From owner-freebsd-net@freebsd.org Sun Nov 24 06:23:22 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 82BBB1CD658 for ; Sun, 24 Nov 2019 06:23:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47LKqG2xL7z4vH6 for ; Sun, 24 Nov 2019 06:23:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 64D581CD657; Sun, 24 Nov 2019 06:23:22 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6497D1CD656 for ; Sun, 24 Nov 2019 06:23:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47LKqG1zcvz4vH5 for ; Sun, 24 Nov 2019 06:23:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2800E2016D for ; Sun, 24 Nov 2019 06:23:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xAO6NMvT030423 for ; Sun, 24 Nov 2019 06:23:22 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xAO6NMel030379 for net@FreeBSD.org; Sun, 24 Nov 2019 06:23:22 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242159] [em] I219-V connection lost under load Date: Sun, 24 Nov 2019 06:23:21 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: IntelNetworking, iflib, regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Nov 2019 06:23:22 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242159 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |net@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sun Nov 24 12:34:59 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 92FCD1AE5D7 for ; Sun, 24 Nov 2019 12:34:59 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47LV422zm8z40L5 for ; Sun, 24 Nov 2019 12:34:58 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=Message-ID:Subject:To:From:Date:In-Reply-To; bh=9dHc/1A1GKSIAn6tp/6oOfnz5vdGe2DERIQ7KqVfs0I=; b=MQeq1XtsMCJGxrVjLm8k1hAEWl qb9rcUANrAQJytugyXCyJWDdU26Z7f4pcUrAd+gNSVMbZGdkbcT4+QGogvKnpuJUJhpvVF+vNjSZn AwUHd9OeCBbtu1z5FbLlTFMoC2Fmy5kLV3DUj/XonYKVH6XQQsqBhzkHBXmQ/Hj/6qtw=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iYr6J-0001rB-0W for freebsd-net@freebsd.org; Sun, 24 Nov 2019 19:34:51 +0700 Date: Sun, 24 Nov 2019 19:34:51 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: Several hosts behind a caching resolver Message-ID: <20191124123451.GA6593@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="FL5UXtIhxfXey3p5" Content-Disposition: inline X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47LV422zm8z40L5 X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=MQeq1Xts; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.41 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.31)[ip: (-9.85), ipnet: 2001:19f0:5000::/38(-4.93), asn: 20473(-1.71), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Nov 2019 12:34:59 -0000 --FL5UXtIhxfXey3p5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Dear Colleagues, Several hosts of the local network use a FreeBSD server with BIND or local-unbound as a caching resolver. Let's call it "Resolver A." Resolver A forwards all queries to another resolver, e.g. 8.8.8.8 or some other, let's call it "Resolver B." Can the operator of Resolver B figure out how many clients there are behind Resolver A, or obtain any other information about the hosts on the said local network (like their operating system etc)? In other words, does Resolver A effectively anonymize the queries, or is some information about the internal network leaking? --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --FL5UXtIhxfXey3p5 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd2njqAAoJEA2k8lmbXsY0BO8IALqWilw8iv2Xkg7JKXIzjyRg 9qfDHgXAMyZ7U8FzkUN0/Hb8O270KL6rllYSJLL53Jshj4dqHeG5I1xuN1WSWZBn 0u+LcJsnbM6OGTSU5qL3gS6sXYiT1dTI6bhqzRquOtyQ9GFFjf5TwN4o3wBl0xty ARP53EoMytGEB2B967LrVO+2/Cm7/sI9iiE5oXP7o6nWmKaXLmPLaILIoYmDDTiO zJK/z3rZ65s0zrvo6jLeG5kTY/pv3C8XjnYspB3bI1v4sT0KVtme/k6cH+BSU+X6 CqjHLyXitV5H6nNm8Bpy1wo1KAsu6UkeJrKtaQueo4QkPWPS43Ru/bvrqw8Vwac= =feQx -----END PGP SIGNATURE----- --FL5UXtIhxfXey3p5-- From owner-freebsd-net@freebsd.org Sun Nov 24 15:42:34 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 58A291B278F for ; Sun, 24 Nov 2019 15:42:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47LZDV1lRTz48jF for ; Sun, 24 Nov 2019 15:42:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 3BEFB1B278D; Sun, 24 Nov 2019 15:42:34 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3BB3D1B278C for ; Sun, 24 Nov 2019 15:42:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47LZDV0wF4z48jD for ; Sun, 24 Nov 2019 15:42:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0483A265D2 for ; Sun, 24 Nov 2019 15:42:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xAOFgX0V087873 for ; Sun, 24 Nov 2019 15:42:33 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xAOFgXvo087872 for net@FreeBSD.org; Sun, 24 Nov 2019 15:42:33 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 233622] panic: page not present fault when stopping VIMAGE jail on 12.0-RC2, netgraph Date: Sun, 24 Nov 2019 15:42:32 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: crash, panic, vimage X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: yp2008cn@gmail.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Nov 2019 15:42:34 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233622 --- Comment #8 from xsan --- I have the same problem, and it's very easy way to show that. I use `qjail` tool to manage jails. # first create jail, and use vnet for jail. qjail create -4 192.168.1.101 testjail qjail config -w em0 -v none testjail # repeat the follows command, page fault will happend on stop command, and system reboot. qjail start testjail qjail stop testjail System: FreeBSD 12.1-RELEASE amd64 Logs: Nov 24 21:44:09 FingerAge kernel: epair3a: link state changed to DOWN Nov 24 21:44:09 FingerAge kernel: epair3b: link state changed to DOWN Nov 24 21:44:52 FingerAge syslogd: kernel boot file is /boot/kernel/kernel Nov 24 21:44:52 FingerAge kernel: Nov 24 21:44:52 FingerAge syslogd: last message repeated 1 times Nov 24 21:44:52 FingerAge kernel: Fatal trap 12: page fault while in kernel mode Nov 24 21:44:52 FingerAge kernel: cpuid =3D 7; apic id =3D 07 Nov 24 21:44:52 FingerAge kernel: fault virtual address =3D 0x410 Nov 24 21:44:52 FingerAge kernel: fault code =3D supervisor read= data, page not present Nov 24 21:44:52 FingerAge kernel: instruction pointer =3D 0x20:0xffffffff80baff2d Nov 24 21:44:52 FingerAge kernel: stack pointer =3D 0x28:0xfffffe00403c3940 Nov 24 21:44:52 FingerAge kernel: frame pointer =3D 0x28:0xfffffe00403c39c0 Nov 24 21:44:52 FingerAge kernel: code segment =3D base 0x0, limit 0xfffff, type 0x1b Nov 24 21:44:52 FingerAge kernel: =3D DPL 0, pres 1, = long 1, def32 0, gran 1 Nov 24 21:44:52 FingerAge kernel: processor eflags =3D interrupt enabl= ed, resume, IOPL =3D 0 Nov 24 21:44:52 FingerAge kernel: current process =3D 0 (thre= ad taskq) Nov 24 21:44:52 FingerAge kernel: trap number =3D 12 Nov 24 21:44:52 FingerAge kernel: panic: page fault Nov 24 21:44:52 FingerAge kernel: cpuid =3D 7 Nov 24 21:44:52 FingerAge kernel: time =3D 1574603049 Nov 24 21:44:52 FingerAge kernel: KDB: stack backtrace: Nov 24 21:44:52 FingerAge kernel: #0 0xffffffff80c1d297 at kdb_backtrace+0x= 67 Nov 24 21:44:52 FingerAge kernel: #1 0xffffffff80bd05cd at vpanic+0x19d Nov 24 21:44:52 FingerAge kernel: #2 0xffffffff80bd0423 at panic+0x43 Nov 24 21:44:52 FingerAge kernel: #3 0xffffffff810a7dcc at trap_fatal+0x39c Nov 24 21:44:52 FingerAge kernel: #4 0xffffffff810a7e19 at trap_pfault+0x49 Nov 24 21:44:52 FingerAge kernel: #5 0xffffffff810a740f at trap+0x29f Nov 24 21:44:52 FingerAge kernel: #6 0xffffffff81081a0c at calltrap+0x8 Nov 24 21:44:52 FingerAge kernel: #7 0xffffffff80ccd5e1 at if_detach_internal+0x261 Nov 24 21:44:52 FingerAge kernel: #8 0xffffffff80cd490c at if_vmove+0x3c Nov 24 21:44:52 FingerAge kernel: #9 0xffffffff80cd48b8 at vnet_if_return+0= x48 Nov 24 21:44:52 FingerAge kernel: #10 0xffffffff80cfe2b4 at vnet_destroy+0x= 124 Nov 24 21:44:52 FingerAge kernel: #11 0xffffffff80b98870 at prison_deref+0x= 2a0 Nov 24 21:44:52 FingerAge kernel: #12 0xffffffff80c2fa74 at taskqueue_run_locked+0x154 Nov 24 21:44:52 FingerAge kernel: #13 0xffffffff80c30da8 at taskqueue_thread_loop+0x98 Nov 24 21:44:52 FingerAge kernel: #14 0xffffffff80b90c23 at fork_exit+0x83 Nov 24 21:44:52 FingerAge kernel: #15 0xffffffff81082a4e at fork_trampoline= +0xe --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sun Nov 24 15:55:25 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 08F221B2D85 for ; Sun, 24 Nov 2019 15:55:25 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47LZWH4vN9z49K0 for ; Sun, 24 Nov 2019 15:55:23 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id xAOFsqVY029819 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 24 Nov 2019 15:54:53 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: vas@sibptus.ru Received: from [10.58.0.4] (dadv@[10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id xAOFsnr3086702 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 24 Nov 2019 22:54:49 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: Several hosts behind a caching resolver To: Victor Sudakov , freebsd-net@freebsd.org References: <20191124123451.GA6593@admin.sibptus.ru> From: Eugene Grosbein Message-ID: Date: Sun, 24 Nov 2019 22:54:46 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20191124123451.GA6593@admin.sibptus.ru> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.0 SPF_PASS SPF: sender matches SPF record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 47LZWH4vN9z49K0 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-3.78 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-1.68)[ip: (-4.48), ipnet: 2a01:4f8::/29(-2.32), asn: 24940(-1.59), country: DE(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Nov 2019 15:55:25 -0000 24.11.2019 19:34, Victor Sudakov wrote: > Dear Colleagues, > > Several hosts of the local network use a FreeBSD server with BIND or > local-unbound as a caching resolver. Let's call it "Resolver A." > Resolver A forwards all queries to another resolver, e.g. 8.8.8.8 or > some other, let's call it "Resolver B." > > Can the operator of Resolver B figure out how many clients there are > behind Resolver A, or obtain any other information about the hosts on > the said local network (like their operating system etc)? In other > words, does Resolver A effectively anonymize the queries, or is some > information about the internal network leaking? No anonymization via unencrypted DNS. The query itself reveals most data about clients. Windows OSes send queries for MS-specific domains periodically, Android for its domains, FreeBSD for pkg.freebsd.org or svn.freebsd.org etc. If a there are multiple recursive queries for both of MS/Androis/MacOS-specific domains, this means there are many clients behind this local resolver. From owner-freebsd-net@freebsd.org Sun Nov 24 16:02:47 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6D3161B31B8 for ; Sun, 24 Nov 2019 16:02:47 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47LZgn0GK5z49kp for ; Sun, 24 Nov 2019 16:02:43 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=GxdEWvb2bivDelJ4pgqLs51qaygLpkAHzZYHnuwCsH8=; b=cjdGNovkKuverhMYJuifGmSbMA kCd/WKh5PZgmdcpACW0wBHF83Y9X0ILW4DeardOv4sid73y54NJiOsfadpti6kKm/QWAUGp8wFb9r nDl2khsh6Pc96eQbCFF+DYfBJu6UMQPNwUpcL0CJCE4rIMY1bffv/+JJweuTvaJLoTo8=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iYuLR-0004VJ-CI for freebsd-net@freebsd.org; Sun, 24 Nov 2019 23:02:41 +0700 Date: Sun, 24 Nov 2019 23:02:41 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: Re: Several hosts behind a caching resolver Message-ID: <20191124160241.GA17008@admin.sibptus.ru> References: <20191124123451.GA6593@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="FL5UXtIhxfXey3p5" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47LZgn0GK5z49kp X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=cjdGNovk; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.41 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.31)[ip: (-9.85), ipnet: 2001:19f0:5000::/38(-4.93), asn: 20473(-1.72), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Nov 2019 16:02:47 -0000 --FL5UXtIhxfXey3p5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Eugene Grosbein wrote: > >=20 > > Several hosts of the local network use a FreeBSD server with BIND or > > local-unbound as a caching resolver. Let's call it "Resolver A." > > Resolver A forwards all queries to another resolver, e.g. 8.8.8.8 or > > some other, let's call it "Resolver B." > >=20 > > Can the operator of Resolver B figure out how many clients there are > > behind Resolver A, or obtain any other information about the hosts on > > the said local network (like their operating system etc)? In other > > words, does Resolver A effectively anonymize the queries, or is some > > information about the internal network leaking? >=20 > No anonymization via unencrypted DNS. >=20 > The query itself reveals most data about clients. Windows OSes send queri= es > for MS-specific domains periodically, Android for its domains, > FreeBSD for pkg.freebsd.org or svn.freebsd.org etc. This is a good point. >=20 > If a there are multiple recursive queries for both of MS/Androis/MacOS-sp= ecific domains, > this means there are many clients behind this local resolver. If there are multiple recursive queries for MS domains only, do you think the operator of Resolver B can tell if there are 10 or 100 MS clients behind Resolver A?=20 --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --FL5UXtIhxfXey3p5 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd2qmhAAoJEA2k8lmbXsY0uHYH/194Ilnrq6+5U/W6n4uWZvxy 5XewcN9NyF94f+J72wVgLLcGDQVKu+uJGoL1s6TKvcHrhOrG6zqR59wBAorDdLXA GgrIMzqrmgVjDbdfZi9gqgwa/XSDsOUxfhhdPAaDYdh1ynhXVVvVNuLUZWB78BVc xfnXwnFOz3yzVroQ6xxSi1qcx7XguzR0FcC/zSxS169ho6/T2m4tdb1Vudcd/SBR ddpBG3Oc8CFADkzGwA85y0YFZ5sdB2QZAcIEu5DS75//R4prMz8sLo54NZxld7Ja N9xHRYMZz8NkQMgwwMpkKhSZXj4QHn+NMAKOKF7QQtIu1EWcMY9txLFoSs7lKuw= =UGCT -----END PGP SIGNATURE----- --FL5UXtIhxfXey3p5-- From owner-freebsd-net@freebsd.org Sun Nov 24 16:45:04 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 92BCA1B3F7B for ; Sun, 24 Nov 2019 16:45:04 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47Lbcb5vs8z4CPd for ; Sun, 24 Nov 2019 16:45:03 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id xAOGewAm030291 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 24 Nov 2019 16:41:00 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: vas@sibptus.ru Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id xAOGetQ6087027 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 24 Nov 2019 23:40:55 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: Several hosts behind a caching resolver To: Victor Sudakov , freebsd-net@freebsd.org References: <20191124123451.GA6593@admin.sibptus.ru> <20191124160241.GA17008@admin.sibptus.ru> From: Eugene Grosbein Message-ID: Date: Sun, 24 Nov 2019 23:40:48 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20191124160241.GA17008@admin.sibptus.ru> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=3.3 required=5.0 tests=BAYES_00,HELO_MISC_IP, LOCAL_FROM,RDNS_NONE,SPF_PASS,T_DATE_IN_FUTURE_96_Q autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 T_DATE_IN_FUTURE_96_Q Date: is 4 days to 4 months after * Received: date * 2.6 LOCAL_FROM From my domains * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS * 1.1 HELO_MISC_IP Looking for more Dynamic IP Relays X-Spam-Level: *** X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on eg.sd.rdtc.ru X-Rspamd-Queue-Id: 47Lbcb5vs8z4CPd X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-3.78 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-1.68)[ip: (-4.50), ipnet: 2a01:4f8::/29(-2.32), asn: 24940(-1.59), country: DE(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Nov 2019 16:45:04 -0000 24.11.2019 23:02, Victor Sudakov wrote: > If there are multiple recursive queries for MS domains only, do you think > the operator of Resolver B can tell if there are 10 or 100 MS clients > behind Resolver A? I guess so, because different Windows versions may behave differently (including erratic behaviour) and volume of DNS traffic may give some hints, too. This seems as XY-problem for me :-) What is your X problem? From owner-freebsd-net@freebsd.org Sun Nov 24 17:07:11 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3232D1B48B7 for ; Sun, 24 Nov 2019 17:07:11 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47Lc662nN7z4DV7 for ; Sun, 24 Nov 2019 17:07:10 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=KMw4R8qc+8UEGBLFiDwBo71oZJZ6i/IpsO8xoX8ZV9Q=; b=S7wdVKooW4UA7UWZWCQNlVqkiJ R9MjKeO/gIFmMcuWQ7oY2529GgmoujFJIO85slEeBxSjYlGzYKoRggmm08koJlXwF1SzaiJYUXGXR 08io99sGhteBYg/BpBEWoRH82yIx5AlSpzjv0W0NNreFBP2H5xbOGDnby31YLRb4Ndyc=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iYvLp-0005sX-2C for freebsd-net@freebsd.org; Mon, 25 Nov 2019 00:07:09 +0700 Date: Mon, 25 Nov 2019 00:07:09 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: Re: Several hosts behind a caching resolver Message-ID: <20191124170709.GA20512@admin.sibptus.ru> References: <20191124123451.GA6593@admin.sibptus.ru> <20191124160241.GA17008@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ReaqsoxgOBHFXBhH" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47Lc662nN7z4DV7 X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=S7wdVKoo; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.41 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.31)[ip: (-9.85), ipnet: 2001:19f0:5000::/38(-4.93), asn: 20473(-1.73), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Nov 2019 17:07:11 -0000 --ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Eugene Grosbein wrote: > 24.11.2019 23:02, Victor Sudakov wrote: >=20 > > If there are multiple recursive queries for MS domains only, do you thi= nk > > the operator of Resolver B can tell if there are 10 or 100 MS clients > > behind Resolver A?=20 >=20 > I guess so, because different Windows versions may behave differently (in= cluding erratic behaviour) > and volume of DNS traffic may give some hints, too. >=20 > This seems as XY-problem for me :-) What is your X problem? There is no problem, there is curiosity and a little research if an ISP or DNS operator can nose out the number of hosts on a customer's internal network by analyzing DNS traffic. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --ReaqsoxgOBHFXBhH Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd2ri9AAoJEA2k8lmbXsY0Pg4H/2Ms/iN7ctuIGWY7YFcF9KMQ X2kz3PMYxol6j6kvuajHKSv55/vQbzAzT1q3Gl4ZInjgEcRbUhT2tiNGks0dbzcE oAig/ZKW99dlQz3wc46eP1e/Rv1xPnukTs925NWwKTaZkXG6O34ez9hsNRD3vHcy Flrg/u1ZLwoNiDfg6qtmPzWs4vVGiDvFK0u8wEjNl/PuxJy5eZ715r4RdcWD1E0L nYSRLwyBsBdEFMJkqXADoc8IFnZQg/6vx6P3kHZbBbdLvRk96nH/HjW1ppetZ4mB YvYSTioCIvdc3ye9ZFSzUqYWtIW9UjlLVh6h5KevWNwX8HSU3SPBUvRuAtdSmi0= =TXau -----END PGP SIGNATURE----- --ReaqsoxgOBHFXBhH-- From owner-freebsd-net@freebsd.org Sun Nov 24 21:00:41 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 50D3F1BB02D for ; Sun, 24 Nov 2019 21:00:41 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47LjHY1Jx3z4TQb for ; Sun, 24 Nov 2019 21:00:41 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.nyi.freebsd.org (Postfix) id 2BE9A1BB021; Sun, 24 Nov 2019 21:00:41 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2B4D71BB01E for ; Sun, 24 Nov 2019 21:00:41 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47LjHX6zdlz4TQR for ; Sun, 24 Nov 2019 21:00:40 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CE9992066 for ; Sun, 24 Nov 2019 21:00:40 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xAOL0e6m065073 for ; Sun, 24 Nov 2019 21:00:40 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xAOL0eA5065072 for net@FreeBSD.org; Sun, 24 Nov 2019 21:00:40 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201911242100.xAOL0eA5065072@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: net@FreeBSD.org Subject: Problem reports for net@FreeBSD.org that need special attention Date: Sun, 24 Nov 2019 21:00:40 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Nov 2019 21:00:41 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- In Progress | 221146 | [ixgbe] Problem with second laggport In Progress | 235700 | oce(4) driver causes fatal trap 12 on boot with e New | 204438 | setsockopt() handling of kern.ipc.maxsockbuf limi New | 205592 | TCP processing in IPSec causes kernel panic New | 213410 | [carp] service netif restart causes hang only whe Open | 193452 | Dell PowerEdge 210 II -- Kernel panic bce (broadc Open | 194485 | Userland cannot add IPv6 prefix routes Open | 200319 | Bridge+CARP crashes/freezes Open | 202510 | [CARP] advertisements sourced from CARP IP cause Open | 210726 | tcp connect() can return invalid EADDRINUSE (Eg: Open | 222273 | igb(4): Kernel panic (fatal trap 12) due to netwo Open | 225438 | panic in6_unlink_ifa() due to race Open | 225792 | ECMP is broken since tryforward() Open | 227720 | Kernel panic in ppp server Open | 235524 | igb(4): Ethernet interface loses active link stat Open | 236888 | ppp daemon: Allow MTU to be overridden for PPPoE Open | 236983 | bnxt(4) VLAN not operational unless explicit "ifc Open | 237072 | netgraph(4): performance issue [on HardenedBSD]? Open | 237391 | route get returns no result for network addresses Open | 237840 | Removed dummynet dependency on ipfw Open | 238324 | Add XG-C100C/AQtion AQC107 10GbE NIC driver Open | 240530 | netgraph/ng_source: Allow ng_source to inject int Open | 240608 | if_vmx(4): iflib - Panic with INVARIANTS: Memory Open | 240944 | em(4): Crash with Intel 82571EB NIC with AMD Pile Open | 240969 | netinet6: Neighbour reachability detection broken Open | 241106 | tun/ppp: panic: vm_fault: fault on nofault entry Open | 241162 | Panic in closefp() triggered by nginx (uwsgi with Open | 241191 | route flush panic with RADIX_MPATH 28 problems total for which you should take action. From owner-freebsd-net@freebsd.org Mon Nov 25 02:26:05 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2EC281C4A00 for ; Mon, 25 Nov 2019 02:26:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47LrW10YrHz3KBv for ; Mon, 25 Nov 2019 02:26:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 117391C49FE; Mon, 25 Nov 2019 02:26:05 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 113731C49FC for ; Mon, 25 Nov 2019 02:26:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47LrW06pYZz3KBs for ; Mon, 25 Nov 2019 02:26:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CD4B55DE3 for ; Mon, 25 Nov 2019 02:26:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xAP2Q4So010340 for ; Mon, 25 Nov 2019 02:26:04 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xAP2Q4q0010337 for net@FreeBSD.org; Mon, 25 Nov 2019 02:26:04 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 230807] if_alc.ko driver not working for Killer Networking E2200 Date: Mon, 25 Nov 2019 02:26:04 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: marklmi26-fbsd@yahoo.