailout04.eigbox.net (bosmailout04.eigbox.net [66.96.189.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4783Yk31Vwz4cb7; Thu, 7 Nov 2019 13:06:02 +0000 (UTC) (envelope-from SRS0=9TQT9z=Y7=codenetworks.net=sm@eigbox.net) Received: from bosmailscan12.eigbox.net ([10.20.15.12]) by bosmailout04.eigbox.net with esmtp (Exim) id 1iShU9-0002Wq-Fr; Thu, 07 Nov 2019 08:06:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=codenetworks.net; s=dkim; h=Sender:Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=0LqKukT3BISiiABIbmelq1rIVwBKOLzZW8G0pu8LA9k=; b=UClaq7JvlBVL5o2p72OBw2IPnI f6bowZ3M7YlJsFta2mogHON5yGlBYYp9Ocr38b57PBVElKv36wdJEiLJDhnkhAARNlqs3WXKzNCXq ORS+4x5LzTcMo96l4TE6OmbscLKr277QApev6EfD/Bc3JmSe786jWGG/K4l2oBuLam5bhO8uI9zuo Q/aklE6VG5A20xDL8UZW+KpnAlWBqeTflhb6meHIPsGgepBftutVaaCV1MS88DfSthom0TrC+roqg aoqKVY3QPqDLd9L74uwCrm1Nu6kWhjnPLv2GBu1eZHy5bEtyTOW9p6HayO8+CxQYglt8mANk/Wx08 M/Spzn/Q==; Received: from [10.115.3.32] (helo=bosimpout12) by bosmailscan12.eigbox.net with esmtp (Exim) id 1iShU3-0001FH-3v; Thu, 07 Nov 2019 08:05:55 -0500 Received: from bosauthsmtp15.yourhostingaccount.com ([10.20.18.15]) by bosimpout12 with id P15r2100C0KWaAJ0115uTK; Thu, 07 Nov 2019 08:05:55 -0500 X-Authority-Analysis: v=2.2 cv=BKTDlBYG c=1 sm=1 tr=0 a=6thTdk0GfRoQwv0zj4iWMg==:117 a=Nzp8aqzG5mkBmvR+bY3zzA==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=IkcTkHD0fZMA:10 a=MeAgGD-zjQ4A:10 a=fcpqne9gOWkA:10 a=jiPuw5eMwTB2Z3C5Yv8A:9 a=QEXdDO2ut3YA:10 Received: from cpc149630-rdng29-2-0-cust146.15-3.cable.virginm.net ([82.19.160.147]:3247 helo=[192.168.0.100]) by bosauthsmtp15.eigbox.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim) id 1iShTz-0004vW-3i; Thu, 07 Nov 2019 08:05:51 -0500 Subject: Re: 10g IPsec ? To: Kurt Jaeger , Damien DEVILLE Cc: Lawrence Stewart , olivier , Eugene Grosbein , freebsd-net@freebsd.org References: <20191104194637.GA71627@home.opsec.eu> <20191105191514.GG8521@funkthat.com> <261b842d-51eb-4522-6ef5-0672e5d1594e@grosbein.net> <20191107073255.GU8521@funkthat.com> <54db0c82-ad44-13ed-8e1f-702557f331e5@grosbein.net> <972466586.1921723.1573120331472.JavaMail.zimbra@stormshield.eu> <20191107104128.GI1203@fc.opsec.eu> From: Santiago Martinez Message-ID: Date: Thu, 7 Nov 2019 13:05:39 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: <20191107104128.GI1203@fc.opsec.eu> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-EN-UserInfo: d3bdfab0736480cedf04ed92aaea2ef5:931c98230c6409dcc37fa7e93b490c27 X-EN-AuthUser: sm@codenetworks.net Sender: Santiago Martinez X-EN-OrigIP: 82.19.160.147 X-EN-OrigHost: cpc149630-rdng29-2-0-cust146.15-3.cable.virginm.net X-Rspamd-Queue-Id: 4783Yk31Vwz4cb7 X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org; dkim=none (invalid DKIM record) header.d=codenetworks.net header.s=dkim header.b=UClaq7Jv; spf=pass (mx1.freebsd.org: domain of SRS0=9TQT9z=Y7=codenetworks.net=sm@eigbox.net designates 66.96.189.4 as permitted sender) smtp.mailfrom=SRS0=9TQT9z=Y7=codenetworks.net=sm@eigbox.net X-Spamd-Result: default: False [4.04 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:66.96.128.0/18:c]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; NEURAL_SPAM_MEDIUM(1.00)[0.996,0]; RCPT_COUNT_FIVE(0.00)[6]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[codenetworks.net:~]; NEURAL_SPAM_LONG(0.98)[0.983,0]; RCVD_IN_DNSWL_NONE(0.00)[4.189.96.66.list.dnswl.org : 127.0.5.0]; R_DKIM_PERMFAIL(0.00)[codenetworks.net:s=dkim]; IP_SCORE(1.06)[ipnet: 66.96.128.0/18(2.88), asn: 29873(2.49), country: US(-0.05)]; FORGED_SENDER(0.30)[sm@codenetworks.net,SRS0=9TQT9z=Y7=codenetworks.net=sm@eigbox.net]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:29873, ipnet:66.96.128.0/18, country:US]; FROM_NEQ_ENVFROM(0.00)[sm@codenetworks.net,SRS0=9TQT9z=Y7=codenetworks.net=sm@eigbox.net]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Nov 2019 13:06:03 -0000 Super interesting, I'm also up for it, i guess i can help with some funding. Santi On 2019-11-07 10:41, Kurt Jaeger wrote: > Hi! > >> At Stormshield we have various patches related to that topic that we can share. >> >> On the flow id part, we have a patch that recompute a new flowid for the IPsec flow after encapsulation based on the spi. >> This force the usage of the same transmit queue on the network card side for each tunnel/SPI. >> >> If you are interested i can make a review for this one to upstream it, it is a small and simple modification. > Yes, please. If you have the review, please add me to it. > >> On one of our high end hardware (Intel(R) Xeon(R) E-2176G with 6 cores / ixl network cards), the previous code was running around 2.4Gbps using AES-GCM with a mix of packet size whose average size was around 650 bytes. >> After various heavy optimization in opencrypto/crypto.c and on IPsec stack we managed to increase the performance on the same test to around 5Gbps. Take care this is mainly targeted to the subset of opencrypto feature we are using in our products (mainly IPsec with or without hardware cryptography) >> >> I can take some time to review and submit this big patch if there is some interest in it. > I would appreciate this -- would it help if my company pays some > money for this to make it happen ? > >> It will require some work on our side cause at the moment this patch is for FreeBSD 10.3 and has some depencies to our custom polling code which is not in FreeBSD. We made the modification to work using kproc in the non polling code but we have still to test those on an unmodified FreeBSD. > Again, depending on the amount of work: it would definitly be interesting. > >> I can also share the various benchmark we did to illustrate the impact of some of the optimisation we did. > That would be very interesting. The final point would be: How > interoperable is the resulting IPsec connect with non-FreeBSD > counterparts 8-} ? > From owner-freebsd-net@freebsd.org Thu Nov 7 13:45:22 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8C5E71B451A for ; Thu, 7 Nov 2019 13:45:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4784R634lKz4fny for ; Thu, 7 Nov 2019 13:45:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 69BB61B4519; Thu, 7 Nov 2019 13:45:22 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 698721B4518 for ; Thu, 7 Nov 2019 13:45:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4784R62G8rz4fnx for ; Thu, 7 Nov 2019 13:45:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 31866E93F for ; Thu, 7 Nov 2019 13:45:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA7DjMbq059282 for ; Thu, 7 Nov 2019 13:45:22 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA7DjMOv059281 for net@FreeBSD.org; Thu, 7 Nov 2019 13:45:22 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241765] em(4) - does not preserve link status across suspend/resume Date: Thu, 07 Nov 2019 13:45:21 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: IntelNetworking, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Nov 2019 13:45:22 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241765 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |net@FreeBSD.org Keywords| |IntelNetworking, regression --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Nov 7 13:47:02 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E2BA21B47D0 for ; Thu, 7 Nov 2019 13:47:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4784T25km6z4g6Q for ; Thu, 7 Nov 2019 13:47:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id C48181B47CE; Thu, 7 Nov 2019 13:47:02 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C41B61B47CD for ; Thu, 7 Nov 2019 13:47:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4784T24vGSz4g6P for ; Thu, 7 Nov 2019 