From owner-freebsd-net@freebsd.org Sun Dec 15 10:46:48 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 613891E93AB for ; Sun, 15 Dec 2019 10:46:48 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward106j.mail.yandex.net (forward106j.mail.yandex.net [5.45.198.249]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47bLgV6B3Jz4Ps0 for ; Sun, 15 Dec 2019 10:46:46 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback1o.mail.yandex.net (mxback1o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1b]) by forward106j.mail.yandex.net (Yandex) with ESMTP id 0FEA111A11F6; Sun, 15 Dec 2019 13:46:44 +0300 (MSK) Received: from sas1-e00c2743cdb8.qloud-c.yandex.net (sas1-e00c2743cdb8.qloud-c.yandex.net [2a02:6b8:c14:3a22:0:640:e00c:2743]) by mxback1o.mail.yandex.net (mxback/Yandex) with ESMTP id 16YkFkw7wM-khGqmado; Sun, 15 Dec 2019 13:46:44 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1576406804; bh=tJ5dYjaok1egZhhyoTzrWVQRz9vxmgOC8QV9f2GDz6E=; h=In-Reply-To:From:Date:References:To:Subject:Message-ID; b=Jdu4iOZ8pLG6Xc3Hq2yRWtmQifgOAKfGlmt21i+MItLC8w4vLhi5ak/AMS566pUi6 3QzPiJ1sc062SFy+Ocs4kVEY9dSFs96qPvDIPocNHYP+ny4ngXzcEcbBpW5hpigWfl aVHukLYT0cDzshRY2uzaIbdlZCPZ1Ak0Lq7xKY9U= Received: by sas1-e00c2743cdb8.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id nOrIX08COC-khTGKbrH; Sun, 15 Dec 2019 13:46:43 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) Subject: Re: NAT64 return traffic vanishes after successful de-alias To: "John W. O'Brien" , FreeBSD Networking References: <9f3ee846-1357-0b73-cc0f-e001ea74b15c@saltant.com> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= mQENBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAG0JUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT6JATgEEwECACIFAkwB F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+ +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAy5AQ0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAYkBHwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <52463470-973e-aa5f-73f5-dd9ba39edf79@yandex.ru> Date: Sun, 15 Dec 2019 13:44:04 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <9f3ee846-1357-0b73-cc0f-e001ea74b15c@saltant.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="tTIAUWYK7MpBr2IY9LJbgeylmbfFE50kq" X-Rspamd-Queue-Id: 47bLgV6B3Jz4Ps0 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.ru header.s=mail header.b=Jdu4iOZ8; dmarc=pass (policy=none) header.from=yandex.ru; spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates 5.45.198.249 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru X-Spamd-Result: default: False [-6.20 / 15.00]; R_SPF_ALLOW(-0.20)[+ip4:5.45.192.0/19]; FREEMAIL_FROM(0.00)[yandex.ru]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[yandex.ru:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-9.67), ipnet: 5.45.192.0/18(-4.80), asn: 13238(-3.78), country: RU(0.01)]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[249.198.45.5.list.dnswl.org : 127.0.5.1]; ASN(0.00)[asn:13238, ipnet:5.45.192.0/18, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail]; FROM_HAS_DN(0.00)[]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; IP_SCORE_FREEMAIL(0.00)[]; DWL_DNSWL_LOW(-1.00)[yandex.ru.dwl.dnswl.org : 127.0.5.1]; TO_MATCH_ENVRCPT_SOME(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Dec 2019 10:46:48 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --tTIAUWYK7MpBr2IY9LJbgeylmbfFE50kq Content-Type: multipart/mixed; boundary="lEm04Vdv3ByYslfGqv7gTEtUbBadc1Fqq"; protected-headers="v1" From: "Andrey V. Elsukov" To: "John W. O'Brien" , FreeBSD Networking Message-ID: <52463470-973e-aa5f-73f5-dd9ba39edf79@yandex.ru> Subject: Re: NAT64 return traffic vanishes after successful de-alias References: <9f3ee846-1357-0b73-cc0f-e001ea74b15c@saltant.com> In-Reply-To: <9f3ee846-1357-0b73-cc0f-e001ea74b15c@saltant.com> --lEm04Vdv3ByYslfGqv7gTEtUbBadc1Fqq Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 14.12.2019 22:54, John W. O'Brien wrote: > Hello FreeBSD Networking, >=20 > As the subject summarizes, I have a mostly-working NAT64 rig, but retur= n > traffic is disappearing, and I haven't been able to figure out why. I > observe the post-translation (4-to-6) packets via ipfwlog0, but a simpl= e > ipfw counter rule ipfw matches nothing. I suspect you have disabled IPv6 on the interface, where IPv4 address is configured. Check that IFDISABLED flag is not set on the IPv4 side interface. When NAT64 does translation, by default it reschedules a packet again on the same interface, but from another address family, so if you have disabled IPv6, a packet will be just dropped by ip6_input. You can enable IPv6 by the following command: # ifconfig igb0 inet6 -ifdisabled --=20 WBR, Andrey V. Elsukov --lEm04Vdv3ByYslfGqv7gTEtUbBadc1Fqq-- --tTIAUWYK7MpBr2IY9LJbgeylmbfFE50kq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl32DnQACgkQAcXqBBDI oXo3fAf/VZqlnFUvNBBEZ9DHY6Na0jabyMwUlqQrtz4Ax0hNdzWx4kL6U1LsM7r5 Y/IJXZkSJZcsOTj6mGbJ6asv9NVcAxRRh0xcA0nLpQx77a4QxA5cqBEOEZQJJkT3 5GqFYOIDGnQKf3i/fI9CB8STbVnuGzG5N8N9ekYBJgxAuJ8W/3/wyyYuKJfaiyt2 QQtB7ZvXmqAHmqCCAl0YLCkuZX17aP7EgPA70D4ddKL+Nfy5P4RUP02jmqNiYXtp hfv+8xc6nVHl7hj9PH6fUB9cyTDpW1+vS5/guFhttWqtqOfZntKPJL1glkVlfFWR eU5dWwv9vCGDwEzEyzdlMrmDdFe7dA== =Pzbk -----END PGP SIGNATURE----- --tTIAUWYK7MpBr2IY9LJbgeylmbfFE50kq-- From owner-freebsd-net@freebsd.org Sun Dec 15 16:15:37 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 556421C817D for ; Sun, 15 Dec 2019 16:15:37 +0000 (UTC) (envelope-from john@saltant.com) Received: from twaddle.saltant.net (twaddle.saltant.net [72.78.188.147]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47bTyw1tzFz4fcW for ; Sun, 15 Dec 2019 16:15:35 +0000 (UTC) (envelope-from john@saltant.com) Received: from dither.saltant.net (dither.saltant.net [IPv6:2001:470:8d6f:1001::3]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by twaddle.saltant.net (Postfix) with ESMTPSA id 4E71D2AEBA; Sun, 15 Dec 2019 11:15:34 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=saltant.com; s=twaddle; t=1576426534; bh=U1fpFHNwewl7k7V2Jtf0S/X08VtlED6sIpezMbO6pJY=; h=Subject:To:References:From:Date:In-Reply-To; b=FAOSDhBWZ2t0//JlpRrW1YhkGJzcBrlco6fLQJBMP266/4xvSbKdGpxfjANcWq778 aj//Us2ZaIFb8W+uZQe+4UiqMzy22jjK8eLrvvajJ7wdVnGtm5SO0YkPknOYNK6zbx kGq5gPwuB1QgxY1sNjufUHaph7Bmvym0ibbGi4TlEoXZIxD9x11adyqrJat4ESYlj5 t0XjxArfcvtdqByOB9DiTfCY5mD/pascjJbVmz+nJLzcsgNGqIWJhHcqZ3k9sBnXtr igV22+r9yGOq+eAge0ek4Qja5lGmnoWHSYoIKNna35rQBvw6I3586OCwxAJFpdwRMe U3t/Ge+vVHRNA== Subject: Re: NAT64 return traffic vanishes after successful de-alias To: "Andrey V. Elsukov" , FreeBSD Networking References: <9f3ee846-1357-0b73-cc0f-e001ea74b15c@saltant.com> <52463470-973e-aa5f-73f5-dd9ba39edf79@yandex.ru> From: "John W. O'Brien" Autocrypt: addr=john@saltant.com; prefer-encrypt=mutual; keydata= mQINBFpcMG0BEACeAEQ0ZTUEH+6B8XIBid2H8g1yY+niHxVphqz8JwnQtYX+bS+Kl3vr783F HH81DEbfPtYgHY53NF9FjSzCyj13lXVnEGQOdxXzZVKsN1nyuXCN2hDOFH7Yc5yQ8h85T4Hv sqPIGIXOztu4MX14iUAcTgLhfibNQBeKDeNI+BBeaE9lPuNVeiM+xsI4JYcjmDbjFzAHRpBo ull0koUFh6RZAKE7u17yLej1pTIQQVjQpWdK37BAq4hdkLwjGDY8mDGo3ZwGdNibxIAxv/wi KU6u2DfUg8+kLHIhOqk/+kFQ/uK5YA1azsyD5eIbNAs4W7LglA6SkiGBglTwkP0VCrkPdD14 6sx3U7uFgexDWbVuhLIkcPQ0SRmnjgUKHgk7px/jMvAPKSKoL0JQNdP/+pnO9CDLGmoHx9gE 5kVr5dQK8c/WauEfimAdE9qLuN6vb0Iei73q3e3OOHAUusR5wC5SwXt4iilbaK4r04NKXyfb SB3+qWST07F9cmMscfEStSBhpez3awB+1jz8gr40tkEGsFZGvD2KKAgZdKpoxv6IrZepclWz HpqHF01SRFORYMsd1d83XlEu/S1/Z9YJ87RoCdZuYCkjnoRPtpTi9d+JD/u3ZiQFwLUz/Ne3 VqiGKvY66EGcO3tvANMg6GWD9sqlnBDp9Lls0ChEY3dgDYd6DQARAQABtCJKb2huIFcuIE8n QnJpZW4gPGpvaG5Ac2FsdGFudC5jb20+iQJUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMB Ah4BAheAFiEENPkbBr3zmPAVSH2HM8TWS4ldvzsFAlpcMTMFCQX2qcYACgkQM8TWS4ldvztT xQ//eHb1mgd40Z0fN2GnJti6/9uJ771IO6slFQ02GZcXZI+FIQo8Yd1dHe0e0Codu78qvJNr ggUtqdxH6SVp7K1AWHeLH5S0PF6iG5B+YUux080wEv/Mr8PPMgAD8gS3wiPDDgB/kUXO52bn DC3Fc0dUrFE/JAOByVEEDL5nLF6SQNpAtIUnaAIIuhKxi0d40LMcLUwuJ6jExynw8Iu7OVtu Y1PRAH5ESt6wYZq8ro8ukh4rMOxiWtT1yNEgHgnq3N4jKErVo87YJijHSSj80IKxUiKb/T6K tGTEBTKiSUV3OFj0ZoPxcbUmhIg2sBCNHaUCiI0KabqN1NyK2glKtcK6NpWy3JIHvtr3+VL1 /tvQTwlVUIacmsuxkGzm5vJPs/i2RtwsJXEXPmIRNgJ1EwZgpg5VqqEUDlmSyRLb48QcDrdv utKLA1MKLib1fD+0XmxZTbCMlFMlvJjAoBlVq60mvB/Jnv1TTnZ2eN6DKMWoxHKmPICh5F1q esmT/aJRIUoCiAgcChi4Ol4XmW3dM7ypjKCGHzyr6emCky5pjqSQZyFzg0RN5UjUQBISAGmJ E8hCFZIy7tf8meqIDbtkONh+JShN6u3t02JrnzSOQjZCh5WQW9Pnu7unJlIsYB10aZ6rvuAK YjghT8QLG8QVgJj/U9oeVG1Ag60fmLZdOFjRGmm5Ag0EWlwwbQEQANebvidw1D5SKSmG3Ut8 p9vngBi5HjYe4FSYcfz0NgYa893RiScQ6yjOwuEf/fEoBgvpVnhcbu0JsaYvDNNzFGzPQcj0 CFhkr5s7REWNLGmmFCxCaGieTxIQdYsLxwn72mops8bsrL0a++8NDE+l7X4K3EUyp9GP7pIq 4l9jeIJ/RnX3yySRlXxcM3P+DV9ltXsnQ9pC/qEVVyK18C1zoiskhxmAY9cv9TJOaANHtA7R 7+hM5TyppIz7kqiwiCf6XfVFqKH0I0srdamb0KTnAZpmyx7iNKYl60PdIfEwkwck8fcGwOSA lwE9CLkHLwKMjx/gF3xRag5xjOdP/Out0cQ/pXv8DWnKblWbiGZheB4xUqhOT9Cj/8u/tKtC 51C9wID26hsrhtSAMJPUwQoo/SwLNEd1JpkqUP1njOdlV8FmM1EozHLPSvwlTm6oWwubkkY6 QkUHqXuO+2VdNhyDfx23fQhd0UPhQ0ceDRnjaSB9ycWqpktBP5iNQajYbx5Ktt8fC2Y+Ztjo u1KY7wJSUzqh7uZgR1TqIOVZp7bdPLBGHW5eNEf0Awq17utGe6d9i4hPmeNqELUz71hjmABm bIQJ+VgqYcQ0T/PrjwhzHv5g3jn67/ftW91nlTNpbhwm8suIdPA1hF6vgnZ3B4+JsevnevLG yU6YCb0OOKleP6pZABEBAAGJAjwEGAEIACYCGwwWIQQ0+RsGvfOY8BVIfYczxNZLiV2/OwUC WlwxTQUJBBV2YAAKCRAzxNZLiV2/O2PnD/wMKz/rzYbf0SaTvgae4jqryrcWRta56dcnVe7W KPuUu4Q/WBGhXKeCfPrlr399bILxZGw5TXuGMjS8gEoMd81PEMcWaMpgg3F569Cxd9GN6AZd LXXrZa0aM7dvZkz98ymILEnqHMpF74sLvZY2PrsOwo2gKXNqhtCJ2ph8OUKhG+NHvAomjMu9 lPQMkXJ4HRV0OljawqAe4y+IFu2K4abWwZw1mdniTCb5al8V2umzf26QL0DgeFp3banlfjYW Dn5cRuDBQqIoR/6cQaKdFKTJYiTVK3p3WRWiJQniYi39S8CR646w+zVi7ax1shSB0r0lxIFo CZu285HcMd7HsHH+T2ZI45ilayUoyoZvxPPlwhiRzyYZ6qqAAXKDihhda7uNApUqLwoSn5FW njmx6KdlVPF9ycCdf+in5k6nVlHWG15ogF/Y96K+/Q1Iuod9rzWqT4bz9a5olY8r++QE3V1b H3z803wXEUAJg+WGTkYXFNw7w6RhSSEhBRzupDoCROSkRhe3vQGy5FLG+BMV9n9nevhj5sBx CM1BbNBdB5H/2RcXh0wSb6zjewgs3UAbBvCQOdMAMo8XpYM5SLBqtaY7oalBElTxtFnwSNJm hMbahYE/wHbkmMqalrzGyQxbSUdrmE64CIX8xmv47fnjRoTZMzKim/02MRH+Ss1M+rLzp7kB DQRaXDCyAQgAyaQWiyazOcbV1JVndXG3JbeWom0Ros4RgjliRNLTm4rLefgk4mtvQpsGvTX7 bsiNRkxu2KdDo8zEG95e7FqbftxOFlptaEnJlrfrod6a5GX7E4cW74RgMHU9yj0IYijInENP FDf5yok1NvQ4IdS7Wqetta8X3hb2+iAXVkwDOhC9HTxEKZSWpsuZSs3eh2B2ypowa/12B4Dj ZXZ0ImUeLXqjL/ze5HmwcrQ1wqvo1pxc5NTA8vmwP4d9bnuKV6C7OIqw1Bw/VCxmNjX31gL3 a8K1eTMWu6TBkZ8z798eidmpU6gHB4zqE7NhBpHvNPePbQodXsMH40b5W82B3CRNDwARAQAB iQNyBBgBCAAmAhsCFiEENPkbBr3zmPAVSH2HM8TWS4ldvzsFAlpcMU0FCQQVdhsBQMB0IAQZ AQgAHRYhBCqRB5JEaEg4iCZEDlj7SueqT/5uBQJaXDCyAAoJEFj7SueqT/5u3SEH/21Wd0DD DVDx9jW6j7AlYSaJI9FZQVBZq0AakK3DgzWoyppb0NgNIWCRkghYmeni7ZyufmJg8mqzoWJT E8SeS9CYBhtmT3VO2N+w6x988GBplC69nhqoQBvHf81REZlWC72k5DIxfHJHWLI/9/aWc3ND wwifSdIjuGwfytqDp1RcAlCgx79ej8oodEII+PIBsLV6C7S9QV6kfJ1OXHE/lqbBV62Ywu/Y xHhvWgCOR8mz41NMrDz/K0otILUVwoDcE5tMOx5j6GFQEItFi/GFKogssV+4Tk9COmPS8ka7 ZFEnjjdoCiL3OveN2P4mBqG2Mh/0HAA/0v2DP6jqKHmaINkJEDPE1kuJXb872swP/3Ftis9+ 285gWUT7sKMbHkLxwwc/4Ga0vkBFyp9xRprlkvd7ivq2DP1gWvVds/V28BGFQ7SoRA5rLO+K BP7a2JJCk0025W4M8D6rp2mYj7iHLoxCNb5bScPYmBMnhKH4fg9QJWZozHik7wXrQNmrRb3A e+L0XfQ83tviuQhQsi+JtupQgf9d2a2Yza5bppdPYKialrJre3LIh/T4g4kJeoa4IQPwkXe8 httQa48571xINK2vtNkIjc4iG7mM4bAFCjZLx7AM8Dc3vVcZNbd21o5mhxe0WN9nICG8oKk5 9KwJKu6ul6TR0BxzvzpgcQyZGsDfhETsI/z0G7TVUXnRbZIgJHYH7DOVycjZLHAxQ5KweHkA bincQlaI0HMFf7FGtYnrUy3voTZ70xYQoYH1Gh/MeuELnscsTNBvYgOI2xYPOYilcFA4D3ZP p7p7ou7eZRkBLD6HHnrTgZB/Hn6FIklwll8jev3KBYWjSGKKcJQMK38OvJHDwHe1Wue+xpPl tFGoX7KCLFxe+VDmFjhfcgmoPJYBBq6D2s5AUj7cjTZUhb727ROSsK6KFCQhW25j8MJF+qGT RcRcWqgTQZoxWNqr5Foyeu3KoUY5ywBcPjqBMyqod27wOS8iQmHskLf7v9UrOR3/zLWASFyX MaAD/5Af9kIDAmJcwLvO0Mz9HDQB Organization: Saltant Solutions Message-ID: <15ce6744-91f1-e755-22c7-0c5355686d90@saltant.com> Date: Sun, 15 Dec 2019 11:15:30 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:68.0) Gecko/20100101 Thunderbird/68.3.0 MIME-Version: 1.0 In-Reply-To: <52463470-973e-aa5f-73f5-dd9ba39edf79@yandex.ru> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="IglUFb5dkvL3RpZtKTPLgvLWWSoUEBUfL" X-Rspamd-Queue-Id: 47bTyw1tzFz4fcW X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=saltant.com header.s=twaddle header.b=FAOSDhBW; dmarc=none; spf=pass (mx1.freebsd.org: domain of john@saltant.com designates 72.78.188.147 as permitted sender) smtp.mailfrom=john@saltant.com X-Spamd-Result: default: False [-5.42 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[saltant.com:s=twaddle]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:72.78.188.144/29]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; HAS_ATTACHMENT(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; DMARC_NA(0.00)[saltant.com]; HAS_ORG_HEADER(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[saltant.com:+]; RCPT_COUNT_TWO(0.00)[2]; SIGNED_PGP(-2.00)[]; FREEMAIL_TO(0.00)[yandex.ru]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; IP_SCORE(-0.82)[ipnet: 72.78.0.0/16(-4.87), asn: 701(0.81), country: US(-0.05)]; ASN(0.00)[asn:701, ipnet:72.78.0.0/16, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Dec 2019 16:15:37 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --IglUFb5dkvL3RpZtKTPLgvLWWSoUEBUfL Content-Type: multipart/mixed; boundary="OsYedDgdivxpdAXCHQbXQlDunjkTOjnBk" --OsYedDgdivxpdAXCHQbXQlDunjkTOjnBk Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2019/12/15 05:44, Andrey V. Elsukov wrote: > On 14.12.2019 22:54, John W. O'Brien wrote: >> Hello FreeBSD Networking, >> >> As the subject summarizes, I have a mostly-working NAT64 rig, but retu= rn >> traffic is disappearing, and I haven't been able to figure out why. I >> observe the post-translation (4-to-6) packets via ipfwlog0, but a simp= le >> ipfw counter rule ipfw matches nothing. >=20 > I suspect you have disabled IPv6 on the interface, where IPv4 address i= s > configured. Check that IFDISABLED flag is not set on the IPv4 side > interface. >=20 > When NAT64 does translation, by default it reschedules a packet again o= n > the same interface, but from another address family, so if you have > disabled IPv6, a packet will be just dropped by ip6_input. > You can enable IPv6 by the following command: >=20 > # ifconfig igb0 inet6 -ifdisabled Yes, this is exactly the problem. Thank you very much! The reason it was working in the EC2 case is because the FreeBSD AMIs set ipv6_activate_all_interfaces=3D"YES". It helps me quite a lot to learn the concept of "reschedules a packet again on the same interface". That fills in a gap that I am sure will come in handy when trying to reason about behavior in the future. Incidentally, where are those drops counted? I did start looking at "netstat -i" and "netstat -s" for clues, and even now that I know what to look for, I'm not sure I know what I'm seeing. Is it "ip6: output packets discarded due to no route"? --=20 John W. O'Brien OpenPGP keys: 0x33C4D64B895DBF3B --OsYedDgdivxpdAXCHQbXQlDunjkTOjnBk-- --IglUFb5dkvL3RpZtKTPLgvLWWSoUEBUfL Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEKpEHkkRoSDiIJkQOWPtK56pP/m4FAl32XCIACgkQWPtK56pP /m5AvAgAlCos7ED2TYRMBXuk6jQXMXv1hmSu48rsVbTp1werlLCCXbprdARlPK3Q NKLRTIIpYMJE/0Otqpna/EcLCRlarpRR5iLwnOc0O5guwdKG6BKcmFZcaV1S7pNq +VECPi0GuyolAWlwA1ZahsGiSYLAxpOGDpwPHpQYRMqdryrw1M/ElXT5cM2UE9qP rU2m2IUy7BnOqgSPnWXm4UCRt+Z69tstQteLBmGq1mCGpb0ORQtQ3bIgH9yhS9LS G/ilplKy4XbZKxn0ZI5SsuzRhP4QzqeL8ANoCE4cAJI0wuBW6TDlQap/+7vJ1jkx TzbfZimr5i2fPsreDh2WYBGx6vSqMA== =88Dp -----END PGP SIGNATURE----- --IglUFb5dkvL3RpZtKTPLgvLWWSoUEBUfL-- From owner-freebsd-net@freebsd.org Sun Dec 15 17:57:15 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9F1B31CA461 for ; Sun, 15 Dec 2019 17:57:15 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward100j.mail.yandex.net (forward100j.mail.yandex.net [IPv6:2a02:6b8:0:801:2::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47bXDB177rz3Ggh for ; Sun, 15 Dec 2019 17:57:13 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback24o.mail.yandex.net (mxback24o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::75]) by forward100j.mail.yandex.net (Yandex) with ESMTP id 52EF050E0051; Sun, 15 Dec 2019 20:57:10 +0300 (MSK) Received: from sas1-e00c2743cdb8.qloud-c.yandex.net (sas1-e00c2743cdb8.qloud-c.yandex.net [2a02:6b8:c14:3a22:0:640:e00c:2743]) by mxback24o.mail.yandex.net (mxback/Yandex) with ESMTP id JgCGXb97dI-v9luuQbP; Sun, 15 Dec 2019 20:57:10 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1576432630; bh=sltBDQGGyPP9FKv1uYLIbRaJZBgaAmHjOYMMyXMppdg=; h=In-Reply-To:From:Date:References:To:Subject:Message-ID; b=SYMqZh9D1GBFMWCKjFDt/OyEjn+EbPlx4W50n/32g6urbkRMgaURE3Agh1DAIqs1d UOewK0M/c55DctfIAjpJtNM0oIZ4yBsqqcd+nqqY2fk/ZF/1lM1/jkO+K4glU1qenr /vvyUdPSf42hdp8uiRfjT2xEX8Mz+hXYWGSW7aRQ= Received: by sas1-e00c2743cdb8.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id tLeNFDZolb-v9TGQqBA; Sun, 15 Dec 2019 20:57:09 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) Subject: Re: NAT64 return traffic vanishes after successful de-alias To: "John W. O'Brien" , FreeBSD Networking References: <9f3ee846-1357-0b73-cc0f-e001ea74b15c@saltant.com> <52463470-973e-aa5f-73f5-dd9ba39edf79@yandex.ru> <15ce6744-91f1-e755-22c7-0c5355686d90@saltant.com> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= mQENBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAG0JUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT6JATgEEwECACIFAkwB F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+ +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAy5AQ0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAYkBHwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: Date: Sun, 15 Dec 2019 20:54:30 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <15ce6744-91f1-e755-22c7-0c5355686d90@saltant.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="zjmAOW8iFdd6K4kT5k88gLr5rbNQvJ3Z0" X-Rspamd-Queue-Id: 47bXDB177rz3Ggh X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.ru header.s=mail header.b=SYMqZh9D; dmarc=pass (policy=none) header.from=yandex.ru; spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates 2a02:6b8:0:801:2::100 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru X-Spamd-Result: default: False [-6.20 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0::/52]; FREEMAIL_FROM(0.00)[yandex.ru]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[yandex.ru:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-8.38), ipnet: 2a02:6b8::/32(-4.69), asn: 13238(-3.78), country: RU(0.01)]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[0.0.1.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.8.0.0.0.0.0.8.b.6.0.2.0.a.2.list.dnswl.org : 127.0.5.1]; ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail]; FROM_HAS_DN(0.00)[]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; IP_SCORE_FREEMAIL(0.00)[]; DWL_DNSWL_LOW(-1.00)[yandex.ru.dwl.dnswl.org : 127.0.5.1]; TO_MATCH_ENVRCPT_SOME(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Dec 2019 17:57:15 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --zjmAOW8iFdd6K4kT5k88gLr5rbNQvJ3Z0 Content-Type: multipart/mixed; boundary="XoXjUENc0k5V9iOqAq5xREI3qAHIGD0HA"; protected-headers="v1" From: "Andrey V. Elsukov" To: "John W. O'Brien" , FreeBSD Networking Message-ID: Subject: Re: NAT64 return traffic vanishes after successful de-alias References: <9f3ee846-1357-0b73-cc0f-e001ea74b15c@saltant.com> <52463470-973e-aa5f-73f5-dd9ba39edf79@yandex.ru> <15ce6744-91f1-e755-22c7-0c5355686d90@saltant.com> In-Reply-To: <15ce6744-91f1-e755-22c7-0c5355686d90@saltant.com> --XoXjUENc0k5V9iOqAq5xREI3qAHIGD0HA Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 15.12.2019 19:15, John W. O'Brien wrote: > Yes, this is exactly the problem. Thank you very much! >=20 > The reason it was working in the EC2 case is because the FreeBSD AMIs > set ipv6_activate_all_interfaces=3D"YES". >=20 > It helps me quite a lot to learn the concept of "reschedules a packet > again on the same interface". That fills in a gap that I am sure will > come in handy when trying to reason about behavior in the future. >=20 > Incidentally, where are those drops counted? I did start looking at > "netstat -i" and "netstat -s" for clues, and even now that I know what > to look for, I'm not sure I know what I'm seeing. Is it "ip6: output > packets discarded due to no route"? I think you can see such drops in the `netstat -isp ip6` output for each specific interface in the `input datagram discarded` row. --=20 WBR, Andrey V. Elsukov --XoXjUENc0k5V9iOqAq5xREI3qAHIGD0HA-- --zjmAOW8iFdd6K4kT5k88gLr5rbNQvJ3Z0 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl32c1YACgkQAcXqBBDI oXrdWwf/RwbBKsELj7Uk9hCaOwayYda9aI+o2/1gu5ymk+J4y0xZSEkfjPbiBcwV H/DOEzJ+UfLtHR3cPkmP/YIWQzIXqwnVBRKrrDSh6+fW7HmATfKUnSxz1tTDVOJv rNVuA1P4IW3zsOf5vJXoWaY7VRaoC8b4KufQ7a+YihCeaVcIz+C/xIo3BmUCJ4XB RxoJycE7rXmxFtdrBwushvcpL4m1PsaS+NWL1+IlSkk2JJ/6BZ0q5ju+lQqIYSFb QxMXhsztoQ8kmrPbD/lbHXwtYVy3z3VHnpFrHxXHeaZSlj0TnnvAc3pPsywQfrJd ud9xGmOvW6YVdXnQJLtMdS4UsGmXhw== =/VEf -----END PGP SIGNATURE----- --zjmAOW8iFdd6K4kT5k88gLr5rbNQvJ3Z0-- From owner-freebsd-net@freebsd.org Sun Dec 15 18:28:51 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 062DF1CB139 for ; Sun, 15 Dec 2019 18:28:51 +0000 (UTC) (envelope-from john@saltant.com) Received: from twaddle.saltant.net (twaddle.saltant.net [IPv6:2001:470:8d6f:1001::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47bXwd5rY1z3JR8 for ; Sun, 15 Dec 2019 18:28:49 +0000 (UTC) (envelope-from john@saltant.com) Received: from dither.saltant.net (dither.saltant.net [IPv6:2001:470:8d6f:1001::3]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by twaddle.saltant.net (Postfix) with ESMTPSA id D5C742AF11; Sun, 15 Dec 2019 13:28:42 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=saltant.com; s=twaddle; t=1576434522; bh=iyrJOSW/iGI+ByvmfaymEEyPzkrRxQkhzxpJHxcrNfQ=; h=Subject:To:References:From:Date:In-Reply-To; b=EMb6yuyLgrivuRq//G2NA7zDKHeSpSMAPWhjAsffOdFS1q3zZc0ipK7UNwcfTl0o9 dehIpalAZzQX4gKTda2Gnc1qaG7G+jhGcNr/JyMx3kWWHhOLhz5hR+96oIRePGCzOS HzWF5d+OwMe8tfAZZL7MXEeyWPTP78RkVQfcI63/kDIanF4xUvBTlgzGa288p2eD37 yDeUOffNIcwc6mzKuo5B5mKF3u4Hv5A2oElD5P6NjSjd4390zodj9LyJ9mzGxgXRe1 AQCt3M09pspr+s2EpuWcq7QBC77UOpiKi9YlScbJq8yw/LYA76prvb0UpZpgpCSwEN wEY55RTbPjg4Q== Subject: Re: NAT64 return traffic vanishes after successful de-alias To: "Andrey V. Elsukov" , FreeBSD Networking References: <9f3ee846-1357-0b73-cc0f-e001ea74b15c@saltant.com> <52463470-973e-aa5f-73f5-dd9ba39edf79@yandex.ru> <15ce6744-91f1-e755-22c7-0c5355686d90@saltant.com> From: "John W. O'Brien" Autocrypt: addr=john@saltant.com; prefer-encrypt=mutual; keydata= mQINBFpcMG0BEACeAEQ0ZTUEH+6B8XIBid2H8g1yY+niHxVphqz8JwnQtYX+bS+Kl3vr783F HH81DEbfPtYgHY53NF9FjSzCyj13lXVnEGQOdxXzZVKsN1nyuXCN2hDOFH7Yc5yQ8h85T4Hv sqPIGIXOztu4MX14iUAcTgLhfibNQBeKDeNI+BBeaE9lPuNVeiM+xsI4JYcjmDbjFzAHRpBo ull0koUFh6RZAKE7u17yLej1pTIQQVjQpWdK37BAq4hdkLwjGDY8mDGo3ZwGdNibxIAxv/wi KU6u2DfUg8+kLHIhOqk/+kFQ/uK5YA1azsyD5eIbNAs4W7LglA6SkiGBglTwkP0VCrkPdD14 6sx3U7uFgexDWbVuhLIkcPQ0SRmnjgUKHgk7px/jMvAPKSKoL0JQNdP/+pnO9CDLGmoHx9gE 5kVr5dQK8c/WauEfimAdE9qLuN6vb0Iei73q3e3OOHAUusR5wC5SwXt4iilbaK4r04NKXyfb SB3+qWST07F9cmMscfEStSBhpez3awB+1jz8gr40tkEGsFZGvD2KKAgZdKpoxv6IrZepclWz HpqHF01SRFORYMsd1d83XlEu/S1/Z9YJ87RoCdZuYCkjnoRPtpTi9d+JD/u3ZiQFwLUz/Ne3 VqiGKvY66EGcO3tvANMg6GWD9sqlnBDp9Lls0ChEY3dgDYd6DQARAQABtCJKb2huIFcuIE8n QnJpZW4gPGpvaG5Ac2FsdGFudC5jb20+iQJUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMB Ah4BAheAFiEENPkbBr3zmPAVSH2HM8TWS4ldvzsFAlpcMTMFCQX2qcYACgkQM8TWS4ldvztT xQ//eHb1mgd40Z0fN2GnJti6/9uJ771IO6slFQ02GZcXZI+FIQo8Yd1dHe0e0Codu78qvJNr ggUtqdxH6SVp7K1AWHeLH5S0PF6iG5B+YUux080wEv/Mr8PPMgAD8gS3wiPDDgB/kUXO52bn DC3Fc0dUrFE/JAOByVEEDL5nLF6SQNpAtIUnaAIIuhKxi0d40LMcLUwuJ6jExynw8Iu7OVtu Y1PRAH5ESt6wYZq8ro8ukh4rMOxiWtT1yNEgHgnq3N4jKErVo87YJijHSSj80IKxUiKb/T6K tGTEBTKiSUV3OFj0ZoPxcbUmhIg2sBCNHaUCiI0KabqN1NyK2glKtcK6NpWy3JIHvtr3+VL1 /tvQTwlVUIacmsuxkGzm5vJPs/i2RtwsJXEXPmIRNgJ1EwZgpg5VqqEUDlmSyRLb48QcDrdv utKLA1MKLib1fD+0XmxZTbCMlFMlvJjAoBlVq60mvB/Jnv1TTnZ2eN6DKMWoxHKmPICh5F1q esmT/aJRIUoCiAgcChi4Ol4XmW3dM7ypjKCGHzyr6emCky5pjqSQZyFzg0RN5UjUQBISAGmJ E8hCFZIy7tf8meqIDbtkONh+JShN6u3t02JrnzSOQjZCh5WQW9Pnu7unJlIsYB10aZ6rvuAK YjghT8QLG8QVgJj/U9oeVG1Ag60fmLZdOFjRGmm5Ag0EWlwwbQEQANebvidw1D5SKSmG3Ut8 p9vngBi5HjYe4FSYcfz0NgYa893RiScQ6yjOwuEf/fEoBgvpVnhcbu0JsaYvDNNzFGzPQcj0 CFhkr5s7REWNLGmmFCxCaGieTxIQdYsLxwn72mops8bsrL0a++8NDE+l7X4K3EUyp9GP7pIq 4l9jeIJ/RnX3yySRlXxcM3P+DV9ltXsnQ9pC/qEVVyK18C1zoiskhxmAY9cv9TJOaANHtA7R 7+hM5TyppIz7kqiwiCf6XfVFqKH0I0srdamb0KTnAZpmyx7iNKYl60PdIfEwkwck8fcGwOSA lwE9CLkHLwKMjx/gF3xRag5xjOdP/Out0cQ/pXv8DWnKblWbiGZheB4xUqhOT9Cj/8u/tKtC 51C9wID26hsrhtSAMJPUwQoo/SwLNEd1JpkqUP1njOdlV8FmM1EozHLPSvwlTm6oWwubkkY6 QkUHqXuO+2VdNhyDfx23fQhd0UPhQ0ceDRnjaSB9ycWqpktBP5iNQajYbx5Ktt8fC2Y+Ztjo u1KY7wJSUzqh7uZgR1TqIOVZp7bdPLBGHW5eNEf0Awq17utGe6d9i4hPmeNqELUz71hjmABm bIQJ+VgqYcQ0T/PrjwhzHv5g3jn67/ftW91nlTNpbhwm8suIdPA1hF6vgnZ3B4+JsevnevLG yU6YCb0OOKleP6pZABEBAAGJAjwEGAEIACYCGwwWIQQ0+RsGvfOY8BVIfYczxNZLiV2/OwUC WlwxTQUJBBV2YAAKCRAzxNZLiV2/O2PnD/wMKz/rzYbf0SaTvgae4jqryrcWRta56dcnVe7W KPuUu4Q/WBGhXKeCfPrlr399bILxZGw5TXuGMjS8gEoMd81PEMcWaMpgg3F569Cxd9GN6AZd LXXrZa0aM7dvZkz98ymILEnqHMpF74sLvZY2PrsOwo2gKXNqhtCJ2ph8OUKhG+NHvAomjMu9 lPQMkXJ4HRV0OljawqAe4y+IFu2K4abWwZw1mdniTCb5al8V2umzf26QL0DgeFp3banlfjYW Dn5cRuDBQqIoR/6cQaKdFKTJYiTVK3p3WRWiJQniYi39S8CR646w+zVi7ax1shSB0r0lxIFo CZu285HcMd7HsHH+T2ZI45ilayUoyoZvxPPlwhiRzyYZ6qqAAXKDihhda7uNApUqLwoSn5FW njmx6KdlVPF9ycCdf+in5k6nVlHWG15ogF/Y96K+/Q1Iuod9rzWqT4bz9a5olY8r++QE3V1b H3z803wXEUAJg+WGTkYXFNw7w6RhSSEhBRzupDoCROSkRhe3vQGy5FLG+BMV9n9nevhj5sBx CM1BbNBdB5H/2RcXh0wSb6zjewgs3UAbBvCQOdMAMo8XpYM5SLBqtaY7oalBElTxtFnwSNJm hMbahYE/wHbkmMqalrzGyQxbSUdrmE64CIX8xmv47fnjRoTZMzKim/02MRH+Ss1M+rLzp7kB DQRaXDCyAQgAyaQWiyazOcbV1JVndXG3JbeWom0Ros4RgjliRNLTm4rLefgk4mtvQpsGvTX7 bsiNRkxu2KdDo8zEG95e7FqbftxOFlptaEnJlrfrod6a5GX7E4cW74RgMHU9yj0IYijInENP FDf5yok1NvQ4IdS7Wqetta8X3hb2+iAXVkwDOhC9HTxEKZSWpsuZSs3eh2B2ypowa/12B4Dj ZXZ0ImUeLXqjL/ze5HmwcrQ1wqvo1pxc5NTA8vmwP4d9bnuKV6C7OIqw1Bw/VCxmNjX31gL3 a8K1eTMWu6TBkZ8z798eidmpU6gHB4zqE7NhBpHvNPePbQodXsMH40b5W82B3CRNDwARAQAB iQNyBBgBCAAmAhsCFiEENPkbBr3zmPAVSH2HM8TWS4ldvzsFAlpcMU0FCQQVdhsBQMB0IAQZ AQgAHRYhBCqRB5JEaEg4iCZEDlj7SueqT/5uBQJaXDCyAAoJEFj7SueqT/5u3SEH/21Wd0DD DVDx9jW6j7AlYSaJI9FZQVBZq0AakK3DgzWoyppb0NgNIWCRkghYmeni7ZyufmJg8mqzoWJT E8SeS9CYBhtmT3VO2N+w6x988GBplC69nhqoQBvHf81REZlWC72k5DIxfHJHWLI/9/aWc3ND wwifSdIjuGwfytqDp1RcAlCgx79ej8oodEII+PIBsLV6C7S9QV6kfJ1OXHE/lqbBV62Ywu/Y xHhvWgCOR8mz41NMrDz/K0otILUVwoDcE5tMOx5j6GFQEItFi/GFKogssV+4Tk9COmPS8ka7 ZFEnjjdoCiL3OveN2P4mBqG2Mh/0HAA/0v2DP6jqKHmaINkJEDPE1kuJXb872swP/3Ftis9+ 285gWUT7sKMbHkLxwwc/4Ga0vkBFyp9xRprlkvd7ivq2DP1gWvVds/V28BGFQ7SoRA5rLO+K BP7a2JJCk0025W4M8D6rp2mYj7iHLoxCNb5bScPYmBMnhKH4fg9QJWZozHik7wXrQNmrRb3A e+L0XfQ83tviuQhQsi+JtupQgf9d2a2Yza5bppdPYKialrJre3LIh/T4g4kJeoa4IQPwkXe8 httQa48571xINK2vtNkIjc4iG7mM4bAFCjZLx7AM8Dc3vVcZNbd21o5mhxe0WN9nICG8oKk5 9KwJKu6ul6TR0BxzvzpgcQyZGsDfhETsI/z0G7TVUXnRbZIgJHYH7DOVycjZLHAxQ5KweHkA bincQlaI0HMFf7FGtYnrUy3voTZ70xYQoYH1Gh/MeuELnscsTNBvYgOI2xYPOYilcFA4D3ZP p7p7ou7eZRkBLD6HHnrTgZB/Hn6FIklwll8jev3KBYWjSGKKcJQMK38OvJHDwHe1Wue+xpPl tFGoX7KCLFxe+VDmFjhfcgmoPJYBBq6D2s5AUj7cjTZUhb727ROSsK6KFCQhW25j8MJF+qGT RcRcWqgTQZoxWNqr5Foyeu3KoUY5ywBcPjqBMyqod27wOS8iQmHskLf7v9UrOR3/zLWASFyX MaAD/5Af9kIDAmJcwLvO0Mz9HDQB Organization: Saltant Solutions Message-ID: <9779c4aa-a5de-f398-f33c-c278de530fe8@saltant.com> Date: Sun, 15 Dec 2019 13:28:37 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:68.0) Gecko/20100101 Thunderbird/68.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="2owqcJiUjZWQuvPVTfuItXSe2YOlpaQP6" X-Rspamd-Queue-Id: 47bXwd5rY1z3JR8 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=saltant.com header.s=twaddle header.b=EMb6yuyL; dmarc=none; spf=pass (mx1.freebsd.org: domain of john@saltant.com designates 2001:470:8d6f:1001::2 as permitted sender) smtp.mailfrom=john@saltant.com X-Spamd-Result: default: False [-6.25 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[saltant.com:s=twaddle]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2001:470:8d6f::/48]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; HAS_ATTACHMENT(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; DMARC_NA(0.00)[saltant.com]; HAS_ORG_HEADER(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[saltant.com:+]; RCPT_COUNT_TWO(0.00)[2]; SIGNED_PGP(-2.00)[]; FREEMAIL_TO(0.00)[yandex.ru]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; IP_SCORE(-1.65)[ipnet: 2001:470::/32(-4.66), asn: 6939(-3.55), country: US(-0.05)]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Dec 2019 18:28:51 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --2owqcJiUjZWQuvPVTfuItXSe2YOlpaQP6 Content-Type: multipart/mixed; boundary="cNj5MIlgki3F0qdpjau8AWPvDomdSL2fI" --cNj5MIlgki3F0qdpjau8AWPvDomdSL2fI Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2019/12/15 12:54, Andrey V. Elsukov wrote: > On 15.12.2019 19:15, John W. O'Brien wrote: >> Yes, this is exactly the problem. Thank you very much! >> >> The reason it was working in the EC2 case is because the FreeBSD AMIs >> set ipv6_activate_all_interfaces=3D"YES". >> >> It helps me quite a lot to learn the concept of "reschedules a packet >> again on the same interface". That fills in a gap that I am sure will >> come in handy when trying to reason about behavior in the future. >> >> Incidentally, where are those drops counted? I did start looking at >> "netstat -i" and "netstat -s" for clues, and even now that I know what= >> to look for, I'm not sure I know what I'm seeing. Is it "ip6: output >> packets discarded due to no route"? >=20 > I think you can see such drops in the `netstat -isp ip6` output for eac= h > specific interface in the `input datagram discarded` row. >=20 Ah, yes, that looks right. If I had waded further through the dizzying array of netstat modes, I might have noticed upon that. Thank you again for your help. --=20 John W. O'Brien OpenPGP keys: 0x33C4D64B895DBF3B --cNj5MIlgki3F0qdpjau8AWPvDomdSL2fI-- --2owqcJiUjZWQuvPVTfuItXSe2YOlpaQP6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEKpEHkkRoSDiIJkQOWPtK56pP/m4FAl32e1YACgkQWPtK56pP /m75OQf/UQfYjh/lGM/bGSjowkXbGrtO9jpEIscthL483bjWmy2Ax1oJtIczbww7 lBp/IIjlVvSfpPzOQHp6XMegSdqsUJwP8xtujY6Gv06afVdoGv6+K1sqevkrc6LX KQ8lTlmLJrczmG7NP+zHPYpQHYazHx+OaGB6U7KpZpyitHJrfE5guUiqKgeecTjy +H2I1A+uOcOqQ3MubN/Q2RnvaKDcNCjehnEpy2pChCVAJcR/Lg7zIrxcRTUPNCBx E0wB74rdHPw7DoZETcj7w2gUBMUcZxxSTJQHwsG+BBLzHlxwk3rKCogvP9QbMp6W YG40OiE1+0jfhZXlHQYdngG7Nt+tPQ== =8o3q -----END PGP SIGNATURE----- --2owqcJiUjZWQuvPVTfuItXSe2YOlpaQP6-- From owner-freebsd-net@freebsd.org Sun Dec 15 21:00:39 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 71C311CE40C for ; Sun, 15 Dec 2019 21:00:39 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47bcHq2TTTz3RLW for ; Sun, 15 Dec 2019 21:00:39 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.nyi.freebsd.org (Postfix) id 550E81CE402; Sun, 15 Dec 2019 21:00:39 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 54D721CE401 for ; Sun, 15 Dec 2019 21:00:39 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47bcHq1g3Xz3RLQ for ; Sun, 15 Dec 2019 21:00:39 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3295B1AC92 for ; Sun, 15 Dec 2019 21:00:39 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBFL0deG046154 for ; Sun, 15 Dec 2019 21:00:39 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBFL0d2t046153 for net@FreeBSD.org; Sun, 15 Dec 2019 21:00:39 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201912152100.xBFL0d2t046153@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: net@FreeBSD.org Subject: Problem reports for net@FreeBSD.org that need special attention Date: Sun, 15 Dec 2019 21:00:39 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Dec 2019 21:00:39 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- In Progress | 221146 | [ixgbe] Problem with second laggport In Progress | 235700 | oce(4) driver causes fatal trap 12 on boot with e New | 204438 | setsockopt() handling of kern.ipc.maxsockbuf limi New | 205592 | TCP processing in IPSec causes kernel panic New | 213410 | [carp] service netif restart causes hang only whe Open | 193452 | Dell PowerEdge 210 II -- Kernel panic bce (broadc Open | 194485 | Userland cannot add IPv6 prefix routes Open | 200319 | Bridge+CARP crashes/freezes Open | 202510 | [CARP] advertisements sourced from CARP IP cause Open | 210726 | tcp connect() can return invalid EADDRINUSE (Eg: Open | 222273 | igb(4): Kernel panic (fatal trap 12) due to netwo Open | 225438 | panic in6_unlink_ifa() due to race Open | 225792 | ECMP is broken since tryforward() Open | 227720 | Kernel panic in ppp server Open | 235524 | igb(4): Ethernet interface loses active link stat Open | 236888 | ppp daemon: Allow MTU to be overridden for PPPoE Open | 236983 | bnxt(4) VLAN not operational unless explicit "ifc Open | 237072 | netgraph(4): performance issue [on HardenedBSD]? Open | 237391 | route get returns no result for network addresses Open | 237840 | Removed dummynet dependency on ipfw Open | 238324 | Add XG-C100C/AQtion AQC107 10GbE NIC driver Open | 240530 | netgraph/ng_source: Allow ng_source to inject int Open | 240608 | if_vmx(4): iflib - Panic with INVARIANTS: Memory Open | 240944 | em(4): Crash with Intel 82571EB NIC with AMD Pile Open | 240969 | netinet6: Neighbour reachability detection broken Open | 241162 | Panic in closefp() triggered by nginx (uwsgi with Open | 241191 | route flush panic with RADIX_MPATH 27 problems total for which you should take action. From owner-freebsd-net@freebsd.org Mon Dec 16 13:34:13 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A0DC81E4352 for ; Mon, 16 Dec 2019 13:34:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47c2LF3rfqz3KKx for ; Mon, 16 Dec 2019 13:34:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 840241E4351; Mon, 16 Dec 2019 13:34:13 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 83C791E4350 for ; Mon, 16 Dec 2019 13:34:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47c2LF2zJmz3KKw for ; Mon, 16 Dec 2019 13:34:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 61B0D2600E for ; Mon, 16 Dec 2019 13:34:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBGDYDRI033637 for ; Mon, 16 Dec 2019 13:34:13 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBGDYDEq033634 for net@FreeBSD.org; Mon, 16 Dec 2019 13:34:13 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242606] Low capacity of Variable "IPSEC_MANUAL_REQID_MAX" crashes StrongSwan IPSec/IKEV2 VPN Server Date: Mon, 16 Dec 2019 13:34:13 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: geovaneg@mprs.mp.br X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Dec 2019 13:34:13 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242606 --- Comment #7 from Geovane --- (In reply to Conrad Meyer from comment #6) Hi Conrad, Unfortunately, in our environment we have only one PFSense VPN server with enough demand to reach the 16k limit of the "reqid" variable. It seems the StrongSwan team is working on a variable reuse solution after = my report: https://wiki.strongswan.org/issues/2315 Thnak you. Geovane --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Dec 16 18:18:24 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 27A911CB308 for ; Mon, 16 Dec 2019 18:18:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47c8f80HM1z48fp for ; Mon, 16 Dec 2019 18:18:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 09AA31CB307; Mon, 16 Dec 2019 18:18:24 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 096EA1CB305 for ; Mon, 16 Dec 2019 18:18:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47c8f76XTGz48fn for ; Mon, 16 Dec 2019 18:18:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DBE481293 for ; Mon, 16 Dec 2019 18:18:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBGIINcm053335 for ; Mon, 16 Dec 2019 18:18:23 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBGIINbY053325 for net@FreeBSD.org; Mon, 16 Dec 2019 18:18:23 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 236724] igb(4): Interfaces fail to switch active to inactive state Date: Mon, 16 Dec 2019 18:18:22 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: IntelNetworking, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: egypcio@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: marius@FreeBSD.org X-Bugzilla-Flags: mfc-stable12+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Dec 2019 18:18:24 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236724 --- Comment #24 from Vin=C3=ADcius Zavam --- (In reply to Vin=C3=ADcius Zavam from comment #21) same thing also when using stable/11 or releng/11.3. was this thing *ALWAYS* behaving like this? as mentioned before: setting up the interface with a regular 'ifconfig_igb0=3D"up"' on the rc.conf, its states changes behaves just fine. still looks odd. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Dec 16 21:27:29 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3AAA81CF0FC for ; Mon, 16 Dec 2019 21:27:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47cDrK0rYcz4LMC for ; Mon, 16 Dec 2019 21:27:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 1B19A1CF0FB; Mon, 16 Dec 2019 21:27:29 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1ADE71CF0FA for ; Mon, 16 Dec 2019 21:27:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47cDrJ73TJz4LMB for ; Mon, 16 Dec 2019 21:27:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EDA84378C for ; Mon, 16 Dec 2019 21:27:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBGLRSOk012047 for ; Mon, 16 Dec 2019 21:27:28 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBGLRSgY012046 for net@FreeBSD.org; Mon, 16 Dec 2019 21:27:28 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 236724] igb(4): Interfaces fail to switch active to inactive state Date: Mon, 16 Dec 2019 21:27:27 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: IntelNetworking, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: ncrogers@gmail.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: marius@FreeBSD.org X-Bugzilla-Flags: mfc-stable12+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Dec 2019 21:27:29 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236724 --- Comment #25 from ncrogers@gmail.com --- (In reply to Vin=C3=ADcius Zavam from comment #24) FWIW, myy systems were on 11.1 for a while where it did not happen, and the= n I noticed it when switching many systems over to RELEASE-12.0. I don't think = it always happened, but perhaps it started somewhere in 11/stable. I am still running 12.0 with the D21769 patch, which fixed the problem for = me, but it looks like some different fixes went into 12.1? --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 17 07:03:42 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B7E551DDCD6 for ; Tue, 17 Dec 2019 07:03:42 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47cTd95DWPz3Ql6 for ; Tue, 17 Dec 2019 07:03:41 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=Message-ID:Subject:To:From:Date:In-Reply-To; bh=nthutJMtOcAN2Uf3ZJdHoOm9EVFyzW8Gl4OkcMPXOMc=; b=TsJ7hFB/uqChM2l49zjMgAGv75 6z2l/4lFghAuWARmmwOmFt+61xnmtp4MnZzrIiAxtCDC/ZXsp23QwMt6wq15eEdnJQ36N0XR9YtnW VLSMZMDlljF+Fcf650ljasmRPcJKyauG9C26oQz/bRTTN5c/ZV+uKix/Ot1jpR9fgeeM=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1ih6tI-0008bJ-Vk for freebsd-net@freebsd.org; Tue, 17 Dec 2019 14:03:32 +0700 Date: Tue, 17 Dec 2019 14:03:32 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: l2tp+IPsec client on FreeBSD, VPN gateway on Windows Message-ID: <20191217070332.GA32902@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="LQksG6bCIzRHxTLp" Content-Disposition: inline X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47cTd95DWPz3Ql6 X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=TsJ7hFB/; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.50 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.40)[ip: (-9.88), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-2.11), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Dec 2019 07:03:42 -0000 --LQksG6bCIzRHxTLp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Dear Colleagues, Could anyone share a working (e.g. personally tested) IPSec+l2tp *client* configuration for FreeBSD as VPN client? The VPN gateway is a Windows server with a preshared key. I have a working configuration of mpd5 in l2tp client mode (works just fine when the Windows admin makes IPSec optional).=20 But I'd be interested in seeing a racoon.conf (and a set of setkey commands if necessary) for such a VPN client. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --LQksG6bCIzRHxTLp Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd+H3EAAoJEA2k8lmbXsY0muYIALnvBsIaFXnKxPa1IgdUscOA PHKXWlxDxNp5F8FdX45jEJvx/a6Ga6m1iVQqvL+xD1EE9XWEJDhaVADyR+UNsX83 sVSf73zI0hno+0Xc85eHWA6tnl39jh5t0yYEZUXsKDDglffRhD9zOBJt8HtInG7O TlD62uFBlIwHY7DTKTW/qJOIxrD9mtCmQ5xULPgyIUqy4WkiHzvOn9oT6mElCRtH R2DK67977bL7cUpJa/M/x+ENmPtCOvjVEfFLoFuNgx5eWbx0R09L1xCLdIA9Q/Uo RuBXAeDW4VaHNXMrqUxpKOrXKOewbqufJ1U0iWB6nAeK2MqNirCKtvjl28K5aB4= =+Kak -----END PGP SIGNATURE----- --LQksG6bCIzRHxTLp-- From owner-freebsd-net@freebsd.org Tue Dec 17 07:29:25 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CC17E1DE783 for ; Tue, 17 Dec 2019 07:29:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47cVBs576zz3x2f for ; Tue, 17 Dec 2019 07:29:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id AE1FD1DE782; Tue, 17 Dec 2019 07:29:25 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id ADE901DE781 for ; Tue, 17 Dec 2019 07:29:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47cVBs4G4rz3x2d for ; Tue, 17 Dec 2019 07:29:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8D239A5E8 for ; Tue, 17 Dec 2019 07:29:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBH7TPQq078177 for ; Tue, 17 Dec 2019 07:29:25 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBH7TPfR078176 for net@FreeBSD.org; Tue, 17 Dec 2019 07:29:25 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242677] multicast: setsockopt(...IP_DROP_MEMBERSHIP...) doesn't lead to sending IGMP packet. Date: Tue, 17 Dec 2019 07:29:25 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: aleksandr.fedorov@itglobal.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Dec 2019 07:29:25 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242677 Aleksandr Fedorov changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aleksandr.fedorov@itglobal. | |com, bz@FreeBSD.org, | |glebius@FreeBSD.org, | |hps@selasky.org, | |net@FreeBSD.org --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 17 07:33:51 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 15DB01DEA6D for ; Tue, 17 Dec 2019 07:33:51 +0000 (UTC) (envelope-from marius.h@lden.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47cVHy5zh7z3xNm for ; Tue, 17 Dec 2019 07:33:50 +0000 (UTC) (envelope-from marius.h@lden.org) Received: by mailman.nyi.freebsd.org (Postfix) id CD2F81DEA6C; Tue, 17 Dec 2019 07:33:50 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CCEC91DEA6A for ; Tue, 17 Dec 2019 07:33:50 +0000 (UTC) (envelope-from marius.h@lden.org) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47cVHx44HGz3xNl for ; Tue, 17 Dec 2019 07:33:49 +0000 (UTC) (envelope-from marius.h@lden.org) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 4A5DB22050 for ; Tue, 17 Dec 2019 02:33:48 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute7.internal (MEProxy); Tue, 17 Dec 2019 02:33:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lden.org; h=date :from:to:subject:message-id:mime-version:content-type; s=fm1; bh=nnoPqy6VoWdUg692lXxk9sBvwou1BwUS8SMgP8CqeAo=; b=v3UKfzATQODs vuJBMNNJsJWB7MlB7baUM8nf1GsQrWdfBgK13aZOGDumDtf23IJpS4fPsDSnsnQs a+iEgYGlFQUBY0vExZ3uVizJrOvVSB2jHewy9fg1I4UYdiWtSLWtlot4zUXIV+8X wmc/dbF0wwqqKNAsRu48nuMvNDRQQTMlf/o4RMbu3AC4Ul7k4RRiiWYzat4lnnGa e6eQuEkMc3QgPEWQG84zMQLYxAu9snY3tuK73kN1tJgwP0mipEoJ6tfkApfulvwe zEVJiu9k/WQwqrjg3AhVirHNxu6NdwdeJsozmDb+VCwhyaMDkgjhe47BipZ7Ir3c KiqO+HJm9Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=nnoPqy6VoWdUg692lXxk9sBvwou1B wUS8SMgP8CqeAo=; b=Pb8TtZPUiFyM0x3XyhZORo/wecn7n6C/uvBfkHd8swRv9 LnSzWqqbnA2ybVW2Q8yxyG8hPCcYs6wYmEVIFHf0A4AQCG7XpR8Flcu4hIiHV8wS ghHPM905DH5AYypHCZ/cYBPfpfQfkFQcm2egqpSesmzaIMX3tNQ7oNxP0lSXJxnQ tg1PUIFr233TuNoKHc8cUUFobHt2XvDHvEtxupe3BxapToCnQR7zXwW+J5bynjRz 4ZSHVVweLBlVA2AsdyUwngHDb10ojZHM/47P36AwDQbuBZXi6qU5F1JYcpi+wsqz Clel6CmiXtUJL6w80dMWwk1sCaq7b22N+yERV9rJg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvddtiedguddutdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfggtggufgesthdtre dttderjeenucfhrhhomhepofgrrhhiuhhsucfjrghluggvnhcuoehmrghrihhushdrhhes lhguvghnrdhorhhgqeenucfkphepudekhedrgedvrddujedtrddufeenucfrrghrrghmpe hmrghilhhfrhhomhepmhgrrhhiuhhsrdhhsehluggvnhdrohhrghenucevlhhushhtvghr ufhiiigvpedt X-ME-Proxy: Received: from localhost (lden.im [185.42.170.13]) by mail.messagingengine.com (Postfix) with ESMTPA id C589530600DC for ; Tue, 17 Dec 2019 02:33:47 -0500 (EST) Date: Tue, 17 Dec 2019 08:33:46 +0100 From: Marius Halden To: net@freebsd.org Subject: igb interface not detecting link down Message-ID: <20191217073346.GA54345@lden.im> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Disposition: inline User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47cVHx44HGz3xNl X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=lden.org header.s=fm1 header.b=v3UKfzAT; dkim=pass header.d=messagingengine.com header.s=fm1 header.b=Pb8TtZPU; dmarc=none; spf=pass (mx1.freebsd.org: domain of marius.h@lden.org designates 66.111.4.29 as permitted sender) smtp.mailfrom=marius.h@lden.org X-Spamd-Result: default: False [-6.09 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[lden.org:s=fm1,messagingengine.com:s=fm1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.29]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[net@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4]; DMARC_NA(0.00)[lden.org]; DKIM_TRACE(0.00)[lden.org:+,messagingengine.com:+]; IP_SCORE(-3.49)[ip: (-9.83), ipnet: 66.111.4.0/24(-4.88), asn: 11403(-2.68), country: US(-0.05)]; RCVD_IN_DNSWL_LOW(-0.10)[29.4.111.66.