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: yongari@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Nov 2019 02:26:05 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230807 Mark Millard changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |marklmi26-fbsd@yahoo.com --- Comment #5 from Mark Millard --- A ThreadRipper 1950X X399 AORUS gaming 7 I use has an E2500: alc0: port 0x1000-0x107f mem 0xba000000-0xba03ffff irq 27 at device 0.0 numa-domain 0 on pci5 alc0: 11776 Tx FIFO, 12032 Rx FIFO alc0: Using 1 MSIX message(s). alc0: 4GB boundary crossed, switching to 32bit DMA addressing mode. miibus0: numa-domain 0 on alc0 atphy0: PHY 0 on miibus0 atphy0: none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT-FD= X, 1000baseT-FDX-master, auto, auto-flow alc0: Using defaults for TSO: 65518/35/2048 alc0: Ethernet address: . . . (Note the numa domain use, in case numa matters for some reason.) While Fedora (such as 31 now but for a long time) and Windows 10 Pro x64 (1903 now but for a long time) have had no problems using this EtherNet interface when native-booted from their drives, I've historically either booted the FreeBSD drive under HyperV so Windows would deal with the EtherNet or used the poorly working WiFi for native FreeBSD. This was not limited to any specific versions of FreeBSD but has been true over some time. I recently jumped from head -r352341 to -r355027 and the behavior did not change. My experiments with things like "tcpdump -npi alc0" did not show packets coming in. I have not tried making any code changes. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Nov 25 03:43:09 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 060D91C6CDE for ; Mon, 25 Nov 2019 03:43:09 +0000 (UTC) (envelope-from alex_madhava@yahoo.com) Received: from sonic303-20.consmr.mail.ne1.yahoo.com (sonic303-20.consmr.mail.ne1.yahoo.com [66.163.188.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47LtCw14Xpz3P1v for ; Mon, 25 Nov 2019 03:43:07 +0000 (UTC) (envelope-from alex_madhava@yahoo.com) X-YMail-OSG: AjKdwDEVM1nMJFlFxMSwXqshqJpDEUtIHqtZjXgBs3ihCATf9aPaRjV.j5ac.JO QSWHjc0f6oSZ3rWlG5mtfQqmBXcYEOLPhu3gG2jXCxX4G.x1S41raVvOL5moHBw4PwVP2WFXKs0J lknymRLqW0idFoU2t8flK5tr8xoFNROOC2GYEeCht3LSmhaHnkOEvgZN.dvaicDEudUuryvsI5Is q.Oe85WB1Tm_CV6OdZm42G_k4W0Lxtg2Qi2Q5IRlwWIkEWHeOQwG31vwbSazE8qMrdu52CXzHk_a gp5s3Gin5glrIGfJRe65f.ayZinbFl9PFWQy10dqZPtpkLx0uicnj_wyORKHXD0MUy85.JYELQwf bJc_V37DiymXfb_aeUVOWmH7mszesakI9.QKLX8Hf3QVOO9yUJLJyNKCi4KqpO7rHxxxokpdTYJI .hp9AlITejcW_02XaasUDlTXBDRAAmq_R2GsE7qIuFkVtbqI7zAsMbPnnIceDssBNcanUtWDmkxM 3lEX.mEw88ssIcSWPFmyZBZjO7Q7kTg25umVSJd4dq1zKVRQUZb6cYcuQfgm7Oiox8XxUoaCGT16 ePtKWzsehwxkv_zLnx7GIdIZtZ6gxRz_ZhHznB6HvCDKRv1yg.d6HmDPW9ZuRAPzYElvru_M_2v7 KlDQW5IVyMKPEgSvYjLoneZQJ.3okcZEweThTn2CJdjiPJJINHrEJDCu2E8im6s4Ac3QGchqFhPP Af3uOKJnKVqbkDnq2KdJrsvXBS3aOH4g.AEu3nwFaVr0uFBdZblYJgqVz1verAKjiUNfE.G.4TGE tTyaI2jnwpRVifMLX.n5YQnYdrn2mLppqB4QDm4sLUhY3Qi1q0HiS5UEbMF2pHQtYKcz3nkZFgt. AJvBe_bdxEjBnIZjvYxOErXXUpep2NidWgnBJkOQixXZNbMVkmDMgItiMd35Ksi3DBP_8sQdjs18 ugyBodJYngVGobpzYDzU0qWeGrJLseh1A797l4KuKUZ80zNet2twawNtJ89sR6amyXrfl64RQKDC cVU8caqRh8qlC5yUWcytwK4fLdqSWrInOcvwa7OB4lLDb7iySSN_SzaRWuZnE8AO96qNu1EwEXH0 DNqGY8dhQNlyVNNgZYLjc3SkBzYCGF8JeWH3t.kIhvAeFh3H3ZbswfWvkZgudGQxhhGwvrTNjtOV XVB1qBKBCd30Qcbs3tMUz5q9endzrq9iukcs50IXFzwaOZDADxS4i_FBU8Q4CsDqbUUoaD2RIHXu ydBXY7fs61dDx7lwSJ4Jmj2SpAEesYMSN7wJ3OPjybwD5bu.lDI4ksf9JSJlhq0siX9heq_RRVmR MM9AIbIHLv4cT8iZ.opok Received: from sonic.gate.mail.ne1.yahoo.com by sonic303.consmr.mail.ne1.yahoo.com with HTTP; Mon, 25 Nov 2019 03:43:06 +0000 Date: Mon, 25 Nov 2019 03:43:04 +0000 (UTC) From: madhava gaikwad To: "freebsd-net@freebsd.org" Message-ID: <1159176100.4880122.1574653384166@mail.yahoo.com> Subject: SRv6 in FreeBSD MIME-Version: 1.0 References: <1159176100.4880122.1574653384166.ref@mail.yahoo.com> X-Mailer: WebService/1.1.14728 YMailNorrin Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36 X-Rspamd-Queue-Id: 47LtCw14Xpz3P1v X-Spamd-Bar: / X-Spamd-Result: default: False [0.57 / 15.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[yahoo.com:s=s2048]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ptr:yahoo.com]; FREEMAIL_FROM(0.00)[yahoo.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_MEDIUM(0.64)[0.636,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE_FREEMAIL(0.00)[]; RCVD_TLS_LAST(0.00)[]; DKIM_TRACE(0.00)[yahoo.com:+]; DMARC_POLICY_ALLOW(-0.50)[yahoo.com,reject]; RCVD_IN_DNSWL_NONE(0.00)[146.188.163.66.list.dnswl.org : 127.0.5.0]; TO_DN_EQ_ADDR_ALL(0.00)[]; IP_SCORE(0.00)[ip: (4.65), ipnet: 66.163.184.0/21(1.23), asn: 36646(0.98), country: US(-0.05)]; NEURAL_SPAM_LONG(0.94)[0.939,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[yahoo.com]; ASN(0.00)[asn:36646, ipnet:66.163.184.0/21, country:US]; RCVD_COUNT_TWO(0.00)[2]; DWL_DNSWL_NONE(0.00)[yahoo.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Nov 2019 03:43:09 -0000 Hello Experts, I want to know if there is any effort/planning going on to implement Segmen= t Routing (RFC 8402=C2=A0https://tools.ietf.org/html/rfc8402). I see Linux = supporting it. Wondering if there is something planned on FreeBSD too.My ap= p runs on FreeBSD and I have a use case to share information from one appli= cation gateway to another about connection identity. I thought SRv6 header = can help me here. Thank you.Alex. From owner-freebsd-net@freebsd.org Mon Nov 25 05:47:43 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 87CEF1C95F9 for ; Mon, 25 Nov 2019 05:47:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47Lwzg31DPz3ypX for ; Mon, 25 Nov 2019 05:47:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 675511C95F8; Mon, 25 Nov 2019 05:47:43 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 671B01C95F7 for ; Mon, 25 Nov 2019 05:47:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47Lwzg29Mgz3ypT for ; Mon, 25 Nov 2019 05:47:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 29C3F81CF for ; Mon, 25 Nov 2019 05:47:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xAP5lh3C066934 for ; Mon, 25 Nov 2019 05:47:43 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xAP5lhk8066932 for net@FreeBSD.org; Mon, 25 Nov 2019 05:47:43 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 235787] ixgbe no carrier problem - TX(7) desc avail = 2048, pidx = 0 Date: Mon, 25 Nov 2019 05:47:42 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: darius@dons.net.au X-Bugzilla-Status: Closed X-Bugzilla-Resolution: Unable to Reproduce X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Nov 2019 05:47:43 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235787 darius@dons.net.au changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |darius@dons.net.au --- Comment #4 from darius@dons.net.au --- For future googles, updating to 12.0-RELEASE-p12 fixed this for me. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Nov 25 13:01:50 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E951B1AC3DA for ; Mon, 25 Nov 2019 13:01:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47M6cZ5wQSz4PXZ for ; Mon, 25 Nov 2019 13:01:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id CB3D11AC3D9; Mon, 25 Nov 2019 13:01:50 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CB0991AC3D8 for ; Mon, 25 Nov 2019 13:01:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47M6cZ52Vyz4PXY for ; Mon, 25 Nov 2019 13:01:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 91C2DD1E1 for ; Mon, 25 Nov 2019 13:01:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xAPD1oNq060276 for ; Mon, 25 Nov 2019 13:01:50 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xAPD1odt060275 for net@FreeBSD.org; Mon, 25 Nov 2019 13:01:50 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 220468] libfetch: Does not handle 407 (proxy auth) when connecting to HTTPS using connect tunnel Date: Mon, 25 Nov 2019 13:01:47 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: bapt@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bapt@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Nov 2019 13:01:51 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220468 Baptiste Daroussin changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|net@FreeBSD.org |bapt@FreeBSD.org --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Nov 25 13:51:46 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 68E5D1AD356 for ; Mon, 25 Nov 2019 13:51:46 +0000 (UTC) (envelope-from SRS0=x5PF3b=ZR=ssbglimited.co.uk=unix@eigbox.net) Received: from bosmailout02.eigbox.net (bosmailout02.eigbox.net [66.96.189.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47M7k86Lfvz4RSJ for ; Mon, 25 Nov 2019 13:51:44 +0000 (UTC) (envelope-from SRS0=x5PF3b=ZR=ssbglimited.co.uk=unix@eigbox.net) Received: from bosmailscan04.eigbox.net ([10.20.15.4]) by bosmailout02.eigbox.net with esmtp (Exim) id 1iZEmA-0003kS-TC for freebsd-net@freebsd.org; Mon, 25 Nov 2019 08:51:38 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ssbglimited.co.uk; s=dkim; h=Sender:Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject:Reply-To: Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=AqdbKomvk9H4ADflT+ACMF+EQ2jBkMrMP1s9pqh3Nx8=; b=CN0ftGZ/PNVsEJ+Ar2X+PCtZAc 5ZYO75oM/2Qqe/cKq4kf6YueKo6BbwKByLB9QFBqsc6W769sXo7rSEU/sPDgCsaz09iVbeUIP/Lbp ytdpoAtp1lVkbuY8mzm7aysX5sxKRntML/BIyGzJ7l9tqlrnmVRyb47CNPX9V/ZzG8ffJCWt63ssy pgyi+KsVrqBwXP0CgHJRksB6xJ6QebVZ7SElWiKs3ViXfs8xXcALD5bQOVekV5d9ZtZSDe0CXD8lH Evr+8SHR+/fh7W5tedwUrxeLxXnd+3IFyPhAxvr9vswPOvdeiaDzRjWbARsNNTLstzlSG61qqGe6u NE8cEHAQ==; Received: from [10.115.3.33] (helo=bosimpout13) by bosmailscan04.eigbox.net with esmtp (Exim) id 1iZEmA-0001N3-RO for freebsd-net@freebsd.org; Mon, 25 Nov 2019 08:51:38 -0500 Received: from bosauthsmtp11.yourhostingaccount.com ([10.20.18.11]) by bosimpout13 with id WDrb210070EKspE01Dre2H; Mon, 25 Nov 2019 08:51:38 -0500 X-Authority-Analysis: v=2.2 cv=UqITD64B c=1 sm=1 tr=0 a=anyYG9rjTBM1sAjEBQ8Cew==:117 a=JpjoeYlqMQu1FOXtmSia+Q==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=IkcTkHD0fZMA:10 a=MeAgGD-zjQ4A:10 a=nkE5dCGgubMA:10 a=48vgC7mUAAAA:8 a=6I5d2MoRAAAA:8 a=4fAInNogDY2SVzk3O-YA:9 a=QEXdDO2ut3YA:10 a=w1C3t2QeGrPiZgrLijVG:22 a=IjZwj45LgO3ly-622nXo:22 Received: from cpc96382-rdng26-2-0-cust607.15-3.cable.virginm.net ([86.30.86.96]:13940 helo=[192.168.0.100]) by bosauthsmtp11.eigbox.net with esmtpa (Exim) id 1iZEm7-0004B3-8i; Mon, 25 Nov 2019 08:51:35 -0500 Subject: Re: SRv6 in FreeBSD To: madhava gaikwad , "freebsd-net@freebsd.org" References: <1159176100.4880122.1574653384166.ref@mail.yahoo.com> <1159176100.4880122.1574653384166@mail.yahoo.com> From: Unix Codenetworks Message-ID: <667fca00-fc93-c017-175e-722d7592b5c2@ssbglimited.co.uk> Date: Mon, 25 Nov 2019 13:51:31 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.3.0 MIME-Version: 1.0 In-Reply-To: <1159176100.4880122.1574653384166@mail.yahoo.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-EN-UserInfo: d94ecc27d8c618b705af6c7847bf2b9d:931c98230c6409dcc37fa7e93b490c27 X-EN-AuthUser: unix@ssbglimited.co.uk Sender: Unix Codenetworks X-EN-OrigIP: 86.30.86.96 X-EN-OrigHost: cpc96382-rdng26-2-0-cust607.15-3.cable.virginm.net X-Rspamd-Queue-Id: 47M7k86Lfvz4RSJ X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ssbglimited.co.uk header.s=dkim header.b=CN0ftGZ/; dmarc=none; spf=pass (mx1.freebsd.org: domain of SRS0=x5PF3b=ZR=ssbglimited.co.uk=unix@eigbox.net designates 66.96.189.2 as permitted sender) smtp.mailfrom=SRS0=x5PF3b=ZR=ssbglimited.co.uk=unix@eigbox.net X-Spamd-Result: default: False [2.33 / 15.00]; ARC_NA(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; R_DKIM_ALLOW(-0.20)[ssbglimited.co.uk:s=dkim]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:66.96.128.0/18]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[ssbglimited.co.uk]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_SPAM_MEDIUM(0.64)[0.642,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[ssbglimited.co.uk:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[2.189.96.66.list.dnswl.org : 127.0.5.0]; NEURAL_SPAM_LONG(0.81)[0.806,0]; IP_SCORE(1.08)[ipnet: 66.96.128.0/18(2.93), asn: 29873(2.52), country: US(-0.05)]; FORGED_SENDER(0.30)[unix@ssbglimited.co.uk,SRS0=x5PF3b=ZR=ssbglimited.co.uk=unix@eigbox.net]; FREEMAIL_TO(0.00)[yahoo.com]; RECEIVED_SPAMHAUS_PBL(0.00)[96.86.30.86.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:29873, ipnet:66.96.128.0/18, country:US]; FROM_NEQ_ENVFROM(0.00)[unix@ssbglimited.co.uk,SRS0=x5PF3b=ZR=ssbglimited.co.uk=unix@eigbox.net]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Nov 2019 13:51:46 -0000 Hi Alex, While I'm not a BSD developer, i really doubt it, considering that the building blocks for SR are not there ( mpls support or just label push/pop/swap). On the other hand, on SRv6 as you mentioned you rely on IPv6 headers and there is a lot of conservatory about it.... ( unless you are a Cisco fan!) I'm interesting on the use case, if you don't mind... is it just service chaining you application ? Usually servers are just part of an overlay ( call it VXLAN,  MPLS  or something over something else...) Best regards. Santiago On 2019-11-25 03:43, madhava gaikwad via freebsd-net wrote: > Hello Experts, > I want to know if there is any effort/planning going on to implement Segment Routing (RFC 8402 https://tools.ietf.org/html/rfc8402). I see Linux supporting it. Wondering if there is something planned on FreeBSD too.My app runs on FreeBSD and I have a use case to share information from one application gateway to another about connection identity. I thought SRv6 header can help me here. > Thank you.Alex. > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@freebsd.org Mon Nov 25 14:21:34 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8A4321ADF5D for ; Mon, 25 Nov 2019 14:21:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47M8NZ39MBz4TGq for ; Mon, 25 Nov 2019 14:21:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 6CAF21ADF5C; Mon, 25 Nov 2019 14:21:34 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6C6BD1ADF5B for ; Mon, 25 Nov 2019 14:21:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47M8NZ2JGmz4TGp for ; Mon, 25 Nov 2019 14:21:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 33810DF17 for ; Mon, 25 Nov 2019 14:21:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xAPELY67044934 for ; Mon, 25 Nov 2019 14:21:34 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xAPELYnM044894 for net@FreeBSD.org; Mon, 25 Nov 2019 14:21:34 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 166724] [re] if_re watchdog timeout Date: Mon, 25 Nov 2019 14:21:32 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: needs-patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: bob@novanet.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: yongari@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Nov 2019 14:21:34 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D166724 Bob Smith changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bob@novanet.org --- Comment #38 from Bob Smith --- (In reply to George from comment #37) I too would contribute to a bug bounty to fix this. I'm using an embedded system that has this chipset and I've switched to a USB 3.0 NIC but I'd lov= e to be able to go back to the onboard NIC. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Nov 25 18:46:59 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 62B941B608A for ; Mon, 25 Nov 2019 18:46:59 +0000 (UTC) (envelope-from guido@gvr.org) Received: from gvr.gvr.org (gvr.gvr.org [62.251.117.91]) (using TLSv1.2 with cipher DHE-RSA-CAMELLIA256-SHA256 (256/256 bits)) (Client CN "gvr.gvr.org", Issuer "Gandi Standard SSL CA 2" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47MGGp1HNfz3J64 for ; Mon, 25 Nov 2019 18:46:57 +0000 (UTC) (envelope-from guido@gvr.org) Received: from gvr.gvr.org (localhost [127.0.0.1]) by gvr.gvr.org (Postfix) with ESMTP id 9505F3928F for ; Mon, 25 Nov 2019 19:46:50 +0100 (CET) X-Virus-Scanned: amavisd-new at gvr.org Received: from gvr.gvr.org ([127.0.0.1]) by gvr.gvr.org (gvr.gvr.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id awPB3UL5mx5j for ; Mon, 25 Nov 2019 19:46:50 +0100 (CET) Received: by gvr.gvr.org (Postfix, from userid 657) id 1CF813928C; Mon, 25 Nov 2019 19:46:50 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gvr.org; s=20190204; t=1574707610; bh=6ERrHs2Y4NWIDB/s1X31GRxjEmHaOQwk0M2WxmelEqM=; h=Date:From:To:Subject; b=rJ98Z7YbWIqkGqtyXFddmdSzGx6oaU/JqqDTR/11gGosK2cf+g0bSWSQti+y2Cf6R H1N0J5STDJ6EsbQ9BZ1gwOZP4vBO+k7Sn5EAsoxfthDFOCViBDcobyVeLIh9xmENRx iAr0uIcPYGtlR+sO7jhv/hIId45RVqsv7Ezxp6/U7GISk5/sO1p8s4wspzwd1syY2j CpuxNlakqJMOyVx2bg99FjnehvOSn3/hQN5z45UN+a/So2wXcIAobLd4/2tDwQDZrL 4IAjHkgLkpC6ejP4qhh+5K/quhMFi/ZOPbafSkpgmAezvdVe2S96eY4dGk87/fXJdA tlNvR0s/PkY+Q== Date: Mon, 25 Nov 2019 19:46:50 +0100 From: Guido van Rooij To: freebsd-net@freebsd.org Subject: Problems with Multicast (IGMP) since upgrade from 11.3 to 12.1 Message-ID: <20191125184650.GA79855@gvr.gvr.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Rspamd-Queue-Id: 47MGGp1HNfz3J64 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gvr.org header.s=20190204 header.b=rJ98Z7Yb; dmarc=none; spf=pass (mx1.freebsd.org: domain of guido@gvr.org designates 62.251.117.91 as permitted sender) smtp.mailfrom=guido@gvr.org X-Spamd-Result: default: False [-5.35 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gvr.org:s=20190204]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; DMARC_NA(0.00)[gvr.org]; DKIM_TRACE(0.00)[gvr.org:+]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:3265, ipnet:62.251.0.0/17, country:NL]; IP_SCORE(-2.85)[ip: (-9.58), ipnet: 62.251.0.0/17(-4.71), asn: 3265(-0.00), country: NL(0.02)] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Nov 2019 18:46:59 -0000 I am using a STB with muticast based TV. When I use my firewall with igmpproxy in 11.3, I see the following when I am not watching TV: # netstat -g IPv4 Virtual Interface Table Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out 0 1 10.59.161.237 2251 0 1 1 192.168.100.1 0 2251 IPv4 Multicast Forwarding Table Origin Group Packets In-Vif Out-Vifs:Ttls 213.75.167.58 224.3.2.6 1435 0 1:1 When I switch on the STB, I see: # netstat -g IPv4 Virtual Interface Table Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out 0 1 10.59.161.237 22450 0 1 1 192.168.100.1 0 22450 IPv4 Multicast Forwarding Table Origin Group Packets In-Vif Out-Vifs:Ttls 217.166.226.126 224.0.252.126 18986 0 1:1 213.75.167.58 224.3.2.6 1918 0 1:1 When I swicth it off, we see, again: # netstat -g IPv4 Virtual Interface Table Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out 0 1 10.59.161.237 50108 0 1 1 192.168.100.1 0 50108 IPv4 Multicast Forwarding Table Origin Group Packets In-Vif Out-Vifs:Ttls 213.75.167.58 224.3.2.6 2215 0 1:1 Here is the IGMP trace: # No TV 18:55:47.172531 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA)) 10.59.161.237 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.252.126 to_ex { }] # Switch on STB 18:55:49.773534 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA)) 10.59.161.237 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.252.126 to_ex { }] 18:56:47.094853 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [none], proto IGMP (2), length 36, options (RA)) 10.60.140.9 > 224.0.0.1: igmp query v3 18:56:53.287526 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 48, options (RA)) 10.59.161.237 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.252.126 is_ex { }] [gaddr 224.3.2.6 is_ex { }] # Switch off STB 18:56:57.887515 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA)) 10.59.161.237 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.252.126 to_in { }] 18:56:58.717053 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA)) 10.59.161.237 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.252.126 to_in { }] Now in 12.1 we see: STB off: # netstat -g IPv4 Virtual Interface Table Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out 0 1 10.59.161.237 158 0 1 1 192.168.100.1 0 158 IPv4 Multicast Forwarding Table Origin Group Packets In-Vif Out-Vifs:Ttls 213.75.167.58 224.3.2.6 158 0 1:1 STB on: # netstat -g IPv4 Virtual Interface Table Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out 0 1 10.59.161.237 10674 0 1 1 192.168.100.1 0 10674 IPv4 Multicast Forwarding Table Origin Group Packets In-Vif Out-Vifs:Ttls 217.166.226.126 224.0.252.126 9584 0 1:1 213.75.167.58 224.3.2.6 1091 0 1:1 STB back off again: # netstat -g IPv4 Virtual Interface Table Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out 0 1 10.59.161.237 41404 0 1 1 192.168.100.1 0 41404 IPv4 Multicast Forwarding Table Origin Group Packets In-Vif Out-Vifs:Ttls 217.166.226.126 224.0.252.126 0 65535 213.75.167.58 224.3.2.6 1342 0 1:1 IGMP trace: # No TV 19:05:07.103731 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [none], proto IGMP (2), length 36, options (RA)) 10.60.140.9 > 224.0.0.1: igmp query v3 19:05:12.203438 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA)) 10.59.161.237 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.3.2.6 is_ex { }] # Switch on STB 19:06:30.522147 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA)) 10.59.161.237 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.252.126 to_ex { }] 19:06:31.740782 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA)) 10.59.161.237 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.252.126 to_ex { }] # Switch off STB 19:07:12.107851 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [none], proto IGMP (2), length 36, options (RA)) 10.60.140.9 > 224.0.0.1: igmp query v3 19:07:21.605196 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 48, options (RA)) 10.59.161.237 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.252.126 is_ex { }] [gaddr 224.3.2.6 is_ex { }] So we never see the IGMP_CHANGE_TO_INCLUDE_MODE packet. I did a ktr trace and in it I only saw the following entries that I think are interesting (first number is a timestamp) Nov 20 19:14:25 in_joingroup_locked: join 0xe000fc7e on 0xfffff8000f4d6000(vlan4)) Nov 20 19:14:25 igmp_initial_join: initial join 0xe000fc7e on ifp 0xfffff8000f4d6000(vlan4) Nov 20 19:14:25 igmp_v3_enqueue_group_record: queueing TO_EX for 0xe000fc7e/vlan4 Nov 20 19:15:30 in_leavegroup_locked: leave inm 0xfffff8003a448c00, 0xe000fc7e/vlan4, imf 0xfffff8003a609d40 Nov 20 19:15:30 igmp_handle_state_change: state change for 0xe000fc7e on ifp 0xfffff8000f4d6000(vlan4) Nov 20 19:15:30 igmp_v3_enqueue_group_record: nothing to do for 0xe000fc7e/vlan4 Nov 20 19:15:30 igmp_v3_enqueue_group_record: queueing MODE_EX for 0xe000fc7e/vlan4 I am somewhat lost on how to further debug this. Any hint would be appreciated. Thanks, Guido van Rooij From owner-freebsd-net@freebsd.org Mon Nov 25 20:02:29 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 922A41B86B2 for ; Mon, 25 Nov 2019 20:02:29 +0000 (UTC) (envelope-from 0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000@amazonses.com) Received: from a8-176.smtp-out.amazonses.com (a8-176.smtp-out.amazonses.com [54.240.8.