13:47:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8D00FE955 for ; Thu, 7 Nov 2019 13:47:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA7Dl2Va061507 for ; Thu, 7 Nov 2019 13:47:02 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA7Dl2lv061505 for net@FreeBSD.org; Thu, 7 Nov 2019 13:47:02 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241718] rack_tcp: page fault/kernel panic in rack_output when installing Vivaldi browser via wine Date: Thu, 07 Nov 2019 13:47:02 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: panic X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: keywords assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Nov 2019 13:47:02 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241718 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |panic Assignee|bugs@FreeBSD.org |net@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Nov 7 13:52:04 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 03F371B4D0C for ; Thu, 7 Nov 2019 13:52:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4784Zq6Lt6z3CHM for ; Thu, 7 Nov 2019 13:52:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id C134A1B4D0A; Thu, 7 Nov 2019 13:52:03 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C0F871B4D09 for ; Thu, 7 Nov 2019 13:52:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4784Zq3jPtz3CHL for ; Thu, 7 Nov 2019 13:52:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 616C6EA11 for ; Thu, 7 Nov 2019 13:52:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA7Dq3If077204 for ; Thu, 7 Nov 2019 13:52:03 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA7Dq3kE077203 for net@FreeBSD.org; Thu, 7 Nov 2019 13:52:03 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 240576] mlx4en(4) driver unusable with MT26448 unless IPV6 is built into the kernel Date: Thu, 07 Nov 2019 13:52:02 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Documentation X-Bugzilla-Component: Manual Pages X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc assigned_to short_desc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Nov 2019 13:52:04 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240576 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hps@FreeBSD.org Assignee|bugs@FreeBSD.org |net@FreeBSD.org Summary|mlx4en(4) driver unusable |mlx4en(4) driver unusable |with MT26448 |with MT26448 unless IPV6 is | |built into the kernel --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Nov 7 14:18:01 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B7C331B5BFB for ; Thu, 7 Nov 2019 14:18:01 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from mail.otcnet.ru (mail.otcnet.ru [194.190.78.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47858m3mrsz3Fgd for ; Thu, 7 Nov 2019 14:17:59 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from MacBook-Gamov.local (unknown [188.164.215.2]) by mail.otcnet.ru (Postfix) with ESMTPSA id 3E0CF7356C; Thu, 7 Nov 2019 17:17:53 +0300 (MSK) Subject: Re: FreeBSD as multicast router To: mike@karels.net Cc: freebsd-net@freebsd.org References: <201911060241.xA62fd40065707@mail.karels.net> From: Victor Gamov Organization: OstankinoTelecom Message-ID: <3334fa50-8a88-17b6-7e91-c09d22e11f7e@otcnet.ru> Date: Thu, 7 Nov 2019 17:17:48 +0300 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: <201911060241.xA62fd40065707@mail.karels.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47858m3mrsz3Fgd X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of vit@otcnet.ru designates 194.190.78.3 as permitted sender) smtp.mailfrom=vit@otcnet.ru X-Spamd-Result: default: False [-5.47 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a:mail.otcnet.ru]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[otcnet.ru]; HAS_ORG_HEADER(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-3.27)[ip: (-8.61), ipnet: 194.190.78.0/24(-4.31), asn: 50822(-3.44), country: RU(0.01)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:50822, ipnet:194.190.78.0/24, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Nov 2019 14:18:01 -0000 On 06/11/2019 05:41, Mike Karels wrote: >> On 05/11/2019 09:09, Mike Karels wrote: >>>> On 03/11/2019 08:22, Mike Karels wrote: >>>>>>>>> Hi All >>>>>>>>> >>>>>>>>> I have (noob) questions about multicast routing under FreeBSD. >>>>>>>>> >>>>>>>>> I have FreeBSD box with two (or more) multicast enabled interfaces (e.x. >>>>>>>>> vlan750 and vlan299). vlan750 connected to multicast source. >>>>>>>>> >>>>>>>>> Then pimd installed and only this two interfaces enabled in pimd config. >>>>>>>>> Multicast routes successfully installed by pimd and listed by `netstat >>>>>>>>> -g -f inet` >>>>>>>>> >>>>>>>>> Then client on vlan299 send IGMP-Join (this Join received by FreeBSD on >>>>>>>>> vlan299) >>>>>>>>> >>>>>>>>> The question is: who will forward muilticast from one interface >>>>>>>>> (vlan750) to another (vlan299)? Is it kernel specific job or I need >>>>>>>>> additional software? >>>>>>> >>>>>>>> Please read the manpage multicast(4) "man 4 multicast", >>>>>>>> you should need to build a custom kernel with the "options MROUTING" >>>>>>>> to enable the multicast forwarding in the kernel. >>>>>>> >>>>>>> If "netstat -g" shows routes, the kernel must have been built with "options >>>>>>> MROUTING". >>>>> >>>>>> Indeed. >>>>> >>>>>>> >>>>>>> The kernel does the forwarding, according to those routing tables installed >>>>>>> by pimd or another multicast routing program. Is it not working? It sounds >>>>>>> like you are very close. >>>>> >>>>>> Could it be sysctl net.inet.ip.forwarding? Does that still apply to mroutes? >>>>> >>>>> No, they are separate. The test is just whether MROUTING is enabled, and >>>>> whether a multicast router like pimd is active. >>>>> >>>>> One other thing to check would be "netstat -gs" (multicast stats). >>> >>>> Oops! >>> >>>> ===== >>>> # netstat -f inet -gs >>>> No IPv4 MROUTING kernel support. >>>> ===== >>> >>> This looks like a bug in netstat; it is doing a test that is wrong for >>> the loadable module. > > I don't know how much the stats might help, but if you let me know what > version you are running, I can build a fixed netstat. Or I can send > a source patch. > >>>> But I have ip_mroute.ko loaded and netstat -g shows something like >>> >>>> ===== >>>> # netstat -f inet -g >>> >>>> IPv4 Virtual Interface Table >>>> Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out >>>> 0 1 A.A.A.A 0 0 >>>> 1 1 B.B.B.19 0 0 >>>> 2 10 10.199.199.102 0 0 >>>> 3 15 10.200.200.6 77440 0 >>>> 4 1 A.A.A.A 0 77440 >>> >>>> IPv4 Multicast Forwarding Table >>>> Origin Group Packets In-Vif Out-Vifs:Ttls >>>> 10.200.200.5 232.232.8.33 1844 3 4:1 >>>> 10.200.200.5 232.232.8.171 1843 3 4:1 >>>> 10.200.200.5 232.232.8.58 4609 3 4:1 >>>> 10.200.200.5 232.232.8.154 1844 3 4:1 >>>> 10.200.200.5 232.232.8.170 1844 3 4:1 > > I missed this before. Looks like the last column should include 2:1 in > each case if pimd saw the join. The multicasts are only being sent to > Vif 4, the register-vif (see below); the Pkts-Out for it is the same > as the input on 3. I'm not familiar enough with pimd to guess what is > wrong. I still have misunderstood here. Pimd installs multicast routes and this routes displayed by `netstat -g`. So, the system knows interface where multicast received. When Join received via interface 2 (vlan299) who must resend multicast from input interface 3 (vlan750) to output interface 2 (vlan299)? I guess it kernel-specific task and kernel must resend multicast without any other helpers. Is it wrong? P.S. I rebuild kernel with MROUTING option but ===== # netstat -gs -f inet No IPv4 MROUTING kernel support ===== still here -- CU, Victor Gamov From owner-freebsd-net@freebsd.org Thu Nov 7 16:06:43 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3DED91B8914 for ; Thu, 7 Nov 2019 16:06:43 +0000 (UTC) (envelope-from damien.deville@stormshield.eu) Received: from work.stormshield.eu (gwlille.netasq.com [91.212.116.