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US]; RCVD_TLS_LAST(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Dec 2019 07:33:51 -0000 Hi, We have som machines with Intel i350 NICs which after upgrading from 11.2-RELEASE to 12.1-RELEASE has started to act up. They will detect link and come up initially when brought up, but they will not detect link down events when the connection is lost, e.g. if we remove the network cable. This is a big problem for us as they are used in a failover lagg which is currently not working due to this. `ifconfig down ; ifconfig up` does not have any effect. I cannot see anything in dmesg or any other logs. Removing the interfaces from lagg interface does not make any changes to this behaviour, nor did disabling `vlanhwtag` which I found a bug report for issues with when using these NICs. Is this a known regression from 11.X? Any advise for how to debug this further? -- Marius Halden From owner-freebsd-net@freebsd.org Tue Dec 17 08:29:02 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A942E1E0158 for ; Tue, 17 Dec 2019 08:29:02 +0000 (UTC) (envelope-from contact@evilham.com) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47cWWf3HPfz40Tt for ; Tue, 17 Dec 2019 08:29:02 +0000 (UTC) (envelope-from contact@evilham.com) Received: by mailman.nyi.freebsd.org (Postfix) id 6EF1C1E0157; Tue, 17 Dec 2019 08:29:02 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6D9CA1E0156 for ; Tue, 17 Dec 2019 08:29:02 +0000 (UTC) (envelope-from contact@evilham.com) Received: from yggdrasil.evilham.com (yggdrasil.evilham.com [46.19.33.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47cWWd3f21z40Tn for ; Tue, 17 Dec 2019 08:29:01 +0000 (UTC) (envelope-from contact@evilham.com) Received: from yggdrasil.evilham.com (unknown [IPv6:2a0a:e5c1:121:1::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by yggdrasil.evilham.com (Postfix) with ESMTPSA id 47cWWT3XfVz3wbk; Tue, 17 Dec 2019 09:28:53 +0100 (CET) From: Evilham To: Marius Halden Cc: net@freebsd.org Subject: Re: igb interface not detecting link down References: <20191217073346.GA54345@lden.im> In-reply-to: <20191217073346.GA54345@lden.im> Date: Tue, 17 Dec 2019 09:28:50 +0100 Message-ID: <063536fe-2a2f-4db4-8789-4aeee2030879@yggdrasil.evilham.com> MIME-Version: 1.0 Content-Type: text/plain; format=flowed X-Rspamd-Queue-Id: 47cWWd3f21z40Tn X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=evilham.com; spf=pass (mx1.freebsd.org: domain of contact@evilham.com designates 46.19.33.155 as permitted sender) smtp.mailfrom=contact@evilham.com X-Spamd-Result: default: False [-6.48 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-3.68)[ip: (-9.85), ipnet: 46.19.32.0/21(-4.93), asn: 196752(-3.65), country: NL(0.03)]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[evilham.com,none]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:196752, ipnet:46.19.32.0/21, country:NL]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Dec 2019 08:29:02 -0000 On dt., des. 17 2019, Marius Halden wrote: > Hi, > > We have som machines with Intel i350 NICs which after upgrading > from > 11.2-RELEASE to 12.1-RELEASE has started to act up. They will > detect > link and come up initially when brought up, but they will not > detect > link down events when the connection is lost, e.g. if we remove > the > network cable. > > This is a big problem for us as they are used in a failover lagg > which > is currently not working due to this. > > `ifconfig down ; ifconfig up` does not have any > effect. I > cannot see anything in dmesg or any other logs. > > Removing the interfaces from lagg interface does not make any > changes to > this behaviour, nor did disabling `vlanhwtag` which I found a > bug report > for issues with when using these NICs. > > Is this a known regression from 11.X? Any advise for how to > debug this > further? I'd recommend following this bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236724 And adding any information that can be useful. -- Evilham From owner-freebsd-net@freebsd.org Tue Dec 17 08:34:08 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7B9FA1E04DD for ; Tue, 17 Dec 2019 08:34:08 +0000 (UTC) (envelope-from marius.h@lden.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47cWdX1SFgz4118 for ; Tue, 17 Dec 2019 08:34:08 +0000 (UTC) (envelope-from marius.h@lden.org) Received: by mailman.nyi.freebsd.org (Postfix) id 302A51E04DC; Tue, 17 Dec 2019 08:34:08 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2FECF1E04DB for ; Tue, 17 Dec 2019 08:34:08 +0000 (UTC) (envelope-from marius.h@lden.org) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47cWdW2mkRz4117 for ; Tue, 17 Dec 2019 08:34:07 +0000 (UTC) (envelope-from marius.h@lden.org) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 84A5D21F69; Tue, 17 Dec 2019 03:34:06 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Tue, 17 Dec 2019 03:34:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lden.org; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm1; bh=BDVbyIpjKVLPlII+AFZmlah+/se zr278f1+kKfRzONE=; b=wRg+MD49M8y/XstcE6y9boDwCsGNEgtTsTSnmlioRm/ XS4/4+TUkT8AXdu6mjrfPM4i0MeDnDDOwX8RDt0bMkN8R14gIISHbCds/aBQoXT7 BBJ2vOwOxl4SbPJtWSmR4l4y4Z2zrX7UjdZ9BbfMHKuzTpmhujBhnEk30jUEu7vd n68SGIH7JrVJ00NU/ILlEYAErkQi5yp3p252Th2JXcpyaHiLVMUzLypZOEOezZJA 0z4/ybQHOZB86y85NEskP77Bkmj052PVigG6g7IDjjlp4K3y75E79j1Um3P7Tnh5 Sy5/VUjZ4b5kuT90OpDyBm0xV34pEOkglqgPUP0BVXA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=BDVbyI pjKVLPlII+AFZmlah+/sezr278f1+kKfRzONE=; b=iLYf18gNRaDL/QVvDALvrT iFhG4c7PYP/UQah4Jxu7B+8qay1M2sK96RxvdpGx5MgwDWYVeIK+W6X7hT81BjNT 8Wx3bsokxgg2VjH2R9JI1H4RNjhcr08v3DWZErjFjSRNysJ+/kcEyt6LzXARV4OH 78Ocbtw37WolJCFJZBajZptukCYc8VctXPYbcQD9UMsKBHAZUEFsrm5TK93J5nB4 VrZBdwRpaj/4pS3kr+7Xj2QjYVqaR1ectTSoB+Z7Ov971QfST/2RqvyzkuUyyE5R pC3OxPOW6EfUVj9RXr4aUScUGfR5sLYUjW+XFpKDNTY/IWRHFPHzHU/fZ7Hgh3TQ == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvddtiedguddvvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjfgesth dtredttderjeenucfhrhhomhepofgrrhhiuhhsucfjrghluggvnhcuoehmrghrihhushdr hheslhguvghnrdhorhhgqeenucffohhmrghinhepfhhrvggvsghsugdrohhrghenucfkph epudekhedrgedvrddujedtrddufeenucfrrghrrghmpehmrghilhhfrhhomhepmhgrrhhi uhhsrdhhsehluggvnhdrohhrghenucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: Received: from localhost (lden.im [185.42.170.13]) by mail.messagingengine.com (Postfix) with ESMTPA id C4F8680062; Tue, 17 Dec 2019 03:34:05 -0500 (EST) Date: Tue, 17 Dec 2019 09:34:03 +0100 From: Marius Halden To: Evilham Cc: net@freebsd.org Subject: Re: igb interface not detecting link down Message-ID: <20191217083403.GA82741@lden.im> References: <20191217073346.GA54345@lden.im> <063536fe-2a2f-4db4-8789-4aeee2030879@yggdrasil.evilham.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Disposition: inline In-Reply-To: <063536fe-2a2f-4db4-8789-4aeee2030879@yggdrasil.evilham.com> User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47cWdW2mkRz4117 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=lden.org header.s=fm1 header.b=wRg+MD49; dkim=pass header.d=messagingengine.com header.s=fm1 header.b=iLYf18gN; dmarc=none; spf=pass (mx1.freebsd.org: domain of marius.h@lden.org designates 66.111.4.29 as permitted sender) smtp.mailfrom=marius.h@lden.org X-Spamd-Result: default: False [-6.09 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[lden.org:s=fm1,messagingengine.com:s=fm1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.29:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[lden.org]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[lden.org:+,messagingengine.com:+]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-3.49)[ip: (-9.83), ipnet: 66.111.4.0/24(-4.88), asn: 11403(-2.68), country: US(-0.05)]; RCVD_IN_DNSWL_LOW(-0.10)[29.4.111.66.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US]; RCVD_TLS_LAST(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Dec 2019 08:34:08 -0000 [Evilham] >On dt., des. 17 2019, Marius Halden wrote: > >> Hi, >> >> We have som machines with Intel i350 NICs which after upgrading >> from >> 11.2-RELEASE to 12.1-RELEASE has started to act up. They will >> detect >> link and come up initially when brought up, but they will not >> detect >> link down events when the connection is lost, e.g. if we remove >> the >> network cable. >> >> This is a big problem for us as they are used in a failover lagg >> which >> is currently not working due to this. >> >> `ifconfig down ; ifconfig up` does not have any >> effect. I >> cannot see anything in dmesg or any other logs. >> >> Removing the interfaces from lagg interface does not make any >> changes to >> this behaviour, nor did disabling `vlanhwtag` which I found a >> bug report >> for issues with when using these NICs. >> >> Is this a known regression from 11.X? Any advise for how to >> debug this >> further? > > >I'd recommend following this bug: >https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236724 > >And adding any information that can be useful. Thank you, will do. I didn't find that for some reason. -- Marius Halden From owner-freebsd-net@freebsd.org Tue Dec 17 08:44:40 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3221D1E0879 for ; Tue, 17 Dec 2019 08:44:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47cWsh0XvSz41WZ for ; Tue, 17 Dec 2019 08:44:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 128901E0878; Tue, 17 Dec 2019 08:44:40 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 123C31E0877 for ; Tue, 17 Dec 2019 08:44:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47cWsg6lCKz41WW for ; Tue, 17 Dec 2019 08:44:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E1A7FB3FF for ; Tue, 17 Dec 2019 08:44:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBH8id8l086675 for ; Tue, 17 Dec 2019 08:44:39 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBH8idqb086674 for net@FreeBSD.org; Tue, 17 Dec 2019 08:44:39 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242677] multicast: setsockopt(...IP_DROP_MEMBERSHIP...) doesn't lead to sending IGMP packet. Date: Tue, 17 Dec 2019 08:44:38 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: hselasky@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Dec 2019 08:44:40 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242677 Hans Petter Selasky changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hselasky@FreeBSD.org --- Comment #1 from Hans Petter Selasky --- > What do you think about move the in_leavegroup_locked() call before commi= t and reap? Something like this: This patch probably also applies to the IPv6 multicast code. Did you check? Is this a regression issue? --HPS --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 17 09:22:24 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 12CC21E18A3 for ; Tue, 17 Dec 2019 09:22:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47cXjC6mxmz4447 for ; Tue, 17 Dec 2019 09:22:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id E88C61E18A2; Tue, 17 Dec 2019 09:22:23 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E85581E18A0 for ; Tue, 17 Dec 2019 09:22:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47cXjC5wSpz4446 for ; Tue, 17 Dec 2019 09:22:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C6ACEBCDA for ; Tue, 17 Dec 2019 09:22:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBH9MNlm018836 for ; Tue, 17 Dec 2019 09:22:23 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBH9MNDZ018810 for net@FreeBSD.org; Tue, 17 Dec 2019 09:22:23 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 236724] igb(4): Interfaces fail to switch active to inactive state Date: Tue, 17 Dec 2019 09:22:19 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: IntelNetworking, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: marius.halden@modirum.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: marius@FreeBSD.org X-Bugzilla-Flags: mfc-stable12+ X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Dec 2019 09:22:24 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236724 Marius Halden changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |marius.halden@modirum.com --- Comment #26 from Marius Halden --- We are seeing what seems to be the same problem as Vin=C3=ADcius described = on FreeBSD 12.1-RELEASE-p1. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 17 09:45:59 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DC4571E1F67 for ; Tue, 17 Dec 2019 09:45:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47cYDR42Hbz45hg for ; Tue, 17 Dec 2019 09:45:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 869FE1E1F66; Tue, 17 Dec 2019 09:45:59 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 856AB1E1F65 for ; Tue, 17 Dec 2019 09:45:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47cYDR1lyWz45hc for ; Tue, 17 Dec 2019 09:45:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 33498C0A3 for ; Tue, 17 Dec 2019 09:45:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBH9jx6t077127 for ; Tue, 17 Dec 2019 09:45:59 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBH9jx1P077126 for net@FreeBSD.org; Tue, 17 Dec 2019 09:45:59 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242677] multicast: setsockopt(...IP_DROP_MEMBERSHIP...) doesn't lead to sending IGMP packet. Date: Tue, 17 Dec 2019 09:45:59 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: hselasky@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Dec 2019 09:45:59 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242677 --- Comment #2 from Hans Petter Selasky --- Also check this statistics that you don't have a memory leak: vmstat -m | grep multi --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 17 10:01:48 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A9BC41E2603 for ; Tue, 17 Dec 2019 10:01:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47cYZh44lrz47C1 for ; Tue, 17 Dec 2019 10:01:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 8C0071E2602; Tue, 17 Dec 2019 10:01:48 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8BC801E2601 for ; Tue, 17 Dec 2019 10:01:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47cYZh3FYSz47C0 for ; Tue, 17 Dec 2019 10:01:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6B0B8C402 for ; Tue, 17 Dec 2019 10:01:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBHA1mcd019691 for ; Tue, 17 Dec 2019 10:01:48 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBHA1mab019690 for net@FreeBSD.org; Tue, 17 Dec 2019 10:01:48 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242677] multicast: setsockopt(...IP_DROP_MEMBERSHIP...) doesn't lead to sending IGMP packet. Date: Tue, 17 Dec 2019 10:01:48 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: hselasky@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Dec 2019 10:01:48 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242677 --- Comment #3 from Hans Petter Selasky --- Can you test this patch: https://reviews.freebsd.org/D22848 Both IPv4 and IPv6, thank you. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 17 10:01:57 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1989D1E2637 for ; Tue, 17 Dec 2019 10:01:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47cYZr72Tpz47GD for ; Tue, 17 Dec 2019 10:01:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id F16DC1E2636; Tue, 17 Dec 2019 10:01:56 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F13031E2635 for ; Tue, 17 Dec 2019 10:01:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47cYZr6BtDz47G9 for ; Tue, 17 Dec 2019 10:01:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CFD10C41D for ; Tue, 17 Dec 2019 10:01:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBHA1ux1019955 for ; Tue, 17 Dec 2019 10:01:56 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBHA1uiO019953 for net@FreeBSD.org; Tue, 17 Dec 2019 10:01:56 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242677] multicast: setsockopt(...IP_DROP_MEMBERSHIP...) doesn't lead to sending IGMP packet. Date: Tue, 17 Dec 2019 10:01:56 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: hselasky@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Dec 2019 10:01:57 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242677 Hans Petter Selasky changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |In Progress --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 17 10:02:06 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7A2F11E26A9 for ; Tue, 17 Dec 2019 10:02:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47cYb22jrWz47My for ; Tue, 17 Dec 2019 10:02:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 5D1091E26A7; Tue, 17 Dec 2019 10:02:06 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5CC1F1E26A6 for ; Tue, 17 Dec 2019 10:02:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47cYb21tSFz47Mq for ; Tue, 17 Dec 2019 10:02:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3AEFCC42F for ; Tue, 17 Dec 2019 10:02:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBHA26BP020128 for ; Tue, 17 Dec 2019 10:02:06 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBHA26To020127 for net@FreeBSD.org; Tue, 17 Dec 2019 10:02:06 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242677] multicast: setsockopt(...IP_DROP_MEMBERSHIP...) doesn't lead to sending IGMP packet. Date: Tue, 17 Dec 2019 10:02:05 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: hselasky@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: hselasky@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Dec 2019 10:02:06 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242677 Hans Petter Selasky changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |hselasky@FreeBSD.org --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 17 11:06:04 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 40BBF1E3F25 for ; Tue, 17 Dec 2019 11:06:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47cb0r13cTz4C07 for ; Tue, 17 Dec 2019 11:06:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 2261C1E3F24; Tue, 17 Dec 2019 11:06:04 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 222861E3F23 for ; Tue, 17 Dec 2019 11:06:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47cb0r08H8z4C05 for ; Tue, 17 Dec 2019 11:06:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id F07D8CF2C for ; Tue, 17 Dec 2019 11:06:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBHB63hw092765 for ; Tue, 17 Dec 2019 11:06:03 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBHB63Wm092764 for net@FreeBSD.org; Tue, 17 Dec 2019 11:06:03 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 236724] igb(4): Interfaces fail to switch active to inactive state Date: Tue, 17 Dec 2019 11:06:04 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: IntelNetworking, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: egypcio@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: marius@FreeBSD.org X-Bugzilla-Flags: mfc-stable12+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Dec 2019 11:06:04 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236724 --- Comment #27 from Vin=C3=ADcius Zavam --- truly hope I am not testing it wrong, because after trying the same steps w= ith an 10.4-RELEASE I got the same results. used very same hardware as describe= d on 'Comment 20' image that I used? http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/amd64/amd64= /ISO-IMAGES/10.4/FreeBSD-10.4-RELEASE-amd64-uefi-mini-memstick.img.xz [decompressed and 'dd' to an USB stick, of course] --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 17 13:17:01 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7FAB71E8277 for ; Tue, 17 Dec 2019 13:17:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47cdvx2vJpz4L6r for ; Tue, 17 Dec 2019 13:17:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 637011E8276; Tue, 17 Dec 2019 13:17:01 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 633311E8275 for ; Tue, 17 Dec 2019 13:17:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47cdvx23QSz4L6q for ; Tue, 17 Dec 2019 13:17:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 41E6FE6C0 for ; Tue, 17 Dec 2019 13:17:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBHDH1fK006250 for ; Tue, 17 Dec 2019 13:17:01 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBHDH1A5006249 for net@FreeBSD.org; Tue, 17 Dec 2019 13:17:01 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242677] multicast: setsockopt(...IP_DROP_MEMBERSHIP...) doesn't lead to sending IGMP packet. Date: Tue, 17 Dec 2019 13:17:01 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: aleksandr.fedorov@itglobal.com X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: hselasky@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Dec 2019 13:17:01 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242677 --- Comment #4 from Aleksandr Fedorov --- It seems that regression was introduced at r349369: https://svnweb.freebsd.org/base/head/sys/netinet/in_mcast.c?r1=3D347691&r2= =3D349369&pathrev=3D349369 I tested ipv6 version with your patch, it's look good. Before patch: # tcpdump -i igb1 -vvv tcpdump: listening on igb1, link-type EN10MB (Ethernet), capture size 262144 bytes 16:12:20.141207 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.55 tell 192.168.1.55, length 28 16:12:22.359877 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::aa1e:84ff:fe93:d5f5 > ff02::16: HBH (pa dn)(rtalert: 0x0000) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff12::1 to_ex { }] 16:12:24.479711 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::aa1e:84ff:fe93:d5f5 > ff02::16: HBH (pa dn)(rtalert: 0x0000) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff12::1 to_ex { }] 16:12:32.945688 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::aa1e:84ff:fe93:d5f5 > ff02::16: HBH (pa dn)(rtalert: 0x0000) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff12::1 to_ex { }] 16:12:33.793701 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::aa1e:84ff:fe93:d5f5 > ff02::16: HBH (pa dn)(rtalert: 0x0000) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff12::1 to_ex { }] After patch: # tcpdump -i igb1 -vvv tcpdump: listening on igb1, link-type EN10MB (Ethernet), capture size 262144 bytes 15:57:34.351600 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.55 tell 192.168.1.55, length 28 15:57:36.607299 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::aa1e:84ff:fe93:d5f5 > ff02::16: HBH (pa dn)(rtalert: 0x0000) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff12::1 to_ex { }] 15:57:37.031254 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::aa1e:84ff:fe93:d5f5 > ff02::16: HBH (pa dn)(rtalert: 0x0000) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff12::1 to_ex { }] 15:57:41.676026 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::aa1e:84ff:fe93:d5f5 > ff02::16: HBH (pa dn)(rtalert: 0x0000) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff12::1 block { }] 15:57:43.158268 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::aa1e:84ff:fe93:d5f5 > ff02::16: HBH (pa dn)(rtalert: 0x0000) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff12::1 block { }] 15:57:46.941264 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::aa1e:84ff:fe93:d5f5 > ff02::16: HBH (pa dn)(rtalert: 0x0000) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff12::1 to_ex { }] 15:57:50.121248 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::aa1e:84ff:fe93:d5f5 > ff02::16: HBH (pa dn)(rtalert: 0x0000) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff12::1 to_ex { }] 15:57:52.029263 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::aa1e:84ff:fe93:d5f5 > ff02::16: HBH (pa dn)(rtalert: 0x0000) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff12::1 block { }] 15:57:54.139271 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::aa1e:84ff:fe93:d5f5 > ff02::16: HBH (pa dn)(rtalert: 0x0000) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff12::1 block { }] I also checked vmstat -m |grep multi and didn't found any memory leaks. Thanks! --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 17 16:05:21 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6EB281EBCEA for ; Tue, 17 Dec 2019 16:05:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47cjf92G90z4Vg0 for ; Tue, 17 Dec 2019 16:05:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 4D8B61EBCE9; Tue, 17 Dec 2019 16:05:21 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4D4E11EBCE8 for ; Tue, 17 Dec 2019 16:05:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47cjf90pb4z4Vfy for ; Tue, 17 Dec 2019 16:05:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 174671860A for ; Tue, 17 Dec 2019 16:05:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBHG5Kbh005985 for ; Tue, 17 Dec 2019 16:05:20 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBHG5KIr005984 for net@FreeBSD.org; Tue, 17 Dec 2019 16:05:20 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 236724] igb(4): Interfaces fail to switch active to inactive state Date: Tue, 17 Dec 2019 16:05:18 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: IntelNetworking, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: marius.halden@modirum.