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47MHxv57q5z3NcC for ; Mon, 25 Nov 2019 20:02:26 +0000 (UTC) (envelope-from 0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000@amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=vnqrkfnvu6csdl6mwgk5t6ix3nnepx57; d=tarsnap.com; t=1574712144; h=To:From:Subject:Message-ID:Date:MIME-Version:Content-Type:Content-Transfer-Encoding; bh=93F54LlykxUdN3XropVOl8FrxM1PuAo0gnn7Ou26TgY=; b=AayeFAEz4FUZFZLjVqb3hXQMgLi5UQ5sFpZjw1P077VrX6oNhCQ0ihE9TdcEsBNs F5wQux1dvwPf2qm4/E5LL9rb1lgiOFR/ohlCsZZSJBK6H/WKrWFCZ90uPR9LWXsEJEz WebooKqwEUHzdqWoPliXClFKHE4v1zTuxyBzBONQ= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1574712144; h=To:From:Subject:Message-ID:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=93F54LlykxUdN3XropVOl8FrxM1PuAo0gnn7Ou26TgY=; b=FZ6EHoKffEcO9FZM/lKi3U02nXiBX2YumQ+2dBOjoHhRE8H0sGOJimYHPjrMpi/b wof95ABCo0rvPhleof/6PDGfiSCmlGZ7i2o78tzdehdmpSX3Gzyl4PQXikGnCIj/Zud UJfd9OQOU2nAd7UIG2XQcNlRkYFSNzek72bS5MV8= To: "freebsd-net@freebsd.org" From: Colin Percival Subject: SOCK_RAW && SO_DONTROUTE doesn't work Autocrypt: addr=cperciva@tarsnap.com; prefer-encrypt=mutual; keydata= mQGhBElrAAcRBACDfDys4ZtK+ErCJ1HAzYeteKpm3OEsvT/49AjUTLihkF79HhIKrCQU+1KC zv7BwHCMLb6hq30As9L7iFKG7n5QFLFC4Te/VcITUnWHMG/c3ViLOfJGvi+9/nOEHaM1dVJY D6tEp5yM1nHmVQpo9932j4KGuGFR0LhOK5IHXOSfGwCgxSFDPdgxe2OEjWxjGgY+oV3EafcD +JROXCTjlcQiG/OguQH4Vks3mhHfFnEppLxTkDuYgHZQiUtpcT9ssH5khgqoTyMar05OUdAj ZIhNbWDh4LgTj+7ZmvLhXT5Zxw8LX9d7T36aTB8XDQSenDqEtinMWOb0TCBBLbsB8EFG1WTT ESbZci9jJS5yhtktuZoY/eM8uXMD/3k4FWFO80VRRkELSp+XSy/VlSQjyi/rhl2nQq/oOA9F oJbDaB0yq9VNhxP+uFBzBWSqeIX0t1ZWLtNfVFr4TRP5hihI5ICrg/0OpqgisKsU2NFe9xyO hyJLYmfD8ebpDJ/9k30C7Iju9pVrwLm1QgS4S2fqJRcR+U4WbjvP7CgStCVDb2xpbiBQZXJj aXZhbCA8Y3BlcmNpdmFAdGFyc25hcC5jb20+iGEEExECACEFAklrALYCGwMHCwkIBwMCAQQV AggDBBYCAwECHgECF4AACgkQOM7KaQxqam6/igCgn+z2k3V5ggNppmWrZstt1U2lugsAoL7L wS9V9yLtil3oWmHtwpUqYruEuQINBElrAAcQCAD3ZLMIsP4CIDoJORg+YY0lqLVBgcnF7pFb 4Uy2+KvdWofN+DKH61rZLjgXXkNE9M4EQC1B4lGttBP8IY2gs41y3AUogGdyFbidq99rCBz7 LTsgARHwFxZoaHmXyiZLEU1QZuMqwPZV1mCviRhN5E3rRqYNXVcrnXAAuhBpvNyj/ntHvcDN 2/m+ochiuBYueU4kX3lHya7sOj+mTsndcWmQ9soOUyr8O0r/BG088bMn4qqtUw4dl5/pglXk jbl7uOOPinKf0WVd2r6M0wLPJCD4NPHrCWRLLLAjwfjrtoSRvXxDbXhCdgGBa72+K8eYLzVs hgq7tJOoBWzjVK6XRxR7AAMGB/9Mo3iJ2DxqDecd02KCB5BsFDICbJGhPltU7FwrtbC7djSb XUrwsEVLHi4st4cbdGNCWCrp0BRezXZKohKnNAPFOTK++ZfgeKxrV2sJod+Q9RILF86tQ4XF 7A7Yme5hy92t/WgiU4vc/fWbgP8gV/19f8nunaT2E9NSa70mZFjZNu4iuwThoUUO5CV3Wo0Y UISsnRK8XD1+LR3A2qVyLiFRwh/miC1hgLFCTGCQ3GLxZeZzIpYSlGdQJ0L5lixW5ZQD9r1I 8i/8zhE6qRFAM0upUMI3Gt1Oq2w03DiXrZU0Fu/R8Rm8rlnkQKA+95mRTUq1xL5P5NZIi4gJ Z569OPMFiEkEGBECAAkFAklrAAcCGwwACgkQOM7KaQxqam41igCfbaldnFTu5uAdrnrghESv EI3CAo8AoLkNMks1pThl2BJNRm4CtTK9xZeH Message-ID: <0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000@email.amazonses.com> Date: Mon, 25 Nov 2019 20:02:24 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-SES-Outgoing: 2019.11.25-54.240.8.176 Feedback-ID: 1.us-east-1.Lv9FVjaNvvR5llaqfLoOVbo2VxOELl7cjN0AOyXnPlk=:AmazonSES X-Rspamd-Queue-Id: 47MHxv57q5z3NcC X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tarsnap.com header.s=vnqrkfnvu6csdl6mwgk5t6ix3nnepx57 header.b=AayeFAEz; dkim=pass header.d=amazonses.com header.s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw header.b=FZ6EHoKf; dmarc=none; spf=pass (mx1.freebsd.org: domain of 0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000@amazonses.com designates 54.240.8.176 as permitted sender) smtp.mailfrom=0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000@amazonses.com X-Spamd-Result: default: False [-1.74 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[tarsnap.com:s=vnqrkfnvu6csdl6mwgk5t6ix3nnepx57,amazonses.com:s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:54.240.0.0/18]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[tarsnap.com]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; DKIM_TRACE(0.00)[tarsnap.com:+,amazonses.com:+]; RCVD_IN_DNSWL_NONE(0.00)[176.8.240.54.list.dnswl.org : 127.0.15.0]; TO_DN_EQ_ADDR_ALL(0.00)[]; FORGED_SENDER(0.30)[cperciva@tarsnap.com,0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000@amazonses.com]; RCVD_COUNT_ZERO(0.00)[0]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-2.04)[ip: (-2.42), ipnet: 54.240.8.0/21(-4.61), asn: 14618(-3.13), country: US(-0.05)]; ASN(0.00)[asn:14618, ipnet:54.240.8.0/21, country:US]; FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN(2.50)[]; FROM_NEQ_ENVFROM(0.00)[cperciva@tarsnap.com, 0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000@amazonses.com] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Nov 2019 20:02:29 -0000 Hi networky people, I'm not sure if this was deliberate or if it's a bug. If you create a raw IP socket, turn on IP_HDRINCL and SO_DONTROUTE, and then use sendto(2) to send a packet, the destination address provided to sendto(2) is ignored; instead, the destination is taken from the packet's ip_dst field. It looks like this happens because rip_output calls ip_output with a NULL value for ro, prompting ip_output to look up the destination from the IP packet, rather than the destination passed to sendto (which never made its way out of rip_output). I tripped over this because I was trying to have a userland process which routes (some) packets differently from how the routing tables specify; but my "no really, go out THAT interface" wasn't being respected. :-( (Full background: I want to make a transparent proxy which intercepts outgoing connections to 169.254.169.254, allowing some of them through and redirecting others for special handling. I created a tun which outgoing packets get routed into; but I ran into problems when I wanted to forward some of the packets out of the external interface since they ignored my attempts to route them and came straight back into the tun instead.) -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid From owner-freebsd-net@freebsd.org Mon Nov 25 23:44:09 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 64B771BDE95 for ; Mon, 25 Nov 2019 23:44:09 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47MNsj0WRJz44tm for ; Mon, 25 Nov 2019 23:44:08 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (c-73-225-95-104.hsd1.wa.comcast.net [73.225.95.104]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id xAPNi0iN097351 (version=TLSv1.2 cipher=AES128-SHA bits=128 verify=NO); Mon, 25 Nov 2019 15:44:01 -0800 (PST) (envelope-from julian@freebsd.org) Subject: Re: SOCK_RAW && SO_DONTROUTE doesn't work To: Colin Percival , "freebsd-net@freebsd.org" References: <0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000@email.amazonses.com> From: Julian Elischer Message-ID: <63cdda3a-8078-7e1a-6a59-614ed6785e88@freebsd.org> Date: Mon, 25 Nov 2019 15:43:55 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: <0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000@email.amazonses.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Rspamd-Queue-Id: 47MNsj0WRJz44tm X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-1.42 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-0.71)[-0.708,0]; NEURAL_HAM_LONG(-0.71)[-0.713,0]; ASN(0.00)[asn:36236, ipnet:204.109.60.0/22, country:US] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Nov 2019 23:44:09 -0000 On 11/25/19 12:02 PM, Colin Percival wrote: > Hi networky people, > > I'm not sure if this was deliberate or if it's a bug. > > If you create a raw IP socket, turn on IP_HDRINCL and SO_DONTROUTE, and > then use sendto(2) to send a packet, the destination address provided to > sendto(2) is ignored; instead, the destination is taken from the packet's > ip_dst field. > > It looks like this happens because rip_output calls ip_output with a NULL > value for ro, prompting ip_output to look up the destination from the IP > packet, rather than the destination passed to sendto (which never made its > way out of rip_output). > > I tripped over this because I was trying to have a userland process which > routes (some) packets differently from how the routing tables specify; but > my "no really, go out THAT interface" wasn't being respected. :-( > > (Full background: I want to make a transparent proxy which intercepts > outgoing connections to 169.254.169.254, allowing some of them through and > redirecting others for special handling. I created a tun which outgoing > packets get routed into; but I ran into problems when I wanted to forward > some of the packets out of the external interface since they ignored my > attempts to route them and came straight back into the tun instead.) > I have always achieved this sort of thing using ipfw fwd rules, rather than trying to bend the IP stack to do it. From owner-freebsd-net@freebsd.org Tue Nov 26 00:43:45 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7C6091BF7D6 for ; Tue, 26 Nov 2019 00:43:45 +0000 (UTC) (envelope-from bsd-lists@BSDforge.com) Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com [24.113.41.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "ultimatedns.net", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47MQBS1ztPz47tV for ; Tue, 26 Nov 2019 00:43:43 +0000 (UTC) (envelope-from bsd-lists@BSDforge.com) Received: from udns.ultimatedns.net (localhost [IPv6:0:0:0:0:0:0:0:1]) by udns.ultimatedns.net (8.15.2/8.15.2) with ESMTPS id xAQ0iNSS047734 (version=TLSv1.2 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Mon, 25 Nov 2019 16:44:29 -0800 (PST) (envelope-from bsd-lists@BSDforge.com) X-Mailer: Cypht MIME-Version: 1.0 From: Chris Reply-To: bsd-lists@BSDforge.com To: Subject: How to remove watchdog? Date: Mon, 25 Nov 2019 16:44:29 -0800 Message-Id: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 47MQBS1ztPz47tV X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of bsd-lists@BSDforge.com has no SPF policy when checking 24.113.41.81) smtp.mailfrom=bsd-lists@BSDforge.com X-Spamd-Result: default: False [1.89 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[bsd-lists@BSDforge.com]; XM_UA_NO_VERSION(0.01)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE(-0.18)[ip: (-1.48), ipnet: 24.113.0.0/16(-0.74), asn: 11404(1.36), country: US(-0.05)]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.20)[-0.204,0]; NEURAL_SPAM_MEDIUM(0.37)[0.371,0]; DMARC_NA(0.00)[BSDforge.com]; REPLYTO_ADDR_EQ_FROM(0.00)[]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:11404, ipnet:24.113.0.0/16, country:US]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Nov 2019 00:43:45 -0000 Or at least make it non fatal=2E OK here's the story; I'm experimenting with a multiport NIC (re(4)) as we hope to start using multiport 10G NICs=2E Any of the re's we've used in the past have been very stable, which is why I picked the one I did for this experiment=2E This one has been performing rock solid for some 4 to 6 mos, under full time use=2E That is until the last week=2E Where we're seeing: watchdog timeout repeated frequently=2E Which is ultimately fatal=2E ifconfig up/down will not resuscitate it=2E Nor will service ifconfig restart, or plugging/ unplugging the cable(s)=2E Bouncing the server is the only cure=2E Which is unacceptable=2E Any, and All suggestions, or insight into the matter GREATLY appreciated=2E Note; while this is an old 11=2E1, we're not planning to up this box until we can confirm this can be cured=2E :) Details follow: 11=2E1-STABLE r327867 amd64 watchdog timeout watchdog timeout watchdog timeout watchdog timeout watchdog timeout watchdog timeout watchdog timeout watchdog timeout watchdog timeout watchdog timeout watchdog timeout watchdog timeout rc=2Econf(5) ifconfig_re0=3D"inet AA=2EBBB=2ECC=2EXX netmask 255=2E255=2E255=2E0 rxcsum txcsum tso4" ifconfig_re1=3D"inet AA=2EBBB=2ECC=2EWW netmask 255=2E255=2E255=2E0 rxcsum txcsum tso4" ifconfig_re1_alias0=3D"inet AA=2EBBB=2ECC=2EZZ netmask 255=2E255=2E255=2E0" ifconfig(8) re0: flags=3D8843 metric 0 mtu 1500 =09options=3D8219b =09ether 00:13:3b:0f:13:44 =09hwaddr 00:13:3b:0f:13:44 =09inet6 fe80::213:3bff:fe0f:1344%re0 prefixlen 64 scopeid 0x1=20 =09inet AA=2EBBB=2ECC=2EXX netmask 0xffffff00 broadcast 24=2E113=2E41=2E255=20 =09nd6 options=3D23 =09media: Ethernet autoselect (1000baseT ) =09status: active re1: flags=3D8843 metric 0 mtu 1500 =09options=3D8219b =09ether 00:13:3b:0f:13:45 =09hwaddr 00:13:3b:0f:13:45 =09inet AA=2EBBB=2ECC=2EWW netmask 0xffffff00 broadcast 24=2E113=2E41=2E255=20 =09inet AA=2EBBB=2ECC=2EZZ netmask 0xffffff00 broadcast 24=2E113=2E41=2E255=20 =09inet6 fe80::213:3bff:fe0f:1345%re1 prefixlen 64 scopeid 0x2=20 =09nd6 options=3D23 =09media: Ethernet autoselect (1000baseT ) =09status: active lo0: flags=3D8049 metric 0 mtu 16384 =09options=3D600003 =09inet6 ::1 prefixlen 128=20 =09inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3=20 =09inet 127=2E0=2E0=2E1 netmask 0xff000000=20 =09nd6 options=3D21 =09groups: lo=20 pciconf(8) re0@pci0:5:0:0:=09class=3D0x020000 card=3D0x012310ec chip=3D0x816810ec rev= =3D0x07 hdr=3D0x00 vendor =3D 'Realtek Semiconductor Co=2E, Ltd=2E' device =3D 'RTL8111/8168/8411 PCI Express Gigabit Ethernet Controll= er' class =3D network subclass =3D ethernet re1@pci0:6:0:0:=09class=3D0x020000 card=3D0x012310ec chip=3D0x816810ec rev= =3D0x07 hdr=3D0x00 vendor =3D 'Realtek Semiconductor Co=2E, Ltd=2E' device =3D 'RTL8111/8168/8411 PCI Express Gigabit Ethernet Controll= er' class =3D network subclass =3D ethernet Thanks again! --Chris From owner-freebsd-net@freebsd.org Tue Nov 26 05:07:56 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 90F1B1A8A61 for ; Tue, 26 Nov 2019 05:07:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47MX3J3KwYz4NcG for ; Tue, 26 Nov 2019 05:07:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 725A31A8A60; Tue, 26 Nov 2019 05:07:56 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 722021A8A5F for ; Tue, 26 Nov 2019 05:07:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47MX3J2TvJz4NcF for ; Tue, 26 Nov 2019 05:07:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 38C4F20161 for ; Tue, 26 Nov 2019 05:07:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xAQ57uAW092953 for ; Tue, 26 Nov 2019 05:07:56 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xAQ57ui8092952 for net@FreeBSD.org; Tue, 26 Nov 2019 05:07:56 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 166724] [re] if_re watchdog timeout Date: Tue, 26 Nov 2019 05:07:54 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: needs-patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: portmaster@bsdforge.com X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: yongari@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Nov 2019 05:07:56 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D166724 Chris Hutchinson changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |portmaster@bsdforge.com --- Comment #39 from Chris Hutchinson --- I'd also like to add a "me too" here. I've been evaluating how well FreeBSD works with dual port NICs with the intent of using multiport 10G (Mellanox?) cards if it performs well. Years of experience with re(4)'s has shown that they are stable performers, and inexpensive. Which is why I chose it for the trial. It worked well for some 4-6 mos. But we're now plagued with watchdog timeout errors, with the *only* working solution being; to bounce the box(es). I'm *guessing* greater pressure on the wire(s) to be the reason for it happening now, and not earlier. Any insight (with a cure) would be *greatly* appreciated. Details follow: 11.1-STABLE r327867 amd64 watchdog timeout watchdog timeout watchdog timeout watchdog timeout watchdog timeout watchdog timeout watchdog timeout watchdog timeout watchdog timeout watchdog timeout watchdog timeout watchdog timeout rc.conf(5) ifconfig_re0=3D"inet AA.BBB.CC.XX netmask 255.255.255.0 rxcsum txcsum tso4" ifconfig_re1=3D"inet AA.BBB.CC.WW netmask 255.255.255.0 rxcsum txcsum tso4" ifconfig_re1_alias0=3D"inet AA.BBB.CC.ZZ netmask 255.255.255.0" ifconfig(8) re0: flags=3D8843 metric 0 mtu 1500 =20=20=20=20=20=20=20 options=3D8219b ether 00:13:3b:0f:13:44 hwaddr 00:13:3b:0f:13:44 inet6 fe80::213:3bff:fe0f:1344%re0 prefixlen 64 scopeid 0x1=20 inet AA.BBB.CC.XX netmask 0xffffff00 broadcast 24.113.41.255=20 nd6 options=3D23 media: Ethernet autoselect (1000baseT ) status: active re1: flags=3D8843 metric 0 mtu 1500 =20=20=20=20=20=20=20 options=3D8219b ether 00:13:3b:0f:13:45 hwaddr 00:13:3b:0f:13:45 inet AA.BBB.CC.WW netmask 0xffffff00 broadcast 24.113.41.255=20 inet AA.BBB.CC.ZZ netmask 0xffffff00 broadcast 24.113.41.255=20 inet6 fe80::213:3bff:fe0f:1345%re1 prefixlen 64 scopeid 0x2=20 nd6 options=3D23 media: Ethernet autoselect (1000baseT ) status: active lo0: flags=3D8049 metric 0 mtu 16384 options=3D600003 inet6 ::1 prefixlen 128=20 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3=20 inet 127.0.0.1 netmask 0xff000000=20 nd6 options=3D21 groups: lo=20 pciconf(8) re0@pci0:5:0:0: class=3D0x020000 card=3D0x012310ec chip=3D0x816810ec rev=3D= 0x07 hdr=3D0x00 vendor =3D 'Realtek Semiconductor Co., Ltd.' device =3D 'RTL8111/8168/8411 PCI Express Gigabit Ethernet Controll= er' class =3D network subclass =3D ethernet re1@pci0:6:0:0: class=3D0x020000 card=3D0x012310ec chip=3D0x816810ec rev=3D= 0x07 hdr=3D0x00 vendor =3D 'Realtek Semiconductor Co., Ltd.' device =3D 'RTL8111/8168/8411 PCI Express Gigabit Ethernet Controll= er' class =3D network subclass =3D ethernet Thanks again! --Chris --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Nov 26 05:55:36 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5177C1AA059 for ; Tue, 26 Nov 2019 05:55:36 +0000 (UTC) (envelope-from artem@viklenko.net) Received: from alf.viklenko.net (alf.viklenko.net [IPv6:2001:470:71:d72::61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "www.viklenko.net", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47MY6H0SJRz4Qcs for ; Tue, 26 Nov 2019 05:55:34 +0000 (UTC) (envelope-from artem@viklenko.net) Received: from [IPv6:2001:470:71:d72:38db:9ac0:7b61:3ca2] ([IPv6:2001:470:71:d72:38db:9ac0:7b61:3ca2]) (authenticated bits=0) by alf.viklenko.net (8.15.2/8.15.2) with ESMTPSA id xAQ5tBgO032153 (version=TLSv1.2 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 26 Nov 2019 07:55:15 +0200 (EET) (envelope-from artem@viklenko.net) Subject: Re: How to remove watchdog? To: bsd-lists@BSDforge.com, freebsd-net@freebsd.org References: From: Artem Viklenko Message-ID: Date: Tue, 26 Nov 2019 07:55:11 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: uk-UA Content-Transfer-Encoding: 8bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (alf.viklenko.net [IPv6:2001:470:71:d72:0:0:0:61]); Tue, 26 Nov 2019 07:55:15 +0200 (EET) X-Rspamd-Queue-Id: 47MY6H0SJRz4Qcs X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.64 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[viklenko.net:s=alf-mail]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[viklenko.net:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[viklenko.net,reject]; IP_SCORE(-1.64)[ipnet: 2001:470::/32(-4.64), asn: 6939(-3.51), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Nov 2019 05:55:36 -0000 Hi! I have several small boxes with realtek nics acting as a router/firewall. Also had same issues. FreeBSD driver didn't work at least for me so I switched to Realtek's driver. But after some time traffic stops passing my routers. Did some investigation and found that the issue is 9k mbufs. As far as I understand more traffic you push more issues with 9k mbufs appears due to memory fragmentation. You can check it with 'vmstat -z | grep mbuf'. So I decided to do wery dirty hack - I've changed Jumbo_Frame_9k to Jumbo_Frame_4k in the if_re.c from Realtek's latest 1.95 driver. It comiles and work on FreeBSD 10.x and 11.x and now it just works (vendor says that driver is for older versions of the FreeBSD OS). And no more issues. ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP mbuf_packet: 256, 2362080, 2, 1263, 2054916, 0, 0 mbuf: 256, 2362080, 514, 1776,3460790080, 0, 0 mbuf_cluster: 2048, 369076, 1265, 31, 154081, 0, 0 mbuf_jumbo_page: 4096, 184537, 513, 294,1592339809, 0, 0 mbuf_jumbo_9k: 9216, 54677, 0, 0, 0, 0, 0 mbuf_jumbo_16k: 16384, 30756, 0, 0, 0, 0, 0 Now driver use mbuf_jumbo_page not mbuf_jumbo_9k and no fails. I'm ok with mtu 1500 in my environment and I don't know if mtu 9000 will work with this change. But at least it is stable now even after 100 days of uptime (just rebooted after upgraded to 11.3-RELEASE-p5). Hope this helps. 