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4787Z96vpsz3Nv8; Thu, 7 Nov 2019 16:06:41 +0000 (UTC) (envelope-from damien.deville@stormshield.eu) Received: from work.stormshield.eu (localhost.localdomain [127.0.0.1]) by work.stormshield.eu (Postfix) with ESMTPS id 2F5653B0B6A2; Thu, 7 Nov 2019 17:06:24 +0100 (CET) Received: from localhost (localhost.localdomain [127.0.0.1]) by work.stormshield.eu (Postfix) with ESMTP id 1386E3B0D70B; Thu, 7 Nov 2019 17:06:24 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.10.3 work.stormshield.eu 1386E3B0D70B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stormshield.eu; s=BBC9ECEA-016A-11EA-9CC1-8A393C11FBBB; t=1573142784; bh=UTEaUeambWgx924gHRF69T7tLmkCqvoyScllVGb1TxI=; h=Date:From:To:Message-ID:MIME-Version; b=VJrgbTK54WQaYPFVfjR3NIPR/nf42OeK6FoNGlU65tqqhkbZyqMbPHQtDlSg6ycpq jGdLoYxqdF6WivmB+7knuJdkkvRsitQJrv1JVg13p2QWWbVQJmr0uiy7z2lbdBUuwQ cb4K5JlsJJZZ+eBnKq4pDBAKF3ZtBj5M00RdvVu55fXBWoBBQsUNsPRsIe5AtdJ2HH +ZEJF6ZrqzFe3g7QSH1LXaCMp1C7ZywAkWPzPQ+6kbkWccEOXhtZDLOTrEa/y2g2UC S/yvK7LBTgiGcVfU60d9zGTwo9lFP6Us41FAjqOfCo8nvSgt5QKclARtAw5X8/uAEE Bo2OtrJM+Vmog== Received: from work.stormshield.eu ([127.0.0.1]) by localhost (work.stormshield.eu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id LMTRDYCk_Mg5; Thu, 7 Nov 2019 17:06:24 +0100 (CET) Received: from work.stormshield.eu (localhost.localdomain [127.0.0.1]) by work.stormshield.eu (Postfix) with ESMTP id EB35B3B0B6A2; Thu, 7 Nov 2019 17:06:23 +0100 (CET) Date: Thu, 7 Nov 2019 17:06:23 +0100 (CET) From: Damien DEVILLE To: Santiago Martinez Cc: Kurt Jaeger , Lawrence Stewart , olivier , Eugene Grosbein , freebsd-net Message-ID: <2101535259.3199309.1573142783905.JavaMail.zimbra@stormshield.eu> In-Reply-To: References: <20191104194637.GA71627@home.opsec.eu> <261b842d-51eb-4522-6ef5-0672e5d1594e@grosbein.net> <20191107073255.GU8521@funkthat.com> <54db0c82-ad44-13ed-8e1f-702557f331e5@grosbein.net> <972466586.1921723.1573120331472.JavaMail.zimbra@stormshield.eu> <20191107104128.GI1203@fc.opsec.eu> Subject: Re: 10g IPsec ? MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Thread-Topic: 10g IPsec ? Thread-Index: Gc999PvklAuWqmx2oDP/H0FGEpSJdw== X-Rspamd-Queue-Id: 4787Z96vpsz3Nv8 X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=pass header.d=stormshield.eu header.s=BBC9ECEA-016A-11EA-9CC1-8A393C11FBBB header.b=VJrgbTK5; dmarc=none; spf=pass (mx1.freebsd.org: domain of damien.deville@stormshield.eu designates 91.212.116.1 as permitted sender) smtp.mailfrom=damien.deville@stormshield.eu X-Spamd-Result: default: False [1.36 / 15.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[stormshield.eu:s=BBC9ECEA-016A-11EA-9CC1-8A393C11FBBB]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:91.212.116.1]; NEURAL_HAM_LONG(-0.11)[-0.106,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[stormshield.eu]; NEURAL_SPAM_MEDIUM(0.45)[0.445,0]; RCPT_COUNT_FIVE(0.00)[6]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[stormshield.eu:+]; RCVD_IN_DNSWL_NONE(0.00)[1.116.212.91.list.dnswl.org : 127.0.10.0]; IP_SCORE(0.52)[ip: (1.37), ipnet: 91.212.116.0/24(0.68), asn: 49068(0.55), country: FR(-0.00)]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:49068, ipnet:91.212.116.0/24, country:FR]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Nov 2019 16:06:43 -0000 Hi, There are no limitation in term of interoperability with other IPsec stack. Funding is not needed as working on FreeBSD is part of my day time job. Ava= ilable time is more the issue ;) Damien -- Damien Deville IPS Technical Leader http://www.stormshield.eu Stormshield 2/6 Avenue de l'Horizon, Bat. 6 - FR 59650 Villeneuve d'Ascq ----- Le 7 Nov 19, =C3=A0 14:05, Santiago Martinez sm@codenetworks.net a = =C3=A9crit : | Super interesting, I'm also up for it, i guess i can help with some fundi= ng. |=20 | Santi |=20 |=20 | On 2019-11-07 10:41, Kurt Jaeger wrote: |> Hi! |> |>> At Stormshield we have various patches related to that topic that we ca= n share. |>> |>> On the flow id part, we have a patch that recompute a new flowid for th= e IPsec |>> flow after encapsulation based on the spi. |>> This force the usage of the same transmit queue on the network card sid= e for |>> each tunnel/SPI. |>> |>> If you are interested i can make a review for this one to upstream it, = it is a |>> small and simple modification. |> Yes, please. If you have the review, please add me to it. |> |>> On one of our high end hardware (Intel(R) Xeon(R) E-2176G with 6 cores = / ixl |>> network cards), the previous code was running around 2.4Gbps using AES-= GCM with |>> a mix of packet size whose average size was around 650 bytes. |>> After various heavy optimization in opencrypto/crypto.c and on IPsec st= ack we |>> managed to increase the performance on the same test to around 5Gbps. T= ake care |>> this is mainly targeted to the subset of opencrypto feature we are usin= g in our |>> products (mainly IPsec with or without hardware cryptography) |>> |>> I can take some time to review and submit this big patch if there is so= me |>> interest in it. |> I would appreciate this -- would it help if my company pays some |> money for this to make it happen ? |> |>> It will require some work on our side cause at the moment this patch is= for |>> FreeBSD 10.3 and has some depencies to our custom polling code which is= not in |>> FreeBSD. We made the modification to work using kproc in the non pollin= g code |>> but we have still to test those on an unmodified FreeBSD. |> Again, depending on the amount of work: it would definitly be interestin= g. |> |>> I can also share the various benchmark we did to illustrate the impact = of some |>> of the optimisation we did. |> That would be very interesting. The final point would be: How |> interoperable is the resulting IPsec connect with non-FreeBSD |> counterparts 8-} ? From owner-freebsd-net@freebsd.org Thu Nov 7 16:23:47 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0ADCD1B9383 for ; Thu, 7 Nov 2019 16:23:47 +0000 (UTC) (envelope-from damien.deville@stormshield.eu) Received: from work.stormshield.eu (gwlille.netasq.com [91.212.116.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4787xt0JQwz3QHk; Thu, 7 Nov 2019 16:23:45 +0000 (UTC) (envelope-from damien.deville@stormshield.eu) Received: from work.stormshield.eu (localhost.localdomain [127.0.0.1]) by work.stormshield.eu (Postfix) with ESMTPS id 76BB33B46612; Thu, 7 Nov 2019 17:23:34 +0100 (CET) Received: from localhost (localhost.localdomain [127.0.0.1]) by work.stormshield.eu (Postfix) with ESMTP id 5B8CD3B46611; Thu, 7 Nov 2019 17:23:34 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.10.3 work.stormshield.eu 5B8CD3B46611 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stormshield.eu; s=BBC9ECEA-016A-11EA-9CC1-8A393C11FBBB; t=1573143814; bh=zhW6Rf5DUjUjaH6KXzmL3o5IKkw7gqS5E0l1uAyWrmM=; h=Date:From:To:Message-ID:MIME-Version; b=70LCMVtQRh6PxzqunfpMsEGqxxMczuUuHtBxcUQqy8umpRY4dJQfHc5vWVxjb+0FZ NPH7gaQr+tv0Vj1uwGhCMz7mwO+9SsH4c/7MnV1iqiLZ+iJUfUq06G7fW08WRE2L60 U1q2vW4/pbJieVDZBmKq8VRwpn8r+VyRZ0rcBe/HlQMbMwRxsPItMIdJ6GNXUht/I3 KBXzueNoR7HDuxvRCIDfhksqLeJSuatO4iIZUQX3787Uz6efwsWet/VLRfle9yvrnx bYPxmLknklOEBC6ZIJl3Crj1XZ8H8jxM9n9ByyhJPSQYrHQpnO9RprFEx2t0otU2eA gqNrOV6o0UPLQ== Received: from work.stormshield.eu ([127.0.0.1]) by localhost (work.stormshield.eu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id IGQ06Mjoe1E6; Thu, 7 