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: marius@FreeBSD.org X-Bugzilla-Flags: mfc-stable12+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Dec 2019 16:05:21 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236724 --- Comment #28 from Marius Halden --- >From what I can see the patch from marius@ was never merged into 12.1, is t= hat correct? --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 17 17:23:56 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A7A851ED36F for ; Tue, 17 Dec 2019 17:23:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47clNr438xz4Z2B for ; Tue, 17 Dec 2019 17:23:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 8A7C91ED36E; Tue, 17 Dec 2019 17:23:56 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8A3EA1ED36D for ; Tue, 17 Dec 2019 17:23:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47clNr38Qxz4Z29 for ; Tue, 17 Dec 2019 17:23:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 679CC1942D for ; Tue, 17 Dec 2019 17:23:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBHHNujw021716 for ; Tue, 17 Dec 2019 17:23:56 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBHHNuc4021712 for net@FreeBSD.org; Tue, 17 Dec 2019 17:23:56 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 236724] igb(4): Interfaces fail to switch active to inactive state Date: Tue, 17 Dec 2019 17:23:56 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: IntelNetworking, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: marius.halden@modirum.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: marius@FreeBSD.org X-Bugzilla-Flags: mfc-stable12+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Dec 2019 17:23:56 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236724 --- Comment #29 from Marius Halden --- (In reply to Marius Halden from comment #28) I tried rebuilding the releng/12.1 kernel with the patch from D21924 applie= d. With the patch applied I've so far been unable to reproduce the issues we've been having. Maybe there should be an errata for this? --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 17 17:42:33 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B2BD21ED846 for ; Tue, 17 Dec 2019 17:42:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47clpK4Nfhz4Zn5 for ; Tue, 17 Dec 2019 17:42:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 9686E1ED845; Tue, 17 Dec 2019 17:42:33 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 964E51ED844 for ; Tue, 17 Dec 2019 17:42:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47clpK3YTxz4Zn3 for ; Tue, 17 Dec 2019 17:42:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 75A3F197C7 for ; Tue, 17 Dec 2019 17:42:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBHHgXjv087994 for ; Tue, 17 Dec 2019 17:42:33 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBHHgXY0087993 for net@FreeBSD.org; Tue, 17 Dec 2019 17:42:33 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 236724] igb(4): Interfaces fail to switch active to inactive state Date: Tue, 17 Dec 2019 17:42:32 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: IntelNetworking, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: ltning-freebsd@anduin.net X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: marius@FreeBSD.org X-Bugzilla-Flags: mfc-stable12+ X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Dec 2019 17:42:33 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236724 Eirik Oeverby changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ltning-freebsd@anduin.net --- Comment #30 from Eirik Oeverby --- Strongly support getting this fix out there as quickly as possible. There is very significant fallout from this, with interface failover and all sorts of other things depending on link detection being rendered useless. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 17 17:43:39 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C66F11ED94B for ; Tue, 17 Dec 2019 17:43:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47clqb4yBHz4ZvC for ; Tue, 17 Dec 2019 17:43:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id AA10F1ED94A; Tue, 17 Dec 2019 17:43:39 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A9DBD1ED949 for ; Tue, 17 Dec 2019 17:43:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47clqb46tvz4Zv9 for ; Tue, 17 Dec 2019 17:43:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 890A6197E5 for ; Tue, 17 Dec 2019 17:43:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBHHhdOT089511 for ; Tue, 17 Dec 2019 17:43:39 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBHHhdbQ089509 for net@FreeBSD.org; Tue, 17 Dec 2019 17:43:39 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 236724] igb(4): Interfaces fail to switch active to inactive state Date: Tue, 17 Dec 2019 17:43:38 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: IntelNetworking, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: marius.halden@modirum.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: marius@FreeBSD.org X-Bugzilla-Flags: mfc-stable12+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Dec 2019 17:43:39 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236724 --- Comment #31 from Marius Halden --- (In reply to Marius Halden from comment #29) It actually looks like the disabling msix for the interface with a loader tunable mitigates the (most obvious) issues we have been having without patching the 12.1 kernel. dev.igb.0.iflib.disable_msix=3D1 --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Wed Dec 18 11:47:32 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 939791DC80E for ; Wed, 18 Dec 2019 11:47:32 +0000 (UTC) (envelope-from Axel.Rau@Chaos1.DE) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47dCtD2B50z4VHc for ; Wed, 18 Dec 2019 11:47:32 +0000 (UTC) (envelope-from Axel.Rau@Chaos1.DE) Received: by mailman.nyi.freebsd.org (Postfix) id 4AD411DC80D; Wed, 18 Dec 2019 11:47:32 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4A9641DC80C for ; Wed, 18 Dec 2019 11:47:32 +0000 (UTC) (envelope-from Axel.Rau@Chaos1.DE) Received: from mailout4.lrau.net (mailout4.lrau.net [IPv6:2a05:bec0:26:2::73]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mailout4.lrau.net", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47dCtC1XLnz4VHb for ; Wed, 18 Dec 2019 11:47:30 +0000 (UTC) (envelope-from Axel.Rau@Chaos1.DE) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=chaos1.de; s=email1; h=Message-Id:In-Reply-To:To:References:Date:Subject:Mime-Version: Content-Type:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Mk1O4TV7L3TtNnL3cElTHjLKvBo9hX9cSQ6bA504orU=; b=V7qWlB/2LyzBgU9VdhUf7qN94I ajv09GTzDPW7irilRZeu1fCb3t9EGz3PwrNuXRjxUILjUBztTCn1ZhgqDMOHYLHDAmti5ycgyzOHw 1cEAwk34CZeYOm/IDkYBvvx8Lbg3AKaf0l9rzpa9n/jfy1HUDEOg5wJtOA4obD+y3c60hdJrMhqtA GzgGcia5QzEiK/cLVE+3LaKpuVNm8jnJ8LDsSQ15DT81aQASJ0QWQRMBu1qGhH43kD8cYMCdhTLSk 4Is9nmh+o+we3NNxiM87x9A70oW/2L45xsemIyeym8eY1MzqLdbeZ3NfRG5eNXAziLPqFjSQFgFmA px053Cng==; Received: from [91.216.35.74] (helo=imap.lrau.net) by mailout4.lrau.net with esmtp (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1ihXnW-000Apy-E0 for net@FreeBSD.ORG; Wed, 18 Dec 2019 11:47:22 +0000 Received: from Axel.Rau@Chaos1.DE by imap.lrau.net (Archiveopteryx 3.2.0) with esmtpsa id 1576669641-15822-15815/7/23; Wed, 18 Dec 2019 11:47:21 +0000 From: Axel Rau Content-Type: multipart/signed; protocol="application/pgp-signature"; boundary="Apple-Mail=_4508E5B3-4F4C-4B7F-AB92-AEB5C38F15ED"; micalg=pgp-sha256 Mime-Version: 1.0 Subject: [RESOLVED] --was: Re: TCP 3-way-handshake fails Date: Wed, 18 Dec 2019 12:47:14 +0100 References: <12A16AC0-651B-4CAC-814A-FD5A8FF68D2F@Chaos1.DE> To: net@FreeBSD.ORG In-Reply-To: <12A16AC0-651B-4CAC-814A-FD5A8FF68D2F@Chaos1.DE> Message-Id: <6BBBA26D-10CD-41AE-806E-818FC8E884DE@Chaos1.DE> X-Mailer: Apple Mail (2.3445.104.11) X-Rspamd-Queue-Id: 47dCtC1XLnz4VHb X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=chaos1.de header.s=email1 header.b=V7qWlB/2; dmarc=none; spf=none (mx1.freebsd.org: domain of Axel.Rau@Chaos1.DE has no SPF policy when checking 2a05:bec0:26:2::73) smtp.mailfrom=Axel.Rau@Chaos1.DE X-Spamd-Result: default: False [-6.03 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[chaos1.de:s=email1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MV_CASE(0.50)[]; HAS_ATTACHMENT(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,multipart/alternative,text/plain]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; DWL_DNSWL_LOW(-1.00)[chaos1.de.dwl.dnswl.org : 127.0.3.1]; RCVD_COUNT_THREE(0.00)[3]; DMARC_NA(0.00)[chaos1.de]; DKIM_TRACE(0.00)[chaos1.de:+]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_SPF_NA(0.00)[]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:197071, ipnet:2a05:bec0::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-1.13)[ipnet: 2a05:bec0::/29(-3.77), asn: 197071(-1.87), country: DE(-0.02)] X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Dec 2019 11:47:32 -0000 --Apple-Mail=_4508E5B3-4F4C-4B7F-AB92-AEB5C38F15ED Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 After router startup, its routingtable shows entries like this: 2a05:bec0:26:2::70 0c:c4:7a:ce:9e:90 UHLc 2a05:bec0:26:2::71 link#1 UHLc The 2nd one is an alias address for the 1st one (a jail). After ping6 from the router to this 2nd address, it looks as expected: fw1# ping6 2a05:bec0:26:2::71 2a05:bec0:26:2::70 0c:c4:7a:ce:9e:90 UHLc 2a05:bec0:26:2::71 0c:c4:7a:ce:9e:90 UHLc The reason for this misbehaviour was that I disabled auto linklocal (-auto_linklocal in rc.conf). Axel > Am 10.12.2019 um 11:40 schrieb Axel Rau : >=20 > Hi all >=20 > I have a fancy behaviour on a FreeBSD 12.1 box, with > some servers (e.g. rsyslogd, nginx) which happens with > some clients, with others not (both are in the same sub- > nets). Everything is dualstack. Disabling IPv6, stops > the problem. > The traffic is routed via 2 firewalls OpenBSD 6.6) > and a VPN. >=20 > I attach 2 textfiles (tcpdump) with an extracted flow: >=20 > gw1, the OpenBSD side > db3: the FreeBSD side >=20 > I also include an example, where the problem > does not happen: db3,ok.txt >=20 > Which details needs to be collected to insulate > the problem? >=20 > Any help is very welcome, > Axel >=20 > > --- > PGP-Key: CDE74120 =E2=98=80 computing @ chaos claudius >=20 --- PGP-Key: CDE74120 =E2=98=80 computing @ chaos claudius --Apple-Mail=_4508E5B3-4F4C-4B7F-AB92-AEB5C38F15ED Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.2 Comment: GPGTools - http://gpgtools.org iQIzBAEBCAAdFiEEl5evOTfnjZdhkBzKaPxTRM3nQSAFAl36EcIACgkQaPxTRM3n QSDlBw//S+PTrp4cHlzmCUv7Ov4EgiudUhZA43K14g7+EIeuZo21SNkzOwdMjCGG x5ueTwDRRgMaVRGQeckLKVHfiFiwj0vmjH5QPpZUgk7SGXShssXUGkVs+s0P6OZQ MLbdzfAi6KxocALaJ5mo2+r9QZK7h6ISqnIkwFpKqruTdERuhP5j4Q1oI28OYv22 Le0LQn1NLfh8Fu+fMPKGOygCxNi+4ogkEcvq7aX/41Zk4rKqEMxrusQr/F3l8Dds bZ4sdnXTiuHPAZtYSGAEQ4IPvCF110LmT93Ib74xkZC9G7AUxUnyFbSr8WA+Lvr/ KNJGL0zwxoSvbq8Pj2JxLPFan44W22WnTQzNXeHecSlssvIiubsih7OwPh1SrZwB IBfC355C18Fp6KeQxqxG5bNPgPAPNjvto6181AIju0Pj8gC4/xxIQ/Yg9+JKr6eL /ov75AaLsWj/g+glI/o3+nvSxChOvAS7kmdJZSJd+pzCwAl4gDaLHf9uaEMSH5rP CYePPFMTdHVbTW7yTvLWbscV6FzhkpVDuR/dS77vIAh7VAWwRziDpbpRVwqTyBYT XPwgbHm+IMJa3qybCw10H/y4H+5TkaBmt+HU2VakiejMTNduAQAx7ewGxJGQIofL KyJmmMV+N+tfV/JXcRdk0P9yPjrhijsNlMcYjodcvKie6XUis18= =wm9U -----END PGP SIGNATURE----- --Apple-Mail=_4508E5B3-4F4C-4B7F-AB92-AEB5C38F15ED-- From owner-freebsd-net@freebsd.org Wed Dec 18 12:03:24 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 340081DD8B4 for ; Wed, 18 Dec 2019 12:03:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47dDDX0h8Kz4WPR for ; Wed, 18 Dec 2019 12:03:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 159DD1DD8B3; Wed, 18 Dec 2019 12:03:24 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1561C1DD8B2 for ; Wed, 18 Dec 2019 12:03:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47dDDW6vwFz4WPQ for ; Wed, 18 Dec 2019 12:03:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E88F525EB5 for ; Wed, 18 Dec 2019 12:03:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBIC3N7V094282 for ; Wed, 18 Dec 2019 12:03:23 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBIC3NxB094279 for net@FreeBSD.org; Wed, 18 Dec 2019 12:03:23 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242677] multicast: setsockopt(...IP_DROP_MEMBERSHIP...) doesn't lead to sending IGMP packet. Date: Wed, 18 Dec 2019 12:03:23 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: hselasky@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: hselasky@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Dec 2019 12:03:24 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242677 --- Comment #5 from Hans Petter Selasky --- Guido: Please give https://reviews.freebsd.org/D22848 a spin. --HPS --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Wed Dec 18 12:07:07 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 43A8D1DDA52 for ; Wed, 18 Dec 2019 12:07:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47dDJq146cz4Wfc for ; Wed, 18 Dec 2019 12:07:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 249521DDA51; Wed, 18 Dec 2019 12:07:07 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 245881DDA50 for ; Wed, 18 Dec 2019 12:07:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47dDJq0Btmz4WfZ for ; Wed, 18 Dec 2019 12:07:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 023EB25EE6 for ; Wed, 18 Dec 2019 12:07:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBIC76OH062337 for ; Wed, 18 Dec 2019 12:07:06 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBIC76Qd062332 for net@FreeBSD.org; Wed, 18 Dec 2019 12:07:06 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242677] multicast: setsockopt(...IP_DROP_MEMBERSHIP...) doesn't lead to sending IGMP packet. Date: Wed, 18 Dec 2019 12:07:06 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: hselasky@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: hselasky@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: resolution bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Dec 2019 12:07:07 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242677 Hans Petter Selasky changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|In Progress |Closed --- Comment #6 from Hans Petter Selasky --- Let me know if there are any more issues. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Wed Dec 18 12:07:11 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4C11B1DDA7B for ; Wed, 18 Dec 2019 12:07:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47dDJv1P1bz4Wgn for ; Wed, 18 Dec 2019 12:07:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 2FA7F1DDA7A; Wed, 18 Dec 2019 12:07:11 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2F6421DDA79 for ; Wed, 18 Dec 2019 12:07:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47dDJv0XSjz4Wgd for ; Wed, 18 Dec 2019 12:07:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0D7C825EEC for ; Wed, 18 Dec 2019 12:07:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBIC7Av0065760 for ; Wed, 18 Dec 2019 12:07:10 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBIC7AHQ065746 for net@FreeBSD.org; Wed, 18 Dec 2019 12:07:10 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242677] multicast: setsockopt(...IP_DROP_MEMBERSHIP...) doesn't lead to sending IGMP packet. Date: Wed, 18 Dec 2019 12:07:10 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: hselasky@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Dec 2019 12:07:11 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242677 --- Comment #7 from commit-hook@freebsd.org --- A commit references this bug: Author: hselasky Date: Wed Dec 18 12:06:35 UTC 2019 New revision: 355881 URL: https://svnweb.freebsd.org/changeset/base/355881 Log: Leave multicast group before reaping and committing state for both IPv4 and IPv6. This fixes a regression issue after r349369. When trying to exit a multicast group before closing the socket, a multicast leave packet should be sent. Differential Revision: https://reviews.freebsd.org/D22848 PR: 242677 Reviewed by: bz (network) Tested by: Aleksandr Fedorov MFC after: 1 week Sponsored by: Mellanox Technologies Changes: head/sys/netinet/in_mcast.c head/sys/netinet6/in6_mcast.c --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Wed Dec 18 15:27:29 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 37B541E1371 for ; Wed, 18 Dec 2019 15:27:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47dJm10nJyz4hZ1 for ; Wed, 18 Dec 2019 15:27:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 18A911E1370; Wed, 18 Dec 2019 15:27:29 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 175001E136F for ; Wed, 18 Dec 2019 15:27:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47dJm06c5Fz4hYy for ; Wed, 18 Dec 2019 15:27:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D9ECE26D for ; Wed, 18 Dec 2019 15:27:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBIFRSso042004 for ; Wed, 18 Dec 2019 15:27:28 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBIFRSAG042001 for net@FreeBSD.org; Wed, 18 Dec 2019 15:27:28 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242677] multicast: setsockopt(...IP_DROP_MEMBERSHIP...) doesn't lead to sending IGMP packet. Date: Wed, 18 Dec 2019 15:27:27 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: guido@gvr.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: hselasky@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Dec 2019 15:27:29 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242677 --- Comment #8 from guido@gvr.org --- (In reply to Hans Petter Selasky from comment #5) This patch (applied to 12.1) fixes the remaining multicast issues I had. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Wed Dec 18 16:12:26 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1CC191E2514 for ; Wed, 18 Dec 2019 16:12:26 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47dKls1xstz4lCT for ; Wed, 18 Dec 2019 16:12:24 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=6O9g0LwJHrGj53y2rAeN+7AJnb4PnuDgHVTU/BDMMsg=; b=Zav5s2z/m50zkfvZB3gP9Ds/Tv VgLldNGbnM/ySufgI64bSbKqLRR5diufVefNfTpG9OEsB0l+DAcBBQUqpDEtv/wyPpl4aX/3eTthd T77oogsjM6Bl2CZ5GfmrKh420UHiySJs+pIoS6BrDHDRHZnORriNGFcdkfy/YxgbROOI=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1ihbvt-000Mge-4L for freebsd-net@freebsd.org; Wed, 18 Dec 2019 23:12:17 +0700 Date: Wed, 18 Dec 2019 23:12:17 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: Re: l2tp+IPsec client on FreeBSD, VPN gateway on Windows Message-ID: <20191218161217.GA87036@admin.sibptus.ru> References: <20191217070332.GA32902@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="huq684BweRXVnRxX" Content-Disposition: inline In-Reply-To: <20191217070332.GA32902@admin.sibptus.ru> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47dKls1xstz4lCT X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=Zav5s2z/; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.50 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.40)[ip: (-9.88), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-2.11), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Dec 2019 16:12:26 -0000 --huq684BweRXVnRxX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Victor Sudakov wrote: >=20 > Could anyone share a working (e.g. personally tested) IPSec+l2tp > *client* configuration for FreeBSD as VPN client? The VPN gateway is a > Windows server with a preshared key. >=20 > I have a working configuration of mpd5 in l2tp client mode (works just > fine when the Windows admin makes IPSec optional).=20 >=20 If anyone could suggest an idea why I cannot get past phase 2 with the following error messages, I'd be most grateful: 2019-12-18 21:31:53: INFO: @(#)ipsec-tools 0.8.2 (http://ipsec-tools.source= forge.net) 2019-12-18 21:31:53: INFO: @(#)This product linked OpenSSL 1.1.1d-freebsd = 10 Sep 2019 (http://www.ope 2019-12-18 21:31:53: INFO: Reading configuration from "/usr/local/etc/racoo= n/racoon.conf" 2019-12-18 21:31:53: INFO: x.x.x.x[500] used as isakmp port (fd=3D6) 2019-12-18 21:31:58: INFO: IPsec-SA request for 176.120.29.249 queued due t= o no phase1 found. 