26.11.19 02:44, Chris пише: > Or at least make it non fatal. > OK here's the story; I'm experimenting with a multiport NIC (re(4)) > as we hope to start using multiport 10G NICs. > Any of the re's we've used in the past have been very stable, which > is why I picked the one I did for this experiment. This one has been > performing rock solid for some 4 to 6 mos, under full time use. That > is until the last week. Where we're seeing: > watchdog timeout > repeated frequently. Which is ultimately fatal. ifconfig up/down will > not resuscitate it. Nor will service ifconfig restart, or plugging/ > unplugging the cable(s). Bouncing the server is the only cure. Which > is unacceptable. Any, and All suggestions, or insight into the matter > GREATLY appreciated. Note; while this is an old 11.1, we're not planning > to up this box until we can confirm this can be cured. :) > > Details follow: > 11.1-STABLE r327867 amd64 > > watchdog timeout > watchdog timeout > watchdog timeout > watchdog timeout > watchdog timeout > watchdog timeout > watchdog timeout > watchdog timeout > watchdog timeout > watchdog timeout > watchdog timeout > watchdog timeout > > rc.conf(5) > ifconfig_re0="inet AA.BBB.CC.XX netmask 255.255.255.0 rxcsum txcsum tso4" > ifconfig_re1="inet AA.BBB.CC.WW netmask 255.255.255.0 rxcsum txcsum tso4" > ifconfig_re1_alias0="inet AA.BBB.CC.ZZ netmask 255.255.255.0" > > ifconfig(8) > re0: flags=8843 metric 0 mtu 1500 >     options=8219b >     ether 00:13:3b:0f:13:44 >     hwaddr 00:13:3b:0f:13:44 >     inet6 fe80::213:3bff:fe0f:1344%re0 prefixlen 64 scopeid 0x1 >     inet AA.BBB.CC.XX netmask 0xffffff00 broadcast 24.113.41.255 >     nd6 options=23 >     media: Ethernet autoselect (1000baseT ) >     status: active > re1: flags=8843 metric 0 mtu 1500 >     options=8219b >     ether 00:13:3b:0f:13:45 >     hwaddr 00:13:3b:0f:13:45 >     inet AA.BBB.CC.WW netmask 0xffffff00 broadcast 24.113.41.255 >     inet AA.BBB.CC.ZZ netmask 0xffffff00 broadcast 24.113.41.255 >     inet6 fe80::213:3bff:fe0f:1345%re1 prefixlen 64 scopeid 0x2     nd6 > options=23 >     media: Ethernet autoselect (1000baseT ) >     status: active > lo0: flags=8049 metric 0 mtu 16384 >     options=600003 >     inet6 ::1 prefixlen 128     inet6 fe80::1%lo0 prefixlen 64 scopeid > 0x3     inet 127.0.0.1 netmask 0xff000000     nd6 > options=21 >     groups: lo > pciconf(8) > re0@pci0:5:0:0:    class=0x020000 card=0x012310ec chip=0x816810ec > rev=0x07 hdr=0x00 >    vendor     = 'Realtek Semiconductor Co., Ltd.' >    device     = 'RTL8111/8168/8411 PCI Express Gigabit Ethernet > Controller' >    class      = network >    subclass   = ethernet > re1@pci0:6:0:0:    class=0x020000 card=0x012310ec chip=0x816810ec > rev=0x07 hdr=0x00 >    vendor     = 'Realtek Semiconductor Co., Ltd.' >    device     = 'RTL8111/8168/8411 PCI Express Gigabit Ethernet > Controller' >    class      = network >    subclass   = ethernet > > Thanks again! > > --Chris > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- Regards! From owner-freebsd-net@freebsd.org Tue Nov 26 06:07:12 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 89ED31AA512 for ; Tue, 26 Nov 2019 06:07:12 +0000 (UTC) (envelope-from artem@viklenko.net) Received: from alf.viklenko.net (alf.viklenko.net [IPv6:2001:470:71:d72::61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "www.viklenko.net", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47MYMg3bHcz4R3b for ; Tue, 26 Nov 2019 06:07:11 +0000 (UTC) (envelope-from artem@viklenko.net) Received: from [IPv6:2001:470:71:d72:38db:9ac0:7b61:3ca2] ([IPv6:2001:470:71:d72:38db:9ac0:7b61:3ca2]) (authenticated bits=0) by alf.viklenko.net (8.15.2/8.15.2) with ESMTPSA id xAQ66b0c033392 (version=TLSv1.2 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 26 Nov 2019 08:06:41 +0200 (EET) (envelope-from artem@viklenko.net) Subject: Re: How to remove watchdog? To: bsd-lists@BSDforge.com, freebsd-net@freebsd.org References: From: Artem Viklenko Message-ID: <8daf2859-ee6a-9aa9-7420-1e1c259ad02c@viklenko.net> Date: Tue, 26 Nov 2019 08:06:37 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: uk-UA Content-Transfer-Encoding: 8bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (alf.viklenko.net [IPv6:2001:470:71:d72:0:0:0:61]); Tue, 26 Nov 2019 08:06:41 +0200 (EET) X-Rspamd-Queue-Id: 47MYMg3bHcz4R3b X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.64 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[viklenko.net:s=alf-mail]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[viklenko.net:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[viklenko.net,reject]; IP_SCORE(-1.64)[ipnet: 2001:470::/32(-4.64), asn: 6939(-3.51), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Nov 2019 06:07:12 -0000 Sorry, small update. Just re-cheked. It was not final change... wrong place. I've set it even smaller than 4096. Now it 3072. Sorry. 26.11.19 07:55, Artem Viklenko via freebsd-net пише: > Hi! > > I have several small boxes with realtek nics acting as a router/firewall. > Also had same issues. FreeBSD driver didn't work at least for me so I > switched to Realtek's driver. But after some time traffic stops passing > my routers. Did some investigation and found that the issue is 9k mbufs. > As far as I understand more traffic you push more issues with 9k mbufs > appears due to memory fragmentation. > You can check it with 'vmstat -z | grep mbuf'. > > So I decided to do wery dirty hack - I've changed Jumbo_Frame_9k > to Jumbo_Frame_4k in the if_re.c from Realtek's latest 1.95 driver. > It comiles and work on FreeBSD 10.x and 11.x and now it just works > (vendor says that driver is for older versions of the FreeBSD OS). > And no more issues. > > ITEM                   SIZE  LIMIT     USED     FREE      REQ FAIL SLEEP > > mbuf_packet:            256, 2362080,       2,    1263, 2054916,   0,   0 > mbuf:                   256, 2362080,     514,    1776,3460790080,   0,   0 > mbuf_cluster:          2048, 369076,    1265,      31,  154081,   0,   0 > mbuf_jumbo_page:       4096, 184537,     513,     294,1592339809,   0,   0 > mbuf_jumbo_9k:         9216,  54677,       0,       0,       0,   0,   0 > mbuf_jumbo_16k:       16384,  30756,       0,       0,       0,   0,   0 > > Now driver use mbuf_jumbo_page not mbuf_jumbo_9k and no fails. > > I'm ok with mtu 1500 in my environment and I don't know if mtu 9000 will > work with this change. But at least it is stable now even after 100 days > of uptime (just rebooted after upgraded to 11.3-RELEASE-p5). > > Hope this helps. > > > 26.11.19 02:44, Chris пише: >> Or at least make it non fatal. >> OK here's the story; I'm experimenting with a multiport NIC (re(4)) >> as we hope to start using multiport 10G NICs. >> Any of the re's we've used in the past have been very stable, which >> is why I picked the one I did for this experiment. This one has been >> performing rock solid for some 4 to 6 mos, under full time use. That >> is until the last week. Where we're seeing: >> watchdog timeout >> repeated frequently. Which is ultimately fatal. ifconfig up/down will >> not resuscitate it. Nor will service ifconfig restart, or plugging/ >> unplugging the cable(s). Bouncing the server is the only cure. Which >> is unacceptable. Any, and All suggestions, or insight into the matter >> GREATLY appreciated. Note; while this is an old 11.1, we're not planning >> to up this box until we can confirm this can be cured. :) >> >> Details follow: >> 11.1-STABLE r327867 amd64 >> >> watchdog timeout >> watchdog timeout >> watchdog timeout >> watchdog timeout >> watchdog timeout >> watchdog timeout >> watchdog timeout >> watchdog timeout >> watchdog timeout >> watchdog timeout >> watchdog timeout >> watchdog timeout >> >> rc.conf(5) >> ifconfig_re0="inet AA.BBB.CC.XX netmask 255.255.255.0 rxcsum txcsum tso4" >> ifconfig_re1="inet AA.BBB.CC.WW netmask 255.255.255.0 rxcsum txcsum tso4" >> ifconfig_re1_alias0="inet AA.BBB.CC.ZZ netmask 255.255.255.0" >> >> ifconfig(8) >> re0: flags=8843 metric 0 mtu 1500 >>      options=8219b >> >>      ether 00:13:3b:0f:13:44 >>      hwaddr 00:13:3b:0f:13:44 >>      inet6 fe80::213:3bff:fe0f:1344%re0 prefixlen 64 scopeid 0x1 >>      inet AA.BBB.CC.XX netmask 0xffffff00 broadcast 24.113.41.255 >>      nd6 options=23 >>      media: Ethernet autoselect (1000baseT ) >>      status: active >> re1: flags=8843 metric 0 mtu 1500 >>      options=8219b >> >>      ether 00:13:3b:0f:13:45 >>      hwaddr 00:13:3b:0f:13:45 >>      inet AA.BBB.CC.WW netmask 0xffffff00 broadcast 24.113.41.255 >>      inet AA.BBB.CC.ZZ netmask 0xffffff00 broadcast 24.113.41.255 >>      inet6 fe80::213:3bff:fe0f:1345%re1 prefixlen 64 scopeid 0x2 >>     nd6 options=23 >>      media: Ethernet autoselect (1000baseT ) >>      status: active >> lo0: flags=8049 metric 0 mtu 16384 >>      options=600003 >>      inet6 ::1 prefixlen 128     inet6 fe80::1%lo0 prefixlen 64 >> scopeid 0x3     inet 127.0.0.1 netmask 0xff000000     nd6 >> options=21 >>      groups: lo >> pciconf(8) >> re0@pci0:5:0:0:    class=0x020000 card=0x012310ec chip=0x816810ec >> rev=0x07 hdr=0x00 >>     vendor     = 'Realtek Semiconductor Co., Ltd.' >>     device     = 'RTL8111/8168/8411 PCI Express Gigabit Ethernet >> Controller' >>     class      = network >>     subclass   = ethernet >> re1@pci0:6:0:0:    class=0x020000 card=0x012310ec chip=0x816810ec >> rev=0x07 hdr=0x00 >>     vendor     = 'Realtek Semiconductor Co., Ltd.' >>     device     = 'RTL8111/8168/8411 PCI Express Gigabit Ethernet >> Controller' >>     class      = network >>     subclass   = ethernet >> >> Thanks again! >> >> --Chris >> >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- Regards! From owner-freebsd-net@freebsd.org Tue Nov 26 06:34:29 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D8C8E1AAFA2 for ; Tue, 26 Nov 2019 06:34:29 +0000 (UTC) (envelope-from bsd-lists@BSDforge.com) Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com [24.113.41.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "ultimatedns.net", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47MYz82wVdz4S12 for ; Tue, 26 Nov 2019 06:34:27 +0000 (UTC) (envelope-from bsd-lists@BSDforge.com) Received: from udns.ultimatedns.net (localhost [IPv6:0:0:0:0:0:0:0:1]) by udns.ultimatedns.net (8.15.2/8.15.2) with ESMTPS id xAQ6ZCkI050963 (version=TLSv1.2 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 25 Nov 2019 22:35:19 -0800 (PST) (envelope-from bsd-lists@BSDforge.com) X-Mailer: Cypht MIME-Version: 1.0 Cc: In-Reply-To: From: Chris Reply-To: bsd-lists@BSDforge.com To: Artem Viklenko Subject: Re: How to remove watchdog? Date: Mon, 25 Nov 2019 22:35:18 -0800 Message-Id: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 47MYz82wVdz4S12 X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of bsd-lists@BSDforge.com has no SPF policy when checking 24.113.41.81) smtp.mailfrom=bsd-lists@BSDforge.com X-Spamd-Result: default: False [2.71 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[bsd-lists@BSDforge.com]; XM_UA_NO_VERSION(0.01)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; IP_SCORE(-0.16)[ip: (-1.37), ipnet: 24.113.0.0/16(-0.68), asn: 11404(1.30), country: US(-0.05)]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[BSDforge.com]; REPLYTO_ADDR_EQ_FROM(0.00)[]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.61)[0.608,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.35)[0.352,0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:11404, ipnet:24.113.0.0/16, country:US]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Nov 2019 06:34:29 -0000 On Tue, 26 Nov 2019 07:55:11 +0200 Artem Viklenko artem@viklenko=2Enet said > Hi! >=20 > I have several small boxes with realtek nics acting as a router/firewall=2E > Also had same issues=2E FreeBSD driver didn't work at least for me so I=20 > switched to Realtek's driver=2E But after some time traffic stops passing= =20 > my routers=2E Did some investigation and found that the issue is 9k mbufs=2E > As far as I understand more traffic you push more issues with 9k mbufs > appears due to memory fragmentation=2E > You can check it with 'vmstat -z | grep mbuf'=2E Hah! I wondered about that=2E It *appeared* to be due to increaded load on the NIC -- hence our interest in upping to 10G NICs=2E >=20 > So I decided to do wery dirty hack - I've changed Jumbo_Frame_9k > to Jumbo_Frame_4k in the if_re=2Ec from Realtek's latest 1=2E95 driver=2E > It comiles and work on FreeBSD 10=2Ex and 11=2Ex and now it just works > (vendor says that driver is for older versions of the FreeBSD OS)=2E > And no more issues=2E >=20 > ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP >=20 > mbuf_packet: 256, 2362080, 2, 1263, 2054916, 0, 0 > mbuf: 256, 2362080, 514, 1776,3460790080, 0, = 0 > mbuf_cluster: 2048, 369076, 1265, 31, 154081, 0, 0 > mbuf_jumbo_page: 4096, 184537, 513, 294,1592339809, 0, = 0 > mbuf_jumbo_9k: 9216, 54677, 0, 0, 0, 0, 0 > mbuf_jumbo_16k: 16384, 30756, 0, 0, 0, 0, 0 >=20 > Now driver use mbuf_jumbo_page not mbuf_jumbo_9k and no fails=2E >=20 > I'm ok with mtu 1500 in my environment and I don't know if mtu 9000 will > work with this change=2E But at least it is stable now even after 100 days > of uptime (just rebooted after upgraded to 11=2E3-RELEASE-p5)=2E Thank you *very* much, Artem=2E I'll have a closer look=2E I'm thinking of taking your concept, and upping it to 7k=2E I'll post back, if anything good comes of it=2E :) >=20 > Hope this helps=2E It does=2E :) --Chris >=20 >=20 > 26=2E11=2E19 02:44, Chris =D0=BF=D0=B8=D1=88=D0=B5: > > Or at least make it non fatal=2E > > OK here's the story; I'm experimenting with a multiport NIC (re(4)) > > as we hope to start using multiport 10G NICs=2E > > Any of the re's we've used in the past have been very stable, which > > is why I picked the one I did for this experiment=2E This one has been > > performing rock solid for some 4 to 6 mos, under full time use=2E That > > is until the last week=2E Where we're seeing: > > watchdog timeout > > repeated frequently=2E Which is ultimately fatal=2E ifconfig up/down will > > not resuscitate it=2E Nor will service ifconfig restart, or plugging/ > > unplugging the cable(s)=2E Bouncing the server is the only cure=2E Which > > is unacceptable=2E Any, and All suggestions, or insight into the matter > > GREATLY appreciated=2E Note; while this is an old 11=2E1, we're not plannin= g > > to up this box until we can confirm this can be cured=2E :) > >=20 > > Details follow: > > 11=2E1-STABLE r327867 amd64 > >=20 > > watchdog timeout > > watchdog timeout > > watchdog timeout > > watchdog timeout > > watchdog timeout > > watchdog timeout > > watchdog timeout > > watchdog timeout > > watchdog timeout > > watchdog timeout > > watchdog timeout > > watchdog timeout > >=20 > > rc=2Econf(5) > > ifconfig_re0=3D"inet AA=2EBBB=2ECC=2EXX netmask 255=2E255=2E255=2E0 rxcsum txcsum t= so4" > > ifconfig_re1=3D"inet AA=2EBBB=2ECC=2EWW netmask 255=2E255=2E255=2E0 rxcsum txcsum t= so4" > > ifconfig_re1_alias0=3D"inet AA=2EBBB=2ECC=2EZZ netmask 255=2E255=2E255=2E0" > >=20 > > ifconfig(8) > > re0: flags=3D8843 metric 0 mtu = 1500 > >=20 > > =C2=A0=C2=A0=C2=A0=C2=A0options=3D8219b > > =C2=A0=C2=A0=C2=A0=C2=A0ether 00:13:3b:0f:13:44 > > =C2=A0=C2=A0=C2=A0=C2=A0hwaddr 00:13:3b:0f:13:44 > > =C2=A0=C2=A0=C2=A0=C2=A0inet6 fe80::213:3bff:fe0f:1344%re0 prefixlen 6= 4 scopeid 0x1=20 > > =C2=A0=C2=A0=C2=A0=C2=A0inet AA=2EBBB=2ECC=2EXX netmask 0xffffff00 broadcast= 24=2E113=2E41=2E255=20 > > =C2=A0=C2=A0=C2=A0=C2=A0nd6 options=3D23 > > =C2=A0=C2=A0=C2=A0=C2=A0media: Ethernet autoselect (1000baseT ) > > =C2=A0=C2=A0=C2=A0=C2=A0status: active > > re1: flags=3D8843 metric 0 mtu = 1500 > >=20 > > =C2=A0=C2=A0=C2=A0=C2=A0options=3D8219b > > =C2=A0=C2=A0=C2=A0=C2=A0ether 00:13:3b:0f:13:45 > > =C2=A0=C2=A0=C2=A0=C2=A0hwaddr 00:13:3b:0f:13:45 > > =C2=A0=C2=A0=C2=A0=C2=A0inet AA=2EBBB=2ECC=2EWW netmask 0xffffff00 broadcast= 24=2E113=2E41=2E255=20 > > =C2=A0=C2=A0=C2=A0=C2=A0inet AA=2EBBB=2ECC=2EZZ netmask 0xffffff00 broadcast= 24=2E113=2E41=2E255=20 > > =C2=A0=C2=A0=C2=A0=C2=A0inet6 fe80::213:3bff:fe0f:1345%re1 prefixlen 6= 4 scopeid 0x2 > > =C2=A0=C2=A0=C2=A0=C2=A0nd6=20 > > options=3D23 > > =C2=A0=C2=A0=C2=A0=C2=A0media: Ethernet autoselect (1000baseT ) > > =C2=A0=C2=A0=C2=A0=C2=A0status: active > > lo0: flags=3D8049 metric 0 mtu 16384 > > =C2=A0=C2=A0=C2=A0=C2=A0options=3D600003 > > =C2=A0=C2=A0=C2=A0=C2=A0inet6 ::1 prefixlen 128 =C2=A0=C2=A0=C2=A0= =C2=A0inet6 fe80::1%lo0 prefixlen 64 > > scopeid=20 > > 0x3 =C2=A0=C2=A0=C2=A0=C2=A0inet 127=2E0=2E0=2E1 netmask 0xff000000 =C2=A0= =C2=A0=C2=A0=C2=A0nd6=20 > > options=3D21 > > =C2=A0=C2=A0=C2=A0=C2=A0groups: lo > > pciconf(8) > > re0@pci0:5:0:0:=C2=A0=C2=A0=C2=A0 class=3D0x020000 card=3D0x012310ec ch= ip=3D0x816810ec=20 > > rev=3D0x07 hdr=3D0x00 > > =C2=A0=C2=A0 vendor=C2=A0=C2=A0=C2=A0=C2=A0 =3D 'Realtek Semiconductor= Co=2E, Ltd=2E' > > =C2=A0=C2=A0 device=C2=A0=C2=A0=C2=A0=C2=A0 =3D 'RTL8111/8168/8411 PCI= Express Gigabit Ethernet=20 > > Controller' > > =C2=A0=C2=A0 class=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =3D network > > =C2=A0=C2=A0 subclass=C2=A0=C2=A0 =3D ethernet > > re1@pci0:6:0:0:=C2=A0=C2=A0=C2=A0 class=3D0x020000 card=3D0x012310ec ch= ip=3D0x816810ec=20 > > rev=3D0x07 hdr=3D0x00 > > =C2=A0=C2=A0 vendor=C2=A0=C2=A0=C2=A0=C2=A0 =3D 'Realtek Semiconductor= Co=2E, Ltd=2E' > > =C2=A0=C2=A0 device=C2=A0=C2=A0=C2=A0=C2=A0 =3D 'RTL8111/8168/8411 PCI= Express Gigabit Ethernet=20 > > Controller' > > =C2=A0=C2=A0 class=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =3D network > > =C2=A0=C2=A0 subclass=C2=A0=C2=A0 =3D ethernet > >=20 > > Thanks again! > >=20 > > --Chris > >=20 > >=20 > > _______________________________________________ > > freebsd-net@freebsd=2Eorg mailing list > > https://lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd=2Eorg" >=20 > --=20 > Regards! From owner-freebsd-net@freebsd.org Tue Nov 26 06:36:47 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7F5EC1AB114 for ; Tue, 26 Nov 2019 06:36:47 +0000 (UTC) (envelope-from bsd-lists@BSDforge.com) Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com [24.113.41.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "ultimatedns.net", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47MZ1p5PVkz4S70 for ; Tue, 26 Nov 2019 06:36:46 +0000 (UTC) (envelope-from bsd-lists@BSDforge.com) Received: from udns.ultimatedns.net (localhost [IPv6:0:0:0:0:0:0:0:1]) by udns.ultimatedns.net (8.15.2/8.15.2) with ESMTPS id xAQ6bX5h051005 (version=TLSv1.2 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 25 Nov 2019 22:37:39 -0800 (PST) (envelope-from bsd-lists@BSDforge.com) X-Mailer: Cypht MIME-Version: 1.0 Cc: In-Reply-To: <8daf2859-ee6a-9aa9-7420-1e1c259ad02c@viklenko.net> From: Chris Reply-To: bsd-lists@BSDforge.com To: Artem Viklenko Subject: Re: How to remove watchdog? Date: Mon, 25 Nov 2019 22:37:39 -0800 Message-Id: <08ef44b1f9698307f0384c7bf18d91af@udns.ultimatedns.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 47MZ1p5PVkz4S70 X-Spamd-Bar: +++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of bsd-lists@BSDforge.com has no SPF policy when checking 24.113.41.81) smtp.mailfrom=bsd-lists@BSDforge.com X-Spamd-Result: default: False [3.05 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[bsd-lists@BSDforge.com]; XM_UA_NO_VERSION(0.01)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; IP_SCORE(-0.14)[ip: (-1.27), ipnet: 24.113.0.0/16(-0.63), asn: 11404(1.24), country: US(-0.05)]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[BSDforge.com]; REPLYTO_ADDR_EQ_FROM(0.00)[]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.74)[0.735,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.54)[0.545,0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:11404, ipnet:24.113.0.0/16, country:US]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Nov 2019 06:36:47 -0000 On Tue, 26 Nov 2019 08:06:37 +0200 Artem Viklenko artem@viklenko=2Enet said > Sorry, small update=2E >=20 > Just re-cheked=2E It was not final change=2E=2E=2E wrong place=2E I've set it even= =20 > smaller than 4096=2E Now it 3072=2E Bummer=2E :( >=20 > Sorry=2E No problem=2E Thanks for trying! :) --Chris >=20 > 26=2E11=2E19 07:55, Artem Viklenko via freebsd-net =D0=BF=D0=B8=D1=88=D0= =B5: > > Hi! > >=20 > > I have several small boxes with realtek nics acting as a router/firewal= l=2E > > Also had same issues=2E FreeBSD driver didn't work at least for me so I= =20 > > switched to Realtek's driver=2E But after some time traffic stops passing= =20 > > my routers=2E Did some investigation and found that the issue is 9k mbufs= =2E > > As far as I understand more traffic you push more issues with 9k mbufs > > appears due to memory fragmentation=2E > > You can check it with 'vmstat -z | grep mbuf'=2E > >=20 > > So I decided to do wery dirty hack - I've changed Jumbo_Frame_9k > > to Jumbo_Frame_4k in the if_re=2Ec from Realtek's latest 1=2E95 driver=2E > > It comiles and work on FreeBSD 10=2Ex and 11=2Ex and now it just works > > (vendor says that driver is for older versions of the FreeBSD OS)=2E > > And no more issues=2E > >=20 > > ITEM=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 SIZE=C2=A0 LIMIT=C2=A0=C2= =A0=C2=A0=C2=A0 USED=C2=A0=C2=A0=C2=A0=C2=A0 > > FREE=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 REQ FAIL SLEEP > >=20 > > mbuf_packet:=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0 256, 2362080,=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 2,=C2=A0= =C2=A0=C2=A0 1263, > > 2054916,=C2=A0=C2=A0 0,=C2=A0=C2=A0 0 > > mbuf:=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 256, 2362080,=C2=A0=C2=A0= =C2=A0=C2=A0 514,=C2=A0=C2=A0=C2=A0 > > 1776,3460790080,=C2=A0=C2=A0 0,=C2=A0=C2=A0 0 > > mbuf_cluster:=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 204= 8, 369076,=C2=A0=C2=A0=C2=A0 1265,=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 31,=C2= =A0 > > 154081,=C2=A0=C2=A0 0,=C2=A0=C2=A0 0 > > mbuf_jumbo_page:=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 4096, 184537,= =C2=A0=C2=A0=C2=A0=C2=A0 513,=C2=A0=C2=A0=C2=A0=C2=A0 > > 294,1592339809,=C2=A0=C2=A0 0,=C2=A0=C2=A0 0 > > mbuf_jumbo_9k:=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 9216,= =C2=A0 54677,=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 0,=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 > > 0,=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 0,=C2=A0=C2=A0 0,=C2=A0=C2=A0 0 > > mbuf_jumbo_16k:=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 16384,=C2=A0 30756,= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 0,=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 > > 0,=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 0,=C2=A0=C2=A0 0,=C2=A0=C2=A0 0 > >=20 > > Now driver use mbuf_jumbo_page not mbuf_jumbo_9k and no fails=2E > >=20 > > I'm ok with mtu 1500 in my environment and I don't know if mtu 9000 wil= l > > work with this change=2E But at least it is stable now even after 100 day= s > > of uptime (just rebooted after upgraded to 11=2E3-RELEASE-p5)=2E > >=20 > > Hope this helps=2E > >=20 > >=20 > > 26=2E11=2E19 02:44, Chris =D0=BF=D0=B8=D1=88=D0=B5: > >> Or at least make it non fatal=2E > >> OK here's the story; I'm experimenting with a multiport NIC (re(4)) > >> as we hope to start using multiport 10G NICs=2E > >> Any of the re's we've used in the past have been very stable, which > >> is why I picked the one I did for this experiment=2E This one has been > >> performing rock solid for some 4 to 6 mos, under full time use=2E That > >> is until the last week=2E Where we're seeing: > >> watchdog timeout > >> repeated frequently=2E Which is ultimately fatal=2E ifconfig up/down will > >> not resuscitate it=2E Nor will service ifconfig restart, or plugging/ > >> unplugging the cable(s)=2E Bouncing the server is the only cure=2E Which > >> is unacceptable=2E Any, and All suggestions, or insight into the matter > >> GREATLY appreciated=2E Note; while this is an old 11=2E1, we're not planni= ng > >> to up this box until we can confirm this can be cured=2E :) > >> > >> Details follow: > >> 11=2E1-STABLE r327867 amd64 > >> > >> watchdog timeout > >> watchdog timeout > >> watchdog timeout > >> watchdog timeout > >> watchdog timeout > >> watchdog timeout > >> watchdog timeout > >> watchdog timeout > >> watchdog timeout > >> watchdog timeout > >> watchdog timeout > >> watchdog timeout > >> > >> rc=2Econf(5) > >> ifconfig_re0=3D"inet AA=2EBBB=2ECC=2EXX netmask 255=2E255=2E255=2E0 rxcsum txcsum = tso4" > >> ifconfig_re1=3D"inet AA=2EBBB=2ECC=2EWW netmask 255=2E255=2E255=2E0 rxcsum txcsum = tso4" > >> ifconfig_re1_alias0=3D"inet AA=2EBBB=2ECC=2EZZ netmask 255=2E255=2E255=2E0" > >> > >> ifconfig(8) > >> re0: flags=3D8843 metric 0 mtu= 1500 > >> > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0options=3D8219b > >=20 > >> > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0ether 00:13:3b:0f:13:44 > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0hwaddr 00:13:3b:0f:13:44 > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0inet6 fe80::213:3bff:fe0f:1344%re0 prefi= xlen 64 scopeid 0x1=20 > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0inet AA=2EBBB=2ECC=2EXX netmask 0xffffff00 bro= adcast 24=2E113=2E41=2E255=20 > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0nd6 options=3D23 > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0media: Ethernet autoselect (1000baseT ) > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0status: active > >> re1: flags=3D8843 metric 0 mtu= 1500 > >> > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0options=3D8219b > >=20 > >> > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0ether 00:13:3b:0f:13:45 > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0hwaddr 00:13:3b:0f:13:45 > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0inet AA=2EBBB=2ECC=2EWW netmask 0xffffff00 bro= adcast 24=2E113=2E41=2E255=20 > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0inet AA=2EBBB=2ECC=2EZZ netmask 0xffffff00 bro= adcast 24=2E113=2E41=2E255=20 > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0inet6 fe80::213:3bff:fe0f:1345%re1 prefi= xlen 64 scopeid 0x2=20 > >> =C2=A0=C2=A0=C2=A0=C2=A0nd6 options=3D23 > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0media: Ethernet autoselect (1000baseT ) > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0status: active > >> lo0: flags=3D8049 metric 0 mtu 16384 > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0options=3D600003 > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0inet6 ::1 prefixlen 128 =C2=A0=C2=A0= =C2=A0=C2=A0inet6 fe80::1%lo0 prefixlen 64=20 > >> scopeid 0x3 =C2=A0=C2=A0=C2=A0=C2=A0inet 127=2E0=2E0=2E1 netmask 0xff000000 = =C2=A0=C2=A0=C2=A0=C2=A0nd6=20 > >> options=3D21 > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0groups: lo > >> pciconf(8) > >> re0@pci0:5:0:0:=C2=A0=C2=A0=C2=A0 class=3D0x020000 card=3D0x012310ec c= hip=3D0x816810ec=20 > >> rev=3D0x07 hdr=3D0x00 > >> =C2=A0=C2=A0=C2=A0 vendor=C2=A0=C2=A0=C2=A0=C2=A0 =3D 'Realtek Semicon= ductor Co=2E, Ltd=2E' > >> =C2=A0=C2=A0=C2=A0 device=C2=A0=C2=A0=C2=A0=C2=A0 =3D 'RTL8111/8168/84= 11 PCI Express Gigabit Ethernet=20 > >> Controller' > >> =C2=A0=C2=A0=C2=A0 class=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =3D network > >> =C2=A0=C2=A0=C2=A0 subclass=C2=A0=C2=A0 =3D ethernet > >> re1@pci0:6:0:0:=C2=A0=C2=A0=C2=A0 class=3D0x020000 card=3D0x012310ec c= hip=3D0x816810ec=20 > >> rev=3D0x07 hdr=3D0x00 > >> =C2=A0=C2=A0=C2=A0 vendor=C2=A0=C2=A0=C2=A0=C2=A0 =3D 'Realtek Semicon= ductor Co=2E, Ltd=2E' > >> =C2=A0=C2=A0=C2=A0 device=C2=A0=C2=A0=C2=A0=C2=A0 =3D 'RTL8111/8168/84= 11 PCI Express Gigabit Ethernet=20 > >> Controller' > >> =C2=A0=C2=A0=C2=A0 class=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =3D network > >> =C2=A0=C2=A0=C2=A0 subclass=C2=A0=C2=A0 =3D ethernet > >> > >> Thanks again! > >> > >> --Chris > >> > >> > >> _______________________________________________ > >> freebsd-net@freebsd=2Eorg mailing list > >> https://lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-net > >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd=2Eorg" > >=20 >=20 > --=20 > Regards! > _______________________________________________ > freebsd-net@freebsd=2Eorg mailing list > https://lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd=2Eorg" From owner-freebsd-net@freebsd.org Tue Nov 26 11:33:45 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A883A1B2CA4 for ; Tue, 26 Nov 2019 11:33:45 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47MhcS2XpPz3Dmn for ; Tue, 26 Nov 2019 11:33:43 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1]) by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id xAQBXfdu002682; Tue, 26 Nov 2019 03:33:41 -0800 (PST) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: (from freebsd-rwg@localhost) by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id xAQBXehk002681; Tue, 26 Nov 2019 03:33:40 -0800 (PST) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <201911261133.xAQBXehk002681@gndrsh.dnsmgr.net> Subject: Re: SRv6 in FreeBSD In-Reply-To: <667fca00-fc93-c017-175e-722d7592b5c2@ssbglimited.co.uk> To: Unix Codenetworks Date: Tue, 26 Nov 2019 03:33:40 -0800 (PST) CC: madhava gaikwad , "freebsd-net@freebsd.org" X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Rspamd-Queue-Id: 47MhcS2XpPz3Dmn X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd-rwg@gndrsh.dnsmgr.net has no SPF policy when checking 69.59.192.140) smtp.mailfrom=freebsd-rwg@gndrsh.dnsmgr.net X-Spamd-Result: default: False [1.85 / 15.00]; ARC_NA(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; IP_SCORE(0.04)[ip: (0.14), ipnet: 69.59.192.0/19(0.07), asn: 13868(0.03), country: US(-0.05)]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[dnsmgr.net]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.47)[0.474,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(0.44)[0.442,0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:13868, ipnet:69.59.192.0/19, country:US]; FREEMAIL_CC(0.00)[yahoo.com]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Nov 2019 11:33:45 -0000 > Hi Alex, > > While I'm not a BSD developer, i really doubt it, considering that the > building blocks for SR are not there ( mpls support or just label > push/pop/swap). He specifically stated SRv6 which is not MPLS based. The building blocsk if one was to need this in a BSD are in OpenBSD which has an MPLS implementation. > > On the other hand, on SRv6 as you mentioned you rely on IPv6 headers and > there is a lot of conservatory about it.... ( unless you are a Cisco fan!) :-) The SRH is 5 years and 26 revisions into the process and has been "Submitted to IESG for Publication" per: https://datatracker.ietf.org/doc/draft-ietf-6man-segment-routing-header/ so it should be possible for someone to do an implementation in FreeBSD > > I'm interesting on the use case, if you don't mind... is it just service > chaining you application ? Usually servers are just part of an overlay ( > call it VXLAN,? MPLS? or something over something else...) I would be interested to here the use cases as well. > > Best regards. > > Santiago > > > On 2019-11-25 03:43, madhava gaikwad via freebsd-net wrote: > > Hello Experts, > > I want to know if there is any effort/planning going on to implement Segment Routing (RFC 8402?https://tools.ietf.org/html/rfc8402). I see Linux supporting it. Wondering if there is something planned on FreeBSD too.My app runs on FreeBSD and I have a use case to share information from one application gateway to another about connection identity. I thought SRv6 header can help me here. > > Thank you.Alex. > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > -- Rod Grimes rgrimes@freebsd.org From owner-freebsd-net@freebsd.org Tue Nov 26 18:41:17 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 07C5D1BE7A4 for ; Tue, 26 Nov 2019 18:41:17 +0000 (UTC) (envelope-from SRS0=RgF7Th=ZS=ssbglimited.co.uk=unix@eigbox.net) Received: from bosmailout06.eigbox.net (bosmailout06.eigbox.net [66.96.190.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47Mt5l5mbZz481l for ; Tue, 26 Nov 2019 18:41:15 +0000 (UTC) (envelope-from SRS0=RgF7Th=ZS=ssbglimited.co.uk=unix@eigbox.net) Received: from bosmailscan04.eigbox.net ([10.20.15.4]) by bosmailout06.eigbox.net with esmtp (Exim) id 1iZfls-0001kE-Lt for freebsd-net@freebsd.org; Tue, 26 Nov 2019 13:41:08 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ssbglimited.co.uk; s=dkim; h=Sender:Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject:Reply-To: Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=jPMZcgGLk8n4bI7HrNbbcoD849/EP5yazjS9102XXxs=; b=NBqxnIVMlGgicoRa7UvUCd1KFs 33HIefBQgXxpbKMBGj1Xp5XWl1XFX7BOyXy/fEi+f1WgLP7WO29rsTqRMpSlpKtCU0Mfgy75CNPwy X6hdkRGfSY2pzIkEQwW0XfeNcvkRgXvsT5hg/Or1XJLOt83a0OZI2lSr5dOoItN4WXhsrdFr1utef 0ibILQ7W0cHNm5855XgA6xkhAFV5oca0bDGGNzJIH+Er+mYptOWdvGOOhwd+MKIbD7vqNCYBt//JX J/UC+RFTfh8PGKYfrTAzN1dn6kqvMolf1ALnttxHKm6eft574DX08TD5Tkwevtcjz7OBLhUSK6AYm jDefz62w==; Received: from [10.115.3.31] (helo=bosimpout11) by bosmailscan04.eigbox.net with esmtp (Exim) id 1iZfls-000141-IY for freebsd-net@freebsd.org; Tue, 26 Nov 2019 13:41:08 -0500 Received: from bosauthsmtp18.yourhostingaccount.com ([10.20.18.18]) by bosimpout11 with id Wih42102u0PPbB601ih7tb; Tue, 26 Nov 2019 13:41:08 -0500 X-Authority-Analysis: v=2.2 cv=RKvDJ8q+ c=1 sm=1 tr=0 a=hsonH7E3nOZjOFuRJksPKA==:117 a=JpjoeYlqMQu1FOXtmSia+Q==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=IkcTkHD0fZMA:10 a=MeAgGD-zjQ4A:10 a=nkE5dCGgubMA:10 a=48vgC7mUAAAA:8 a=6I5d2MoRAAAA:8 a=NC17Gbr2LkiayBkNNAcA:9 a=QEXdDO2ut3YA:10 a=w1C3t2QeGrPiZgrLijVG:22 a=IjZwj45LgO3ly-622nXo:22 Received: from cpc96382-rdng26-2-0-cust607.15-3.cable.virginm.net ([86.30.86.96]:13979 helo=[192.168.0.100]) by bosauthsmtp18.eigbox.net with esmtpa (Exim) id 1iZflo-0002qs-Qr for freebsd-net@freebsd.org; Tue, 26 Nov 2019 13:41:04 -0500 Subject: Re: SRv6 in FreeBSD To: freebsd-net@freebsd.org References: <201911261133.xAQBXehk002681@gndrsh.dnsmgr.net> From: Unix Codenetworks Message-ID: <3c7ffebc-3ca9-eceb-36e7-2c7a0975d746@ssbglimited.co.uk> Date: Tue, 26 Nov 2019 18:41:00 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.3.0 MIME-Version: 1.0 In-Reply-To: <201911261133.xAQBXehk002681@gndrsh.dnsmgr.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-EN-UserInfo: d94ecc27d8c618b705af6c7847bf2b9d:931c98230c6409dcc37fa7e93b490c27 X-EN-AuthUser: unix@ssbglimited.co.uk Sender: Unix Codenetworks X-EN-OrigIP: 86.30.86.96 X-EN-OrigHost: cpc96382-rdng26-2-0-cust607.15-3.cable.virginm.net X-Rspamd-Queue-Id: 47Mt5l5mbZz481l X-Spamd-Bar: +++ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ssbglimited.co.uk header.s=dkim header.b=NBqxnIVM; dmarc=none; spf=pass (mx1.freebsd.org: domain of SRS0=RgF7Th=ZS=ssbglimited.co.uk=unix@eigbox.net designates 66.96.190.6 as permitted sender) smtp.mailfrom=SRS0=RgF7Th=ZS=ssbglimited.co.uk=unix@eigbox.net X-Spamd-Result: default: False [3.73 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[ssbglimited.co.uk:s=dkim]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:66.96.128.0/18]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[ssbglimited.co.uk]; NEURAL_SPAM_MEDIUM(0.90)[0.899,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(2.10)[ip: (5.10), ipnet: 66.96.128.0/18(2.93), asn: 29873(2.51), country: US(-0.05)]; DKIM_TRACE(0.00)[ssbglimited.co.uk:+]; NEURAL_SPAM_LONG(0.94)[0.937,0]; RCVD_IN_DNSWL_NONE(0.00)[6.190.96.66.list.dnswl.org : 127.0.5.0]; FORGED_SENDER(0.30)[unix@ssbglimited.co.uk,SRS0=RgF7Th=ZS=ssbglimited.co.uk=unix@eigbox.net]; RECEIVED_SPAMHAUS_PBL(0.00)[96.86.30.86.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:29873, ipnet:66.96.128.0/18, country:US]; FROM_NEQ_ENVFROM(0.00)[unix@ssbglimited.co.uk,SRS0=RgF7Th=ZS=ssbglimited.co.uk=unix@eigbox.net]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Nov 2019 18:41:17 -0000 Hi Rodney, I haven't said that is not approved or an RFC exist (there are many and some interesting use cases) , but can you tell me of any in production deployments? The conservatory still there, if you check with your customer, how many are willing to deploy it? Open for an offline talk about it as i really like to know if you are seeing other thing.. Best regards. Santiago On 2019-11-26 11:33, Rodney W. Grimes wrote: >> Hi Alex, >> >> While I'm not a BSD developer, i really doubt it, considering that the >> building blocks for SR are not there ( mpls support or just label >> push/pop/swap). > He specifically stated SRv6 which is not MPLS based. > The building blocsk if one was to need this in a BSD are in > OpenBSD which has an MPLS implementation. > >> On the other hand, on SRv6 as you mentioned you rely on IPv6 headers and >> there is a lot of conservatory about it.... ( unless you are a Cisco fan!) > :-) The SRH is 5 years and 26 revisions into the process and has > been "Submitted to IESG for Publication" per: > https://datatracker.ietf.org/doc/draft-ietf-6man-segment-routing-header/ > so it should be possible for someone to do an implementation in FreeBSD > >> I'm interesting on the use case, if you don't mind... is it just service >> chaining you application ? Usually servers are just part of an overlay ( >> call it VXLAN,? MPLS? or something over something else...) > I would be interested to here the use cases as well. > >> Best regards. >> >> Santiago >> >> >> On 2019-11-25 03:43, madhava gaikwad via freebsd-net wrote: >>> Hello Experts, >>> I want to know if there is any effort/planning going on to implement Segment Routing (RFC 8402?https://tools.ietf.org/html/rfc8402). I see Linux supporting it. Wondering if there is something planned on FreeBSD too.My app runs on FreeBSD and I have a use case to share information from one application gateway to another about connection identity. I thought SRv6 header can help me here. >>> Thank you.Alex. >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> >> From owner-freebsd-net@freebsd.org Tue Nov 26 20:20:20 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id ABA451C022B for ; Tue, 26 Nov 2019 20:20:20 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47MwJ32bjfz4D2h for ; Tue, 26 Nov 2019 20:20:18 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1]) by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id xAQKKEjP004316; Tue, 26 Nov 2019 12:20:14 -0800 (PST) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: (from freebsd-rwg@localhost) by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id xAQKKDA0004315; Tue, 26 Nov 2019 12:20:13 -0800 (PST) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <201911262020.xAQKKDA0004315@gndrsh.dnsmgr.net> Subject: Re: SRv6 in FreeBSD In-Reply-To: <3c7ffebc-3ca9-eceb-36e7-2c7a0975d746@ssbglimited.co.uk> To: Unix Codenetworks Date: Tue, 26 Nov 2019 12:20:13 -0800 (PST) CC: freebsd-net@freebsd.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Rspamd-Queue-Id: 47MwJ32bjfz4D2h X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd-rwg@gndrsh.dnsmgr.net has no SPF policy when checking 69.59.192.140) smtp.mailfrom=freebsd-rwg@gndrsh.dnsmgr.net X-Spamd-Result: default: False [2.15 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[dnsmgr.net]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.71)[0.707,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.51)[0.506,0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:13868, ipnet:69.59.192.0/19, country:US]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.04)[ip: (0.14), ipnet: 69.59.192.0/19(0.07), asn: 13868(0.03), country: US(-0.05)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Nov 2019 20:20:20 -0000 > Hi Rodney, > > I haven't said that is not approved or an RFC exist (there are many and some interesting use cases) , but can you tell me of any in production deployments? I can not, though for the SRH to be in its current state as a "Standards Track" document there must be running code someplace... and that usually implies production deployments as well, or atleast not small scale tests. > > The conservatory still there, if you check with your customer, how many are willing to deploy it? I did not mention any customer(s) at all, I stated I was interested in any use case. > > Open for an offline talk about it as i really like to know if you are seeing other thing.. I do not know that there is much to talk about. > Best regards. > > Santiago > > > > On 2019-11-26 11:33, Rodney W. Grimes wrote: > > >> Hi Alex, > >> > >> While I'm not a BSD developer, i really doubt it, considering that the > >> building blocks for SR are not there ( mpls support or just label > >> push/pop/swap). > > He specifically stated SRv6 which is not MPLS based. > > The building blocsk if one was to need this in a BSD are in > > OpenBSD which has an MPLS implementation. > > > >> On the other hand, on SRv6 as you mentioned you rely on IPv6 headers and > >> there is a lot of conservatory about it.... ( unless you are a Cisco fan!) > > :-) The SRH is 5 years and 26 revisions into the process and has > > been "Submitted to IESG for Publication" per: > > https://datatracker.ietf.org/doc/draft-ietf-6man-segment-routing-header/ > > so it should be possible for someone to do an implementation in FreeBSD > > > >> I'm interesting on the use case, if you don't mind... is it just service > >> chaining you application ? Usually servers are just part of an overlay ( > >> call it VXLAN,? MPLS? or something over something else...) > > I would be interested to here the use cases as well. > > > >> Best regards. > >> > >> Santiago > >> > >> > >> On 2019-11-25 03:43, madhava gaikwad via freebsd-net wrote: > >>> Hello Experts, > >>> I want to know if there is any effort/planning going on to implement Segment Routing (RFC 8402?https://tools.ietf.org/html/rfc8402). I see Linux supporting it. Wondering if there is something planned on FreeBSD too.My app runs on FreeBSD and I have a use case to share information from one application gateway to another about connection identity. I thought SRv6 header can help me here. > >>> Thank you.Alex. > >>> _______________________________________________ > >>> freebsd-net@freebsd.org mailing list > >>> https://lists.freebsd.org/mailman/listinfo/freebsd-net > >>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >> _______________________________________________ > >> freebsd-net@freebsd.org mailing list > >> https://lists.freebsd.org/mailman/listinfo/freebsd-net > >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >> > >> > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- Rod Grimes rgrimes@freebsd.org From owner-freebsd-net@freebsd.org Tue Nov 26 20:43:16 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EF8591C0F04 for ; Tue, 26 Nov 2019 20:43:16 +0000 (UTC) (envelope-from SRS0=RgF7Th=ZS=ssbglimited.co.uk=unix@eigbox.net) Received: from bosmailout05.eigbox.net (bosmailout05.eigbox.net [66.96.188.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47MwpW4SkGz4FNy for ; Tue, 26 Nov 2019 20:43:15 +0000 (UTC) (envelope-from SRS0=RgF7Th=ZS=ssbglimited.co.uk=unix@eigbox.net) Received: from bosmailscan12.eigbox.net ([10.20.15.12]) by bosmailout05.eigbox.net with esmtp (Exim) id 1iZhg2-0000mk-SY for freebsd-net@freebsd.org; Tue, 26 Nov 2019 15:43:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ssbglimited.co.uk; s=dkim; h=Sender:Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=R+PSIrr36t5NRq8jGw2aqd1GHpOpeE84xmwVem3EwcE=; b=BV57nRMRSyyJl908a4PJwZFt1T +y+1wPg70nPhJRSfVw0eAQYM7wgJ328eQZt67jMDWQkcFeFa56EpA6bVYkLCoBqcXeFV6P2HOVrYe eVxf0q7rlMlUYCytTVe/815Fh3VDTNE5w5TBXj3jaXB8gBF7aS7ADe0b8wJSr05OePC/Oq70130RQ 4+QuTcBV1aAp61LUz93IiKZVs9QUpu/2tTFvrdf2vAC0jKzZt5fGYPXeA/DVj/iPPSNoIL5mSMIH0 XTZxK1ZDyX+jtShXMkLjuCNLrVuVFdUaQdD5i5HxcQ8Y+TxR4CeU0Nr1D1lURRIp2OY6TNHB2FMBv kEDIHz1w==; Received: from [10.115.3.33] (helo=bosimpout13) by bosmailscan12.eigbox.net with esmtp (Exim) id 1iZhfx-0001Ue-U3 for freebsd-net@freebsd.org; Tue, 26 Nov 2019 15:43:09 -0500 Received: from bosauthsmtp18.yourhostingaccount.com ([10.20.18.18]) by bosimpout13 with id Wkj62100d0PPbB601kj9lq; Tue, 26 Nov 2019 15:43:09 -0500 X-Authority-Analysis: v=2.2 cv=UqITD64B c=1 sm=1 tr=0 a=hsonH7E3nOZjOFuRJksPKA==:117 a=JpjoeYlqMQu1FOXtmSia+Q==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=IkcTkHD0fZMA:10 a=MeAgGD-zjQ4A:10 a=nkE5dCGgubMA:10 a=48vgC7mUAAAA:8 a=6I5d2MoRAAAA:8 a=huf-i7YZo4SYaykzw70A:9 a=QEXdDO2ut3YA:10 a=w1C3t2QeGrPiZgrLijVG:22 a=IjZwj45LgO3ly-622nXo:22 Received: from cpc96382-rdng26-2-0-cust607.15-3.cable.virginm.net ([86.30.86.96]:10972 helo=[192.168.0.100]) by bosauthsmtp18.eigbox.net with esmtpa (Exim) id 1iZhfu-0008Vm-Eh; Tue, 26 Nov 2019 15:43:06 -0500 Subject: Re: SRv6 in FreeBSD To: "Rodney W. Grimes" Cc: freebsd-net@freebsd.org References: <201911262020.xAQKKDA0004315@gndrsh.dnsmgr.net> From: Unix Codenetworks Message-ID: <4eedc700-0bfd-0bb7-fa74-2ad6c16cd359@ssbglimited.co.uk> Date: Tue, 26 Nov 2019 20:43:01 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.3.0 MIME-Version: 1.0 In-Reply-To: <201911262020.xAQKKDA0004315@gndrsh.dnsmgr.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-EN-UserInfo: d94ecc27d8c618b705af6c7847bf2b9d:931c98230c6409dcc37fa7e93b490c27 X-EN-AuthUser: unix@ssbglimited.co.uk Sender: Unix Codenetworks X-EN-OrigIP: 86.30.86.96 X-EN-OrigHost: cpc96382-rdng26-2-0-cust607.15-3.cable.virginm.net X-Rspamd-Queue-Id: 47MwpW4SkGz4FNy X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ssbglimited.co.uk header.s=dkim header.b=BV57nRMR; dmarc=none; spf=pass (mx1.freebsd.org: domain of SRS0=RgF7Th=ZS=ssbglimited.co.uk=unix@eigbox.net designates 66.96.188.5 as permitted sender) smtp.mailfrom=SRS0=RgF7Th=ZS=ssbglimited.co.uk=unix@eigbox.net X-Spamd-Result: default: False [2.19 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[ssbglimited.co.uk:s=dkim]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:66.96.128.0/18]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[ssbglimited.co.uk]; NEURAL_SPAM_MEDIUM(0.60)[0.603,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[ssbglimited.co.uk:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[5.188.96.66.list.dnswl.org : 127.0.5.0]; NEURAL_SPAM_LONG(0.71)[0.708,0]; IP_SCORE(1.08)[ipnet: 66.96.128.0/18(2.93), asn: 29873(2.51), country: US(-0.05)]; FORGED_SENDER(0.30)[unix@ssbglimited.co.uk,SRS0=RgF7Th=ZS=ssbglimited.co.uk=unix@eigbox.net]; RECEIVED_SPAMHAUS_PBL(0.00)[96.86.30.86.