Nov 2019 17:23:34 +0100 (CET) Received: from work.stormshield.eu (localhost.localdomain [127.0.0.1]) by work.stormshield.eu (Postfix) with ESMTP id 370C33B465FB; Thu, 7 Nov 2019 17:23:34 +0100 (CET) Date: Thu, 7 Nov 2019 17:23:34 +0100 (CET) From: Damien DEVILLE To: ae Cc: Eugene Grosbein , Lawrence Stewart , olivier , Kurt Jaeger , freebsd-net Message-ID: <1240615617.3207954.1573143814176.JavaMail.zimbra@stormshield.eu> In-Reply-To: <744829a7-be59-6a8d-8405-ab0afa335620@FreeBSD.org> References: <20191104194637.GA71627@home.opsec.eu> <261b842d-51eb-4522-6ef5-0672e5d1594e@grosbein.net> <20191107073255.GU8521@funkthat.com> <54db0c82-ad44-13ed-8e1f-702557f331e5@grosbein.net> <972466586.1921723.1573120331472.JavaMail.zimbra@stormshield.eu> <744829a7-be59-6a8d-8405-ab0afa335620@FreeBSD.org> Subject: Re: 10g IPsec ? MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Thread-Topic: 10g IPsec ? Thread-Index: uge7Sc5lDEm+O/VFQcQJ76SXt7jGNg== X-Rspamd-Queue-Id: 4787xt0JQwz3QHk X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=pass header.d=stormshield.eu header.s=BBC9ECEA-016A-11EA-9CC1-8A393C11FBBB header.b=70LCMVtQ; dmarc=none; spf=pass (mx1.freebsd.org: domain of damien.deville@stormshield.eu designates 91.212.116.1 as permitted sender) smtp.mailfrom=damien.deville@stormshield.eu X-Spamd-Result: default: False [1.14 / 15.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[stormshield.eu:s=BBC9ECEA-016A-11EA-9CC1-8A393C11FBBB]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:91.212.116.1:c]; NEURAL_HAM_LONG(-0.21)[-0.207,0]; MIME_GOOD(-0.10)[text/plain]; SUBJECT_ENDS_QUESTION(1.00)[]; DMARC_NA(0.00)[stormshield.eu]; NEURAL_SPAM_MEDIUM(0.33)[0.331,0]; RCPT_COUNT_FIVE(0.00)[6]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[stormshield.eu:+]; RCVD_IN_DNSWL_NONE(0.00)[1.116.212.91.list.dnswl.org : 127.0.10.0]; IP_SCORE(0.52)[ip: (1.37), ipnet: 91.212.116.0/24(0.68), asn: 49068(0.55), country: FR(-0.00)]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:49068, ipnet:91.212.116.0/24, country:FR]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Nov 2019 16:23:47 -0000 Hi Andrey, For the moment we are not using hardware crypto offloading devices except A= ESNI instruction set mainly because our product are certified by common cri= teria and thus have restriction on how crypto can be made. We have some pla= n to look at intel quick-assist, chelsio or melanox devices in the future. Damien -- Damien Deville IPS Technical Leader http://www.stormshield.eu Stormshield 2/6 Avenue de l'Horizon, Bat. 6 - FR 59650 Villeneuve d'Ascq ----- Le 7 Nov 19, =C3=A0 17:12, ae ae@FreeBSD.org a =C3=A9crit : | On 07.11.2019 12:52, Damien DEVILLE wrote: |> At Stormshield we have various patches related to that topic that we |> can share. |=20 | Hi, |=20 | that would be nice. |=20 |> The goal was to optimize this code in the context of a single IPsec |> tunnel and a single network flow in that tunnel. On one of our high |> end hardware (Intel(R) Xeon(R) E-2176G with 6 cores / ixl network |> cards), the previous code was running around 2.4Gbps using AES-GCM |=20 | Have you thought about implementing hardware IPsec offloading on NICs? | I saw Intel's and Mellanox's documentation about such support, I think | Chelsio also does support it. It probably can give good performance boost= . |=20 |=20 | -- | WBR, Andrey V. Elsukov From owner-freebsd-net@freebsd.org Fri Nov 8 07:30:18 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F179B1A986C for ; Fri, 8 Nov 2019 07:30:18 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (mail.karels.net [216.160.39.52]) by mx1.freebsd.org (Postfix) with ESMTP id 478X3t0Bfkz3yyG for ; Fri, 8 Nov 2019 07:30:17 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (localhost [127.0.0.1]) by mail.karels.net (8.15.2/8.15.2) with ESMTP id xA87UAel076108; Fri, 8 Nov 2019 01:30:10 -0600 (CST) (envelope-from mike@karels.net) Message-Id: <201911080730.xA87UAel076108@mail.karels.net> To: Victor Gamov cc: freebsd-net@freebsd.org From: Mike Karels Reply-to: mike@karels.net Subject: Re: FreeBSD as multicast router In-reply-to: Your message of Thu, 07 Nov 2019 17:17:48 +0300. <3334fa50-8a88-17b6-7e91-c09d22e11f7e@otcnet.ru> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <76106.1573198209.1@mail.karels.net> Content-Transfer-Encoding: quoted-printable Date: Fri, 08 Nov 2019 01:30:10 -0600 X-Rspamd-Queue-Id: 478X3t0Bfkz3yyG X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mike@karels.net designates 216.160.39.52 as permitted sender) smtp.mailfrom=mike@karels.net X-Spamd-Result: default: False [-4.11 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[mike@karels.net]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:216.160.39.52]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[karels.net]; REPLYTO_ADDR_EQ_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-1.91)[ip: (-6.38), ipnet: 216.160.0.0/15(-3.10), asn: 209(-0.02), country: US(-0.05)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:209, ipnet:216.160.0.0/15, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Nov 2019 07:30:19 -0000 > On 06/11/2019 05:41, Mike Karels wrote: > >> On 05/11/2019 09:09, Mike Karels wrote: > >>>> On 03/11/2019 08:22, Mike Karels wrote: > >>>>>>>>> Hi All > >>>>>>>>> > >>>>>>>>> I have (noob) questions about multicast routing under FreeBSD. > >>>>>>>>> > >>>>>>>>> I have FreeBSD box with two (or more) multicast enabled interf= aces (e.x. > >>>>>>>>> vlan750 and vlan299). vlan750 connected to multicast source. > >>>>>>>>> > >>>>>>>>> Then pimd installed and only this two interfaces enabled in pi= md config. > >>>>>>>>> Multicast routes successfully installed by pimd and listed by = `netstat > >>>>>>>>> -g -f inet` > >>>>>>>>> > >>>>>>>>> Then client on vlan299 send IGMP-Join (this Join received by F= reeBSD on > >>>>>>>>> vlan299) > >>>>>>>>> > >>>>>>>>> The question is: who will forward muilticast from one interfa= ce > >>>>>>>>> (vlan750) to another (vlan299)? Is it kernel specific job or = I need > >>>>>>>>> additional software? > >>>>>>> > >>>>>>>> Please read the manpage multicast(4) "man 4 multicast", > >>>>>>>> you should need to build a custom kernel with the "options MROU= TING" > >>>>>>>> to enable the multicast forwarding in the kernel. > >>>>>>> > >>>>>>> If "netstat -g" shows routes, the kernel must have been built wi= th "options > >>>>>>> MROUTING". > >>>>> > >>>>>> Indeed. > >>>>> > >>>>>>> > >>>>>>> The kernel does the forwarding, according to those routing table= s installed > >>>>>>> by pimd or another multicast routing program. Is it not working= ? It sounds > >>>>>>> like you are very close. > >>>>> > >>>>>> Could it be sysctl net.inet.ip.forwarding? Does that still apply= to mroutes? > >>>>> > >>>>> No, they are separate. The test is just whether MROUTING is enabl= ed, and > >>>>> whether a multicast router like pimd is active. > >>>>> > >>>>> One other thing to check would be "netstat -gs" (multicast stats). > >>> > >>>> Oops! > >>> > >>>> =3D=3D=3D=3D=3D > >>>> # netstat -f inet -gs > >>>> No IPv4 MROUTING kernel support. > >>>> =3D=3D=3D=3D=3D > >>> > >>> This looks like a bug in netstat; it is doing a test that is wrong f= or > >>> the loadable module. > > = > > I don't know how much the stats might help, but if you let me know wha= t > > version you are running, I can build a fixed netstat. Or I can send > > a source patch. > > = > >>>> But I have ip_mroute.ko loaded and netstat -g shows something like > >>> > >>>> =3D=3D=3D=3D=3D > >>>> # netstat -f inet -g > >>> > >>>> IPv4 Virtual Interface Table > >>>> Vif Thresh Local-Address Remote-Address Pkts-In Pkts= -Out > >>>> 0 1 A.A.A.A 0 0 > >>>> 1 1 