2019-12-18 21:31:58: INFO: initiate new phase 1 negotiation: x.x.x.x[500]<= =3D>176.120.29.249[500] 2019-12-18 21:31:58: INFO: begin Identity Protection mode. 2019-12-18 21:31:58: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xaut= h-06.txt 2019-12-18 21:31:58: INFO: received Vendor ID: DPD 2019-12-18 21:31:58: INFO: ISAKMP-SA established x.x.x.x[500]-176.120.29.24= 9[500] spi:b0457c4692285a7a 2019-12-18 21:31:59: INFO: initiate new phase 2 negotiation: x.x.x.x[500]<= =3D>176.120.29.249[500] 2019-12-18 21:31:59: [176.120.29.249] ERROR: notification NO-PROPOSAL-CHOSE= N received in informational 2019-12-18 21:32:19: [176.120.29.249] ERROR: notification INVALID-HASH-INFO= RMATION received in informa 2019-12-18 21:32:23: INFO: initiate new phase 2 negotiation: x.x.x.x[500]<= =3D>176.120.29.249[1701] 2019-12-18 21:32:23: [176.120.29.249] ERROR: notification NO-PROPOSAL-CHOSE= N received in informational 2019-12-18 21:32:29: ERROR: 176.120.29.249 give up to get IPsec-SA due to t= ime up to wait. 2019-12-18 21:32:43: [176.120.29.249] ERROR: notification INVALID-HASH-INFO= RMATION received in informa 2019-12-18 21:32:53: ERROR: 176.120.29.249 give up to get IPsec-SA due to t= ime up to wait. Here is my racoon.conf: https://termbin.com/82tr --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --huq684BweRXVnRxX Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd+k/hAAoJEA2k8lmbXsY0pZkH+gMYC3jrUe2mxeTvUggP9+9O gkCWx1K2IN0hSPu0yNsAcatbbrlf2nDPRDPe/u30F57dafYgeqyiA+X7A15EUVFf YcBa0ZzkvrS2wczt+P2zGd9MvQQSeCuRL6QlavVMjbxLWzGz6cnDsrue4vkQRZiG 0TGd03hbYoznW4iFOckI0abqAkPTQpvHpDYxXUgqD+IiomwyM7reqWnNMAAy4U2b FqF/5wlI4hF8HrMLVvJbhegmKLJVGMQoGZTjRuqxCxNaXozjhg+vKyMXGd2UMJCu 2NwQHmZff3dDGhvHY9Mn2yPgbs/7gORxxOo2iXXAI3NqMKx2btJRpShDuyK+JUM= =dISD -----END PGP SIGNATURE----- --huq684BweRXVnRxX-- From owner-freebsd-net@freebsd.org Thu Dec 19 12:02:51 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9B2F01DED89 for ; Thu, 19 Dec 2019 12:02:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47dr9R3fzjz4bxh for ; Thu, 19 Dec 2019 12:02:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 7D97A1DED88; Thu, 19 Dec 2019 12:02:51 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7D5B61DED87 for ; Thu, 19 Dec 2019 12:02:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47dr9R2jp2z4bxg for ; Thu, 19 Dec 2019 12:02:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5814FE656 for ; Thu, 19 Dec 2019 12:02:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBJC2p9d024214 for ; Thu, 19 Dec 2019 12:02:51 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBJC2puq024205 for net@FreeBSD.org; Thu, 19 Dec 2019 12:02:51 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242712] Networking device detach leaks memory Date: Thu, 19 Dec 2019 12:02:51 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: aleksandr.fedorov@itglobal.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Dec 2019 12:02:51 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242712 Aleksandr Fedorov changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |net@FreeBSD.org --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Thu Dec 19 16:17:11 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 98DDF1E456C for ; Thu, 19 Dec 2019 16:17:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47dxpv3YGjz3Lhj for ; Thu, 19 Dec 2019 16:17:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 79DCD1E456A; Thu, 19 Dec 2019 16:17:11 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 79A471E4569 for ; Thu, 19 Dec 2019 16:17:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47dxpv2flgz3Lhh for ; Thu, 19 Dec 2019 16:17:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5698A192F2 for ; Thu, 19 Dec 2019 16:17:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBJGHBle086711 for ; Thu, 19 Dec 2019 16:17:11 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBJGHBNG086710 for net@FreeBSD.org; Thu, 19 Dec 2019 16:17:11 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242712] Networking device detach leaks memory Date: Thu, 19 Dec 2019 16:17:11 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Dec 2019 16:17:11 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242712 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |net@FreeBSD.org Keywords| |patch --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Fri Dec 20 10:19:29 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EBEFB1D52B2 for ; Fri, 20 Dec 2019 10:19:29 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from kagate.punkt.de (kagate.punkt.de [217.29.33.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47fPqh52dPz3JGL for ; Fri, 20 Dec 2019 10:19:28 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from hugo10.ka.punkt.de (hugo10.ka.punkt.de [217.29.44.10]) by gate1.intern.punkt.de with ESMTP id xBKAJO9R051980; Fri, 20 Dec 2019 11:19:24 +0100 (CET) Received: from [217.29.44.222] ([217.29.44.222]) by hugo10.ka.punkt.de (8.14.2/8.14.2) with ESMTP id xBKAJOTx016153; Fri, 20 Dec 2019 11:19:24 +0100 (CET) (envelope-from hausen@punkt.de) From: "Patrick M. Hausen" Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Subject: Continuing problems in a bridged VNET setup Message-Id: Date: Fri, 20 Dec 2019 11:19:24 +0100 Cc: Kristof Provost To: freebsd-net@freebsd.org X-Mailer: Apple Mail (2.3445.104.11) X-Rspamd-Queue-Id: 47fPqh52dPz3JGL X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of hausen@punkt.de designates 217.29.33.131 as permitted sender) smtp.mailfrom=hausen@punkt.de X-Spamd-Result: default: False [-2.18 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:217.29.32.0/20:c]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[punkt.de]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[131.33.29.217.list.dnswl.org : 127.0.10.0]; IP_SCORE(-0.38)[ip: (-0.36), ipnet: 217.29.32.0/20(-0.86), asn: 16188(-0.67), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:16188, ipnet:217.29.32.0/20, country:DE]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 10:19:30 -0000 Hi all, we still experience occasional network outages in production, yet have not been able to find the root cause. We run around 50 servers with VNET jails. some of them with a handful, the busiest ones with 50 or more jails each. Every now and then the jails are not reachable over the net, anymore. The server itself is up and running, all jails are up and running, one can ssh to the server but none of the jails can communicate over the network. There seems to be no pattern to the time of occurrance except that more jails on one system make it "more likely". Also having more than one bridge, e.g. for private networks between jails seems to increase the probability. When a server shows the problem it tends to get into the state rather frequently, a couple of hours inbetween. Then again most servers run for weeks without exhibiting the problem. That's what makes it so hard to reproduce. The last couple of days one system was failing regularly until we reduced the number of jails from around 80 to around 50. Now it seems stable again. I have a test system with lots of jails that I work with gatling that did not show a single failure so far :-( Setup: All jails are iocage jails with VNET interfaces. They are connected to at least one bridge that starts with the physical external interface as a member and gets jails' epair interfaces added as they start up. All jails are managed by iocage. ifconfig_igb0=3D"-rxcsum -rxcsum6 -txcsum -txcsum6 -vlanhwtag -vlanhwtso = up" cloned_interfaces=3D"bridge0" ifconfig_bridge0_name=3D"inet0" ifconfig_inet0=3D"addm igb0 up" ifconfig_inet0_ipv6=3D"inet6 /64 auto_linklocal" $ iocage get interfaces vpro0087 vnet0:inet0 $ ifconfig inet0 inet0: flags=3D8843 metric 0 mtu = 1500 ether 90:1b:0e:63:ef:51 inet6 fe80::921b:eff:fe63:ef51%inet0 prefixlen 64 scopeid 0x4 inet6 prefixlen 64 nd6 options=3D21 groups: bridge id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: vnet0.4 flags=3D143 ifmaxaddr 0 port 7 priority 128 path cost 2000 member: vnet0.1 flags=3D143 ifmaxaddr 0 port 6 priority 128 path cost 2000 member: igb0 flags=3D143 ifmaxaddr 0 port 1 priority 128 path cost 2000000 What we tried: At first we suspected the bridge to become "wedged" somehow. This was corroborated by talking to various people at devsummits and EuroBSDCon with Kristof Provost specifically suggesting that if_bridge was still under giant lock and there might be a problem here that the lock = is not released under some race condition and then the entire bridge = subsystem would be stalled. That sounds plausible given the random occurrance. But I think we can rule out that one, because: - ifconfig up/down does not help - the host is still communicating fine over the same bridge interface - tearing down the bridge, kldunload (!) of if_bridge.ko followed by a new kldload and reconstructing the members with `ifconfig addm` does not help, either - only a host reboot restores function Finally I created a not iocage managed jail on the problem host. Please ignore the `iocage` in the path, I used it to populate the root directory. But it is not started by iocage at boot time and the manual config is this: testjail { host.hostname =3D "testjail"; # hostname path =3D "/iocage/jails/testjail/root"; # root directory exec.clean; exec.system_user =3D "root"; exec.jail_user =3D "root"; vnet;=20 vnet.interface =3D "epair999b"; exec.prestart +=3D "ifconfig epair999 create; ifconfig epair999a = inet6 2A00:B580:8000:8000::1/64 auto_linklocal"; exec.poststop +=3D "sleep 2; ifconfig epair999a destroy; sleep = 2"; =20 # Standard stuff exec.start +=3D "/bin/sh /etc/rc"; exec.stop =3D "/bin/sh /etc/rc.shutdown"; exec.consolelog =3D "/var/log/jail_testjail_console.log"; mount.devfs; #mount devfs allow.raw_sockets; #allow ping-pong devfs_ruleset=3D"4"; #devfs ruleset for this jail } $ cat /iocage/jails/testjail/root/etc/rc.conf hostname=3D"testjail" ifconfig_epair999b_ipv6=3D"inet6 2A00:B580:8000:8000::2/64 = auto_linklocal" When I do `service jail onestart testjail` I can then ping6 the jail = from the host and the host from the jail. As you can see the if_bridge is not involved in this traffic. When the host is in the wedged state and I start this testjail the same way, no communication across the epair interface is possible. To me this seems to indicate that not the bridge but all epair = interfaces stop working at the very same time. OS is RELENG_11_3, hardware and specifically network adapters vary, we = have igb, ix, ixl, bnxt ... Does anyone have a suggestion what diagnostic measures could help to = pinpoint the culprit? The random occurrance and the fact that the problem seems = to prefer the production environment only makes this a real pain ... Thanks and kind regards, Patrick --=20 punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de info@punkt.de AG Mannheim 108285 Gesch=C3=A4ftsf=C3=BChrer: J=C3=BCrgen Egeling, Daniel Lienert, Fabian = Stein From owner-freebsd-net@freebsd.org Fri Dec 20 11:08:09 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E0FD81D6330 for ; Fri, 20 Dec 2019 11:08:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47fQvs5kd5z3Lps for ; Fri, 20 Dec 2019 11:08:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id C4BD71D632F; Fri, 20 Dec 2019 11:08:09 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C483F1D632E for ; Fri, 20 Dec 2019 11:08:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fQvs4vpDz3Lpp for ; Fri, 20 Dec 2019 11:08:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A3EAE25D36 for ; Fri, 20 Dec 2019 11:08:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBKB896o086505 for ; Fri, 20 Dec 2019 11:08:09 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBKB89RG086504 for net@FreeBSD.org; Fri, 20 Dec 2019 11:08:09 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 234985] epair: Kernel panic when destroying epair interface of vnet jail after using ifconfig inside the jail Date: Fri, 20 Dec 2019 11:08:07 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: crash, needs-patch, needs-qa, vimage X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable12- X-Bugzilla-Changed-Fields: bug_status short_desc see_also keywords assigned_to flagtypes.name cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 11:08:09 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D234985 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Open Summary|kernel panic when |epair: Kernel panic when |destroying epair interface |destroying epair interface |of vnet jail after using |of vnet jail after using |ifconfig inside the jail |ifconfig inside the jail See Also| |https://bugs.freebsd.org/bu | |gzilla/show_bug.cgi?id=3D2= 388 | |70 Keywords|panic |crash, needs-patch, | |needs-qa Assignee|bugs@FreeBSD.org |net@FreeBSD.org Flags| |mfc-stable12- CC| |net@FreeBSD.org --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Fri Dec 20 11:22:06 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 98E431D6A89 for ; Fri, 20 Dec 2019 11:22:06 +0000 (UTC) (envelope-from zec@fer.hr) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00064.outbound.protection.outlook.com [40.107.0.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fRCw4ZB0z3MT6 for ; Fri, 20 Dec 2019 11:22:04 +0000 (UTC) (envelope-from zec@fer.hr) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=H9qaOMFOTqfu9pthsdemiNqUg86FUPJnCI9RWFGZRqcURiudVM1Prbn8yuNmlC6wNnRBXaiMlFebJ+c5IR8R+OzVytHLgVM6hvPVKAuSuwp6q9iAY1P1VX3CWAKrYpsa93mEZGW7KGyKmNEeTtEZ2Ox88YaHGtSOj8iiqdJnyVLRkSgdTBNu0eIY9DKDwmK4xCDTtq56b0ZtzpIBCtm0Ku9O/aVT9XWTsH7g5ZTVoUCqODaUrSderWZ/dVm4JHwGFcaLFmfGaYuMRAT9B+PtFOXz+neHpFoWvWIlWIyRwiHz4ThRnaXnTV/EaRLEYXxrQHSh2kSKCYehEA9Z/5rbEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K2H2xWCn4Sn31fYk8GloZC5yaHdWu8ekK8nkbPCaWVA=; b=dFwdiux0NTGih7L0dcS9Ff0Po7kaMpDIlxkucsRJ5Rqe9iyPt609J7RxDVMSYedl/Puyiftrats2+sllBXdAwRk+AplrK+aI3Tp+svFgYe7uQDAlqorcxYQXPCD9SUuRs5TTVtUSDC/7q3Tsyfi+bNSMX3bG5rgfeLqbue8LlClvTKdhAhkwuerFFkUN0mnhVxUHJqi8Q1ccVFGKUhyGx/Q73+PL8gDVukLWfmNKlin8r1+6abnp3rsylRrCJKt8aloIzRp8+xIp4lTQYu+UQ/RibYGLBu2yTYPG+ueJFGoAyU8p0u7V5sqojqV75uMXK2tnpDCVqd9XPII8SCLkTw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fer.hr; dmarc=pass action=none header.from=fer.hr; dkim=pass header.d=fer.hr; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ferhr.onmicrosoft.com; s=selector2-ferhr-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K2H2xWCn4Sn31fYk8GloZC5yaHdWu8ekK8nkbPCaWVA=; b=hF36dFR/Wkb3ag3wuq6IgruSyuLTFcMf3fMO1j/GgFbuSYAeuDPjr+yK/piriBKwAw8hO/7iMiqrTFFS6c1Zk96n9eKno1c83Kt1//RvZvdF9AVYnnA6Q+f/Vc/PMJD0gW8q6oCVV6obSjvHIlZsr5ZIJEiPZnj3M36hnM2MRWE= Received: from AM6PR08MB3078.eurprd08.prod.outlook.com (52.135.164.16) by AM6PR08MB3541.eurprd08.prod.outlook.com (20.177.116.95) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2538.14; Fri, 20 Dec 2019 11:22:01 +0000 Received: from AM6PR08MB3078.eurprd08.prod.outlook.com ([fe80::a8d0:1e6:a51:66aa]) by AM6PR08MB3078.eurprd08.prod.outlook.com ([fe80::a8d0:1e6:a51:66aa%3]) with mapi id 15.20.2559.016; Fri, 20 Dec 2019 11:22:01 +0000 From: Marko Zec To: "Patrick M. Hausen" CC: "freebsd-net@freebsd.org" , Kristof Provost Subject: Re: Continuing problems in a bridged VNET setup Thread-Topic: Continuing problems in a bridged VNET setup Thread-Index: AQHVtx7/PdlOyA2FWE2l/uUQiHRcnKfC4WkA Date: Fri, 20 Dec 2019 11:22:01 +0000 Message-ID: <20191220122256.76942c07@x23> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: AM3PR07CA0069.eurprd07.prod.outlook.com (2603:10a6:207:4::27) To AM6PR08MB3078.eurprd08.prod.outlook.com (2603:10a6:209:46::16) x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; amd64-portbld-freebsd11.3) x-originating-ip: [161.53.19.9] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d8d5fb94-a385-4b3d-0757-08d7853ed5a6 x-ms-traffictypediagnostic: AM6PR08MB3541: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 025796F161 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(7916004)(396003)(39850400004)(136003)(366004)(376002)(346002)(199004)(189003)(53754006)(9686003)(6512007)(478600001)(186003)(6916009)(6486002)(33716001)(6506007)(5660300002)(52116002)(71200400001)(316002)(786003)(26005)(8936002)(81166006)(81156014)(8676002)(2906002)(66556008)(66946007)(66476007)(4326008)(64756008)(54906003)(1076003)(86362001)(66446008)(39210200001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB3541; H:AM6PR08MB3078.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: fer.hr does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: E0DA4tZanMhIHKKdc5DcS0bJlgsLPsaqHjZi2rOEG34IMegWRmR+moTFFRz9JaGUe5HFlOTGFfEXStsv3JYyyGuA8CS2d9hCJShtoMQW1GSpDVl1tVb1AGLjwXI3Hm7sBIwOam2ZAZMWabpu45/qH70TqOF25tPV8vtoYooOqyPY10nRRmJCK4rez8deH0+Gq3eaxgbWDeg/yzTz9wEOKDgmQv1Z6Jzif4CjY38ob5wDTa5kavlhUOHdQ9WWCwjUOhLnEjKvKZPsDBvs3iswWyRknBQH3KhxUpDAN6KAFsSt+bnV/Rjq1XrxPtTNTO+2nKtSt7nMRg3J01XunVSpUrOFPRFWvrh2t4FAVFLWKOMbyjDQqW48L9XiGboWxyKKLSiwgucbxCpMwk1ezJp7hXNWMPds5f9tTd5MzEAdwv78wR3JvIuFvV8EncdQOOv8xjag4fnNwC8lOtB3XvixcJV/c98PuNhGnh4hyDo4ZOV5W2uKBZbFSfA7SHnH+4ykSW6HBXXP3qGjVPhh24q30g== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: fer.hr X-MS-Exchange-CrossTenant-Network-Message-Id: d8d5fb94-a385-4b3d-0757-08d7853ed5a6 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Dec 2019 11:22:01.6877 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: ca71eddc-cc7b-4e5b-95bd-55b658e696be X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: LKL+dg/L6MAONcvSxSHyx20+yK9GjINQaZw3Pb8L3Iied3Dl0kMfusNUruEdepuQ X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3541 X-Rspamd-Queue-Id: 47fRCw4ZB0z3MT6 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ferhr.onmicrosoft.com header.s=selector2-ferhr-onmicrosoft-com header.b=hF36dFR/; dmarc=none; spf=pass (mx1.freebsd.org: domain of zec@fer.hr designates 40.107.0.64 as permitted sender) smtp.mailfrom=zec@fer.hr X-Spamd-Result: default: False [-4.36 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[ferhr.onmicrosoft.com:s=selector2-ferhr-onmicrosoft-com]; HAS_XOIP(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip4:40.107.0.0/16]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[fer.hr]; TO_DN_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[ferhr.onmicrosoft.com:+]; RCVD_IN_DNSWL_NONE(0.00)[64.0.107.40.list.dnswl.org : 127.0.3.0]; IP_SCORE(-1.36)[ipnet: 40.64.0.0/10(-3.84), asn: 8075(-2.92), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8075, ipnet:40.64.0.0/10, country:US]; ARC_ALLOW(-1.00)[i=1] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 11:22:06 -0000 Perhaps you could ditch if_bridge(4) and epair(4), and try ng_eiface(4) with ng_bridge(4) instead? Works rock-solid 24/7 here on 11.2 / 11.3. Marko On Fri, 20 Dec 2019 11:19:24 +0100 "Patrick M. Hausen" wrote: > Hi all, >=20 > we still experience occasional network outages in production, > yet have not been able to find the root cause. >=20 > We run around 50 servers with VNET jails. some of them with > a handful, the busiest ones with 50 or more jails each. >=20 > Every now and then the jails are not reachable over the net, > anymore. The server itself is up and running, all jails are > up and running, one can ssh to the server but none of the > jails can communicate over the network. >=20 > There seems to be no pattern to the time of occurrance except > that more jails on one system make it "more likely". > Also having more than one bridge, e.g. for private networks > between jails seems to increase the probability. > When a server shows the problem it tends to get into the state > rather frequently, a couple of hours inbetween. Then again > most servers run for weeks without exhibiting the problem. > That's what makes it so hard to reproduce. The last couple of > days one system was failing regularly until we reduced the number > of jails from around 80 to around 50. Now it seems stable again. >=20 > I have a test system with lots of jails that I work with gatling > that did not show a single failure so far :-( >=20 >=20 > Setup: >=20 > All jails are iocage jails with VNET interfaces. They are > connected to at least one bridge that starts with the > physical external interface as a member and gets jails' > epair interfaces added as they start up. All jails are managed > by iocage. >=20 > ifconfig_igb0=3D"-rxcsum -rxcsum6 -txcsum -txcsum6 -vlanhwtag > -vlanhwtso up" cloned_interfaces=3D"bridge0" > ifconfig_bridge0_name=3D"inet0" > ifconfig_inet0=3D"addm igb0 up" > ifconfig_inet0_ipv6=3D"inet6 /64 auto_linklocal" >=20 > $ iocage get interfaces vpro0087 > vnet0:inet0 >=20 > $ ifconfig inet0 > inet0: flags=3D8843 metric 0 > mtu 1500 ether 90:1b:0e:63:ef:51 > inet6 fe80::921b:eff:fe63:ef51%inet0 prefixlen 64 scopeid 0x4 > inet6 prefixlen 64 > nd6 options=3D21 > groups: bridge > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > member: vnet0.4 flags=3D143 > ifmaxaddr 0 port 7 priority 128 path cost 2000 > member: vnet0.1 flags=3D143 > ifmaxaddr 0 port 6 priority 128 path cost 2000 > member: igb0 flags=3D143 > ifmaxaddr 0 port 1 priority 128 path cost 2000000 >=20 >=20 > What we tried: >=20 > At first we suspected the bridge to become "wedged" somehow. This was > corroborated by talking to various people at devsummits and EuroBSDCon > with Kristof Provost specifically suggesting that if_bridge was > still under giant lock and there might be a problem here that the > lock is not released under some race condition and then the entire > bridge subsystem would be stalled. That sounds plausible given the > random occurrance. >=20 > But I think we can rule out that one, because: >=20 > - ifconfig up/down does not help > - the host is still communicating fine over the same bridge interface > - tearing down the bridge, kldunload (!) of if_bridge.ko followed by > a new kldload and reconstructing the members with `ifconfig addm` > does not help, either > - only a host reboot restores function >=20 > Finally I created a not iocage managed jail on the problem host. > Please ignore the `iocage` in the path, I used it to populate the > root directory. But it is not started by iocage at boot time and > the manual config is this: >=20 > testjail { > host.hostname =3D "testjail"; # hostname > path =3D "/iocage/jails/testjail/root"; # root directory > exec.clean; > exec.system_user =3D "root"; > exec.jail_user =3D "root"; > vnet;=20 > vnet.interface =3D "epair999b"; > exec.prestart +=3D "ifconfig epair999 create; ifconfig > epair999a inet6 2A00:B580:8000:8000::1/64 auto_linklocal"; > exec.poststop +=3D "sleep 2; ifconfig epair999a destroy; sleep 2";=20 > # Standard stuff > exec.start +=3D "/bin/sh /etc/rc"; > exec.stop =3D "/bin/sh /etc/rc.shutdown"; > exec.consolelog =3D "/var/log/jail_testjail_console.log"; > mount.devfs; #mount devfs > allow.raw_sockets; #allow ping-pong > devfs_ruleset=3D"4"; #devfs ruleset for this jail > } >=20 > $ cat /iocage/jails/testjail/root/etc/rc.conf > hostname=3D"testjail" >=20 > ifconfig_epair999b_ipv6=3D"inet6 2A00:B580:8000:8000::2/64 > auto_linklocal" >=20 > When I do `service jail onestart testjail` I can then ping6 the jail > from the host and the host from the jail. As you can see the > if_bridge is not involved in this traffic. >=20 > When the host is in the wedged state and I start this testjail the > same way, no communication across the epair interface is possible. >=20 > To me this seems to indicate that not the bridge but all epair > interfaces stop working at the very same time. >=20 >=20 > OS is RELENG_11_3, hardware and specifically network adapters vary, > we have igb, ix, ixl, bnxt ... >=20 >=20 > Does anyone have a suggestion what diagnostic measures could help to > pinpoint the culprit? The random occurrance and the fact that the > problem seems to prefer the production environment only makes this a > real pain ... >=20 >=20 > Thanks and kind regards, > Patrick From owner-freebsd-net@freebsd.org Fri Dec 20 11:32:11 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3957D1D6D9E for ; Fri, 20 Dec 2019 11:32:11 +0000 (UTC) (envelope-from meka@tilda.center) Received: from comms.tilda.center (comms.tilda.center [217.69.6.248]) by mx1.freebsd.org (Postfix) with ESMTP id 47fRRZ1tnKz3Myk for ; Fri, 20 Dec 2019 11:32:09 +0000 (UTC) (envelope-from meka@tilda.center) Received: from localhost (79-101-199-95.dynamic.isp.telekom.rs [79.101.199.95]) by comms.tilda.center (Postfix) with ESMTPSA id 2E5102496D; Fri, 20 Dec 2019 12:32:02 +0100 (CET) Date: Fri, 20 Dec 2019 11:31:59 +0000 In-Reply-To: <20191220122256.76942c07@x23> References: <20191220122256.76942c07@x23> MIME-Version: 1.0 Subject: Re: Continuing problems in a bridged VNET setup To: freebsd-net@freebsd.org, Marko Zec , "Patrick M. Hausen" CC: Kristof Provost , "freebsd-net@freebsd.org" From: =?UTF-8?Q?Goran_Meki=C4=87?