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:29873, ipnet:66.96.128.0/18, country:US]; FROM_NEQ_ENVFROM(0.00)[unix@ssbglimited.co.uk,SRS0=RgF7Th=ZS=ssbglimited.co.uk=unix@eigbox.net]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Nov 2019 20:43:17 -0000 Hey, no prob.. sure lets wait to hear back on the use case that could be interesting :) On 2019-11-26 20:20, Rodney W. Grimes wrote: >> Hi Rodney, >> >> I haven't said that is not approved or an RFC exist (there are many and some interesting use cases) , but can you tell me of any in production deployments? > I can not, though for the SRH to be in its current state as a "Standards Track" document > there must be running code someplace... and that usually implies production deployments > as well, or atleast not small scale tests. > >> The conservatory still there, if you check with your customer, how many are willing to deploy it? > I did not mention any customer(s) at all, I stated I was interested in any use case. > >> Open for an offline talk about it as i really like to know if you are seeing other thing.. > I do not know that there is much to talk about. > >> Best regards. >> >> Santiago >> >> >> >> On 2019-11-26 11:33, Rodney W. Grimes wrote: >> >>>> Hi Alex, >>>> >>>> While I'm not a BSD developer, i really doubt it, considering that the >>>> building blocks for SR are not there ( mpls support or just label >>>> push/pop/swap). >>> He specifically stated SRv6 which is not MPLS based. >>> The building blocsk if one was to need this in a BSD are in >>> OpenBSD which has an MPLS implementation. >>> >>>> On the other hand, on SRv6 as you mentioned you rely on IPv6 headers and >>>> there is a lot of conservatory about it.... ( unless you are a Cisco fan!) >>> :-) The SRH is 5 years and 26 revisions into the process and has >>> been "Submitted to IESG for Publication" per: >>> https://datatracker.ietf.org/doc/draft-ietf-6man-segment-routing-header/ >>> so it should be possible for someone to do an implementation in FreeBSD >>> >>>> I'm interesting on the use case, if you don't mind... is it just service >>>> chaining you application ? Usually servers are just part of an overlay ( >>>> call it VXLAN,? MPLS? or something over something else...) >>> I would be interested to here the use cases as well. >>> >>>> Best regards. >>>> >>>> Santiago >>>> >>>> >>>> On 2019-11-25 03:43, madhava gaikwad via freebsd-net wrote: >>>>> Hello Experts, >>>>> I want to know if there is any effort/planning going on to implement Segment Routing (RFC 8402?https://tools.ietf.org/html/rfc8402). I see Linux supporting it. Wondering if there is something planned on FreeBSD too.My app runs on FreeBSD and I have a use case to share information from one application gateway to another about connection identity. I thought SRv6 header can help me here. >>>>> Thank you.Alex. >>>>> _______________________________________________ >>>>> freebsd-net@freebsd.org mailing list >>>>> https://lists.freebsd.org/mailman/listinfo/freebsd-net >>>>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >>>> _______________________________________________ >>>> freebsd-net@freebsd.org mailing list >>>> https://lists.freebsd.org/mailman/listinfo/freebsd-net >>>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >>>> >>>> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> From owner-freebsd-net@freebsd.org Tue Nov 26 23:33:36 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C2D031C4BCF for ; Tue, 26 Nov 2019 23:33:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47N0b44s1wz4PHZ for ; Tue, 26 Nov 2019 23:33:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id A4E051C4BCE; Tue, 26 Nov 2019 23:33:36 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A4A5D1C4BCD for ; Tue, 26 Nov 2019 23:33:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47N0b43v6kz4PHY for ; Tue, 26 Nov 2019 23:33:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 69FFD4B0A for ; Tue, 26 Nov 2019 23:33:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xAQNXau3014731 for ; Tue, 26 Nov 2019 23:33:36 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xAQNXaYV014730 for net@FreeBSD.org; Tue, 26 Nov 2019 23:33:36 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 235787] ixgbe no carrier problem - TX(7) desc avail = 2048, pidx = 0 Date: Tue, 26 Nov 2019 23:33:36 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: Overcome By Events X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Nov 2019 23:33:36 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235787 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|Unable to Reproduce |Overcome By Events --- Comment #5 from Kubilay Kocak --- ^Triage: Correct resolution --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Nov 27 05:47:16 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 187591CAE82 for ; Wed, 27 Nov 2019 05:47:16 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47N8tC5TwBz3CdK for ; Wed, 27 Nov 2019 05:47:15 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (c-73-225-95-104.hsd1.wa.comcast.net [73.225.95.104]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id xAR5l8Fj004848 (version=TLSv1.2 cipher=AES128-SHA bits=128 verify=NO) for ; Tue, 26 Nov 2019 21:47:09 -0800 (PST) (envelope-from julian@freebsd.org) To: "freebsd-net@freebsd.org" From: Julian Elischer Subject: geo blocking with ipfw ... the easy way Message-ID: <9e043ec9-e103-7dea-00b0-cb6af1474a59@freebsd.org> Date: Tue, 26 Nov 2019 21:47:02 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Rspamd-Queue-Id: 47N8tC5TwBz3CdK X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-1.61 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-0.91)[-0.913,0]; NEURAL_HAM_LONG(-0.70)[-0.700,0]; ASN(0.00)[asn:36236, ipnet:204.109.60.0/22, country:US] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Nov 2019 05:47:16 -0000 just in case someone wants to do this: The following script sets up a table (which can be used for blocking or allowing) in ipfw so that it holds nets assigned to the USA and Australia. You may select your own nets of course: It uses the ipdbtools package. (I run this from cron) #!/bin/sh ALLOWFILE=/root/AU+USA-GEOIPS.ipfw MAILTABLE=20 ALT_MAILTABLE=21 AU_VAL=10000 US_VAL=10200 set -x #fetch latest geo-ip ranges and set AU and USA into table ${MAILTABLE} ipdb-update.sh ipup -t AU=${AU_VAL}:US=${US_VAL} -n ${ALT_MAILTABLE} > ${ALLOWFILE} ipfw table ${ALT_MAILTABLE} flush ipfw -q -f ${ALLOWFILE} ipfw table ${MAILTABLE} swap ${ALT_MAILTABLE} From owner-freebsd-net@freebsd.org Wed Nov 27 05:50:44 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 101CC1CB0D2 for ; Wed, 27 Nov 2019 05:50:44 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47N8yC1Qj8z3CmL for ; Wed, 27 Nov 2019 05:50:42 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=15Ebm4TZhoo6NXxGat98Ms+QGqjDXAG+P7g8ctk1g5I=; b=OvbbNsiJjbcG/QL2mTgB7AFM8i Sc0bMKq/QcrVzACg9utKago3eK48KHZpr5S8avyyUq1d4tSx7q86BxeX7oajuIeziu9xB15/m9xc3 krO9HK0Dyu/WqWEmtmeRWXB36lNNSCKxHhMcgLC5JewcTcJBPxxHsYgcHvKJdXlcX89w=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iZqDk-0000aW-H5 for freebsd-net@freebsd.org; Wed, 27 Nov 2019 12:50:36 +0700 Date: Wed, 27 Nov 2019 12:50:36 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: Re: SRv6 in FreeBSD Message-ID: <20191127055036.GA2162@admin.sibptus.ru> References: <1159176100.4880122.1574653384166.ref@mail.yahoo.com> <1159176100.4880122.1574653384166@mail.yahoo.com> <667fca00-fc93-c017-175e-722d7592b5c2@ssbglimited.co.uk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="X1bOJ3K7DJ5YkBrT" Content-Disposition: inline In-Reply-To: <667fca00-fc93-c017-175e-722d7592b5c2@ssbglimited.co.uk> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47N8yC1Qj8z3CmL X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=OvbbNsiJ; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.41 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.31)[ip: (-9.86), ipnet: 2001:19f0:5000::/38(-4.93), asn: 20473(-1.73), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Nov 2019 05:50:44 -0000 --X1bOJ3K7DJ5YkBrT Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Unix Codenetworks wrote: >=20 > I'm interesting on the use case, if you don't mind... is it just service= =20 > chaining you application ? Usually servers are just part of an overlay (= =20 > call it VXLAN,=A0 MPLS=A0 or something over something else...) Once you've mentioned it... What's the use case of vxlan(4) on FreeBSD? I would love to hear a couple of real life examples. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --X1bOJ3K7DJ5YkBrT Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd3g6sAAoJEA2k8lmbXsY0JdYH/iCP3icjgGmrxQ7mKR5cyEqh 62cK+dsARRwvTbJ3gAOEZfMwO1Ptz2pA4yfseEBF83xSZBfxeC6IZ8ovXuqAbUUr qnI59xMKwzeTSJYZangGNCzAVXpuvS1EcHmZLEu/y8GUQ6qyTbMxX2MHFAObR6dx RDmuM21Ppb7L2PcXUKQXY+OkJgzK4LpQXenkIxuR6CQ/YT76TqZtlCcC8HT0zVAZ 0/THPTy3pGlpPviRUU+Zt0pobn3ALQUKF13y0nYs9doz6Z0XTWZ+evWw7BQAGT3t NG+Pl/yUB9HjtqNG570pAtPX4aSzr79XC5T1AvDCSQyrqwANlWX6MYX1PVLpxlI= =6NmD -----END PGP SIGNATURE----- --X1bOJ3K7DJ5YkBrT-- From owner-freebsd-net@freebsd.org Wed Nov 27 12:58:42 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9D9421AB6E5 for ; Wed, 27 Nov 2019 12:58:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47NLS23g84z43fF for ; Wed, 27 Nov 2019 12:58:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 7BF721AB6E4; Wed, 27 Nov 2019 12:58:42 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7BBB71AB6E3 for ; Wed, 27 Nov 2019 12:58:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47NLS22kgbz43fC for ; Wed, 27 Nov 2019 12:58:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 41403DBA7 for ; Wed, 27 Nov 2019 12:58:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xARCwgDX044133 for ; Wed, 27 Nov 2019 12:58:42 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xARCwgrx044132 for net@FreeBSD.org; Wed, 27 Nov 2019 12:58:42 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 220468] libfetch: Does not handle 407 (proxy auth) when connecting to HTTPS using connect tunnel Date: Wed, 27 Nov 2019 12:58:39 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: yamayan@kbh.biglobe.ne.jp X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bapt@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: cc attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Nov 2019 12:58:42 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220468 yamayan@kbh.biglobe.ne.jp changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |yamayan@kbh.biglobe.ne.jp --- Comment #10 from yamayan@kbh.biglobe.ne.jp --- Created attachment 209479 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D209479&action= =3Dedit simple patch I have a simple patch. previous patch seems complex for me. and it seems broken. setting conn->err after conn is freed with fetch_close can cause SIGSEGV. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Wed Nov 27 13:28:27 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0FD221AC143 for ; Wed, 27 Nov 2019 13:28:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47NM6L6h7Wz44tB for ; Wed, 27 Nov 2019 13:28:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id E56B51AC142; Wed, 27 Nov 2019 13:28:26 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E52FB1AC141 for ; Wed, 27 Nov 2019 13:28:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47NM6L5jVyz44t9 for ; Wed, 27 Nov 2019 13:28:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A7770E0F4 for ; Wed, 27 Nov 2019 13:28:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xARDSQDY036462 for ; Wed, 27 Nov 2019 13:28:26 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xARDSQP3036460 for net@FreeBSD.org; Wed, 27 Nov 2019 13:28:26 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242159] [em] I219-V connection lost under load Date: Wed, 27 Nov 2019 13:28:26 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: IntelNetworking, iflib, regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: julien@perdition.city X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Nov 2019 13:28:27 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242159 --- Comment #1 from Julien Cigar --- Strangely enough I would add that the problem doesn't occur on my work mach= ine (Thinkpad P52s) with (almost) the same card: em0@pci0:0:31:6: class=3D0x020000 card=3D0x225a17aa chip=3D0x15d8808= 6 rev=3D0x21 hdr=3D0x00 vendor =3D 'Intel Corporation' device =3D 'Ethernet Connection (4) I219-V' class =3D network subclass =3D ethernet (only difference is "card=3D0x225c17aa" vs "card=3D0x225a17aa") --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Nov 27 14:36:12 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 833371AD936 for ; Wed, 27 Nov 2019 14:36:12 +0000 (UTC) (envelope-from SRS0=SGYENB=ZT=ssbglimited.co.uk=unix@eigbox.net) Received: from bosmailout04.eigbox.net (bosmailout04.eigbox.net [66.96.189.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47NNcW1c5Yz487X for ; Wed, 27 Nov 2019 14:36:10 +0000 (UTC) (envelope-from SRS0=SGYENB=ZT=ssbglimited.co.uk=unix@eigbox.net) Received: from bosmailscan05.eigbox.net ([10.20.15.5]) by bosmailout04.eigbox.net with esmtp (Exim) id 1iZyQM-0001Zb-D3 for freebsd-net@freebsd.org; Wed, 27 Nov 2019 09:36:10 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ssbglimited.co.uk; s=dkim; h=Sender:Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject:Reply-To: Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=N1lUbfenkx4YFZqVci5CQBFH8WdFrMNVacr7D9JY8KU=; b=duGBUqDMRvFV2HRL7T9RQeIZ3q jfJd2TVwgVhSatgqCzEZtxdgNynP5lYkD2ckjWkgfVaVi1JEI96awMHWWr4aV2urd1YiVfRjJDDSO KVUw1JHRWtPC4pT4ogLmORZNNJACTp0tF2/oCwtl9fQLVTY3S3St3yyxFDYMPA8Zpx7XF7hmc7nyN XMS4Q6lGitOFToIcEiCk0lhvi6dIaQHsVeGnoxtviW3GcK9FSwVzilJLAZ2Gve6xZY4Wp9QFeBVHB YD7Yxyv94UTkyaUJG1/e3npp7g7UC0xSH5POWq6mi5Kc/VGmH2L1JCdupyVN8SM6oL8onH5DrHw4/ biHQP0eg==; Received: from [10.115.3.33] (helo=bosimpout13) by bosmailscan05.eigbox.net with esmtp (Exim) id 1iZyQF-0003n5-8v for freebsd-net@freebsd.org; Wed, 27 Nov 2019 09:36:03 -0500 Received: from bosauthsmtp18.yourhostingaccount.com ([10.20.18.18]) by bosimpout13 with id X2bz2100B0PPbB6012c2rx; Wed, 27 Nov 2019 09:36:03 -0500 X-Authority-Analysis: v=2.2 cv=UqITD64B c=1 sm=1 tr=0 a=hsonH7E3nOZjOFuRJksPKA==:117 a=JpjoeYlqMQu1FOXtmSia+Q==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=N659UExz7-8A:10 a=MeAgGD-zjQ4A:10 a=nkE5dCGgubMA:10 a=SyY-BUfYX2NiKIYjZwUA:9 a=pILNOxqGKmIA:10 Received: from cpc96382-rdng26-2-0-cust607.15-3.cable.virginm.net ([86.30.86.96]:28020 helo=[192.168.0.100]) by bosauthsmtp18.eigbox.net with esmtpa (Exim) id 1iZyQB-00013C-HC; Wed, 27 Nov 2019 09:35:59 -0500 Subject: Re: SRv6 in FreeBSD To: Victor Sudakov , freebsd-net@freebsd.org References: <1159176100.4880122.1574653384166.ref@mail.yahoo.com> <1159176100.4880122.1574653384166@mail.yahoo.com> <667fca00-fc93-c017-175e-722d7592b5c2@ssbglimited.co.uk> <20191127055036.GA2162@admin.sibptus.ru> From: Unix Codenetworks Message-ID: Date: Wed, 27 Nov 2019 14:35:52 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.3.0 MIME-Version: 1.0 In-Reply-To: <20191127055036.GA2162@admin.sibptus.ru> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-EN-UserInfo: d94ecc27d8c618b705af6c7847bf2b9d:931c98230c6409dcc37fa7e93b490c27 X-EN-AuthUser: unix@ssbglimited.co.uk Sender: Unix Codenetworks X-EN-OrigIP: 86.30.86.96 X-EN-OrigHost: cpc96382-rdng26-2-0-cust607.15-3.cable.virginm.net X-Rspamd-Queue-Id: 47NNcW1c5Yz487X X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ssbglimited.co.uk header.s=dkim header.b=duGBUqDM; dmarc=none; spf=pass (mx1.freebsd.org: domain of SRS0=SGYENB=ZT=ssbglimited.co.uk=unix@eigbox.net designates 66.96.189.4 as permitted sender) smtp.mailfrom=SRS0=SGYENB=ZT=ssbglimited.co.uk=unix@eigbox.net X-Spamd-Result: default: False [2.06 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[ssbglimited.co.uk:s=dkim]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:66.96.128.0/18]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[ssbglimited.co.uk]; NEURAL_SPAM_MEDIUM(0.53)[0.529,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[ssbglimited.co.uk:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[4.189.96.66.list.dnswl.org : 127.0.5.0]; NEURAL_SPAM_LONG(0.65)[0.653,0]; IP_SCORE(1.08)[ipnet: 66.96.128.0/18(2.92), asn: 29873(2.51), country: US(-0.05)]; FORGED_SENDER(0.30)[unix@ssbglimited.co.uk,SRS0=SGYENB=ZT=ssbglimited.co.uk=unix@eigbox.net]; RWL_MAILSPIKE_POSSIBLE(0.00)[4.189.96.66.rep.mailspike.net : 127.0.0.17]; RECEIVED_SPAMHAUS_PBL(0.00)[96.86.30.86.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:29873, ipnet:66.96.128.0/18, country:US]; FROM_NEQ_ENVFROM(0.00)[unix@ssbglimited.co.uk,SRS0=SGYENB=ZT=ssbglimited.co.uk=unix@eigbox.net]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Nov 2019 14:36:12 -0000 Hi Victor, I did mention it, as having VXLAN can allow to integrate FreeBSD as an hypervisor/jails into an VXLAN overlay. Probably there will be some other things to sort out, control plane? (depending on deployment type). I'm not aware of any live deployments running FreeBSD and VXLAN. We do have live deployments on Linux using VXLAN ecnap (Linux + tungsten fabric or similar). I will love to know about any live deployment/successful stories on FreeBSD + VXLAN + bhyve and Jails. Unfortunately my BSD daily usage is more related to Jails + VNET + FRR and netmap. These amazing tools allow us to quickly "simulate" 10s of CPE devices, generate routes, OSPF/BGP/BFD speakers, and generate traffic while staying away from all the Linux craziness (and other tools are super expensive). It will be nice to do a test and see how good FreeBSD integrates into an existing overlay. I hope it make sense. Santiago On 2019-11-27 05:50, Victor Sudakov wrote: > Unix Codenetworks wrote: >> I'm interesting on the use case, if you don't mind... is it just service >> chaining you application ? Usually servers are just part of an overlay ( >> call it VXLAN, MPLS or something over something else...) > Once you've mentioned it... What's the use case of vxlan(4) on FreeBSD? > I would love to hear a couple of real life examples. > From owner-freebsd-net@freebsd.org Wed Nov 27 15:25:49 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 394B01AEF03 for ; Wed, 27 Nov 2019 15:25:49 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47NPjl6qGTz4Bfg for ; Wed, 27 Nov 2019 15:25:47 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=lc5/kHZfyhSAMtGOCZmIIPmobAfFe0miXSIHNh2xHXU=; b=FIPjOc0gTdLTVXafFdKBsF5Bsk WSoDPf7P7I/nrnsc3YSREHu5988FB95ZiMuGUg36H8a2FHIzcT83MYsewpaufiPEWYJrv9O1ePRHn v1Kh2wjDCEYZ/D9Ks2I6HVMROhIs7Ttbq1zz710d8l21yeYje7DUAhELPqPg7uEL5QV8=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iZzCK-00040G-Tw for freebsd-net@freebsd.org; Wed, 27 Nov 2019 22:25:44 +0700 Date: Wed, 27 Nov 2019 22:25:44 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: Re: SRv6 in FreeBSD Message-ID: <20191127152544.GA15293@admin.sibptus.ru> References: <1159176100.4880122.1574653384166.ref@mail.yahoo.com> <1159176100.4880122.1574653384166@mail.yahoo.com> <667fca00-fc93-c017-175e-722d7592b5c2@ssbglimited.co.uk> <20191127055036.GA2162@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="lrZ03NoBR/3+SXJZ" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47NPjl6qGTz4Bfg X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=FIPjOc0g; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.42 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.32)[ip: (-9.86), ipnet: 2001:19f0:5000::/38(-4.93), asn: 20473(-1.74), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Nov 2019 15:25:49 -0000 --lrZ03NoBR/3+SXJZ Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Unix Codenetworks wrote: > Hi Victor, >=20 > I did mention it,=A0 as having VXLAN can allow to integrate FreeBSD as an= =20 > hypervisor/jails into an VXLAN overlay. Probably there will be some=20 > other things to sort out, control plane? (depending on deployment type). These words are too generic.=20 For example, vm-bhyve allows to create a vxlan bridge, I now manage 3 vm-bhyve hypervisors with 5-6 VMs in each, but I'm damned if I know how to put vxlan to good use. >=20 > I'm not aware of any live deployments running FreeBSD and VXLAN. We do=20 > have live deployments on Linux using VXLAN ecnap (Linux + tungsten=20 > fabric or similar). I will love to know about any live=20 > deployment/successful stories on FreeBSD + VXLAN + bhyve and Jails. So will I. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --lrZ03NoBR/3+SXJZ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd3pV4AAoJEA2k8lmbXsY0cLMH/202CjV08jayPfyNmT1vIIVO a/3co28L52NhkoYWs/JLMAZ+Hr36LFkezS1xon9RLGjqfdNROyZNic1HohKcz8r1 n1Ms2ZFbWnenkQRuYu4/l0TLtlyQ57qYDyWmlQxKVkfVAVLIlyQkWf2lNw3RLaGw oE0dpIT931SXieMdbiEzG2EG2nxqDdeYj76ksmB1sX6XMokNyokQzBOzm9n+mNfg 7W3nreGwFzTbU7bpiLziniKwP7q8846tlOHzySTFoT3HQaYL9jbe2yUUHYb+XEs8 vyt1qUMehhx4fC9MPYoDSr88rF+OZ50ziQ39wz8SM7smbHQmqMQhlyWNEEM3/qI= =YGSm -----END PGP SIGNATURE----- --lrZ03NoBR/3+SXJZ-- From owner-freebsd-net@freebsd.org Wed Nov 27 16:06:42 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9FC421B02F9 for ; Wed, 27 Nov 2019 16:06:42 +0000 (UTC) (envelope-from SRS0=SGYENB=ZT=ssbglimited.co.uk=unix@eigbox.net) Received: from bosmailout08.eigbox.net (bosmailout08.eigbox.net [66.96.190.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47NQcx4hTpz4F0c for ; Wed, 27 Nov 2019 16:06:41 +0000 (UTC) (envelope-from SRS0=SGYENB=ZT=ssbglimited.co.uk=unix@eigbox.net) Received: from bosmailscan07.eigbox.net ([10.20.15.7]) by bosmailout08.eigbox.net with esmtp (Exim) id 1iZzpv-00023g-KH for freebsd-net@freebsd.org; Wed, 27 Nov 2019 11:06:39 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ssbglimited.co.uk; s=dkim; h=Sender:Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject:Reply-To: Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=g5x7f6CFO02LaabD6Gsefwm9kKXVfCWNYFEtX2Uxkmo=; b=eMMsFGF+jkIySdSuHt4lKNVzRG HVla8XmJxaPj3/6mm54xSsylCE6wJKgjiltoVOapKKFsXj6IYTQVvwGIlKIRizgEg82DBLGA+5vbz HLomp6xlt+dUzw9wrEGbT8CaWYUK+Q7Uo9Hkm418L6ENXYbPv6vwAluTo64O1IBiCixAQ2uNa92aW BLGSCHBpie/hj+P/ZIDdiQJMN93ut7LBPBmg/4lMwhxVAV2BI7y0+1IAJud+4KjQ87gjG54Kr+sh/ YT7S8jZ2tLJCONUz9+uYnk3gctvJvGQJwOFEcrl0/QtZq4OjTWJINLe37p/MjQwMk9FkO8221rg87 2m0Qty2A==; Received: from [10.115.3.32] (helo=bosimpout12) by bosmailscan07.eigbox.net with esmtp (Exim) id 1iZzpo-0000hT-GO for freebsd-net@freebsd.org; Wed, 27 Nov 2019 11:06:32 -0500 Received: from bosauthsmtp18.yourhostingaccount.com ([10.20.18.18]) by bosimpout12 with id X46V210020PPbB60146YMT; Wed, 27 Nov 2019 11:06:32 -0500 X-Authority-Analysis: v=2.2 cv=BKTDlBYG c=1 sm=1 tr=0 a=hsonH7E3nOZjOFuRJksPKA==:117 a=JpjoeYlqMQu1FOXtmSia+Q==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=N659UExz7-8A:10 a=MeAgGD-zjQ4A:10 a=nkE5dCGgubMA:10 a=77QlqqdFbfqRUvbfW-4A:9 a=pILNOxqGKmIA:10 Received: from cpc96382-rdng26-2-0-cust607.15-3.cable.virginm.net ([86.30.86.96]:2979 helo=[192.168.0.100]) by bosauthsmtp18.eigbox.net with esmtpa (Exim) id 1iZzpk-0003au-TU; Wed, 27 Nov 2019 11:06:29 -0500 Subject: Re: SRv6 in FreeBSD To: Victor Sudakov , freebsd-net@freebsd.org References: <1159176100.4880122.1574653384166.ref@mail.yahoo.com> <1159176100.4880122.1574653384166@mail.yahoo.com> <667fca00-fc93-c017-175e-722d7592b5c2@ssbglimited.co.uk> <20191127055036.GA2162@admin.sibptus.ru> <20191127152544.GA15293@admin.sibptus.ru> From: Unix Codenetworks Message-ID: <63df0ffe-2db0-4b7e-78cd-f48594db65d5@ssbglimited.co.uk> Date: Wed, 27 Nov 2019 16:06:22 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.3.0 MIME-Version: 1.0 In-Reply-To: <20191127152544.GA15293@admin.sibptus.ru> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-EN-UserInfo: d94ecc27d8c618b705af6c7847bf2b9d:931c98230c6409dcc37fa7e93b490c27 X-EN-AuthUser: unix@ssbglimited.co.uk Sender: Unix Codenetworks X-EN-OrigIP: 86.30.86.96 X-EN-OrigHost: cpc96382-rdng26-2-0-cust607.15-3.cable.virginm.net X-Rspamd-Queue-Id: 47NQcx4hTpz4F0c X-Spamd-Bar: +++ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ssbglimited.co.uk header.s=dkim header.b=eMMsFGF+; dmarc=none; spf=pass (mx1.freebsd.org: domain of SRS0=SGYENB=ZT=ssbglimited.co.uk=unix@eigbox.net designates 66.96.190.8 as permitted sender) smtp.mailfrom=SRS0=SGYENB=ZT=ssbglimited.co.uk=unix@eigbox.net X-Spamd-Result: default: False [3.62 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[ssbglimited.co.uk:s=dkim]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:66.96.128.0/18]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[ssbglimited.co.uk]; NEURAL_SPAM_MEDIUM(0.85)[0.848,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[ssbglimited.co.uk:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[8.190.96.66.list.dnswl.org : 127.0.5.0]; NEURAL_SPAM_LONG(0.90)[0.904,0]; IP_SCORE(2.07)[ip: (4.96), ipnet: 66.96.128.0/18(2.92), asn: 29873(2.51), country: US(-0.05)]; FORGED_SENDER(0.30)[unix@ssbglimited.co.uk,SRS0=SGYENB=ZT=ssbglimited.co.uk=unix@eigbox.net]; RECEIVED_SPAMHAUS_PBL(0.00)[96.86.30.86.