B.B.B.19 0 0 > >>>> 2 10 10.199.199.102 0 = 0 > >>>> 3 15 10.200.200.6 77440 = 0 > >>>> 4 1 A.A.A.A 0 77440 > >>> > >>>> IPv4 Multicast Forwarding Table > >>>> Origin Group Packets In-Vif Out-Vifs:Ttls > >>>> 10.200.200.5 232.232.8.33 1844 3 4:1 > >>>> 10.200.200.5 232.232.8.171 1843 3 4:1 > >>>> 10.200.200.5 232.232.8.58 4609 3 4:1 > >>>> 10.200.200.5 232.232.8.154 1844 3 4:1 > >>>> 10.200.200.5 232.232.8.170 1844 3 4:1 > > = > > I missed this before. Looks like the last column should include 2:1 i= n > > each case if pimd saw the join. The multicasts are only being sent to > > Vif 4, the register-vif (see below); the Pkts-Out for it is the same > > as the input on 3. I'm not familiar enough with pimd to guess what is > > wrong. > I still have misunderstood here. Pimd installs multicast routes and = > this routes displayed by `netstat -g`. So, the system knows interface = > where multicast received. When Join received via interface 2 (vlan299)= = > who must resend multicast from input interface 3 (vlan750) to output = > interface 2 (vlan299)? I guess it kernel-specific task and kernel must= = > resend multicast without any other helpers. Is it wrong? No, that is correct; the kernel should do the forwarding. But something is out of sync. The join messages you showed were from 10.199.199.101, which should be vif 2. But the forwarding table shows an origin of 10.200.200.5, and the Pkts-In is 77K on vif3. Is the source address incorrect, or is there some other confusion as to which network is which? > P.S. I rebuild kernel with MROUTING option but > =3D=3D=3D=3D=3D > # netstat -gs -f inet > No IPv4 MROUTING kernel support > =3D=3D=3D=3D=3D > still here Oh, I see; that's another manifestation of the bug that makes netstat fail with the loadable module. It doesn't work if VNET is defined, because then there isn't a single stats structure with the expected name. My fixed netstat would work. Let me know what FreeBSD version you are running, and I can build a fixed version; or I can send a patch. > -- = > CU, > Victor Gamov Mike From owner-freebsd-net@freebsd.org Fri Nov 8 08:22:30 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B656D1AB391 for ; Fri, 8 Nov 2019 08:22:30 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 478YD55t3Dz42lS for ; Fri, 8 Nov 2019 08:22:29 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id xA88MGF7080022 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 8 Nov 2019 08:22:18 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: vit@otcnet.ru Received: from [10.58.0.4] (dadv@[10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id xA88MDiW012002 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 8 Nov 2019 15:22:13 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: FreeBSD as multicast router To: Victor Gamov , mike@karels.net References: <201911060241.xA62fd40065707@mail.karels.net> <3334fa50-8a88-17b6-7e91-c09d22e11f7e@otcnet.ru> Cc: freebsd-net@freebsd.org From: Eugene Grosbein Message-ID: <53d53fa7-5bd3-e710-facf-66b03b01b014@grosbein.net> Date: Fri, 8 Nov 2019 15:22:09 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <3334fa50-8a88-17b6-7e91-c09d22e11f7e@otcnet.ru> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.0 SPF_PASS SPF: sender matches SPF record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 478YD55t3Dz42lS X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-3.67 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(-1.57)[ip: (-3.92), ipnet: 2a01:4f8::/29(-2.24), asn: 24940(-1.69), country: DE(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Nov 2019 08:22:30 -0000 07.11.2019 21:17, Victor Gamov wrote: > I still have misunderstood here. Pimd installs multicast routes and this routes displayed by `netstat -g`. > So, the system knows interface where multicast received. > When Join received via interface 2 (vlan299) who must resend multicast from input interface 3 (vlan750) > to output interface 2 (vlan299)? I guess it kernel-specific task and kernel must resend multicast > without any other helpers. Is it wrong? I'm not familiar with multicast routing in FreeBSD. Multicast routing has its rules in general, though. For example, Cisco routers never process incoming multicast UDP flows if unicast route to source IP address of UDP packets points to interface that differs from real incoming interface. This is "reverse path filtering" embedded in multicast routing unconditionally. From owner-freebsd-net@freebsd.org Fri Nov 8 12:08:38 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 06E2C1B071F for ; Fri, 8 Nov 2019 12:08:38 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from mail.otcnet.ru (mail.otcnet.ru [194.190.78.3]) by mx1.freebsd.org (Postfix) with ESMTP id 478fF06f0tz4Ghr for ; Fri, 8 Nov 2019 12:08:36 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from MacBook-Gamov.local (unknown [194.190.78.9]) by mail.otcnet.ru (Postfix) with ESMTPSA id C6665739B4; Fri, 8 Nov 2019 15:08:33 +0300 (MSK) Subject: Re: FreeBSD as multicast router To: freebsd-net@freebsd.org, mike@karels.net References: <201911080730.xA87UAel076108@mail.karels.net> From: Victor Gamov Organization: OstankinoTelecom Message-ID: Date: Fri, 8 Nov 2019 15:08:33 +0300 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: <201911080730.xA87UAel076108@mail.karels.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 478fF06f0tz4Ghr X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of vit@otcnet.ru designates 194.190.78.3 as permitted sender) smtp.mailfrom=vit@otcnet.ru X-Spamd-Result: default: False [-5.47 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; SH_EMAIL_ZRD(0.00)[232.232.8.33]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; SH_EMAIL_DBL_DONT_QUERY_IPS(0.00)[232.232.8.33]; R_SPF_ALLOW(-0.20)[+a:mail.otcnet.ru]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[otcnet.ru]; HAS_ORG_HEADER(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-3.27)[ip: (-8.62), ipnet: 194.190.78.0/24(-4.31), asn: 50822(-3.45), country: RU(0.01)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:50822, ipnet:194.190.78.0/24, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Nov 2019 12:08:38 -0000 On 08/11/2019 10:30, Mike Karels wrote: >> On 06/11/2019 05:41, Mike Karels wrote: >>>> On 05/11/2019 09:09, Mike Karels wrote: >>>>>> On 03/11/2019 08:22, Mike Karels wrote: >>>>>>>>>>> Hi All >>>>>>>>>>> >>>>>>>>>>> I have (noob) questions about multicast routing under FreeBSD. >>>>>>>>>>> >>>>>>>>>>> I have FreeBSD box with two (or more) multicast enabled interfaces (e.x. >>>>>>>>>>> vlan750 and vlan299). vlan750 connected to multicast source. >>>>>>>>>>> >>>>>>>>>>> Then pimd installed and only this two interfaces enabled in pimd config. >>>>>>>>>>> Multicast routes successfully installed by pimd and listed by `netstat >>>>>>>>>>> -g -f inet` >>>>>>>>>>> >>>>>>>>>>> Then client on vlan299 send IGMP-Join (this Join received by FreeBSD on >>>>>>>>>>> vlan299) >>>>>>>>>>> >>>>>>>>>>> The question is: who will forward muilticast from one interface >>>>>>>>>>> (vlan750) to another (vlan299)? Is it kernel specific job or I need >>>>>>>>>>> additional software? >>>>>>>>> >>>>>>>>>> Please read the manpage multicast(4) "man 4 multicast", >>>>>>>>>> you should need to build a custom kernel with the "options MROUTING" >>>>>>>>>> to enable the multicast forwarding in the kernel. >>>>>>>>> >>>>>>>>> If "netstat -g" shows routes, the kernel must have been built with "options >>>>>>>>> MROUTING". >>>>>>> >>>>>>>> Indeed. >>>>>>> >>>>>>>>> >>>>>>>>> The kernel does the forwarding, according to those routing tables installed >>>>>>>>> by pimd or another multicast routing program. Is it not