= Message-ID: <1AB8ACD6-0FF0-487C-963D-3A1B05288FD9@tilda.center> X-Rspamd-Queue-Id: 47fRRZ1tnKz3Myk X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.33 / 15.00]; ARC_NA(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; R_DKIM_ALLOW(-0.20)[tilda.center:s=mail]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; URI_COUNT_ODD(1.00)[3]; RCPT_COUNT_FIVE(0.00)[5]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[tilda.center:+]; DMARC_POLICY_ALLOW(-0.50)[tilda.center,reject]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; IP_SCORE(-0.44)[asn: 20473(-2.12), country: US(-0.05)]; ASN(0.00)[asn:20473, ipnet:217.69.0.0/20, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 11:32:11 -0000 On December 20, 2019 11:22:01 AM UTC, Marko Zec wrote: >Perhaps you could ditch if_bridge(4) and epair(4), and try ng_eiface(4) >with ng_bridge(4) instead? Works rock-solid 24/7 here on 11=2E2 / 11=2E3= =2E > >Marko > >On Fri, 20 Dec 2019 11:19:24 +0100 >"Patrick M=2E Hausen" wrote: > >> Hi all, >>=20 >> we still experience occasional network outages in production, >> yet have not been able to find the root cause=2E >>=20 >> We run around 50 servers with VNET jails=2E some of them with >> a handful, the busiest ones with 50 or more jails each=2E >>=20 >> Every now and then the jails are not reachable over the net, >> anymore=2E The server itself is up and running, all jails are >> up and running, one can ssh to the server but none of the >> jails can communicate over the network=2E >>=20 >> There seems to be no pattern to the time of occurrance except >> that more jails on one system make it "more likely"=2E >> Also having more than one bridge, e=2Eg=2E for private networks >> between jails seems to increase the probability=2E >> When a server shows the problem it tends to get into the state >> rather frequently, a couple of hours inbetween=2E Then again >> most servers run for weeks without exhibiting the problem=2E >> That's what makes it so hard to reproduce=2E The last couple of >> days one system was failing regularly until we reduced the number >> of jails from around 80 to around 50=2E Now it seems stable again=2E >>=20 >> I have a test system with lots of jails that I work with gatling >> that did not show a single failure so far :-( >>=20 >>=20 >> Setup: >>=20 >> All jails are iocage jails with VNET interfaces=2E They are >> connected to at least one bridge that starts with the >> physical external interface as a member and gets jails' >> epair interfaces added as they start up=2E All jails are managed >> by iocage=2E >>=20 >> ifconfig_igb0=3D"-rxcsum -rxcsum6 -txcsum -txcsum6 -vlanhwtag >> -vlanhwtso up" cloned_interfaces=3D"bridge0" >> ifconfig_bridge0_name=3D"inet0" >> ifconfig_inet0=3D"addm igb0 up" >> ifconfig_inet0_ipv6=3D"inet6 /64 auto_linklocal" >>=20 >> $ iocage get interfaces vpro0087 >> vnet0:inet0 >>=20 >> $ ifconfig inet0 >> inet0: flags=3D8843 metric 0 >> mtu 1500 ether 90:1b:0e:63:ef:51 >> inet6 fe80::921b:eff:fe63:ef51%inet0 prefixlen 64 scopeid 0x4 >> inet6 prefixlen 64 >> nd6 options=3D21 >> groups: bridge >> id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 >> maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 >> root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 >> member: vnet0=2E4 flags=3D143 >> ifmaxaddr 0 port 7 priority 128 path cost 2000 >> member: vnet0=2E1 flags=3D143 >> ifmaxaddr 0 port 6 priority 128 path cost 2000 >> member: igb0 flags=3D143 >> ifmaxaddr 0 port 1 priority 128 path cost 2000000 >>=20 >>=20 >> What we tried: >>=20 >> At first we suspected the bridge to become "wedged" somehow=2E This was >> corroborated by talking to various people at devsummits and >EuroBSDCon >> with Kristof Provost specifically suggesting that if_bridge was >> still under giant lock and there might be a problem here that the >> lock is not released under some race condition and then the entire >> bridge subsystem would be stalled=2E That sounds plausible given the >> random occurrance=2E >>=20 >> But I think we can rule out that one, because: >>=20 >> - ifconfig up/down does not help >> - the host is still communicating fine over the same bridge interface >> - tearing down the bridge, kldunload (!) of if_bridge=2Eko followed by >> a new kldload and reconstructing the members with `ifconfig addm` >> does not help, either >> - only a host reboot restores function >>=20 >> Finally I created a not iocage managed jail on the problem host=2E >> Please ignore the `iocage` in the path, I used it to populate the >> root directory=2E But it is not started by iocage at boot time and >> the manual config is this: >>=20 >> testjail { >> host=2Ehostname =3D "testjail"; # hostname >> path =3D "/iocage/jails/testjail/root"; # root directory >> exec=2Eclean; >> exec=2Esystem_user =3D "root"; >> exec=2Ejail_user =3D "root"; >> vnet;=20 >> vnet=2Einterface =3D "epair999b"; >> exec=2Eprestart +=3D "ifconfig epair999 create; ifconfig >> epair999a inet6 2A00:B580:8000:8000::1/64 auto_linklocal"; >> exec=2Epoststop +=3D "sleep 2; ifconfig epair999a destroy; sleep 2";=20 >> # Standard stuff >> exec=2Estart +=3D "/bin/sh /etc/rc"; >> exec=2Estop =3D "/bin/sh /etc/rc=2Eshutdown"; >> exec=2Econsolelog =3D "/var/log/jail_testjail_console=2Elog"; >> mount=2Edevfs; #mount devfs >> allow=2Eraw_sockets; #allow ping-pong >> devfs_ruleset=3D"4"; #devfs ruleset for this jail >> } >>=20 >> $ cat /iocage/jails/testjail/root/etc/rc=2Econf >> hostname=3D"testjail" >>=20 >> ifconfig_epair999b_ipv6=3D"inet6 2A00:B580:8000:8000::2/64 >> auto_linklocal" >>=20 >> When I do `service jail onestart testjail` I can then ping6 the jail >> from the host and the host from the jail=2E As you can see the >> if_bridge is not involved in this traffic=2E >>=20 >> When the host is in the wedged state and I start this testjail the >> same way, no communication across the epair interface is possible=2E >>=20 >> To me this seems to indicate that not the bridge but all epair >> interfaces stop working at the very same time=2E >>=20 >>=20 >> OS is RELENG_11_3, hardware and specifically network adapters vary, >> we have igb, ix, ixl, bnxt =2E=2E=2E >>=20 >>=20 >> Does anyone have a suggestion what diagnostic measures could help to >> pinpoint the culprit? The random occurrance and the fact that the >> problem seems to prefer the production environment only makes this a >> real pain =2E=2E=2E >>=20 >>=20 >> Thanks and kind regards, >> Patrick > >_______________________________________________ >freebsd-net@freebsd=2Eorg mailing list >https://lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd=2Eorg" Does it work with pf? --=20 Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E From owner-freebsd-net@freebsd.org Fri Dec 20 11:43:32 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 82D0C1D72CF for ; Fri, 20 Dec 2019 11:43:32 +0000 (UTC) (envelope-from zec@fer.hr) Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30075.outbound.protection.outlook.com [40.107.3.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fRhg1p0Sz3NW0 for ; Fri, 20 Dec 2019 11:43:30 +0000 (UTC) (envelope-from zec@fer.hr) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=llMtIV6mEZMO7nim0w/45uB1qzz2CUm3QMkpL2TqRGogjXDY0TtOuu7f4rKaGuO9boHtvFq8l3a4chlTYMtfDT7X3sxaRA1v8rQrFgG9yirl4LItzEocv2lOuTLHFc9DVXui2Yk7OaOSUYXq6w1ZTHB50CSweCzcFam6HOZToMDipGNPDO6w5iENTtMdu4PkuCaxA22l/KW/HSMXS2TamfzNUntnW+vrCw0aRhLNo0r8geANbC2HYeSwXnOWxTMeSXElOtctr/aO2NfXL11CVNXD3d5WydHari9MjkS9FhWE9sVNefEvAAdA9QU716q3rjNQ2e/+jeMzpiiio/v4Bg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fNEGiQWsLWqNJE0V6O/2BpHOhRHvfAK3O13pmxA+eic=; b=Qbmb5jZhyL3xU02vmbmMme471W4SHmH3hCGchQqj4HTKS2TtIKToDGEAH6eGJR5wSvBuSDSDRFV5avq7eZpAILwf2gleYY+Ylja5PqGB89DI/Gkfy6EHD1X8OdcrqvfSIK9ThfjKN0vdox0da49oL9bwqHgHECgJUumvEW4fMHISadHCDgFcTrTwk1kjGYcEa1q9Rlr1ESKKPm5TV0pm8IrMOf/kiDonzzc4fwwcoO2L6waZfUsrNuPFYFsBuSvQXxsTY+Im9dSlzmcmfJ+y52SJNjtSdtpyrqOOZnXMeAQ6qx3gSh94tQVidM0uZTsQXzzTm7INiLEbdNBMwIfBWg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fer.hr; dmarc=pass action=none header.from=fer.hr; dkim=pass header.d=fer.hr; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ferhr.onmicrosoft.com; s=selector2-ferhr-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fNEGiQWsLWqNJE0V6O/2BpHOhRHvfAK3O13pmxA+eic=; b=G+xENGXu8k84TVQh1sQCbLUeU/mpbutA8mRuHmWmwH+7UradI2+pNOs7z43FqqVCTof4oMdxyGj1UfbZy2nyDzPNNuDu0IJvZpjhWsDVlT1z7eCgTIvzGaTLQ+YWCw2j3cTp11E6dJiMFtEe/BvZV8E8PnYpUx9VzAXMffV4/EQ= Received: from AM6PR08MB3078.eurprd08.prod.outlook.com (52.135.164.16) by AM6PR08MB4246.eurprd08.prod.outlook.com (20.179.6.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2538.19; Fri, 20 Dec 2019 11:43:28 +0000 Received: from AM6PR08MB3078.eurprd08.prod.outlook.com ([fe80::a8d0:1e6:a51:66aa]) by AM6PR08MB3078.eurprd08.prod.outlook.com ([fe80::a8d0:1e6:a51:66aa%3]) with mapi id 15.20.2559.016; Fri, 20 Dec 2019 11:43:28 +0000 From: Marko Zec To: Goran Meki? CC: "freebsd-net@freebsd.org" , "Patrick M. Hausen" , Kristof Provost Subject: Re: Continuing problems in a bridged VNET setup Thread-Topic: Continuing problems in a bridged VNET setup Thread-Index: AQHVtx7/PdlOyA2FWE2l/uUQiHRcnKfC4WkAgAACh4CAAAN2AA== Date: Fri, 20 Dec 2019 11:43:28 +0000 Message-ID: <20191220124422.11c03f5c@x23> References: <20191220122256.76942c07@x23> <1AB8ACD6-0FF0-487C-963D-3A1B05288FD9@tilda.center> In-Reply-To: <1AB8ACD6-0FF0-487C-963D-3A1B05288FD9@tilda.center> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: FRYP281CA0002.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10::12) To AM6PR08MB3078.eurprd08.prod.outlook.com (2603:10a6:209:46::16) x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; amd64-portbld-freebsd11.3) x-originating-ip: [161.53.19.9] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 96b44354-e427-4b4d-6493-08d78541d47d x-ms-traffictypediagnostic: AM6PR08MB4246: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4303; x-forefront-prvs: 025796F161 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(7916004)(346002)(366004)(376002)(136003)(39850400004)(396003)(199004)(189003)(66446008)(66476007)(64756008)(186003)(66946007)(8936002)(81166006)(81156014)(5660300002)(8676002)(66556008)(9686003)(6512007)(54906003)(786003)(71200400001)(6506007)(52116002)(4326008)(33716001)(86362001)(2906002)(478600001)(6486002)(26005)(1076003)(4744005)(6916009)(316002)(39210200001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB4246; H:AM6PR08MB3078.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: fer.hr does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: BeFpJYiA4mz15buwlV3efoY7juRMEfvtJjW0pwoI9HN73Y78dHu9UPx3nSpc+jdIaSVB4AF+aiFLvkuvQi2h70Wg5rNYiPKAnbfKV0nVD+n/EbWNNMdWx6RT4Z+mTtfxJNnIGuPzh+N6xpEEdlcMhwlYlhOyhc3dCwEVUjt0zRj515D2l/aHZTLEkZsPJIcqvjcyXDVIjQ4cmHeuRjMvIsI6o1e7PQxaZkTg7SOXWEQ+6CVjN+PlzKG/bRum4IV/mZOSGSXfkmG6Y17h6tIOKLWJTq9igsDpFJqNTAhd2XQSHxoG9VQ+aiRHKjZyrLC76DeOpjpVGT5iS/8Mo9qMI2wBS/OzeSh/ci3xFEhIUZz4YtcFhp6GmQhsKYlk0K+sEi6jUMuKmWYJdTyOfvLTz/nja8EpdrGKqM6XWtyCGkgU8CQ8x+Dk0v/G101y5DWajaIt2TdDPUbVxv7fuY2x5Gp544cklrITerkBRD99/ucJsKF4/khfPaGAFyKplvZK x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: fer.hr X-MS-Exchange-CrossTenant-Network-Message-Id: 96b44354-e427-4b4d-6493-08d78541d47d X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Dec 2019 11:43:28.2729 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: ca71eddc-cc7b-4e5b-95bd-55b658e696be X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: xdqBARlWbrNQcAiwJUjDSmGVNMPsdJptboG4B5DZ2WQuMrKPAuledpQbdgyPtNZj X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4246 X-Rspamd-Queue-Id: 47fRhg1p0Sz3NW0 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ferhr.onmicrosoft.com header.s=selector2-ferhr-onmicrosoft-com header.b=G+xENGXu; dmarc=none; spf=pass (mx1.freebsd.org: domain of zec@fer.hr designates 40.107.3.75 as permitted sender) smtp.mailfrom=zec@fer.hr X-Spamd-Result: default: False [-4.26 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[ferhr.onmicrosoft.com:s=selector2-ferhr-onmicrosoft-com]; HAS_XOIP(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip4:40.107.0.0/16]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[fer.hr]; TO_DN_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[ferhr.onmicrosoft.com:+]; MIME_BASE64_TEXT(0.10)[]; RCVD_IN_DNSWL_NONE(0.00)[75.3.107.40.list.dnswl.org : 127.0.3.0]; IP_SCORE(-1.36)[ipnet: 40.64.0.0/10(-3.84), asn: 8075(-2.92), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8075, ipnet:40.64.0.0/10, country:US]; ARC_ALLOW(-1.00)[i=1] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 11:43:32 -0000 T24gRnJpLCAyMCBEZWMgMjAxOSAxMTozMTo1OSArMDAwMA0KR29yYW4gTWVracSHIDxtZWthQHRp bGRhLmNlbnRlcj4gd3JvdGU6DQoNCj4gT24gRGVjZW1iZXIgMjAsIDIwMTkgMTE6MjI6MDEgQU0g VVRDLCBNYXJrbyBaZWMgPHplY0BmZXIuaHI+IHdyb3RlOg0KPiA+UGVyaGFwcyB5b3UgY291bGQg ZGl0Y2ggaWZfYnJpZGdlKDQpIGFuZCBlcGFpcig0KSwgYW5kIHRyeQ0KPiA+bmdfZWlmYWNlKDQp IHdpdGggbmdfYnJpZGdlKDQpIGluc3RlYWQ/ICBXb3JrcyByb2NrLXNvbGlkIDI0LzcgaGVyZQ0K PiA+b24gMTEuMiAvIDExLjMuDQo+IA0KPiBEb2VzIGl0IHdvcmsgd2l0aCBwZj8NCg0KSW4gdGhl IHBhcnRpY3VsYXIgcHJvZHVjdGlvbiBzZXR1cCBJIHdhcyByZWZlcmluZyB0byB3ZSB1c2UgaXBm dywgc28NCmNhbid0IHNoYXJlIGFueSAxc3QtaGFuZCBleHBlcmllbmNlcyB3aXRoIHBmLg0KDQpN YXJrbw0K From owner-freebsd-net@freebsd.org Fri Dec 20 15:23:22 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4EDD21DC0F8 for ; Fri, 20 Dec 2019 15:23:22 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47fXZK132Bz44N5 for ; Fri, 20 Dec 2019 15:23:20 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=Message-ID:Subject:To:From:Date:In-Reply-To; bh=2XiwxmAryV4rLLIg1cLaypsJLA71ivrutF+z7lu7M9s=; b=o7K9OKBxLT5GC7Pg8Ka8nIlP0R jzCqKMdY2EusrXJtWp8WNwVBIjDNJwJOYWhbogZPCLN+TD1+rYJZsbLoKI5EED22X2+L9jZQyiWsb Z78pCI04wpDYVn53vc1qK5VitV+q8VSGRgDFKku6Ftg1DncoHfEcSi0+WJqSkU7XigFY=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iiK7W-000ETT-2L for freebsd-net@freebsd.org; Fri, 20 Dec 2019 22:23:14 +0700 Date: Fri, 20 Dec 2019 22:23:14 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: IPSec transport mode, mtu, fragmentation... Message-ID: <20191220152314.GA55278@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="3V7upXqbjpZ4EhLz" Content-Disposition: inline X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47fXZK132Bz44N5 X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=o7K9OKBx; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.50 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.40)[ip: (-9.88), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-2.13), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 15:23:22 -0000 --3V7upXqbjpZ4EhLz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Dear Colleagues, I've set up IPSec in transport mode between two regular FreeBSD hosts, for testing. Now TCP sessions between those hosts don't work normally any more. For example, scp is stalled almost immediately after starting a file transfer, and so is interactive ssh eventually. I feel that the problem is somehow related to MTU, MSS and fragmentation of ESP packets, because: 1. When IPSec is disabled, I can "ping -s1472 -D" the remote host all right.=20 2. When IPSec is enabled, the maximum packet size I've been able to send through is "ping -s1414 -D". ("ping -s1415 -D host-b" already disappears in the void). I'm really at a loss what to do about that. In transport mode, there is no network interface I could adjust MTU on, or run some kind of MSS fixer. PS And I'm talking about IPv4 only for now, but "{scp, ssh} -6" is stalling= too. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --3V7upXqbjpZ4EhLz Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd/OdiAAoJEA2k8lmbXsY0zDAH+wUmN1zez/0LC2AQRj3MMabv Ri7HkEHnFcQ3e/01qGAhM3n8Jks6xmmPJ49uiyrGoMx/A75J7g9gw562HvSzDxmg tlUe/WYi1uzyVd+2li/+XW1iwrbJLYTar1vj5+dxMh66lHibpYR+bXf8Xl4BG2o6 gSjSDo7w0uisCHIXT30BKPClsPid/HJJaXdDJgH1NGBer8sV12GXQQ/U7Hc8F/4w 2M32i6PwmkL7CZ0a+8AZxkHtiO7IJ5Q2rIfryOGog9OBxVyNb7ZW+29fVp9lnbez E5PF8z2UvPQvcX++O+wB2oP4rWgxsLoTYwOJE29kJZOgpRCiTOdzk47FgDwFktU= =OWI/ -----END PGP SIGNATURE----- --3V7upXqbjpZ4EhLz-- From owner-freebsd-net@freebsd.org Fri Dec 20 15:26:38 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1703A1DC2B5 for ; Fri, 20 Dec 2019 15:26:38 +0000 (UTC) (envelope-from vegeta@tuxpowered.net) Received: from mail-wm1-x344.google.com (mail-wm1-x344.google.com [IPv6:2a00:1450:4864:20::344]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fXf46dZ3z44bP for ; Fri, 20 Dec 2019 15:26:36 +0000 (UTC) (envelope-from vegeta@tuxpowered.net) Received: by mail-wm1-x344.google.com with SMTP id p17so9660220wmb.0 for ; Fri, 20 Dec 2019 07:26:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tuxpowered-net.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to; bh=XGIysxh2H7ZxcaPg7yzqDbzgB4yeLyg0ASmF0EpTtys=; b=eusWsq842C4g1CfjOwPljr/vm5Hylf9mtXM1r5NCCzV80ngvwFKdK1iXakN2IgDeIh 8E+WzHsnJGYwd9hbemy4bSjillJf5Wa3XV3wh4MWV+xsWZVdTLHCJ2T3fUDQSsvUbcb8 ieKU6D2GVkBu4L23bB8XLxGRlQnbibgUNdTAN/inc+ky7DiO7Fj7tzXKQduUyZOfL5QG c0S/7mb/PX9hVLzn8rn+tc1/jXL+/rANTW1zcGQ958CEl2y3BBLDBTwb5ZqnFMwenIsW 2Jm9ZK/H9IHPegRZOUhX2NeObnOjpolTJX6YHAHA6lfisaiYOYk3+V1inFkNgpieA0pl sQ9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to; bh=XGIysxh2H7ZxcaPg7yzqDbzgB4yeLyg0ASmF0EpTtys=; b=ApBMEMQm5pj4IrqnF9FdmJ825F2NGB7Rqw3z6g7YZVQZGowSR7Z3fAoGdB3y2X2Vz9 ytJ+eyThhEgbacfyEED2ndvnhzBnwzcYesEay/g67IPuSTVeRhVRNfCSn2R457cXeuQt LwywEh/XQcfMH0K3NWFcEJSBYp4IjngtJBRJoGJ0a0UIMtomTtUUNeO/SLqZw3rhpIwU rgcjTi0L17Yjef41HBiX5baWfIIgoj7kXRUfTXiNJdLlG8AzTeB5XwAnvQJ1OrDmtPzn 7TGqVUVoGCGIHY9GfHV3uxlZQYHKElMlveTZNrwq25VBdiUEUDqVbYCxbnAnCXUigzOW HXVg== X-Gm-Message-State: APjAAAUs9UOii1mIjte80Oq6NhcDkG7TYjX0QPNjeapvBmWDVHOYxYUd lTHE1hLwAMqGPQuAmenoUkekSNFj6ck= X-Google-Smtp-Source: APXvYqx2leXVpJhiq+GKtTAHF7jUAF3x4t2xB992GDqSGiYsvcH83oKlbiseLc4PVFIV1E0C+NXEkQ== X-Received: by 2002:a1c:9896:: with SMTP id a144mr17088419wme.116.1576855594886; Fri, 20 Dec 2019 07:26:34 -0800 (PST) Received: from Proton.local ([212.48.107.10]) by smtp.gmail.com with ESMTPSA id f127sm8649096wma.4.2019.12.20.07.26.33 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 Dec 2019 07:26:33 -0800 (PST) Subject: Re: IPSec transport mode, mtu, fragmentation... To: freebsd-net@freebsd.org References: <20191220152314.GA55278@admin.sibptus.ru> From: Kajetan Staszkiewicz Openpgp: preference=signencrypt Autocrypt: addr=vegeta@tuxpowered.net; keydata= mQGiBELvVycRBADVGZM8mHAsH+R87EBg4O+QTOkL0TjroqamohMlCdBEZgFGcGVoKA9c9Az6 e7xpk90DuaWYrzBKJ+I5drx2ddqdqejLhgNm3QZubE8Cf9cCxBAxnxBZHzmmgVJMOg93lJUQ e9L1BstntodE2xz4jSBB++Zh9eZgRqbn/EICcQmmKwCg9pQfnXRAMr4tFxhsFenxa/JCvFME AK/03irNfB8DezORCfpt7lZuwL5oRJ/TvpoCfwgVkNd6gTLMgSQpKbFytLzAAmRsE+EwVpBo sUzKt4vzmW4bllgPao14TyuVcViah27/da3fHm1HIMkjvro/ONtUivInn+5L33S0meT3KyuK ofwc1A6KucNxhv4rG7RsXuhwZZmQA/0QVni2wq7yc6t15dfCxuDCxG7yXp4pE5Dghp/MMwts leIxJ3JdHaTZ9aIrYT2Rxw8mTXUs89pDi7PCqXA2N4C+RvkoZI0Q6cWs6jHNZGiZRVzkw38r 8ctqtAlcfzlAynX5+Ym9oiNMJ/c/4fAiFrWerMR1rFWDSD56ltQHk0X0oLQsS2FqZXRhbiBT dGFzemtpZXdpY3ogPHZlZ2V0YUB0dXhwb3dlcmVkLm5ldD6IewQTEQgAOwYLCQgHAwIDFQID AxYCAQIeAQIXgAIZARYhBI4RBk5u/YHyZ/QlueO0UK9tezoUBQJd5qIlBQkeucAOAAoJEOO0 UK9tezoUR7cAoIk0VDEW+znh8hbw3zDgnLhKMOj3AJ92fUPkB7huUEtUHtnjJWXNlHAnqLkB DQRC71cpEAQAjXEOKfj9O4eYTWcifEApMYzel9+aWmhNRqqUhJuNO40UDF73biRJ0cjd8miV hZGxcqIdjnZUmxn8Okr+ta7ZU4Q2KNw7B23VKd1jzDKalaUGtCbv8pnvFdBCJwwzdhHJ2vxr e7zkGMrU4x5Od/92YZRCgX229Ic8y7muveQty4sAAwYD/A/FKDQkIu16GVOu9g8ZBLLBi1HS h2eiem/efmfZS1APR7Q5Ouf6KJMeEgBCKY9yqEp9wg97Bt93oi3zP0H1I8rLmrj5hoEE/VEj Cc4XSQ3qrthmQ9bE8fPDZIgodPG1h+dlOzDQoUxKM/YZdbKmV8VkegbAmEng9rJk90gJ+7Qt iGMEGBEIACMWIQSOEQZObv2B8mf0JbnjtFCvbXs6FAUCXDcogwUJGzo2agAKCRDjtFCvbXs6 FNsqAJ9naj/37JF2c1HjhO/4xosKOtGX/QCgn5ADg8fykMSnWmIR0GO/xq9LEzs= Message-ID: Date: Fri, 20 Dec 2019 16:26:25 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: <20191220152314.GA55278@admin.sibptus.ru> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ermzqeDQSJeJ4UDYy5FWzI7C2FtsHFwtt" X-Rspamd-Queue-Id: 47fXf46dZ3z44bP X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tuxpowered-net.20150623.gappssmtp.com header.s=20150623 header.b=eusWsq84; dmarc=none; spf=pass (mx1.freebsd.org: domain of vegeta@tuxpowered.net designates 2a00:1450:4864:20::344 as permitted sender) smtp.mailfrom=vegeta@tuxpowered.net X-Spamd-Result: default: False [1.05 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(0.00)[+ip6:2a00:1450:4000::/36]; HAS_ATTACHMENT(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[tuxpowered-net.20150623.gappssmtp.com:+]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; IP_SCORE(-0.41)[ip: (2.57), ipnet: 2a00:1450::/32(-2.65), asn: 15169(-1.89), country: US(-0.05)]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; RECEIVED_SPAMHAUS_XBL(5.00)[10.107.48.212.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.4]; R_DKIM_ALLOW(0.00)[tuxpowered-net.20150623.gappssmtp.com:s=20150623]; NEURAL_HAM_MEDIUM(-0.79)[-0.785,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.66)[-0.662,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; DMARC_NA(0.00)[tuxpowered.net]; RCPT_COUNT_ONE(0.00)[1]; BAD_REP_POLICIES(0.10)[]; RCVD_IN_DNSWL_NONE(0.00)[4.4.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 15:26:38 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --ermzqeDQSJeJ4UDYy5FWzI7C2FtsHFwtt Content-Type: multipart/mixed; boundary="5YEV8D7W5kPlr7Szdf0OtVLR0YDx3F0rC"; protected-headers="v1" From: Kajetan Staszkiewicz To: freebsd-net@freebsd.org Message-ID: Subject: Re: IPSec transport mode, mtu, fragmentation... References: <20191220152314.GA55278@admin.sibptus.ru> In-Reply-To: <20191220152314.GA55278@admin.sibptus.ru> --5YEV8D7W5kPlr7Szdf0OtVLR0YDx3F0rC Content-Type: text/plain; charset=windows-1252 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable On 20.12.19 16:23, Victor Sudakov wrote: > Dear Colleagues, >=20 > I've set up IPSec in transport mode between two regular FreeBSD hosts, > for testing. Now TCP sessions between those hosts don't work normally > any more. For example, scp is stalled almost immediately after starting= > a file transfer, and so is interactive ssh eventually. >=20 > I feel that the problem is somehow related to MTU, MSS and fragmentatio= n > of ESP packets, because: >=20 > 1. When IPSec is disabled, I can "ping -s1472 -D" the remote host all > right.