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:29873, ipnet:66.96.128.0/18, country:US]; FROM_NEQ_ENVFROM(0.00)[unix@ssbglimited.co.uk,SRS0=SGYENB=ZT=ssbglimited.co.uk=unix@eigbox.net]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Nov 2019 16:06:42 -0000 Hi Victor, | but I'm damned if I know how to put vxlan to good use. In term of? Like benefits of using VXLAN in general? Cheers Santi On 2019-11-27 15:25, Victor Sudakov wrote: > Unix Codenetworks wrote: >> Hi Victor, >> >> I did mention it, as having VXLAN can allow to integrate FreeBSD as an >> hypervisor/jails into an VXLAN overlay. Probably there will be some >> other things to sort out, control plane? (depending on deployment type). > These words are too generic. > > For example, vm-bhyve allows to create a vxlan bridge, I now manage 3 > vm-bhyve hypervisors with 5-6 VMs in each, but I'm damned if I know how > to put vxlan to good use. > >> I'm not aware of any live deployments running FreeBSD and VXLAN. We do >> have live deployments on Linux using VXLAN ecnap (Linux + tungsten >> fabric or similar). I will love to know about any live >> deployment/successful stories on FreeBSD + VXLAN + bhyve and Jails. > So will I. > > From owner-freebsd-net@freebsd.org Wed Nov 27 16:08:43 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id ADEC81B0401 for ; Wed, 27 Nov 2019 16:08:43 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47NQgG4ZD3z4F5N for ; Wed, 27 Nov 2019 16:08:42 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=jGENZ/NddN+2YjGGvl3YrtScUHaf0WpvOD/lsNzXqbY=; b=VR4X2XLVJ+w0qLzHfEptqeQioL boEBcBqHvvQ5XHC5ageKnb3QLKBqsyHe/ZOjUCTFRYbk3pny7wewXzqAMNnh2WYDFgLNWLCpgYJrl oIBJOlf7/wF9zZrxmINR26brjFmHhDyhlSca4d2RKfsIPh9jTGq4208bVJv1qts8Mab0=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iZzrt-0004FY-3J for freebsd-net@freebsd.org; Wed, 27 Nov 2019 23:08:41 +0700 Date: Wed, 27 Nov 2019 23:08:41 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: Re: SRv6 in FreeBSD Message-ID: <20191127160841.GA16314@admin.sibptus.ru> References: <1159176100.4880122.1574653384166.ref@mail.yahoo.com> <1159176100.4880122.1574653384166@mail.yahoo.com> <667fca00-fc93-c017-175e-722d7592b5c2@ssbglimited.co.uk> <20191127055036.GA2162@admin.sibptus.ru> <20191127152544.GA15293@admin.sibptus.ru> <63df0ffe-2db0-4b7e-78cd-f48594db65d5@ssbglimited.co.uk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="zYM0uCDKw75PZbzx" Content-Disposition: inline In-Reply-To: <63df0ffe-2db0-4b7e-78cd-f48594db65d5@ssbglimited.co.uk> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47NQgG4ZD3z4F5N X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=VR4X2XLV; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.42 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.32)[ip: (-9.86), ipnet: 2001:19f0:5000::/38(-4.93), asn: 20473(-1.75), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Nov 2019 16:08:43 -0000 --zYM0uCDKw75PZbzx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Unix Codenetworks wrote: > Hi Victor, >=20 > | but I'm damned if I know how to put vxlan to good use. >=20 > In term of? Like benefits of using VXLAN in general? Under FreeBSD, yes. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --zYM0uCDKw75PZbzx Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd3p+JAAoJEA2k8lmbXsY0uQMH/288aBnfqGYLBBHVz0JiNJ/q eE+4f/KvctO+Ktnr1Kk9vRUn8pXyM0ays4jxA+Wqf0Sbv7/bSJMx5RUh+lMPsdVT s/UJpchWntIBaz1P4Cw8JDHlPyymWdhrx/DkGTOw/QY1c596PFwGfg2QWxZU6t0h b4yZGt0Yj6F/t8eOa5BH/LGSIhHot4aHQgM+nRuZupe2ZxkrWdIk+khp+SYO537e bLmvwTTsHofQtjD0qFiZiUA56SMjiWmzAflroS2mV/Q6bR1viD6O+fj6w49deU/Q k/Vwl5Yexw6Ee5pXDsXNmsg2FWlrxlmKvOj/WOprwZ3YOCE9cfntt3IY1OR9IyA= =Qnp0 -----END PGP SIGNATURE----- --zYM0uCDKw75PZbzx-- From owner-freebsd-net@freebsd.org Wed Nov 27 17:50:19 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2398D1B2EF6 for ; Wed, 27 Nov 2019 17:50:19 +0000 (UTC) (envelope-from crapsh@monkeybrains.net) Received: from mail.monkeybrains.net (mail.monkeybrains.net [208.69.40.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.monkeybrains.net", Issuer "AlphaSSL CA - SHA256 - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47NSwT6L3jz4LW0 for ; Wed, 27 Nov 2019 17:50:17 +0000 (UTC) (envelope-from crapsh@monkeybrains.net) Received: from [10.2.86.111] (public.monkeybrains.net [208.69.41.107] (may be forged)) (authenticated bits=0) by mail.monkeybrains.net (8.15.2/8.15.2) with ESMTPSA id xARHoFMk010722 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Wed, 27 Nov 2019 09:50:16 -0800 (PST) (envelope-from crapsh@monkeybrains.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=monkeybrains.net; s=dkim; t=1574877016; bh=E8av/3+o1qcWizQCwRFe8q9xf29geUxB6X6VM6decRc=; h=Subject:To:References:From:Date:In-Reply-To; b=SLk8htKulopX3Yh+GvaVczdQaLEer3M3BgiGFPLsSO1FNIfyb1FBqHeHwp/SKgHzr bPr3yOBvqlqcnI93mB8IlWHHsm9Gy0S9IuzsM3ty96zafGcSnp2OC89WLzuK8WX1QH cn3v2HqcwODCMozkdsmKbJTSFW49tjcmgtMzVn20= X-Authentication-Warning: mail.monkeybrains.net: Host public.monkeybrains.net [208.69.41.107] (may be forged) claimed to be [10.2.86.111] Subject: Re: ix0 and ix1 ifconfig options different on Supermicro board To: freebsd-net@freebsd.org References: From: BulkMailForRudy Message-ID: <9f75e32b-be73-cfb8-b80d-1b2eff1caf17@monkeybrains.net> Date: Wed, 27 Nov 2019 09:50:15 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Virus-Scanned: clamav-milter 0.101.4 at mail.monkeybrains.net X-Virus-Status: Clean X-Rspamd-Queue-Id: 47NSwT6L3jz4LW0 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=monkeybrains.net header.s=dkim header.b=SLk8htKu; dmarc=pass (policy=none) header.from=monkeybrains.net; spf=pass (mx1.freebsd.org: domain of crapsh@monkeybrains.net designates 208.69.40.19 as permitted sender) smtp.mailfrom=crapsh@monkeybrains.net X-Spamd-Result: default: False [-6.84 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[monkeybrains.net:s=dkim]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[monkeybrains.net.dwl.dnswl.org : 127.0.5.0]; R_SPF_ALLOW(-0.20)[+ptr]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; HAS_XAW(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[monkeybrains.net:+]; DMARC_POLICY_ALLOW(-0.50)[monkeybrains.net,none]; IP_SCORE(-3.74)[ip: (-9.82), ipnet: 208.69.40.0/22(-4.91), asn: 32329(-3.93), country: US(-0.05)]; RCVD_IN_DNSWL_LOW(-0.10)[19.40.69.208.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:32329, ipnet:208.69.40.0/22, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Nov 2019 17:50:19 -0000 Thank you, Vincenzo. To anyone else looking this up, 'iperf' is not dependent on the TSO/LRO.   iperf -c 10.1.1.1 -P 4   --->  9.4Gbps   iperf3 -c 10.1.1.1 -P 4  --->  5.1Gbps I still find it odd that the default FreeBSD install has different options for ix0 and ix1. Rudy On 11/23/19 12:51 AM, Vincenzo Maffione wrote: > Hi, > TSO/LRO (for IPv4 and/or IPv6) will increase TCP bulk throughput on > machine X for those TCP connection where X is one of the two endpoints, > that is TCP connections that are local to X. That's why you are seing iperf > achieving higher throughput with TSO/LRO enabled. > TSO means that your local TCP stack will pass down large (e.g. 32K) packets > to the NIC driver, and the NIC will take care of segmentation. This is > beneficial for two reasons: (1) the segmentation work is done in hardware > rather than in the CPU, and this is typically faster (and also, you save > the CPU time for other stuff); (2) the per-packet cost of protocol > processing (TCP, IP, Ethernet) is amortized over a large amount of bytes, > which means that your total per-byte CPU time will be way lower. Most of > the gain actually comes from (2). > LRO is similar, but in the receive direction. > > However, if your device is a router it means that it forwards packets. > Therefore the local TCP stack is not involved, so TSO simply does not apply > (at least in FreeBSD). > I think LRO applies, but there is a latency hit, as suggested by the wiki > page you pointed. > > So no, enabling TSO/LRO will not increase the forwarding rate, but possibly > increase latency. You should keep it disabled. > > Cheers, > Vincenzo > > Il giorno ven 22 nov 2019 alle ore 22:47 BulkMailForRudy < > crapsh@monkeybrains.net> ha scritto: > >> I just did another test to a machine with a Chelsio card. >> >> Server D (cxl3) -> Server A = 3.5Gbps >> >> Turning on flags lro tso4 tso6 vlanhwtso , yields >> >> Server D (cxl3) -> Server A = 9.1 Gbps >> >> Oddly, this was an ipv4 iperf, but tso6 seems to help. >> >> I had settings turned off per >> https://wiki.freebsd.org/10gFreeBSD/Router#Disabling_LRO_and_TSO >> >> Servers A,B, and C are all running services. Server D is acting as a >> router. Are the LRO and TSO only for TCP to the box, or will it >> increase speeds for forwarding if I enable it? >> >> >> Thanks, >> >> Rudy >> >> >> On 11/22/19 1:30 PM, BulkMailForRudy wrote: >>> I have nearly identical setups, but ix0 and ix1 are getting different >>> options at boot. This seems to be the only difference I see between >>> machines and I am trying to answer the question, Why can Server A >>> iperf close to line rate while the other servers can not? >>> >>> The Test: iperf -P 3 -c REMOTE_ADDR >>> >>> Server A (ix1) -> Server C (ix0) = 9.4Gbps >>> Server B (ix0)-> Server C (ix0) = 5.6Gbps >>> Server C (ix0)-> A (ix1) or B (ix0) = 5.0Gbps >>> >>> >>> The motherboards are identical between A,B and C and the configs very >>> similar. The only difference is that Server A is plugged into ix1 >>> while Server B and C are using ix0. >>> >>> >>> I am not modifying the flags at boot (eg ifconfig -tso), yet ix0 lacks >>> TXCSUM,TSO4,TSO6,LRO,WOL. >>> >>> ix0: flags=8943 metric >>> 0 mtu 1500 >>> >> options=a538b9 >> >>> ether *ac:1f:6b:6a:14:6*4 >>> media: Ethernet autoselect (10Gbase-T ) >>> ix1: flags=8843 metric 0 mtu 1500 >>> >> options=e53fbb >> >>> ether *ac:1f:6b:6a:14:6*5 >>> media: Ethernet autoselect (10Gbase-T ) >>> >>> I did try adding some flags to ix0 and -- not sure if this was the >>> reason -- the box started acting oddly and I ended up rebooting it. >>> >>> >>> My hunch has is that there is somethign with the TSO4. >>> >>> >>> Rudy >>> >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >>> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@freebsd.org Thu Nov 28 10:15:39 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A8BEB1CC075 for ; Thu, 28 Nov 2019 10:15:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47NtnR45Z6z4N1g for ; Thu, 28 Nov 2019 10:15:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 8C9241CC074; Thu, 28 Nov 2019 10:15:39 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8C5781CC073 for ; Thu, 28 Nov 2019 10:15:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47NtnR3DPWz4N1f for ; Thu, 28 Nov 2019 10:15:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 525B224437 for ; Thu, 28 Nov 2019 10:15:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xASAFd9x076752 for ; Thu, 28 Nov 2019 10:15:39 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xASAFdLa076751 for net@FreeBSD.org; Thu, 28 Nov 2019 10:15:39 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242270] Network stack leaks ifnet references when creating VLAN Date: Thu, 28 Nov 2019 10:15:38 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Nov 2019 10:15:39 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242270 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |net@FreeBSD.org Keywords| |patch --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Nov 28 18:42:28 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 32C5E1B2D01 for ; Thu, 28 Nov 2019 18:42:28 +0000 (UTC) (envelope-from 6522.1c.5de00dc9027f9051ed970402.5db9c27df161f862cbc1a721.freebsd-net=freebsd.org@event.a1e0.squarespace-mail.com) Received: from out1-2.campaigns.a1e0.squarespace-mail.com (out1-2.campaigns.a1e0.squarespace-mail.com [142.0.181.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47P62C5jc8z3Qbx for ; Thu, 28 Nov 2019 18:42:27 +0000 (UTC) (envelope-from 6522.1c.5de00dc9027f9051ed970402.5db9c27df161f862cbc1a721.freebsd-net=freebsd.org@event.a1e0.squarespace-mail.com) DKIM-Signature: v=1; a=rsa-sha256; d=gutterprose.com;s=squarespace; c=relaxed/relaxed; q=dns/txt; t=1574966548; x=1577558548; h=content-type:mime-version:subject:date:message-id:to:from:list-unsubscribe:list-unsubscribe-post:x-thread-info; bh=Pp6jjhHVD+2d4M0lhbHR2iUFoiPJvKTUqvbIlrzD73M=; b=gSLPlQmOacih9z2I3NDgPPZ9SzVeg1zdb2muEy4640xwWaNTqgHE7LYFMWk1XcNYi/X3cWMqn8wcwUsJsFdSILMb8ZFGU0EUJ7NOUgfLUIaYWtQLI8SBw2xj3GbWPMZ11aXoU7Kqbc6VpWgQEJsXhJj61vD/YPeSdQ015xj05XDTeSD6TMHAV8YELx9cNnloW7pSUgkUUfzwIXfLBGktU6o7JUlaXA5N7wOJzqnk3/j24/d1TbDm0DjwehA7idTWI1je+cyCCNKnbgFuBjXjR3TUerpoHfuCltVUzs3Yl1A5fIAtzcg/Ap/wsxdRQRm0vTmo5wPBAWaOPu2tJ6xmIw== DKIM-Signature: v=1; a=rsa-sha256; d=a1e0.squarespace-mail.com; i=@a1e0.squarespace-mail.com; s=squarespace; c=relaxed/relaxed; q=dns/txt; t=1574966548; x=1577558548; h=content-type:mime-version:subject:date:message-id:to:from:list-unsubscribe:list-unsubscribe-post:x-thread-info; bh=Pp6jjhHVD+2d4M0lhbHR2iUFoiPJvKTUqvbIlrzD73M=; b=yB3jJk69pXIlZdLbM21+fTiC9+q/UfJmsO5R5xWFsyFFZTLyxFlFxoxEwXivV+704k9qF5muQ/WKVAEG282FB3woH29BrcrBGPYce14fgrghd3jUHGgKw1gdkky8jNWiqhkkHfuO6swA9rPKhLrsxc5FDvDLv5euo8JW/QE4GAR2+CzFqCbDJgoDBuIMIQCr32Lac6/0ZFvvwKjoDgTi/xTUeutc7pRtKkeMbfM9QL4KIEZKM40pYdFJ7VVeDgj87C0waASyHNZ/ci/Rx6HBFPj6bLXre2PD+j6fI0m3ik9XUHYK6FiRoNDMN+IQUos1v2+BXP48YnfnYKv9d1I/rA== X-Thread-Info: NjUyMi4xZS4xNTkwMDAwMDBiNjNkNzIuNWRlMDBkYzkwMjdmOTA1MWVkOTcwNDAyLjVkYjljMjdkZjE2MWY4NjJjYmMxYTcyMS5mcmVlYnNkLW5ldD1mcmVlYnNkLm9yZw== Received: from r2.us-east-1.aws.in.socketlabs.com (r2.us-east-1.aws.in.socketlabs.com [142.0.191.2]) by mxh4.email-od.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Thu, 28 Nov 2019 13:12:07 -0500 Received: from 8.36.86.61 by r2.us-east.aws.in.socketlabs.com via HTTP; Thu, 28 Nov 2019 18:12:05 UTC List-Unsubscribe-Post: List-Unsubscribe=One-Click X-Website-Id: 5da8154ce0efae33b821589a From: "Gutterprose Records" To: freebsd-net@freebsd.org Message-ID: Date: Thu, 28 Nov 2019 13:12:05 -0500 Subject: =?utf-8?B?U1VCTUlTU0lPTjogUHJpbWUgU2luaXN0ZXIgLSDigJhQcmltZSBUaW1l4oCZIFtQcm8=?= =?utf-8?B?ZC4gTXVja2FuaWtzXSBbVUsgSGlwLUhvcF0=?= MIME-Version: 1.0 X-Rspamd-Queue-Id: 47P62C5jc8z3Qbx X-Spamd-Bar: +++++++ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gutterprose.com header.s=squarespace header.b=gSLPlQmO; dkim=pass header.d=a1e0.squarespace-mail.com header.s=squarespace header.b=yB3jJk69; dmarc=pass (policy=none) header.from=gutterprose.com; spf=pass (mx1.freebsd.org: domain of 6522.1c.5de00dc9027f9051ed970402.5db9c27df161f862cbc1a721.freebsd-net=freebsd.org@event.a1e0.squarespace-mail.com designates 142.0.181.2 as permitted sender) smtp.mailfrom=6522.1c.5de00dc9027f9051ed970402.5db9c27df161f862cbc1a721.freebsd-net=freebsd.org@event.a1e0.squarespace-mail.com X-Spamd-Result: default: False [7.88 / 15.00]; R_SPF_ALLOW(0.00)[+ip4:142.0.176.0/20:c]; TO_DN_NONE(0.00)[]; URI_COUNT_ODD(1.00)[7]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gutterprose.com:+,a1e0.squarespace-mail.com:+]; DMARC_POLICY_ALLOW(0.00)[gutterprose.com,none]; FORGED_SENDER(0.00)[contact@gutterprose.com,6522.1c.5de00dc9027f9051ed970402.5db9c27df161f862cbc1a721.freebsd-net=freebsd.org@event.a1e0.squarespace-mail.com]; IP_SCORE(0.09)[ipnet: 142.0.180.0/22(0.28), asn: 53658(0.23), country: US(-0.05)]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:53658, ipnet:142.0.180.0/22, country:US]; RCVD_TLS_LAST(0.00)[]; FROM_NEQ_ENVFROM(0.00)[contact@gutterprose.com,6522.1c.5de00dc9027f9051ed970402.5db9c27df161f862cbc1a721.freebsd-net=freebsd.org@event.a1e0.squarespace-mail.com]; ARC_NA(0.00)[]; RSPAMD_URIBL(4.50)[squarespace-mail.com]; R_DKIM_ALLOW(0.00)[gutterprose.com:s=squarespace,a1e0.squarespace-mail.com:s=squarespace]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; FORGED_SENDER_VERP_SRS(0.00)[]; HAS_LIST_UNSUB(-0.01)[]; RCPT_COUNT_ONE(0.00)[1]; BAD_REP_POLICIES(0.10)[]; MANY_INVISIBLE_PARTS(0.30)[4]; NEURAL_SPAM_MEDIUM(1.00)[1.000,0]; NEURAL_SPAM_LONG(1.00)[1.000,0]; ENVFROM_VERP(0.00)[]; GREYLIST(0.00)[pass,body] X-Spam: Yes Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Nov 2019 18:42:28 -0000 SINGLE RELEASE | FOR YOUR CONSIDERATION Gutterprose Records Presents =E2= =80=98PRIME TIME=E2=80=99 BY PRIME SINISTER Hi! I found your email and = thought this single would be of interest to you=2E I would love to star= t a conversation and hopefully work with you=2E =E2=80=98Prime Time=E2=80= =99 is the first single from =E2=80=98Patient Zero=E2=80=99, the second= album by UK hip-hop artist Prime Sinister=2E Prime Sinister, is a 23-y= ear-old Londoner, who, while studying to become a journalist, doubles a= s a full-blown musical revolutionary=2E As the creator of his own rhyme= style, =E2=80=9CSyllablism=E2=80=9D, Prime Sinister has crafted songs = in which every word, line and verse are not only interconnected but for= the first time, symmetrical=2E Prime Sinister=E2=80=99s rhyme style ca= n probably be more simply defined as the consecutive use of rhyming syl= lable patterns=2E But, on listening to it in action, it=E2=80=99s clear= ly more complex=2E The words arrange themselves into sequence =E2=80=93= syllable families, reunited to tell stories of a dystopia, expanding t= hemselves naturally into verses=2E They play out in their natural state= , unpolluted, forming elaborate stories almost independent of interfere= nce from the writer=2E It is the act of relinquishing ego and letting t= he words play themselves out, however disorienting =E2=80=93 it is as i= f the writer does not exist, and we are listening to language unadulter= ated from the manipulations of man=2E The very act of making an album i= n a singular style is a unique experiment in hip-hop =E2=80=93 and Prim= e Sinister has done it with flair in abundance=2E Growing up in London = in the 2000=E2=80=99s, Prime Sinister was exposed to music that would c= hange the course of his life=2E Consuming albums from Nas=E2=80=99 Illm= atic to Dizzee Rascal=E2=80=99s Boy In Da Corner, and encountering the = music of the UK underground, Prime Sinister studied the greatest albums= in hip hop and stumbled across the true hidden potential of the genre = =E2=80=93 and ushering hip-hop writing into the next stage of its evolu= tion as an intricate, intellectual art form=2E =E2=80=98Patient Zero=E2= =80=99 takes place in a city called =E2=80=98Rage=E2=80=99 in an altern= ative universe=2E =E2=80=98Prime Time=E2=80=99, track five, is produced= by world-class production maestro Muckaniks, and features gripping pia= no keys and hard-hitting, modern-sounding drums=2E The song, like the r= est of =E2=80=98Patient Zero=E2=80=99, recounts otherworldly stories of= misery and triumph=2E Filled with abstract rhymes and metaphors, the s= ong captivates and engages the listener throughout=2E WE WOULD LOVE TO = COLLABORATE WITH YOU! STREAM =E2=80=98PRIME TIME=E2=80=99 ON SPOTIFY AN= D APPLE MUSIC HERE: SPOTIFY APPLE MUSIC BUY/STREAM THE SINGLE ON BANDCA= MP Gutterprose Records, 390 Hanworth Road, Hounslow,, London, United Ki= ngdom Unsubscribe From owner-freebsd-net@freebsd.org Thu Nov 28 19:05:27 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 969A91B3EF3 for ; Thu, 28 Nov 2019 19:05:27 +0000 (UTC) (envelope-from hps@selasky.org) Received: from mail.turbocat.net (turbocat.net [IPv6:2a01:4f8:c17:6c4b::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47P6Xk5LKqz3xRl for ; Thu, 28 Nov 2019 19:05:26 +0000 (UTC) (envelope-from hps@selasky.org) Received: from hps2016.home.selasky.org (unknown [62.141.129.235]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by mail.turbocat.net (Postfix) with ESMTPSA id 3958E260108; Thu, 28 Nov 2019 20:05:25 +0100 (CET) Subject: Re: ix0 and ix1 ifconfig options different on Supermicro board To: BulkMailForRudy , freebsd-net@freebsd.org References: <9f75e32b-be73-cfb8-b80d-1b2eff1caf17@monkeybrains.net> From: Hans Petter Selasky Message-ID: <5643026b-d82c-12cb-5ee0-0b17d704219b@selasky.org> Date: Thu, 28 Nov 2019 20:02:34 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.1.2 MIME-Version: 1.0 In-Reply-To: <9f75e32b-be73-cfb8-b80d-1b2eff1caf17@monkeybrains.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 47P6Xk5LKqz3xRl X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of hps@selasky.org designates 2a01:4f8:c17:6c4b::2 as permitted sender) smtp.mailfrom=hps@selasky.org X-Spamd-Result: default: False [-4.92 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:mail.turbocat.net:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[selasky.