working? It sounds >>>>>>>>> like you are very close. >>>>>>> >>>>>>>> Could it be sysctl net.inet.ip.forwarding? Does that still apply to mroutes? >>>>>>> >>>>>>> No, they are separate. The test is just whether MROUTING is enabled, and >>>>>>> whether a multicast router like pimd is active. >>>>>>> >>>>>>> One other thing to check would be "netstat -gs" (multicast stats). >>>>> >>>>>> Oops! >>>>> >>>>>> ===== >>>>>> # netstat -f inet -gs >>>>>> No IPv4 MROUTING kernel support. >>>>>> ===== >>>>> >>>>> This looks like a bug in netstat; it is doing a test that is wrong for >>>>> the loadable module. >>> >>> I don't know how much the stats might help, but if you let me know what >>> version you are running, I can build a fixed netstat. Or I can send >>> a source patch. >>> >>>>>> But I have ip_mroute.ko loaded and netstat -g shows something like >>>>> >>>>>> ===== >>>>>> # netstat -f inet -g >>>>> >>>>>> IPv4 Virtual Interface Table >>>>>> Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out >>>>>> 0 1 A.A.A.A 0 0 >>>>>> 1 1 B.B.B.19 0 0 >>>>>> 2 10 10.199.199.102 0 0 >>>>>> 3 15 10.200.200.6 77440 0 >>>>>> 4 1 A.A.A.A 0 77440 >>>>> >>>>>> IPv4 Multicast Forwarding Table >>>>>> Origin Group Packets In-Vif Out-Vifs:Ttls >>>>>> 10.200.200.5 232.232.8.33 1844 3 4:1 >>>>>> 10.200.200.5 232.232.8.171 1843 3 4:1 >>>>>> 10.200.200.5 232.232.8.58 4609 3 4:1 >>>>>> 10.200.200.5 232.232.8.154 1844 3 4:1 >>>>>> 10.200.200.5 232.232.8.170 1844 3 4:1 >>> >>> I missed this before. Looks like the last column should include 2:1 in >>> each case if pimd saw the join. The multicasts are only being sent to >>> Vif 4, the register-vif (see below); the Pkts-Out for it is the same >>> as the input on 3. I'm not familiar enough with pimd to guess what is >>> wrong. > > >> I still have misunderstood here. Pimd installs multicast routes and >> this routes displayed by `netstat -g`. So, the system knows interface >> where multicast received. When Join received via interface 2 (vlan299) >> who must resend multicast from input interface 3 (vlan750) to output >> interface 2 (vlan299)? I guess it kernel-specific task and kernel must >> resend multicast without any other helpers. Is it wrong? > > No, that is correct; the kernel should do the forwarding. But something > is out of sync. The join messages you showed were from 10.199.199.101, > which should be vif 2. But the forwarding table shows an origin of > 10.200.200.5, and the Pkts-In is 77K on vif3. Is the source address > incorrect, or is there some other confusion as to which network is > which? My network scheme is simplest: ---------- -------------------- ----------- | source |-vlan750-| FreeBSD PIM router |-vlan299-| client | |200.5/29| |200.6/29 199.102/30| |199.101/30| ---------- -------------------- ----------- So, yes, Join comes from 199.101 and it on another subnet -- client cann't ping source. But client can ping FreeBSD and FreeBSD can ping source. One more interesting thing: when pimd started and multicast routing table populated with 'netstat -g' point of view then 'ifmcstat' shows only following groups for vlan750: ===== vlan750: inet 10.200.200.6 igmpv3 rv 2 qi 12 qri 100 uri 3 group 224.0.0.22 mode exclude mcast-macaddr 01:00:5e:00:00:16 group 224.0.0.2 mode exclude mcast-macaddr 01:00:5e:00:00:02 group 224.0.0.13 mode exclude mcast-macaddr 01:00:5e:00:00:0d group 224.0.0.1 mode exclude mcast-macaddr 01:00:5e:00:00:01 ===== and locally started programs cann't read multicast stream while interface not directly specified like udp://vlan750@232.232.8.33:3333 or static route to this group not installed like 'route add 232.232.8.33/32 -iface vlan750' I think problem somewhere here (FreeBSD does not join to multicasts?). P.S. I try to use smcroute but it started with following errors: ===== SMCRoute version 2.1.0 Adding vlan750 to list of multicast routing interfaces Map iface vlan750 => VIF 0 ifindex 13 flags 0x0000 TTL threshold 20 Failed adding VIF for iface vlan750: Can't assign requested address Adding vlan299 to list of multicast routing interfaces Map iface vlan299 => VIF 1 ifindex 10 flags 0x0000 TTL threshold 20 Failed adding VIF for iface vlan299: Can't assign requested address ===== and no records reported by 'netstat -f inet -n -g' -- CU, Victor Gamov From owner-freebsd-net@freebsd.org Fri Nov 8 12:10:05 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 578A81B07DD for ; Fri, 8 Nov 2019 12:10:05 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from mail.otcnet.ru (mail.otcnet.ru [194.190.78.3]) by mx1.freebsd.org (Postfix) with ESMTP id 478fGh3Vw2z4Gq3 for ; Fri, 8 Nov 2019 12:10:04 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from MacBook-Gamov.local (unknown [194.190.78.9]) by mail.otcnet.ru (Postfix) with ESMTPSA id 36695739B4; Fri, 8 Nov 2019 15:10:03 +0300 (MSK) Subject: Re: FreeBSD as multicast router To: Eugene Grosbein , mike@karels.net Cc: freebsd-net@freebsd.org References: <201911060241.xA62fd40065707@mail.karels.net> <3334fa50-8a88-17b6-7e91-c09d22e11f7e@otcnet.ru> <53d53fa7-5bd3-e710-facf-66b03b01b014@grosbein.net> From: Victor Gamov Organization: OstankinoTelecom Message-ID: Date: Fri, 8 Nov 2019 15:10:02 +0300 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: <53d53fa7-5bd3-e710-facf-66b03b01b014@grosbein.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 478fGh3Vw2z4Gq3 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of vit@otcnet.ru designates 194.190.78.3 as permitted sender) smtp.mailfrom=vit@otcnet.ru X-Spamd-Result: default: False [-5.47 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:mail.otcnet.ru:c]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[otcnet.ru]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; HAS_ORG_HEADER(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_SCORE(-3.27)[ip: (-8.62), ipnet: 194.190.78.0/24(-4.31), asn: 50822(-3.45), country: RU(0.01)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:50822, ipnet:194.190.78.0/24, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Nov 2019 12:10:05 -0000 Hi Eugene! On 08/11/2019 11:22, Eugene Grosbein wrote: > 07.11.2019 21:17, Victor Gamov wrote: > >> I still have misunderstood here. Pimd installs multicast routes and this routes displayed by `netstat -g`. >> So, the system knows interface where multicast received. >> When Join received via interface 2 (vlan299) who must resend multicast from input interface 3 (vlan750) >> to output interface 2 (vlan299)? I guess it kernel-specific task and kernel must resend multicast >> without any other helpers. Is it wrong? > > I'm not familiar with multicast routing in FreeBSD. > Multicast routing has its rules in general, though. > > For example, Cisco routers never process incoming multicast UDP flows if unicast route > to source IP address of UDP packets points to interface that differs from real incoming interface. > This is "reverse path filtering" embedded in multicast routing unconditionally. Yes, but FreeBSD can ping source and client in my tests (see my new later at this thread with network scheme) -- CU, Victor Gamov From owner-freebsd-net@freebsd.org Fri Nov 8 13:47:21 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 55BBF1B2D96 for ; Fri, 8 Nov 2019 13:47:21 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 478hQw2dLfz4NBZ for ; Fri, 8 Nov 2019 13:47:19 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id xA8DlBMG082455 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 8 Nov 2019 13:47:14 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: vit@otcnet.ru Received: from [10.58.0.4] (dadv@[10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id xA8Dl7cK014667 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 