=20 >=20 > 2. When IPSec is enabled, the maximum packet size I've been able to sen= d > through is "ping -s1414 -D". ("ping -s1415 -D host-b" already disappear= s > in the void). >=20 > I'm really at a loss what to do about that. In transport mode, there is= > no network interface I could adjust MTU on, or run some kind of MSS > fixer. Maybe you could add route to the remote host with -mtu parameter. I've never tested this because I have interfaces (either if_ipsec of if_gif protected with transport mode IPSec) and I do mss clamping in pf, but this could work. --=20 | pozdrawiam / greetings | powered by Debian, FreeBSD and CentOS | | Kajetan Staszkiewicz | jabber,email: vegeta()tuxpowered net | | Vegeta | www: http://vegeta.tuxpowered.net | `------------------------^---------------------------------------' --5YEV8D7W5kPlr7Szdf0OtVLR0YDx3F0rC-- --ermzqeDQSJeJ4UDYy5FWzI7C2FtsHFwtt Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQSOEQZObv2B8mf0JbnjtFCvbXs6FAUCXfzoIQAKCRDjtFCvbXs6 FHzYAJ0WHM1BxFH/vqDMdNNOflw/QYtwfgCgwFKkVCdh4fMFfxB+PdpXRztkhyA= =Qhp0 -----END PGP SIGNATURE----- --ermzqeDQSJeJ4UDYy5FWzI7C2FtsHFwtt-- From owner-freebsd-net@freebsd.org Fri Dec 20 16:03:59 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D97331DCEDA for ; Fri, 20 Dec 2019 16:03:59 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47fYTC0pZ4z46PV for ; Fri, 20 Dec 2019 16:03:58 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=z776uz/uHCfYZykiFge/6SYIdViO9B6/BKtBPDBjLpY=; b=dvFB4pKIFez2qRBf45Rl/7IWPI ovUyYPucurP74+Wt0Xv3ejpWUFkTo1czUQE9g0xhJ8yeE1jb/hUl0+BLoxlkqIJiUSZnnyWDeuFV9 kIzAffYyx7V1cPqEqi+yhcMrAakwsOAz2fEuE5zZPwztSwrH2bWz5BRMF8s4dQeAvXW8=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iiKkv-000Ehc-OV for freebsd-net@freebsd.org; Fri, 20 Dec 2019 23:03:57 +0700 Date: Fri, 20 Dec 2019 23:03:57 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <20191220160357.GB56081@admin.sibptus.ru> References: <20191220152314.GA55278@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="3uo+9/B/ebqu+fSQ" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47fYTC0pZ4z46PV X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=dvFB4pKI; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.50 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.40)[ip: (-9.88), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-2.14), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 16:03:59 -0000 --3uo+9/B/ebqu+fSQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Kajetan Staszkiewicz wrote: > On 20.12.19 16:23, Victor Sudakov wrote: > > Dear Colleagues, > >=20 > > I've set up IPSec in transport mode between two regular FreeBSD hosts, > > for testing. Now TCP sessions between those hosts don't work normally > > any more. For example, scp is stalled almost immediately after starting > > a file transfer, and so is interactive ssh eventually. > >=20 > > I feel that the problem is somehow related to MTU, MSS and fragmentation > > of ESP packets, because: > >=20 > > 1. When IPSec is disabled, I can "ping -s1472 -D" the remote host all > > right.=20 > >=20 > > 2. When IPSec is enabled, the maximum packet size I've been able to send > > through is "ping -s1414 -D". ("ping -s1415 -D host-b" already disappears > > in the void). > >=20 > > I'm really at a loss what to do about that. In transport mode, there is > > no network interface I could adjust MTU on, or run some kind of MSS > > fixer. >=20 > Maybe you could add route to the remote host with -mtu parameter.=20 Just tried "route add -host host-b -mtu 1400 gw". The route is there with the right mtu (according to "route get host-b") but it did not help. Probably the packet is intercepted by IPsec before it gets into routing. What gives? Setting up IPsec transport mode between hosts should be a simple thing which *just* *works*. What's the root of the problem? ESP packets cannot get fragmented or what?=20 > I've > never tested this because I have interfaces (either if_ipsec of if_gif > protected with transport mode IPSec) and I do mss clamping in pf, but > this could work. My goal being the creation of an IPSec protected network between several hosts (running on X.509 certificates to enable automatic traffic protection), configuring tunnels or additional interfaces on each host would be unfeasible. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --3uo+9/B/ebqu+fSQ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd/PDtAAoJEA2k8lmbXsY0nYEH/iyHnSBMuUfPvozZRzSnxUUc zTC4gTq8XMWTiVmPs14kt8KfBIT7hm5YCGypYm22xcZI0W19gbkoSjFyTzO1pgQY DmQSQVGwNFgbPYGLmzeMjYoVu0ztdgDOWYKM7WEpIgRaHXaduqXoFgHSB86FBvUm TA3MUP3KXSWHF3V6BrD6l6sndl0wvreOLbUY0V5NaYPQhbqC83DQBNh1iP4vPdKE SAqbm3WJNjfHxElw2BPxA1n7YIS+cGeb6frwdcSctiH6bHd+Nxr5BQXJaW3ztsdu jWoEbgRNLeAIU0ArKZZKMbZQaNtTJqsXC6JsvGJE8NFrX65rqMLcuu7IrBnsHpM= =t+9/ -----END PGP SIGNATURE----- --3uo+9/B/ebqu+fSQ-- From owner-freebsd-net@freebsd.org Fri Dec 20 16:22:36 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2BC001DD85B for ; Fri, 20 Dec 2019 16:22:36 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47fYtg3MkWz47lc for ; Fri, 20 Dec 2019 16:22:35 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=1JI79CktUgH3iWf4tT+dULePopQ48OHhMFy9wnOUm00=; b=UFbBcUkHCV739Adwjd/vuO3qk3 gLGz0OM9z3JhXBtzxjn0MgNzsAaXkNHFV50FIFFnFn7svfZa8FuEex67OqVvQd4wY6OYtW4VREIrh 1XCbQpQNtNdF5aoyKLyEJUFCcjsz/mCtzIUf/IFjGUj4ODcoJm0WT55Q2deTICaQh8IM=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iiL2v-000Eo3-Ps for freebsd-net@freebsd.org; Fri, 20 Dec 2019 23:22:33 +0700 Date: Fri, 20 Dec 2019 23:22:33 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <20191220162233.GA56815@admin.sibptus.ru> References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="T4sUOijqQbZv57TR" Content-Disposition: inline In-Reply-To: <20191220160357.GB56081@admin.sibptus.ru> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47fYtg3MkWz47lc X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=UFbBcUkH; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.50 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.40)[ip: (-9.88), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-2.14), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 16:22:36 -0000 --T4sUOijqQbZv57TR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Victor Sudakov wrote: [dd] >=20 > What's the root of the problem? ESP packets cannot get fragmented or > what?=20 Wireshark has shown that the "Don't Fragment" flag is set on all ESP (protocol 50) packets. Who does this, why, and how can I switch it off globally? --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --T4sUOijqQbZv57TR Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd/PVJAAoJEA2k8lmbXsY0ydMIAJf7D6Vnaa1w2knkKCByi0fO 8L4oJO3ObA1hxommlhs5aUhS35zLw0nYkDQiXA+jLhX8g6Y4z7mkcx+4TUcGKQxY JkuI2fSH5WYN5n8QiUjFn55QWKo493K5JC3lPi4WJOZ8/vZa9QuIDik4TpUP/HIh JOy/gpFTEUkbMVPGENF/qoSDCTmMFui7uI21jDngA8qFPrBqAqxqr7jkUO5tjMYk Tz/m/DxIEVNKQjHTA9R8pFrqK+3Vt7i/z3AXZV4FsX9BL9WGCUeOPX1vqqqo4QU4 v5obdCVzRyBURpnbxQrsTHKi62WsFLFrGWlBLZEzOrc1FhEvUTieXsY1IWobqho= =xbyg -----END PGP SIGNATURE----- --T4sUOijqQbZv57TR-- From owner-freebsd-net@freebsd.org Fri Dec 20 16:37:32 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 62C8D1DDB93 for ; Fri, 20 Dec 2019 16:37:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47fZCw1Cmyz48C2 for ; Fri, 20 Dec 2019 16:37:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 278D11DDB92; Fri, 20 Dec 2019 16:37:32 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 274B21DDB91 for ; Fri, 20 Dec 2019 16:37:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fZCw0H18z48C1 for ; Fri, 20 Dec 2019 16:37:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 00BBE183A for ; Fri, 20 Dec 2019 16:37:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBKGbVIC083013 for ; Fri, 20 Dec 2019 16:37:31 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBKGbVXq083012 for net@FreeBSD.org; Fri, 20 Dec 2019 16:37:31 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 207261] NETMAP don't do TX sync with kqueue Date: Fri, 20 Dec 2019 16:37:32 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.2-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: slw@zxy.spb.ru X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 16:37:32 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D207261 --- Comment #6 from slw@zxy.spb.ru --- (In reply to Vincenzo Maffione from comment #5) Do you have any progress on this? My guess: 1. on kevent() no changes for netmap FD (associated w/ TX ring) 2. no events (nor RX and nor TX) in kernel for this FD (associated w/ TX ri= ng) =3D> no netmap_knread() call for this FD and no chance for txsync in netmap_poll(). --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Fri Dec 20 16:55:36 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 968DF1DE445 for ; Fri, 20 Dec 2019 16:55:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47fZcm3YZGz49V5 for ; Fri, 20 Dec 2019 16:55:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 785961DE444; Fri, 20 Dec 2019 16:55:36 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 782251DE443 for ; Fri, 20 Dec 2019 16:55:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fZcm2fxZz49V4 for ; Fri, 20 Dec 2019 16:55:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 528A21BD2 for ; Fri, 20 Dec 2019 16:55:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBKGtaMo027377 for ; Fri, 20 Dec 2019 16:55:36 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBKGtawM027376 for net@FreeBSD.org; Fri, 20 Dec 2019 16:55:36 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242712] Networking device detach leaks memory Date: Fri, 20 Dec 2019 16:55:35 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: markj@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: markj@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc assigned_to bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 16:55:36 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242712 Mark Johnston changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |markj@FreeBSD.org Assignee|net@FreeBSD.org |markj@FreeBSD.org Status|New |In Progress --- Comment #1 from Mark Johnston --- Nice find, thank you. This code is largely duplicated between if_delgroup() and if_delgroups() and should be merged. --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Fri Dec 20 16:56:18 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B2ED91DE514 for ; Fri, 20 Dec 2019 16:56:18 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47fZdZ027xz49bM for ; Fri, 20 Dec 2019 16:56:17 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=PgzQfd9EnK1AS2rJ+OHkWQ/WayKW0pWVxaamvhlprmE=; b=DOBntkQyOQpzzkgx7T5fFs/wtl Gn7dXXB2OsfUxTzHgnhJGKj/ht6Yj+UXTZ7fQfsPJPq/qeaiCdov72FGBytQ5m9cO2ust/6zkyXA6 VZ0DXxeYstyiZj5HYjr3vy2kHuVA2eQeYgbVa+qB8ukokLUbVp51IvtlUwby3BDUvjbU=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iiLZX-000Exa-W2 for freebsd-net@freebsd.org; Fri, 20 Dec 2019 23:56:15 +0700 Date: Fri, 20 Dec 2019 23:56:15 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <20191220165615.GA57281@admin.sibptus.ru> References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="mYCpIKhGyMATD0i+" Content-Disposition: inline In-Reply-To: <20191220160357.GB56081@admin.sibptus.ru> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47fZdZ027xz49bM X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=DOBntkQy; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.50 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.40)[ip: (-9.88), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-2.15), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 16:56:18 -0000 --mYCpIKhGyMATD0i+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Victor Sudakov wrote: > Kajetan Staszkiewicz wrote: > > On 20.12.19 16:23, Victor Sudakov wrote: > > > Dear Colleagues, > > >=20 > > > I've set up IPSec in transport mode between two regular FreeBSD hosts, > > > for testing. Now TCP sessions between those hosts don't work normally > > > any more. For example, scp is stalled almost immediately after starti= ng > > > a file transfer, and so is interactive ssh eventually. > > >=20 > > > I feel that the problem is somehow related to MTU, MSS and fragmentat= ion > > > of ESP packets, because: > > >=20 > > > 1. When IPSec is disabled, I can "ping -s1472 -D" the remote host all > > > right.=20 > > >=20 > > > 2. When IPSec is enabled, the maximum packet size I've been able to s= end > > > through is "ping -s1414 -D". ("ping -s1415 -D host-b" already disappe= ars > > > in the void). > > >=20 > > > I'm really at a loss what to do about that. In transport mode, there = is > > > no network interface I could adjust MTU on, or run some kind of MSS > > > fixer. > >=20 > > Maybe you could add route to the remote host with -mtu parameter.=20 >=20 > Just tried "route add -host host-b -mtu 1400 gw". The route is there > with the right mtu (according to "route get host-b") but it did not > help. Probably the packet is intercepted by IPsec before it gets into > routing. Sorry, Kajetan, I was mistaken, your advice with a host route *does* work. It seems I was adding an IPv4 route but scp-ing over IPv6. Your workaround works, I confirm. >=20 > What gives? Setting up IPsec transport mode between hosts should be a > simple thing which *just* *works*. >=20 > What's the root of the problem? ESP packets cannot get fragmented or > what?=20 I need to figure out why IPsec tunnel mode is always generating ESP packets with the DF flag set. Therefore they just don't get through the interface and never leave the host. I cannot even "scrub out proto 50 no-df" them because they never go through any f*cking interface, that's what I think is happening. Don't tell me it's by design. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --mYCpIKhGyMATD0i+ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd/P0vAAoJEA2k8lmbXsY0PmUIAIux55inxVlCqd3d82yhOnRB xnMVeh8dtcbfUul9lYfefN1IciCCmjXEt8jmPWILuw/6edymyHt2b6RNg48M+n2d K9k6jwkC/KcjsHsszOsJpZvlRYzFn8Rf5ExmFz3AHH3VmLBMhS7TbiG3hwxttI/u PiUtOMC7rSP0H8cVaENAPe+gYc0P6ICz6XO4oM7YrspCrnshvo/MsejqkIdGafU8 jEQD2Nmtfyi6xTbBaAuYuZmbgi1SLP94NxP6W/UKxhFynCDqsxq/b3mcT8YxCyoQ 7u5Zux9PRCHs7PJfp+v1IxwDijWyZI2tcejgIMQG63s7zhyeeXEaWorBJ0zkZp4= =hZdq -----END PGP SIGNATURE----- --mYCpIKhGyMATD0i+-- From owner-freebsd-net@freebsd.org Fri Dec 20 17:22:13 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E30271DEFE2 for ; Fri, 20 Dec 2019 17:22:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47fbCT5nzZz4CDn for ; Fri, 20 Dec 2019 17:22:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id C50241DEFDF; Fri, 20 Dec 2019 17:22:13 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C4BB51DEFDE for ; Fri, 20 Dec 2019 17:22:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fbCT4pXgz4CDj for ; Fri, 20 Dec 2019 17:22:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A080C2152 for ; Fri, 20 Dec 2019 17:22:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBKHMDsJ002752 for ; Fri, 20 Dec 2019 17:22:13 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBKHMDd4002726 for net@FreeBSD.org; Fri, 20 Dec 2019 17:22:13 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242712] Networking device detach leaks memory Date: Fri, 20 Dec 2019 17:22:12 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: markj@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 17:22:13 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242712 --- Comment #2 from commit-hook@freebsd.org --- A commit references this bug: Author: markj Date: Fri Dec 20 17:21:58 UTC 2019 New revision: 355938 URL: https://svnweb.freebsd.org/changeset/base/355938 Log: Fix a memory leak in if_delgroups() introduced in r334118. PR: 242712 Submitted by: ghuckriede@blackberry.com MFC after: 3 days Changes: head/sys/net/if.c --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Fri Dec 20 17:22:51 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 82C591DF1E2 for ; Fri, 20 Dec 2019 17:22:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47fbDC30FYz4CMQ for ; Fri, 20 Dec 2019 17:22:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 6653F1DF1DE; Fri, 20 Dec 2019 17:22:51 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 661891DF1DC for ; Fri, 20 Dec 2019 17:22:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fbDC1vxSz4CMN for ; Fri, 20 Dec 2019 17:22:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3CF51219E for ; Fri, 20 Dec 2019 17:22:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBKHMpSd052764 for ; Fri, 20 Dec 2019 17:22:51 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBKHMp4P052741 for net@FreeBSD.org; Fri, 20 Dec 2019 17:22:51 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242712] Networking device detach leaks memory Date: Fri, 20 Dec 2019 17:22:51 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: markj@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: markj@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 17:22:51 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242712 --- Comment #3 from Mark Johnston --- I posted a larger cleanup here if anyone on the CC wants to take a look: https://reviews.freebsd.org/D22892 --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Fri Dec 20 18:08:57 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5D2971DFFC6 for ; Fri, 20 Dec 2019 18:08:57 +0000 (UTC) (envelope-from darkfiberiru@gmail.com) Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fcFN2DpLz4FLk for ; Fri, 20 Dec 2019 18:08:56 +0000 (UTC) (envelope-from darkfiberiru@gmail.com) Received: by mail-qt1-x82c.google.com with SMTP id e6so8937651qtq.7 for ; Fri, 20 Dec 2019 10:08:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LfgakmNsz6lbGFa/nUIPM6j/8xjgp3sSNzBwUXJrBXc=; b=U7aN3fK52uh814OVq7+VnFraveehYQ9ezIEQRqUePflspvAs7v34A4kFCbOvNliwpE ZdS9M3oRsHx58TiIH2DMGo59RRCj2Mjcb5RHFSVrKZ2rz3n8UkVVplAfmW17CHehdVUu YkIyDhmmSWdjS9ZloKnWeos/AYuBiWxMXqtorQsrJ1brqfp8RZ45UhJzVYvYMs7ICnWv KPG6RbOCDt1OaduKgsk7/TeBHBvzlg0fAAJWzg9NVyronZx6hZkFVn5OpDYAaMy5hO04 1NPBxRD6FJQNOwKWsrwFJ2Vk7rv4+qCY+tkiVb8Skv5xDTHWGCCJ9IzOPMryzmkEjsbt A10w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LfgakmNsz6lbGFa/nUIPM6j/8xjgp3sSNzBwUXJrBXc=; b=BK6NyERtKOI7C34tIouM7B7Flxbhzjd8NGOOXGZPYPxBU5KRYBucgzcaftSdYk844X byn36bVjLiXYzyF2EbsW0OKMHEbdZjsKv9ft2B16l+Suqm+FlVgtp3zYviXSaEyEqt2F sGRUjFp5nM6xkMjQIkGJssXEGTdKJ+nrjHqnp8cLkYiTrm4ARLOgaigQj+1sDbGmPInV l06sgUAxfwhgyQioa1ShONXL61rzqmU539Aa5NaBGoDTv69YQ0XPFaGWZuItPC/ZV6th 4QCGh8lXhNArqJhrVb6FFNt1gXxzhxg2FzdqePrbHWvbDmBJutoNfDvn3vqIKi44JJCN ReKQ== X-Gm-Message-State: APjAAAUB+UXbPbxqdlrC5gxjsMUUeU5mfdkHzBUs+ptxZdBKH/tc26Zj /R1/ABgO1i3l3VfnwsJHYlMW1r/hymmtBp0Ltp9ERQ== X-Google-Smtp-Source: APXvYqz0pLE2cpBl7OrtPaVELUDnBbWTNuBe6IUn5OEhnK8n0zNGyO0qIpIiNdY2YKqhs7BUCZ0hLziRiFkk19EzKdU= X-Received: by 2002:ac8:145:: with SMTP id f5mr12509001qtg.194.1576865334784; Fri, 20 Dec 2019 10:08:54 -0800 (PST) MIME-Version: 1.0 References: <20191220122256.76942c07@x23> In-Reply-To: <20191220122256.76942c07@x23> From: Nick Wolff Date: Fri, 20 Dec 2019 13:09:52 -0500 Message-ID: Subject: Re: Continuing problems in a bridged VNET setup To: Marko Zec Cc: "Patrick M. Hausen" , Kristof Provost , "freebsd-net@freebsd.org" X-Rspamd-Queue-Id: 47fcFN2DpLz4FLk X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=U7aN3fK5; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of darkfiberiru@gmail.com designates 2607:f8b0:4864:20::82c as permitted sender) smtp.mailfrom=darkfiberiru@gmail.com X-Spamd-Result: default: False [-2.00 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; URI_COUNT_ODD(1.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-9.24), ipnet: 2607:f8b0::/32(-2.18), asn: 15169(-1.89), country: US(-0.05)]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[c.2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 18:08:57 -0000 Marko, Are you aware of any write ups for using ng_eiface and ng_bridge instead of if_bridge? Thanks, Nick Wolff On Fri, Dec 20, 2019 at 6:22 AM Marko Zec wrote: > Perhaps you could ditch if_bridge(4) and epair(4), and try ng_eiface(4) > with ng_bridge(4) instead? Works rock-solid 24/7 here on 11.2 / 11.3. > > Marko > > On Fri, 20 Dec 2019 11:19:24 +0100 > "Patrick M. Hausen" wrote: > > > Hi all, > > > > we still experience occasional network outages in production, > > yet have not been able to find the root cause. > > > > We run around 50 servers with VNET jails. some of them with > > a handful, the busiest ones with 50 or more jails each. > > > > Every now and then the jails are not reachable over the net, > > anymore. The server itself is up and running, all jails are > > up and running, one can ssh to the server but none of the > > jails can communicate over the network. > > > > There seems to be no pattern to the time of occurrance except > > that more jails on one system make it "more likely". > > Also having more than one bridge, e.g. for private networks > > between jails seems to increase the probability. > > When a server shows the problem it tends to get into the state > > rather frequently, a couple of hours inbetween. Then again > > most servers run for weeks without exhibiting the problem. > > That's what makes it so hard to reproduce. The last couple of > > days one system was failing regularly until we reduced the number > > of jails from around 80 to around 50. Now it seems stable again. > > > > I have a test system with lots of jails that I work with gatling > > that did not show a single failure so far :-( > > > > > > Setup: > > > > All jails are iocage jails with VNET interfaces. They are > > connected to at least one bridge that starts with the > > physical external interface as a member and gets jails' > > epair interfaces added as they start up. All jails are managed > > by iocage. > > > > ifconfig_igb0="-rxcsum -rxcsum6 -txcsum -txcsum6 -vlanhwtag > > -vlanhwtso up" cloned_interfaces="bridge0" > > ifconfig_bridge0_name="inet0" > > ifconfig_inet0="addm igb0 up" > > ifconfig_inet0_ipv6="inet6 /64 auto_linklocal" > > > > $ iocage get interfaces vpro0087 > > vnet0:inet0 > > > > $ ifconfig inet0 > > inet0: flags=8843 metric 0 > > mtu 1500 ether 90:1b:0e:63:ef:51 > > inet6 fe80::921b:eff:fe63:ef51%inet0 prefixlen 64 scopeid 0x4 > > inet6 prefixlen 64 > > nd6 options=21 > > groups: bridge > > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > > maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 > > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > > member: vnet0.4 flags=143 > > ifmaxaddr 0 port 7 priority 128 path cost 2000 > > member: vnet0.1 flags=143 > > ifmaxaddr 0 port 6 priority 128 path cost 2000 > > member: igb0 flags=143 > > ifmaxaddr 0 port 1 priority 128 path cost 2000000 > > > > > > What we tried: > > > > At first we suspected the bridge to become "wedged" somehow. This was > > corroborated by talking to various people at devsummits and EuroBSDCon > > with Kristof Provost specifically suggesting that if_bridge was > > still under giant lock and there might be a problem here that the > > lock is not released under some race condition and then the entire > > bridge subsystem would be stalled. That sounds plausible given the > > random occurrance. > > > > But I think we can rule out that one, because: > > > > - ifconfig up/down does not help > > - the host is still communicating fine over the same bridge interface > > - tearing down the bridge, kldunload (!) of if_bridge.ko followed by > > a new kldload and reconstructing the members with `ifconfig addm` > > does not help, either > > - only a host reboot restores function > > > > Finally I created a not iocage managed jail on the problem host. > > Please ignore the `iocage` in the path, I used it to populate the > > root directory. But it is not started by iocage at boot time and > > the manual config is this: > > > > testjail { > > host.hostname = "testjail"; # hostname > > path = "/iocage/jails/testjail/root"; # root directory > > exec.clean; > > exec.system_user = "root"; > > exec.jail_user = "root"; > > vnet; > > vnet.interface = "epair999b"; > > exec.prestart += "ifconfig epair999 create; ifconfig > > epair999a inet6 2A00:B580:8000:8000::1/64 auto_linklocal"; > > exec.poststop += "sleep 2; ifconfig epair999a destroy; sleep 2"; > > # Standard stuff > > exec.start += "/bin/sh /etc/rc"; > > exec.stop = "/bin/sh /etc/rc.shutdown"; > > exec.consolelog = "/var/log/jail_testjail_console.log"; > > mount.devfs; #mount devfs > > allow.raw_sockets; #allow ping-pong > > devfs_ruleset="4"; #devfs ruleset for this jail > > } > > > > $ cat /iocage/jails/testjail/root/etc/rc.conf > > hostname="testjail" > > > > ifconfig_epair999b_ipv6="inet6 2A00:B580:8000:8000::2/64 > > auto_linklocal" > > > > When I do `service jail onestart testjail` I can then ping6 the jail > > from the host and the host from the jail. As you can see the > > if_bridge is not involved in this traffic. > > > > When the host is in the wedged state and I start this testjail the > > same way, no communication across the epair interface is possible. > > > > To me this seems to indicate that not the bridge but all epair > > interfaces stop working at the very same time. > > > > > > OS is RELENG_11_3, hardware and specifically network adapters vary, > > we have igb, ix, ixl, bnxt ... > > > > > > Does anyone have a suggestion what diagnostic measures could help to > > pinpoint the culprit? The random occurrance and the fact that the > > problem seems to prefer the production environment only makes this a > > real pain ... > > > > > > Thanks and kind regards, > > Patrick > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@freebsd.org Fri Dec 20 18:23:00 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 53A9A1E0621 for ; Fri, 20 Dec 2019 18:23:00 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from mail.otcnet.ru (mail.otcnet.ru [194.190.78.