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-2.62)[ip: (-9.18), ipnet: 2a01:4f8::/29(-2.34), asn: 24940(-1.58), country: DE(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Nov 2019 19:05:27 -0000 On 2019-11-27 18:50, BulkMailForRudy wrote: >   iperf3 -c 10.1.1.1 -P 4  --->  5.1Gbps I think iperf3 is single-threaded multiple connections. While iperf use multiple threads .... --HPS From owner-freebsd-net@freebsd.org Thu Nov 28 22:51:13 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7FE551BB090 for ; Thu, 28 Nov 2019 22:51:13 +0000 (UTC) (envelope-from woodsb02@gmail.com) Received: from mail-vk1-xa36.google.com (mail-vk1-xa36.google.com [IPv6:2607:f8b0:4864:20::a36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47PCYD1Qvtz4Byt; Thu, 28 Nov 2019 22:51:12 +0000 (UTC) (envelope-from woodsb02@gmail.com) Received: by mail-vk1-xa36.google.com with SMTP id u6so4485029vkn.13; Thu, 28 Nov 2019 14:51:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=14Ske9bLwaPHOs1Da5aWAY+LCViCmhS+EsVBGC63IFM=; b=X/haHJVpJhID9HRMXeODxZz+/i0tjuccI4PXWuvt+8eqS/NuovFhX2o4eOGO94+YwZ cu5JjjpGoX87LCm8SxvY1Sv8T42Lp31T5RP2IpyD5OyYhLfiT9E11MnsuQvvga5JVidO EJsU84pPm1UsdiES4MeSfwcR3xviBTqqLrMgfuVaMwgy3M0VCl6nsBwyr3wzYVkQIK0D LFGQDZJpU1ieN0J1+lcVyTMEzXEYVb6iJEsfTQwQrvUpahRmHYDKjKp+HSK6KzAJAkj7 cwit2bb0WgNbIK74Xjq9gKnYQ9W3fWMXkybG+ljRREZ0zu/qY1PuU3Nr1JqShtpVFo5M oDyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=14Ske9bLwaPHOs1Da5aWAY+LCViCmhS+EsVBGC63IFM=; b=Cg24p6GmDgTHYA556W6jibRxX14VJpCHulKSYn4WLn3+R3dVH7r44TZopzsPvq1a8l YQOvI9NMmmEFHrZVtgGVnFzOs46kC0d2r0uw/gYKTdxwethuDV5Oj+MEJAJcCXSNkXL8 f1l1na9u5wKcvvXx5AXeBNlkG/Gyk7lpTfqPTurkIPLqlZLnkkdgZkFOaTzOuXXyerjt 2XVxJxz4T2ETv+hsGYYkbhYKPrvTlh0NXmOt04vXNKrwYEFMIKdHVILdMazbJcKDx+Sp HmN98y5rtlxYnemi9yjMa2n0MzGbyEIBXPRfjvCdws1OiNby5Rlr/91j1EToaRZwnRav EiSg== X-Gm-Message-State: APjAAAW+wCaEjLwN0YCkOI3Z6trL8Nq31oRGiWwsPoOCTKPdJahVW0Ay Ezu1Jd2vHIJotljydatD35umEG7CVAqnLozo9FaRpvz0 X-Google-Smtp-Source: APXvYqwytkD3jSQxQfvV11PwIVX7d+corPhM1S9nUR7JRGvoEYyx7+9v5IOsOHOauAeYdC04LZCFGzun+7tFR8K3T0s= X-Received: by 2002:a1f:e086:: with SMTP id x128mr2036835vkg.32.1574981470958; Thu, 28 Nov 2019 14:51:10 -0800 (PST) MIME-Version: 1.0 References: <20191014.043209.919156653743886519.hrs@allbsd.org> <20191015.215732.1618848784026596315.hrs@allbsd.org> In-Reply-To: <20191015.215732.1618848784026596315.hrs@allbsd.org> From: Ben Woods Date: Fri, 29 Nov 2019 06:50:59 +0800 Message-ID: Subject: Re: DHCPv6 client in base To: Hiroki Sato Cc: brooks@freebsd.org, driesm.michiels@gmail.com, freebsd-net@freebsd.org, hrs@freebsd.org, julian@freebsd.org, roy@marples.name X-Rspamd-Queue-Id: 47PCYD1Qvtz4Byt X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=X/haHJVp; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of woodsb02@gmail.com designates 2607:f8b0:4864:20::a36 as permitted sender) smtp.mailfrom=woodsb02@gmail.com X-Spamd-Result: default: False [-1.50 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCPT_COUNT_SEVEN(0.00)[7]; RCVD_IN_DNSWL_NONE(0.00)[6.3.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(0.00)[ip: (-9.28), ipnet: 2607:f8b0::/32(-2.26), asn: 15169(-1.94), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; SUSPICIOUS_RECIPS(1.50)[] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Nov 2019 22:51:13 -0000 On Tue, 15 Oct 2019 at 9:00 pm, Hiroki Sato wrote: > Roy Marples wrote > in : > ro> Sorry if it was not clear. The discussion involves what is the > ro> required acceptance for Priviledge Seperation because this is quite > ro> new to me. > ro> > ro> My current idea is to open DHCP, IPv6RA and DHCP6 ports, chroot, drop > ro> privs and fork. This concept is pretty standard thus far. These are > ro> listening ports only and will dry-run any received message through > ro> dhcpcd's two commons paths: > ro> 1) extract address and routing information without applying it > ro> 2) environment option generation from the whole message > > A typical separation is three process model which contains > processes for 1) sending/accepting packets (and parsing them), 2) > state machine for each protocol handling, and 3) global namespace > access (file, routing socket, network interface state, etc). The > superuser privilege can be dropped in 1) and 2) completely. 1) and > 3) communicate with 2) on demand or event-driven basis. 1) do not > communicate directly with 3). Protocol-specific routines are in 1) > and 2)---the former handles its wire-format, and the latter deals > with protocol-specific state machines. > > However, this is often an overkill for a small, single-protocol > network daemon. A two process model which contains one for 1)+2) and > another for 3) above is used in sbin/dhclient, for example. I think > this separation is the minimum level. 3) performs privileged tasks > such as ioctls for network interfaces. > > I believe the three process model is appropriate for dhcpcd because > of the nature of multi-protocol support. Parsing is one of the > attack surfaces. For instances, a dhcp6_findoption() loop in > dhcp6_recv() should be in process 1 and changes of D6_STATE(ifp) > should be managed in process 2. The current dhcp6_bind() directly > uses dhcp6_findmoption() to extract options from a DHCP message on > demand and also directly accesses the global namespace by using > dhcp6_writelease(ifp). These packet inspection and file access can > be replaced with IPC requests to process 1 or 3 in the model, and it > can be realized without a big structural change to the original logic > in dhcp6.c (though it requires a certain amount of changes to the > current code). > > In the ideal world everything should work fine and this kind of > separation just sounds to make the program complex unnecessary, but > an incomplete separation between the possible attack surfaces and > access to the global namespace does not provide a good security even > if the superuser privilege dropped. Hi Everyone, FYI, Roy (upstream dhcpcd developer) has recently committed privilege separation to dhcpcd. It is not yet enabled by default until he gets more feedback from others that it is working ok. I intend to update the FreeBSD port to enable this feature (perhaps with a =E2=80=9C-devel=E2=80=9D port) to allow it to be te= sted more easily on FreeBSD. Mailing list message: https://roy.marples.name/archives/dhcpcd-discuss/0002711.html Commit: https://github.com/rsmarples/dhcpcd/commit/d5786118da1bad4c247631cae86344f1= b249a8cb Regards, Ben > -- -- From: Benjamin Woods woodsb02@gmail.com From owner-freebsd-net@freebsd.org Fri Nov 29 01:02:35 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4ECB31BE412 for ; Fri, 29 Nov 2019 01:02:35 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47PGSp0ZnPz4Jfc for ; Fri, 29 Nov 2019 01:02:33 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=9FUYjDTJxxzRHIlDrBPcavWmmYMtI6FCOWeDEV+FtoU=; b=O1rNnSdT5XQNJ4IXvZIOuYC/Tw zpSzpHuSR3iPOHmJB8mO5HGqeNVSUlIG+pZEx08hi8XWDGVrPPNefEAatS8NvJCXAD6pq2GYQ+flA 0jyFxGyKaZWeXj08SfPpjeBuHub/t1VT95EgLTa4PSPSVZJa2S/N97E7JvQI/oUH6was=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iaUfy-000HqQ-82 for freebsd-net@freebsd.org; Fri, 29 Nov 2019 08:02:26 +0700 Date: Fri, 29 Nov 2019 08:02:26 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: Re: Several hosts behind a caching resolver Message-ID: <20191129010226.GA68412@admin.sibptus.ru> References: <20191124123451.GA6593@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="y0ulUmNC+osPPQO6" Content-Disposition: inline In-Reply-To: <20191124123451.GA6593@admin.sibptus.ru> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47PGSp0ZnPz4Jfc X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=O1rNnSdT; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.42 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.32)[ip: (-9.86), ipnet: 2001:19f0:5000::/38(-4.93), asn: 20473(-1.76), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Nov 2019 01:02:35 -0000 --y0ulUmNC+osPPQO6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Any more opinions please if DNS queries leak information about the internal network topology and size to the resolver? It would be interesting to consider 2 separate cases: 1. The internal network is NATed. 2. The internal network is IPv6 with ipv6_privacy=3D"YES" Victor Sudakov wrote: > Dear Colleagues, >=20 > Several hosts of the local network use a FreeBSD server with BIND or > local-unbound as a caching resolver. Let's call it "Resolver A." > Resolver A forwards all queries to another resolver, e.g. 8.8.8.8 or > some other, let's call it "Resolver B." >=20 > Can the operator of Resolver B figure out how many clients there are > behind Resolver A, or obtain any other information about the hosts on > the said local network (like their operating system etc)? In other > words, does Resolver A effectively anonymize the queries, or is some > information about the internal network leaking? >=20 > --=20 > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > 2:5005/49@fidonet http://vas.tomsk.ru/ --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --y0ulUmNC+osPPQO6 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd4G4iAAoJEA2k8lmbXsY0aD0H/0BTJQ8EbfK9n0PJBbg7EevI jXKkeuippeCEqXXH5CKAKA+2uaDbGx8fCya3vpDHlxPFA2LPcWM51Cg3V9cH8Ews tMZgzj0pRInKT6jzr8j/HpewtYXayc4JRFqLEweVEFlU+uTcni/tTEQw4HdOFS+u ztS+XhhqAmrNf3L5IpsUZ4XGEPGRm0WRL/OgSKVRWknP8vsJzvGfXA4I7cqMTtTJ /Jg7l3lgD6O8olIEJzA8pbtmuHz+TJm8Ke341vtzSxFSEyY42zlkZefJCakl4eLv 53NjLqc6jEPgu9boMGxjC40Mssspbn+coLxjUDzB1YqKdGsGRw9gJ0fMvR9188M= =shfD -----END PGP SIGNATURE----- --y0ulUmNC+osPPQO6-- From owner-freebsd-net@freebsd.org Fri Nov 29 01:40:31 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 223171BF212 for ; Fri, 29 Nov 2019 01:40:31 +0000 (UTC) (envelope-from roy@marples.name) Received: from relay2.marples.name (relay2.marples.name [77.68.23.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "relay2.marples.name", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47PHJY2Kwkz4Kmp for ; Fri, 29 Nov 2019 01:40:28 +0000 (UTC) (envelope-from roy@marples.name) Received: from mail.marples.name (cpc115040-bour7-2-0-cust370.15-1.cable.virginm.net [81.108.15.115]) by relay2.marples.name (Postfix) with ESMTPS id C3E90770 for ; Fri, 29 Nov 2019 01:40:20 +0000 (UTC) Received: from [10.73.1.30] (unknown [10.73.1.30]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.marples.name (Postfix) with ESMTPSA id F24121CD5C6; Fri, 29 Nov 2019 01:39:54 +0000 (GMT) Subject: Re: DHCPv6 client in base To: Ben Woods , Hiroki Sato Cc: brooks@freebsd.org, driesm.michiels@gmail.com, freebsd-net@freebsd.org, hrs@freebsd.org, julian@freebsd.org References: <20191014.043209.919156653743886519.hrs@allbsd.org> <20191015.215732.1618848784026596315.hrs@allbsd.org> From: Roy Marples Message-ID: <26ba64b2-7c94-f4cf-980d-bcab8aa83bf7@marples.name> Date: Fri, 29 Nov 2019 01:40:19 +0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 47PHJY2Kwkz4Kmp X-Spamd-Bar: - X-Spamd-Result: default: False [-1.04 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[marples.name:s=mail]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:relay2.marples.name]; NEURAL_HAM_LONG(-0.99)[-0.994,0]; TAGGED_RCPT(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.996,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[marples.name:+]; DMARC_POLICY_ALLOW(-0.50)[marples.name,quarantine]; RCPT_COUNT_SEVEN(0.00)[7]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(0.45)[asn: 8560(2.28), country: DE(-0.01)]; ASN(0.00)[asn:8560, ipnet:77.68.0.0/17, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; SUSPICIOUS_RECIPS(1.50)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Nov 2019 01:40:31 -0000 On 28/11/2019 22:50, Ben Woods wrote: > It is not yet enabled by default until he gets more feedback from others > that it is working ok. I intend to update the FreeBSD port to enable > this feature (perhaps with a “-devel” port) to allow it to be tested > more easily on FreeBSD. Please add it as a new port - don't want to affect any current dhcpcd users with privsep issues. I've already fixed a few issues based some initial feedback, but there is an outstanding issue where dhcpcd will occasionally hang when exiting. Roy From owner-freebsd-net@freebsd.org Sat Nov 30 02:52:19 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E92AF1C63DD for ; Sat, 30 Nov 2019 02:52:19 +0000 (UTC) (envelope-from woodsb02@gmail.com) Received: from mail-ua1-x932.google.com (mail-ua1-x932.google.com [IPv6:2607:f8b0:4864:20::932]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47Pwry3g6Xz4bjV; Sat, 30 Nov 2019 02:52:18 +0000 (UTC) (envelope-from woodsb02@gmail.com) Received: by mail-ua1-x932.google.com with SMTP id 31so9801431uas.9; Fri, 29 Nov 2019 18:52:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=U1CF+NzGVgUH7wUHjduStnxCFMiMHE3RYGMHNoCz4/g=; b=FXW8MLqyXkwMlob+YV+E2pbIz7C2T70AT8iW/3iRi8t9qXPSIYz7U0Ja9Sx1qu0GZK M7aQLqbsYmj9F7HFIBYP8lMenugIK4OpulB3I4ErJHx6sNM1E6ZV69tLlw47lkkuMgfj v/H0L9X2fsG5xzCFucv9X1GR1RvV8axjV/up1ELACFut9aZ4D8PILyRZA1rGUVhZ9x9C za1/YbCPvUj4Sz/xNQp0MAETxNLwldX0lWwNJ+2FkOWnMwvHe/JVcbjSH6EHbv8ZqavA 7+EtIKB5J+LB9iHAtpWh7A0FEcNHOb81PzcsA2br1wN84bzl5jWalazhBl13gsvcHdaZ 9Fdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=U1CF+NzGVgUH7wUHjduStnxCFMiMHE3RYGMHNoCz4/g=; b=UaccWYlUj/CXISqP9xtJv03ufNilnP6dlZ81zKzTunw3Xme434hGJmFzT9vWQq+IL/ O7nsweRrFnJG5fHESOXyd/L3fP+Coti1jiDdawXaBOTK58hhxJ6hH9sja25W3X8FWWw4 8q9d4TVqEehwGYuDWvC2s3EOk2Nx9gk+B42vjUE0Y6KVWPGKIuVvmduYy3jvBy9K2L7U qIVGqj8hRE3q6/jLqqvfCHj4shLC/2UY7A5Wx+YT8sJ6CUiZZDRw29slnQCdXgn6r+vk /VzVh+Y3e2WVZiBuGzF5+8NVUNI7YH2TUn+mBXPD7c3iwRfRZvuWPpqd8sAKfQl+RS1E b+fg== X-Gm-Message-State: APjAAAWypJV7+CMZ47G+MyuAR/JcuH5WtTu72Ka0harMZrsrN2BVhrOu j/3oH5lb9NxfzDDNPwktgtoYvmaqifIuBeVdLqc= X-Google-Smtp-Source: APXvYqx8otVJLfKf5LFsmC7Bf9qjzzsDlySjqXeAU+Bsn04cLzQcApZgSwxnPTb6qzdWHSBgMY/NoV+s8mRMAaUapgw= X-Received: by 2002:ab0:49e9:: with SMTP id f38mr11563953uad.71.1575082336671; Fri, 29 Nov 2019 18:52:16 -0800 (PST) MIME-Version: 1.0 References: <20191014.043209.919156653743886519.hrs@allbsd.org> <20191015.215732.1618848784026596315.hrs@allbsd.org> <26ba64b2-7c94-f4cf-980d-bcab8aa83bf7@marples.name> In-Reply-To: <26ba64b2-7c94-f4cf-980d-bcab8aa83bf7@marples.name> From: Ben Woods Date: Sat, 30 Nov 2019 10:52:05 +0800 Message-ID: Subject: Re: DHCPv6 client in base To: Roy Marples Cc: Hiroki Sato , Brooks Davis , driesm.michiels@gmail.com, freebsd-net , Hiroki Sato , Julian Elischer X-Rspamd-Queue-Id: 47Pwry3g6Xz4bjV X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=FXW8MLqy; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of woodsb02@gmail.com designates 2607:f8b0:4864:20::932 as permitted sender) smtp.mailfrom=woodsb02@gmail.com X-Spamd-Result: default: False [-1.50 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2.3.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; RCPT_COUNT_SEVEN(0.00)[7]; IP_SCORE(0.00)[ip: (-9.62), ipnet: 2607:f8b0::/32(-2.25), asn: 15169(-1.94), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; SUSPICIOUS_RECIPS(1.50)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Nov 2019 02:52:20 -0000 On Fri, 29 Nov 2019 at 09:40, Roy Marples wrote: > On 28/11/2019 22:50, Ben Woods wrote: > > It is not yet enabled by default until he gets more feedback from other= s > > that it is working ok. I intend to update the FreeBSD port to enable > > this feature (perhaps with a =E2=80=9C-devel=E2=80=9D port) to allow it= to be tested > > more easily on FreeBSD. > > Please add it as a new port - don't want to affect any current dhcpcd > users with privsep issues. > > I've already fixed a few issues based some initial feedback, but there > is an outstanding issue where dhcpcd will occasionally hang when exiting. > > Roy > Hi Roy, I have just added the new port net/dhcpcd-devel which uses the latest commit (273915d), and enables privilege separation. So far it seems to be working ok for me! Couple of comments / questions: 1. I have setup the low privileged user to be the existing FreeBSD user "_dhcp" [1]. Using a global CFLAG for this seems a bit clunky - it might be nicer if this could either be a configure option or a runtime option. 2. I have configured both /var/db/dhcpcd/ and /var/run/dhcpcd/ to have owner:group as _dhcp:_dhcp (the low privilege processes will have both read and write access to these folders). Is that correct? I note that the commit message referenced below [2] states read access is required to /var/db/dhcpcd/, but the text added to README.md states write access is required. 3. Can you please confirm the output below [3] looks right / matches your privilege separation design? [1] https://svnweb.freebsd.org/ports/head/net/dhcpcd-devel/Makefile?revision=3D= 518697&view=3Dmarkup#l26 [2] https://roy.marples.name/cgit/dhcpcd.git/commit/?id=3D0e5bfa4eb22f7b6412d23= b9548bf157f9fea88c2 [3] privilege separation output: # ps auxwwd | grep dhcpcd _dhcp 7652 0.0 0.0 12232 3012 - S 10:25 0:00.00 |-- dhcpcd: [master] [ip4] [ip6] (dhcpcd) root 7878 0.0 0.0 11724 2852 - S 10:25 0:00.00 | |-- dhcpcd: [privileged actioneer] (dhcpcd) _dhcp 10455 0.0 0.0 11724 2852 - S 10:25 0:00.00 | | `-- dhcpcd: [BPF ARP] wlan0 (dhcpcd) _dhcp 7903 0.0 0.0 11696 2844 - S 10:25 0:00.00 | `-- dhcpcd: [network proxy] (dhcpcd) # ls -lah /var/db/dhcpcd/ drwxr-xr-x 2 _dhcp _dhcp 3B Nov 30 10:28 . drwxr-xr-x 19 root wheel 34B Nov 30 10:28 .. -rw-r--r-- 1 _dhcp _dhcp 300B Nov 30 10:28 wlan0-mySSIDname.lease # ls -lah /var/run/dhcpcd/ drwxr-xr-x 3 _dhcp _dhcp 6B Nov 30 10:28 . drwxr-xr-x 20 root wheel 48B Nov 30 10:28 .. drwxr-xr-x 3 root _dhcp 3B Nov 30 10:28 hook-state -rw-r--r-- 1 _dhcp _dhcp 6B Nov 30 10:28 pid srw-rw---- 1 _dhcp _dhcp 0B Nov 30 10:28 sock srw-rw-rw- 1 _dhcp _dhcp 0B Nov 30 10:28 unpriv.sock # ls -lah /var/run/dhcpcd/hook-state/ drwxr-xr-x 3 root _dhcp 3B Nov 30 10:28 . drwxr-xr-x 3 _dhcp _dhcp 6B Nov 30 10:28 .. drwxr-xr-x 2 root _dhcp 2B Nov 30 10:28 ntp.conf # ls -lah /var/run/dhcpcd/hook-state/ntp.conf/ drwxr-xr-x 2 root _dhcp 2B Nov 30 10:28 . drwxr-xr-x 3 root _dhcp 3B Nov 30 10:28 .. Regards, Ben From owner-freebsd-net@freebsd.org Sat Nov 30 03:24:01 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 143F81C6E96 for ; Sat, 30 Nov 2019 03:24:01 +0000 (UTC) (envelope-from roy@marples.name) Received: from relay2.marples.name (relay2.marples.name [77.68.23.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "relay2.marples.name", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47PxYW3g0cz4dBx for ; Sat, 30 Nov 2019 03:23:59 +0000 (UTC) (envelope-from roy@marples.name) Received: from mail.marples.name (cpc115040-bour7-2-0-cust370.15-1.cable.virginm.net [81.108.15.115]) by relay2.marples.name (Postfix) with ESMTPS id 37CFE774 for ; Sat, 30 Nov 2019 03:23:49 +0000 (UTC) Received: from [10.73.1.30] (unknown [10.73.1.30]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.marples.name (Postfix) with ESMTPSA id 2BA671CD653; Sat, 30 Nov 2019 03:23:16 +0000 (GMT) Subject: Re: DHCPv6 client in base To: Ben Woods Cc: Hiroki Sato , Brooks Davis , driesm.michiels@gmail.com, freebsd-net , Hiroki Sato , Julian Elischer References: <20191014.043209.919156653743886519.hrs@allbsd.org> <20191015.215732.1618848784026596315.hrs@allbsd.org> <26ba64b2-7c94-f4cf-980d-bcab8aa83bf7@marples.name> From: Roy Marples Message-ID: <6da62112-c926-f232-c66e-e1b6f2f43f14@marples.name> Date: Sat, 30 Nov 2019 03:23:45 +0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 47PxYW3g0cz4dBx X-Spamd-Bar: - X-Spamd-Result: default: False [-1.02 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[marples.name:s=mail]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:relay2.marples.name]; NEURAL_HAM_LONG(-0.99)[-0.990,0]; TAGGED_RCPT(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; NEURAL_HAM_MEDIUM(-0.99)[-0.990,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[marples.name:+]; DMARC_POLICY_ALLOW(-0.50)[marples.name,quarantine]; RCPT_COUNT_SEVEN(0.00)[7]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(0.46)[asn: 8560(2.29), country: DE(-0.01)]; ASN(0.00)[asn:8560, ipnet:77.68.0.0/17, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; SUSPICIOUS_RECIPS(1.50)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Nov 2019 03:24:01 -0000 Hey Ben On 30/11/2019 02:52, Ben Woods wrote: > I have just added the new port net/dhcpcd-devel which uses the latest > commit (273915d), and enables privilege separation. > > So far it seems to be working ok for me! Good! I've had a fair bit of feedback from the initial commit and the latest (which you've imported) has everything fixed thus far. > Couple of comments / questions: > 1. I have setup the low privileged user to be the existing FreeBSD user > "_dhcp" [1]. Using a global CFLAG for this seems a bit clunky - it might > be nicer if this could either be a configure option or a runtime option. pkgsrc and NetBSD Makefiles seem to define the user via CFLAGS. I don't see any standard configure option for this, which is why it's currently how it is. If dhcpcd is imported, then configure generally isn't run, so CFLAGS makes sense to me. > 2. I have configured both /var/db/dhcpcd/ and /var/run/dhcpcd/ to have > owner:group as _dhcp:_dhcp (the low privilege processes will have both > read and write access to these folders). Is that correct? I note that > the commit message referenced below [2] states read access is required > to /var/db/dhcpcd/, but the text added to README.md states write access > is required. The README.md is correct, the commit comment is wrong. The unpriviledged user needs to write to the db directory - for example, new lease files. > 3. Can you please confirm the output below [3] looks right / matches > your privilege separation design? > > [1] > https://svnweb.freebsd.org/ports/head/net/dhcpcd-devel/Makefile?revision=518697&view=markup#l26 > [2] > https://roy.marples.name/cgit/dhcpcd.git/commit/?id=0e5bfa4eb22f7b6412d23b9548bf157f9fea88c2 > [3] privilege separation output: > > # ps auxwwd | grep dhcpcd > _dhcp       7652    0.0  0.0    12232   3012  -  S    10:25      0:00.00 > |-- dhcpcd: [master] [ip4] [ip6] (dhcpcd) > root        7878    0.0  0.0    11724   2852  -  S    10:25      0:00.00 > | |-- dhcpcd: [privileged actioneer] (dhcpcd) > _dhcp      10455    0.0  0.0    11724   2852  -  S    10:25      0:00.00 > | | `-- dhcpcd: [BPF ARP] wlan0 (dhcpcd) > _dhcp       7903    0.0  0.0    11696   2844  -  S    10:25      0:00.00 > | `-- dhcpcd: [network proxy] (dhcpcd) Only the privileged actioneer process runs as the privileged user, so yes it does match the design. The other process are chrooted to the unprivileged users home directory. Here's a list of the operations the priviledged actioneer performs: * write to ioctl(2) * write to route(4) * posix_spawn(3) the dhcpcd-run-hooks script * open BPF {BOOTP,ARP} on demand * bind to an address:{BOOTPC,dhcpv6-client} port on demand The latter two operations spawn process per protocol/address and drop privs as soon as the socket is bound. The last operation is needed when dhcpcd is not running in master mode. Hopefully this helps SomeOne (TM) write FreeBSD capsicum support. > > # ls -lah /var/db/dhcpcd/ > drwxr-xr-x   2 _dhcp  _dhcp     3B Nov 30 10:28 . > drwxr-xr-x  19 root   wheel    34B Nov 30 10:28 .. > -rw-r--r--   1 _dhcp  _dhcp   300B Nov 30 10:28 wlan0-mySSIDname.lease > > # ls -lah /var/run/dhcpcd/ > drwxr-xr-x   3 _dhcp  _dhcp     6B Nov 30 10:28 . > drwxr-xr-x  20 root   wheel    48B Nov 30 10:28 .. > drwxr-xr-x   3 root   _dhcp     3B Nov 30 10:28 hook-state > -rw-r--r--   1 _dhcp  _dhcp     6B Nov 30 10:28 pid > srw-rw----   1 _dhcp  _dhcp     0B Nov 30 10:28 sock > srw-rw-rw-   1 _dhcp  _dhcp     0B Nov 30 10:28 unpriv.sock > > # ls -lah /var/run/dhcpcd/hook-state/ > drwxr-xr-x  3 root   _dhcp     3B Nov 30 10:28 . > drwxr-xr-x  3 _dhcp  _dhcp     6B Nov 30 10:28 .. > drwxr-xr-x  2 root   _dhcp     2B Nov 30 10:28 ntp.conf > > # ls -lah /var/run/dhcpcd/hook-state/ntp.conf/ > drwxr-xr-x  2 root  _dhcp     2B Nov 30 10:28 . > drwxr-xr-x  3 root  _dhcp     3B Nov 30 10:28 .. All looks fine. Roy