8 Nov 2019 20:47:07 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: FreeBSD as multicast router To: Victor Gamov , mike@karels.net References: <201911060241.xA62fd40065707@mail.karels.net> <3334fa50-8a88-17b6-7e91-c09d22e11f7e@otcnet.ru> <53d53fa7-5bd3-e710-facf-66b03b01b014@grosbein.net> Cc: freebsd-net@freebsd.org From: Eugene Grosbein Message-ID: Date: Fri, 8 Nov 2019 20:47:03 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.0 SPF_PASS SPF: sender matches SPF record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 478hQw2dLfz4NBZ X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-3.68 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(-1.58)[ip: (-3.95), ipnet: 2a01:4f8::/29(-2.25), asn: 24940(-1.69), country: DE(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Nov 2019 13:47:21 -0000 08.11.2019 19:10, Victor Gamov wrote: >> I'm not familiar with multicast routing in FreeBSD. >> Multicast routing has its rules in general, though. >> >> For example, Cisco routers never process incoming multicast UDP flows if unicast route >> to source IP address of UDP packets points to interface that differs from real incoming interface. >> This is "reverse path filtering" embedded in multicast routing unconditionally. > > Yes, but FreeBSD can ping source and client in my tests (see my new later at this thread with network scheme) It does not matter if source is reachable with unicasts (ping). "Reverse" unicast routes should match incoming interface for multicast UDP. From owner-freebsd-net@freebsd.org Fri Nov 8 14:01:31 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5BFCB1B34ED for ; Fri, 8 Nov 2019 14:01:31 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from mail.otcnet.ru (mail.otcnet.ru [194.190.78.3]) by mx1.freebsd.org (Postfix) with ESMTP id 478hlG4BW7z4P2X for ; Fri, 8 Nov 2019 14:01:30 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from MacBook-Gamov.local (unknown [194.190.78.9]) by mail.otcnet.ru (Postfix) with ESMTPSA id B5A5473A0A; Fri, 8 Nov 2019 17:01:28 +0300 (MSK) Subject: Re: FreeBSD as multicast router To: Eugene Grosbein , mike@karels.net Cc: freebsd-net@freebsd.org References: <201911060241.xA62fd40065707@mail.karels.net> <3334fa50-8a88-17b6-7e91-c09d22e11f7e@otcnet.ru> <53d53fa7-5bd3-e710-facf-66b03b01b014@grosbein.net> From: Victor Gamov Organization: OstankinoTelecom Message-ID: Date: Fri, 8 Nov 2019 17:01:28 +0300 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 478hlG4BW7z4P2X X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of vit@otcnet.ru designates 194.190.78.3 as permitted sender) smtp.mailfrom=vit@otcnet.ru X-Spamd-Result: default: False [-5.48 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:mail.otcnet.ru:c]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[otcnet.ru]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; HAS_ORG_HEADER(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_SCORE(-3.28)[ip: (-8.63), ipnet: 194.190.78.0/24(-4.31), asn: 50822(-3.45), country: RU(0.01)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:50822, ipnet:194.190.78.0/24, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Nov 2019 14:01:31 -0000 On 08/11/2019 16:47, Eugene Grosbein wrote: > 08.11.2019 19:10, Victor Gamov wrote: > >>> I'm not familiar with multicast routing in FreeBSD. >>> Multicast routing has its rules in general, though. >>> >>> For example, Cisco routers never process incoming multicast UDP flows if unicast route >>> to source IP address of UDP packets points to interface that differs from real incoming interface. >>> This is "reverse path filtering" embedded in multicast routing unconditionally. >> >> Yes, but FreeBSD can ping source and client in my tests (see my new later at this thread with network scheme) > > It does not matter if source is reachable with unicasts (ping). "Reverse" unicast routes should match incoming interface for multicast UDP. My network scheme is simplest: ---------- -------------------- ----------- | source |-vlan750-| FreeBSD PIM router |-vlan299-| client | |200.5/29| |200.6/29 199.102/30| |199.101/30| ---------- -------------------- ----------- All multicasts comes from 200.5 with 200.5 as source IP. So I hope RPF check passes for FreeBSD. -- CU, Victor Gamov From owner-freebsd-net@freebsd.org Fri Nov 8 15:04:09 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 15AC31B537A for ; Fri, 8 Nov 2019 15:04:09 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (cross.sbone.de [195.201.62.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 478k7T05X6z4Thp for ; Fri, 8 Nov 2019 15:04:01 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 3DAD88D4A129; Fri, 8 Nov 2019 15:03:51 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 9B4E9E7084E; Fri, 8 Nov 2019 15:03:50 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id yKRzEbd_A9dk; Fri, 8 Nov 2019 15:03:49 +0000 (UTC) Received: from [192.168.2.110] (unknown [IPv6:fde9:577b:c1a9:31:457b:46d8:e0e4:7a96]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id EEC74E707B2; Fri, 8 Nov 2019 15:03:46 +0000 (UTC) From: "Bjoern A. Zeeb" To: "Mike Karels" Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD as multicast router Date: Fri, 08 Nov 2019 15:03:45 +0000 X-Mailer: MailMate (2.0BETAr6142) Message-ID: <6F37B324-17FB-49EE-BA22-0BC78BA2C3EC@lists.zabbadoz.net> In-Reply-To: <201911080730.xA87UAel076108@mail.karels.net> References: <201911080730.xA87UAel076108@mail.karels.net> MIME-Version: 1.0 Content-Type: text/plain; format=flowed X-Rspamd-Queue-Id: 478k7T05X6z4Thp X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of bzeeb-lists@lists.zabbadoz.net designates 195.201.62.131 as permitted sender) smtp.mailfrom=bzeeb-lists@lists.zabbadoz.net X-Spamd-Result: default: False [-5.11 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:195.201.62.131]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[zabbadoz.net]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-2.81)[ip: (-8.75), ipnet: 195.201.0.0/16(-3.58), asn: 24940(-1.69), country: DE(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:195.201.0.0/16, country:DE]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Nov 2019 15:04:09 -0000 On 8 Nov 2019, at 7:30, Mike Karels wrote: >> P.S. I rebuild kernel with MROUTING option but >> ===== >> # netstat -gs -f inet >> No IPv4 MROUTING kernel support >> ===== > >> still here > > Oh, I see; that's another manifestation of the bug that makes netstat > fail with the loadable module. It doesn't work if VNET is defined, > because then there isn't a single stats structure with the expected > name. My fixed netstat would work. Let me know what FreeBSD version > you are running, and I can build a fixed version; or I can send a > patch. How did you fix netstat? The proper way to fix this seems to be to stop using lkvm for querying the stats and properly exporting them in the kernel. /bz From owner-freebsd-net@freebsd.org Fri Nov 8 20:11:58 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 38B1115E77D for ; Fri, 8 Nov 2019 20:11:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 478ryk0p0lz3NBZ for ; Fri, 8 Nov 2019 20:11:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 1B41015E77C; Fri, 8 Nov 2019 20:11:58 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1B04F15E77B for ; Fri, 8 Nov 2019 20:11:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 478ryj74q8z3NBW for ; Fri, 8 Nov 2019 20:11:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D7DF93850 for ; Fri, 8 Nov 2019 20:11:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA8KBvve078618 for ; Fri, 8 Nov 2019 20:11:57 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA8KBv9G078617 for net@FreeBSD.org; Fri, 8 Nov 2019 20:11:57 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241785] [vlan][lagg] creating vlan over lagg causes flapping Date: Fri, 08 Nov 2019 20:11:57 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Nov 2019 20:11:58 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241785 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |net@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Fri Nov 8 22:55:14 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C7E6B16386F for ; Fri, 8 Nov 2019 22:55:14 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (mail.karels.net [216.160.39.52]) by mx1.freebsd.org (Postfix) with ESMTP id 478wb56Sttz42WY for ; Fri, 8 Nov 2019 22:55:13 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (localhost [127.0.0.1]) by mail.karels.net (8.15.2/8.15.2) with ESMTP id xA8MtBq3079126; Fri, 8 Nov 2019 16:55:12 -0600 (CST) (envelope-from mike@karels.net) Message-Id: <201911082255.xA8MtBq3079126@mail.karels.net> To: "Bjoern A. Zeeb" cc: freebsd-net@freebsd.org From: Mike Karels Reply-to: mike@karels.net Subject: Re: FreeBSD as multicast router In-reply-to: Your message of Fri, 08 Nov 2019 15:03:45 +0000. <6F37B324-17FB-49EE-BA22-0BC78BA2C3EC@lists.zabbadoz.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <79124.1573253711.1@mail.karels.net> Date: Fri, 08 Nov 2019 16:55:11 -0600 X-Rspamd-Queue-Id: 478wb56Sttz42WY X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mike@karels.net designates 216.160.39.52 as permitted sender) smtp.mailfrom=mike@karels.net X-Spamd-Result: default: False [-4.13 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[mike@karels.net]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:216.160.39.52]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[karels.net]; REPLYTO_ADDR_EQ_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-1.93)[ip: (-6.45), ipnet: 216.160.0.0/15(-3.15), asn: 209(-0.02), country: US(-0.05)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:209, ipnet:216.160.0.0/15, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Nov 2019 22:55:14 -0000 > On 8 Nov 2019, at 7:30, Mike Karels wrote: > >> P.S. I rebuild kernel with MROUTING option but > >> ===== > >> # netstat -gs -f inet > >> No IPv4 MROUTING kernel support > >> ===== > > > >> still here > > > > Oh, I see; that's another manifestation of the bug that makes netstat > > fail with the loadable module. It doesn't work if VNET is defined, > > because then there isn't a single stats structure with the expected > > name. My fixed netstat would work. Let me know what FreeBSD version > > you are running, and I can build a fixed version; or I can send a > > patch. > How did you fix netstat? > The proper way to fix this seems to be to stop using lkvm for querying > the stats and properly exporting them in the kernel. They are already exported via sysctl, and fetched that way on a live system. But netstat was stupidly insisting that _mrtstats have a value in the namelist first. That is not true if ip_mroute was loaded as a module, and also if VNET was defined. The fix is not to complain or quit unless sysctl fails, or if operating on a core file and _mrtstat is not found. When I'm happy with the patch, I'll put it in review. I haven't checked yet how other functions deal with VNET (if at all) in a core file. Mike From owner-freebsd-net@freebsd.org Fri Nov 8 23:21:34 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CE30F164322 for ; Fri, 8 Nov 2019 23:21:34 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (cross.sbone.de [195.201.62.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 478x9T5K5Yz4477 for ; Fri, 8 Nov 2019 23:21:33 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 338528D4A129; Fri, 8 Nov 2019 23:21:31 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id B196CE7084E; Fri, 8 Nov 2019 23:21:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id tjmqrFc3w5lQ; Fri, 8 Nov 2019 23:21:29 +0000 (UTC) Received: from [192.168.2.110] (unknown [IPv6:fde9:577b:c1a9:31:457b:46d8:e0e4:7a96]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 71BFEE70828; Fri, 8 Nov 2019 23:21:29 +0000 (UTC) From: "Bjoern A. Zeeb" To: "Mike Karels" Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD as multicast router Date: Fri, 08 Nov 2019 23:21:28 +0000 X-Mailer: MailMate (2.0BETAr6142) Message-ID: <2735CD7D-86E8-43D9-8F83-C0A0DEEB9D52@lists.zabbadoz.net> In-Reply-To: <201911082255.xA8MtBq3079126@mail.karels.net> References: <201911082255.xA8MtBq3079126@mail.karels.net> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 478x9T5K5Yz4477 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of bzeeb-lists@lists.zabbadoz.net designates 195.201.62.131 as permitted sender) smtp.mailfrom=bzeeb-lists@lists.zabbadoz.net X-Spamd-Result: default: False [-5.12 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:195.201.62.131]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[zabbadoz.net]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-2.82)[ip: (-8.82), ipnet: 195.201.0.0/16(-3.58), asn: 24940(-1.69), country: DE(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:195.201.0.0/16, country:DE]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Nov 2019 23:21:34 -0000 On 8 Nov 2019, at 22:55, Mike Karels wrote: > They are already exported via sysctl, and fetched that way on a live > system. But netstat was stupidly insisting that _mrtstats have a value > in the namelist first. Oh DOH! > That is not true if ip_mroute was loaded as a > module, and also if VNET was defined. The fix is not to complain or quit > unless sysctl fails, or if operating on a core file and _mrtstat is > not found. > > When I'm happy with the patch, I'll put it in review. Great; sign me up for review. > I haven't checked > yet how other functions deal with VNET (if at all) in a core file. libkvm knows about vnets to some extend. The answer probably is “badly”. /bz From owner-freebsd-net@freebsd.org Sat Nov 9 11:53:40 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 13EDC1A7031 for ; Sat, 9 Nov 2019 11:53:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 479FsH6jZLz4fLp for ; Sat, 9 Nov 2019 11:53:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id E42291A7030; Sat, 9 Nov 2019 11:53:39 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E3E3A1A702F for ; Sat, 9 Nov 2019 11:53:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 479FsH5kZWz4fLn for ; Sat, 9 Nov 2019 11:53:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A983CE513 for ; Sat, 9 Nov 2019 11:53:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xA9Brdc8029176 for ; Sat, 9 Nov 2019 11:53:39 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xA9BrdnP029175 for net@FreeBSD.org; Sat, 9 Nov 2019 11:53:39 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241785] [vlan][lagg] creating vlan over lagg causes flapping Date: Sat, 09 Nov 2019 11:53:39 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: aleksandr.fedorov@itglobal.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Nov 2019 11:53:40 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241785 Aleksandr Fedorov changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aleksandr.fedorov@itglobal. | |com --- Comment #1 from Aleksandr Fedorov --- This is a known issue with iflib + intel drivers: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240818 https://lists.freebsd.org/pipermail/freebsd-net/2018-November/052184.html We also use vlan + lagg + ix and we often need to add/remove vlans, so as a temporary solution we disable vlanhwfilter on lagg interface. --=20 You are receiving this mail because: You are the assignee for the bug.=