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47fcYb24dMz4GD8 for ; Fri, 20 Dec 2019 18:22:59 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from MacBook-Gamov.local (unknown [195.91.148.145]) by mail.otcnet.ru (Postfix) with ESMTPSA id 143938D328 for ; Fri, 20 Dec 2019 21:22:52 +0300 (MSK) To: freebsd-net@freebsd.org From: Victor Gamov Subject: enc0 as netflow exporter Organization: OstankinoTelecom Message-ID: <205f5e04-288b-7782-4942-366b99dc206e@otcnet.ru> Date: Fri, 20 Dec 2019 21:22:50 +0300 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.3.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47fcYb24dMz4GD8 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of vit@otcnet.ru designates 194.190.78.3 as permitted sender) smtp.mailfrom=vit@otcnet.ru X-Spamd-Result: default: False [-5.44 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a:mail.otcnet.ru]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; DMARC_NA(0.00)[otcnet.ru]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE(-3.24)[ip: (-8.54), ipnet: 194.190.78.0/24(-4.27), asn: 50822(-3.42), country: RU(0.01)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:50822, ipnet:194.190.78.0/24, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 18:23:00 -0000 Hi All I have FreeBSD box with many ipsec interfaces. Now I want to export Netflow and trying to use enc0 to export all ipsec traffic but `ngctl mkpeer enc0: netflow lower iface0` failed with: ngctl: send msg: No such file or directory Does enc0 allow to use netgraph? -- CU, Victor Gamov From owner-freebsd-net@freebsd.org Fri Dec 20 18:44:41 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 66BBA1E0C28 for ; Fri, 20 Dec 2019 18:44:41 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47fd2c5PYqz4H6S for ; Fri, 20 Dec 2019 18:44:40 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=Ce3EHVDe5StGcipo3L6nDcWZDdpQRPo79Sbd2BE9A0k=; b=XWd6XEDOAQOYx4r0CvdkDVN/2B kFe6K25g+SZUtjfPct6oa3eVIkjhqExatOLnZ8GqaF6H3lSfuXEgSBZEhXukePUH/RnkY+pl+oNzk s9k8GQ7gxNOhXSqS8MjQi8GMc164bIHPLBfWVmaYxsoBycd2atMVtWnHVsobrBzycIbk=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iiNGR-000G6R-Cw for freebsd-net@freebsd.org; Sat, 21 Dec 2019 01:44:39 +0700 Date: Sat, 21 Dec 2019 01:44:39 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <20191220184439.GA61856@admin.sibptus.ru> References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> <20191220165615.GA57281@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="vkogqOf2sHV7VnPd" Content-Disposition: inline In-Reply-To: <20191220165615.GA57281@admin.sibptus.ru> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47fd2c5PYqz4H6S X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=XWd6XEDO; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.51 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.41)[ip: (-9.88), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-2.16), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 18:44:41 -0000 --vkogqOf2sHV7VnPd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Victor Sudakov wrote: >=20 > I need to figure out why IPsec tunnel mode is always generating ESP > packets with the DF flag set. Therefore they just don't get through the > interface and never leave the host. >=20 > I cannot even "scrub out proto 50 no-df" them because they never go > through any f*cking interface, that's what I think is happening. Don't > tell me it's by design. I've created a PR https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 if anyone is interested you are welcome to discuss. Maybe my theory of what's happening is incorrect. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --vkogqOf2sHV7VnPd Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd/RaXAAoJEA2k8lmbXsY0efYH/i0TH6ezWaM8Syzx8sBD6Psf aQmJlzzrEsm981I3lq81uqoQXlN51VLiWqYhsCXQky47i9gL5OCPa/0X0IHErsSy ST9DM477g0wO886fJMNaD6l9bvuCj6v+Ervidw+guYdBpDdK2V4yba3GfkBrF92U YGJvqH8nabfXJdB/lKIWxju8CQc0TqoceKj9gAJxwMtA70y8kbMWwH1hD79NYRdC PEpfDw7V6cnI4hplrzU7Hk0uHRz20kxUdVOo9o1m1BaBrBIeojtWeTHj9ps8cZSW Wy2NCHyJgrxpu2wBb6SS8A5JtBazyj34iqVlsl0WjrCaeabW5JRrCH0Lc0brC5g= =gs51 -----END PGP SIGNATURE----- --vkogqOf2sHV7VnPd-- From owner-freebsd-net@freebsd.org Fri Dec 20 20:16:53 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B1A0C1E2356 for ; Fri, 20 Dec 2019 20:16:53 +0000 (UTC) (envelope-from incin@incin.me) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47fg5056Mhz4Ln0 for ; Fri, 20 Dec 2019 20:16:52 +0000 (UTC) (envelope-from incin@incin.me) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 9737321CFD for ; Fri, 20 Dec 2019 15:16:51 -0500 (EST) Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Fri, 20 Dec 2019 15:16:51 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=5eWzmF h8Qj8jZsT5rqDNNUxGYFRFkD9sDw2De3HaL0Q=; b=dCJqLRaUOMYsj6b1rXcMF0 b/qvefscvpOP0jTKEu11ge42oC/BRyyz7grfBzCJ3/NLFkPjbIxpInO7LGtF/iHN 79JMQOYrvXZtrJQ6VnH9ROFE3k7SidXyGncrakiyUz+P0bBUSalWV2udZS2IIYYt zqym5znnW+Q6UTuZL6x6ifu5rMF3uzwdVi9Y3s2IT7PG0cPy1oWvGJFCj+apxfLq /ymVD32WGmSCvB0x50ygcAbGL593WMgYyHFd9VZwZdmuq0UKWY9EhXs+DfNLdjnk 2V34LnUsCdcWYCx66S0GpiieehqGcVodaB62l4SPiYT1hQLx2rPE2ozy7FUlUucQ == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvddufedgudeffecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesth dtredtreertdenucfhrhhomhepfdghrghllhgrtggvuceurghrrhhofidfuceoihhntghi nhesihhntghinhdrmhgvqeenucffohhmrghinhephihouhhtuhgsvgdrtghomhenucfrrg hrrghmpehmrghilhhfrhhomhepihhntghinhesihhntghinhdrmhgvnecuvehluhhsthgv rhfuihiivgeptd X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id 52FBCE00A2; Fri, 20 Dec 2019 15:16:51 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.1.7-694-gd5bab98-fmstable-20191218v1 Mime-Version: 1.0 Message-Id: In-Reply-To: References: <20191220122256.76942c07@x23> Date: Fri, 20 Dec 2019 14:16:31 -0600 From: "Wallace Barrow" To: freebsd-net@freebsd.org Subject: Re: Continuing problems in a bridged VNET setup Content-Type: text/plain X-Rspamd-Queue-Id: 47fg5056Mhz4Ln0 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=messagingengine.com header.s=fm1 header.b=dCJqLRaU; dmarc=none; spf=pass (mx1.freebsd.org: domain of incin@incin.me designates 66.111.4.28 as permitted sender) smtp.mailfrom=incin@incin.me X-Spamd-Result: default: False [-5.08 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[messagingengine.com:s=fm1]; XM_UA_NO_VERSION(0.01)[]; FROM_HAS_DN(0.00)[]; RWL_MAILSPIKE_GOOD(0.00)[28.4.111.66.rep.mailspike.net : 127.0.0.18]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.28]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4]; DMARC_NA(0.00)[incin.me]; MV_CASE(0.50)[]; DKIM_TRACE(0.00)[messagingengine.com:+]; IP_SCORE(-3.49)[ip: (-9.84), ipnet: 66.111.4.0/24(-4.88), asn: 11403(-2.68), country: US(-0.05)]; RCVD_IN_DNSWL_LOW(-0.10)[28.4.111.66.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US]; RCVD_TLS_LAST(0.00)[]; MID_RHS_WWW(0.50)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 20:16:53 -0000 This might help you out. https://www.youtube.com/watch?v=aoW7pWuhT_A&t=2133s -- Wallace Barrow incin@incin.me On Fri, Dec 20, 2019, at 12:09 PM, Nick Wolff wrote: > Marko, > > Are you aware of any write ups for using ng_eiface and ng_bridge instead of > if_bridge? > > Thanks, > > Nick Wolff > From owner-freebsd-net@freebsd.org Fri Dec 20 20:36:28 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BD14B1E2A6C for ; Fri, 20 Dec 2019 20:36:28 +0000 (UTC) (envelope-from ryan@ixsystems.com) Received: from mail-ua1-x92d.google.com (mail-ua1-x92d.google.com [IPv6:2607:f8b0:4864:20::92d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fgWb6grrz4Mkp for ; Fri, 20 Dec 2019 20:36:27 +0000 (UTC) (envelope-from ryan@ixsystems.com) Received: by mail-ua1-x92d.google.com with SMTP id u17so2814112uap.9 for ; Fri, 20 Dec 2019 12:36:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ixsystems.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2XaVLye+4CHa3PHkju87kup2HNb3drWmHfm3o+AKbPc=; b=ka5NhQ25nYXUNfSn0NAn2A1Xl1HRnljtWtEsmZ5hkMSm2xq0GT601JtzOe/3ZKgoDK /P6o3TZR8kkl1uq9hoZ5QgqB96zqdU6acEyNIWTr6BPj3p/skLQQVgPXbFqWGlY/Nf1p imRl5xYrjHhQervWCtZS2F7uVPsJmtzta0GsVOaxdszdrPB7uJ25KZbV2LXHs/0YEdTA A2Sk9SDlY4kDHdrEBVdOtUwURhzVIjhVfF93Nypbdi0X/o2hWfufeqcwHU2eq12J9lpv nrN6Z1J8CxFZPWvZyXPGLL1FTNw9QXyK0Irj+oEv1L4KG0wn4rYpLIiY/lg4IyUiBxSG r3vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2XaVLye+4CHa3PHkju87kup2HNb3drWmHfm3o+AKbPc=; b=QNPwFM9oa4UNcAQK5m3vFEUp2iP2QnPAYr7DaDXLKl+igKbi5APKEqBePYW3nUCaOn 8rKwy7RQQLZvaebKhaWUtogqutNqiccklyvAurmApP28Ml5QsF5zL10OfE2HMyDHIimf wuvLsha7URj1jGPLrRjJqQVWvNhMsKlE7d6eRvsLfwtQM1YRwOsFBw46H6HP4LY8ql6N ssanlZiZv85SMuBNB2dQOIt2vNNNNGBxxGFw0nery8PUJ7fuD+1WZuzWFgxXTR5ADaOP ZdodeU44GC5zR+7WtxTq0dzkHKLSGCittiSnFKGztYKq7tDLaRI9fuitmB0b8a9Yn/RJ hHNw== X-Gm-Message-State: APjAAAVL4tqBq+SmOcZMhxdpIgBdk8lrdRyev+bHJJn1J4U7euROK7ms MHDAmkvjhBSNRKoptu6LPfW4o0MWuF0+nI/63xcC8Q== X-Google-Smtp-Source: APXvYqx4LlPjG8mw6R3YzTyE57FCkBGILnrs91kW7vKUBJ1orOIP4PsEemiqaLu1FznspTGheU8hhOXzBr6rV+zT6N8= X-Received: by 2002:ab0:21cb:: with SMTP id u11mr10449316uan.16.1576874186364; Fri, 20 Dec 2019 12:36:26 -0800 (PST) MIME-Version: 1.0 References: <20191220122256.76942c07@x23> In-Reply-To: From: Ryan Moeller Date: Fri, 20 Dec 2019 15:36:15 -0500 Message-ID: Subject: Re: Continuing problems in a bridged VNET setup To: Nick Wolff Cc: Marko Zec , "Patrick M. Hausen" , Kristof Provost , "freebsd-net@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 47fgWb6grrz4Mkp X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ixsystems.com header.s=google header.b=ka5NhQ25; dmarc=pass (policy=none) header.from=ixsystems.com; spf=pass (mx1.freebsd.org: domain of ryan@ixsystems.com designates 2607:f8b0:4864:20::92d as permitted sender) smtp.mailfrom=ryan@ixsystems.com X-Spamd-Result: default: False [-5.64 / 15.00]; ARC_NA(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; R_DKIM_ALLOW(-0.20)[ixsystems.com:s=google]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; RCPT_COUNT_FIVE(0.00)[5]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[ixsystems.com:+]; DMARC_POLICY_ALLOW(-0.50)[ixsystems.com,none]; RCVD_IN_DNSWL_NONE(0.00)[d.2.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-2.64)[ip: (-9.08), ipnet: 2607:f8b0::/32(-2.18), asn: 15169(-1.89), country: US(-0.05)]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 20:36:28 -0000 See /usr/share/examples/jails/README On Fri, Dec 20, 2019 at 1:09 PM Nick Wolff wrote: > > Marko, > > Are you aware of any write ups for using ng_eiface and ng_bridge instead of > if_bridge? > > Thanks, > > Nick Wolff > > On Fri, Dec 20, 2019 at 6:22 AM Marko Zec wrote: > > > Perhaps you could ditch if_bridge(4) and epair(4), and try ng_eiface(4) > > with ng_bridge(4) instead? Works rock-solid 24/7 here on 11.2 / 11.3. > > > > Marko > > > > On Fri, 20 Dec 2019 11:19:24 +0100 > > "Patrick M. Hausen" wrote: > > > > > Hi all, > > > > > > we still experience occasional network outages in production, > > > yet have not been able to find the root cause. > > > > > > We run around 50 servers with VNET jails. some of them with > > > a handful, the busiest ones with 50 or more jails each. > > > > > > Every now and then the jails are not reachable over the net, > > > anymore. The server itself is up and running, all jails are > > > up and running, one can ssh to the server but none of the > > > jails can communicate over the network. > > > > > > There seems to be no pattern to the time of occurrance except > > > that more jails on one system make it "more likely". > > > Also having more than one bridge, e.g. for private networks > > > between jails seems to increase the probability. > > > When a server shows the problem it tends to get into the state > > > rather frequently, a couple of hours inbetween. Then again > > > most servers run for weeks without exhibiting the problem. > > > That's what makes it so hard to reproduce. The last couple of > > > days one system was failing regularly until we reduced the number > > > of jails from around 80 to around 50. Now it seems stable again. > > > > > > I have a test system with lots of jails that I work with gatling > > > that did not show a single failure so far :-( > > > > > > > > > Setup: > > > > > > All jails are iocage jails with VNET interfaces. They are > > > connected to at least one bridge that starts with the > > > physical external interface as a member and gets jails' > > > epair interfaces added as they start up. All jails are managed > > > by iocage. > > > > > > ifconfig_igb0="-rxcsum -rxcsum6 -txcsum -txcsum6 -vlanhwtag > > > -vlanhwtso up" cloned_interfaces="bridge0" > > > ifconfig_bridge0_name="inet0" > > > ifconfig_inet0="addm igb0 up" > > > ifconfig_inet0_ipv6="inet6 /64 auto_linklocal" > > > > > > $ iocage get interfaces vpro0087 > > > vnet0:inet0 > > > > > > $ ifconfig inet0 > > > inet0: flags=8843 metric 0 > > > mtu 1500 ether 90:1b:0e:63:ef:51 > > > inet6 fe80::921b:eff:fe63:ef51%inet0 prefixlen 64 scopeid 0x4 > > > inet6 prefixlen 64 > > > nd6 options=21 > > > groups: bridge > > > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > > > maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 > > > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > > > member: vnet0.4 flags=143 > > > ifmaxaddr 0 port 7 priority 128 path cost 2000 > > > member: vnet0.1 flags=143 > > > ifmaxaddr 0 port 6 priority 128 path cost 2000 > > > member: igb0 flags=143 > > > ifmaxaddr 0 port 1 priority 128 path cost 2000000 > > > > > > > > > What we tried: > > > > > > At first we suspected the bridge to become "wedged" somehow. This was > > > corroborated by talking to various people at devsummits and EuroBSDCon > > > with Kristof Provost specifically suggesting that if_bridge was > > > still under giant lock and there might be a problem here that the > > > lock is not released under some race condition and then the entire > > > bridge subsystem would be stalled. That sounds plausible given the > > > random occurrance. > > > > > > But I think we can rule out that one, because: > > > > > > - ifconfig up/down does not help > > > - the host is still communicating fine over the same bridge interface > > > - tearing down the bridge, kldunload (!) of if_bridge.ko followed by > > > a new kldload and reconstructing the members with `ifconfig addm` > > > does not help, either > > > - only a host reboot restores function > > > > > > Finally I created a not iocage managed jail on the problem host. > > > Please ignore the `iocage` in the path, I used it to populate the > > > root directory. But it is not started by iocage at boot time and > > > the manual config is this: > > > > > > testjail { > > > host.hostname = "testjail"; # hostname > > > path = "/iocage/jails/testjail/root"; # root directory > > > exec.clean; > > > exec.system_user = "root"; > > > exec.jail_user = "root"; > > > vnet; > > > vnet.interface = "epair999b"; > > > exec.prestart += "ifconfig epair999 create; ifconfig > > > epair999a inet6 2A00:B580:8000:8000::1/64 auto_linklocal"; > > > exec.poststop += "sleep 2; ifconfig epair999a destroy; sleep 2"; > > > # Standard stuff > > > exec.start += "/bin/sh /etc/rc"; > > > exec.stop = "/bin/sh /etc/rc.shutdown"; > > > exec.consolelog = "/var/log/jail_testjail_console.log"; > > > mount.devfs; #mount devfs > > > allow.raw_sockets; #allow ping-pong > > > devfs_ruleset="4"; #devfs ruleset for this jail > > > } > > > > > > $ cat /iocage/jails/testjail/root/etc/rc.conf > > > hostname="testjail" > > > > > > ifconfig_epair999b_ipv6="inet6 2A00:B580:8000:8000::2/64 > > > auto_linklocal" > > > > > > When I do `service jail onestart testjail` I can then ping6 the jail > > > from the host and the host from the jail. As you can see the > > > if_bridge is not involved in this traffic. > > > > > > When the host is in the wedged state and I start this testjail the > > > same way, no communication across the epair interface is possible. > > > > > > To me this seems to indicate that not the bridge but all epair > > > interfaces stop working at the very same time. > > > > > > > > > OS is RELENG_11_3, hardware and specifically network adapters vary, > > > we have igb, ix, ixl, bnxt ... > > > > > > > > > Does anyone have a suggestion what diagnostic measures could help to > > > pinpoint the culprit? The random occurrance and the fact that the > > > problem seems to prefer the production environment only makes this a > > > real pain ... > > > > > > > > > Thanks and kind regards, > > > Patrick > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- Ryan Moeller iXsystems, Inc. OS Developer Email: ryan@iXsystems.com From owner-freebsd-net@freebsd.org Fri Dec 20 20:57:06 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0D1291E311B for ; Fri, 20 Dec 2019 20:57:06 +0000 (UTC) (envelope-from zec@fer.hr) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60088.outbound.protection.outlook.com [40.107.6.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fgzN5cryz4P5F for ; Fri, 20 Dec 2019 20:57:04 +0000 (UTC) (envelope-from zec@fer.hr) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=h/ROe7TDjD9K0uCccfPToftv+VQKc9dOd+ge3O31dS/0In2u8Pmqjacc/S+XElpALx7K62zEFE/P096JWJAnGnMMnY7yv26g+UqKUJR6nky+ImGlmnk3URtkIsCHY2aV3KQxpXcJt3Yl2HHgbGFUYjeiSzPNkmytncV3QHdPQXjgP+dQjuD1Xje3iqID6M7cGhyY15+3lMAJtMzl1E4Ms5wxx1gAfkCJ4Fr+i72y40v6hN1glz9neOiwKO5u5C7o1A1X0E5h4LWNpv5ZHMKcwjy8LYgiz2e+wgmTQRis3CI9FZYahKwbv7+TVyqpAlF0hi7lmVb/QOabtRblmGRMhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o11rmkpCHGCC+3n2NkyZgUR1nxPvTMIpSSBoA1hZ8ks=; b=lZmpe7mUZ82JAUa3mZUtgX0hlkz3iZefHHpaQtI/YaApD5XVPRZlp0migxrzg+uAFzMQYqyja5h7a/bdrWOIZEPfj6ocyPhB5P2VhxAypAhaurnbn4nFo4+6bZ7JgW6LhJvoMHtpfSmmjkhbU0jfCb7ibZIdh0qMG2ULEj1brSq4wCvhPiX/4uY4S5XQWgCoguQz/Q1l+3lG80m8OLwCrEQB3OaX3wU6YkNLzSpA4S0xkEyTuWVpdixPMpo/5gHQ1paXrsqPaXRSjeb666+BqYcQFlwOcMr+cWBCE0GHlctk60Ka5GmSL1sUCG44Fe5v/DbapAsU4MFsArb6sPTO2Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fer.hr; dmarc=pass action=none header.from=fer.hr; dkim=pass header.d=fer.hr; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ferhr.onmicrosoft.com; s=selector2-ferhr-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o11rmkpCHGCC+3n2NkyZgUR1nxPvTMIpSSBoA1hZ8ks=; b=gjVjNV7CBHlHUFmFW7X5FdluRhqvokedz4g3+kPrB48N02UDMtDIdVUIXIK8AwYsJaPtZaDsXSMtPvPoGl4OW+3Ep+WvVMrGlBRaAKBlpTz24lEqV2mQZNYms3g7FIta3zYawbGfGGdLo1G3EIZzVrnbhMI9efdjmsB7rXW34XU= Received: from AM6PR08MB3078.eurprd08.prod.outlook.com (52.135.164.16) by AM6PR08MB4151.eurprd08.prod.outlook.com (20.179.0.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2559.16; Fri, 20 Dec 2019 20:57:02 +0000 Received: from AM6PR08MB3078.eurprd08.prod.outlook.com ([fe80::a8d0:1e6:a51:66aa]) by AM6PR08MB3078.eurprd08.prod.outlook.com ([fe80::a8d0:1e6:a51:66aa%3]) with mapi id 15.20.2559.016; Fri, 20 Dec 2019 20:57:02 +0000 From: Marko Zec To: Nick Wolff CC: "Patrick M. Hausen" , Kristof Provost , "freebsd-net@freebsd.org" Subject: Re: Continuing problems in a bridged VNET setup Thread-Topic: Continuing problems in a bridged VNET setup Thread-Index: AQHVtx7/PdlOyA2FWE2l/uUQiHRcnKfC4WkAgABxsgCAAC71AA== Date: Fri, 20 Dec 2019 20:57:01 +0000 Message-ID: <20191220215756.18814c22@x23> References: <20191220122256.76942c07@x23> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: VI1PR08CA0230.eurprd08.prod.outlook.com (2603:10a6:802:15::39) To AM6PR08MB3078.eurprd08.prod.outlook.com (2603:10a6:209:46::16) x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; amd64-portbld-freebsd11.3) x-originating-ip: [31.147.104.126] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0d367708-025f-4203-c1e9-08d7858f295c x-ms-traffictypediagnostic: AM6PR08MB4151: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 025796F161 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(7916004)(346002)(396003)(376002)(136003)(366004)(39850400004)(53754006)(189003)(199004)(64756008)(2906002)(66446008)(6512007)(5660300002)(66946007)(66476007)(966005)(1076003)(9686003)(6486002)(52116002)(4326008)(71200400001)(33716001)(66556008)(6916009)(316002)(81156014)(186003)(86362001)(8676002)(8936002)(81166006)(26005)(786003)(6506007)(478600001)(54906003)(53546011)(39210200001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB4151; H:AM6PR08MB3078.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: fer.hr does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: PLr9//QdLPiafrBov+1HnocbMMu70woIfV85Sm6EdKKwmxlSoNkuwL6Fgj7Ifelw+6+hA8vdWlpGuiB5VQlVIhJzs1ux+PO069a0/2Qv3cnRjfrunS5Wz2RmjLZRbw/WEWua2I/VPp+3de5uGTlZ5HARZOGYjVe2LpfkNDLC93bRg53WWJsJdQGvuLBCc7V11alle7yBHppKilH6OqTIStPxjxABu51A99QAX2v6evzz1Mi+4sYqGK5a+ZYnMwMDE4G0TrTI2N0MfgQHBI6/janyLk/Z0M+D0RQAVN9gbk8HTLHM0a1Fyjyn5mPoOg+Z0D+FIo76fvARBZ4V0cG8vGYOo3uxYsshQ6X0VgJ5gWF/UIVhv2BKkfxgdGAyXxvLja6x6tNWzjNBfXjGyY1fz/EXfEC9wqLpez2x4WajKPCdqq15TEF6G0uiAK4vR7vQ0lVEP6OTgc5GkNfgE/WCJLhFkksYluiQoV6d+N3lV1JNdSszzQkjNg6aqIrl+JyIElHQaoXF82xK7qDNVAzltRM14qQ7lZx8KpbZlKjUnPQ5741C/3LfehGeq5YisKzY x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-ID: <589089AB77AC204BBDBBA7AA1C6456C0@eurprd08.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: fer.hr X-MS-Exchange-CrossTenant-Network-Message-Id: 0d367708-025f-4203-c1e9-08d7858f295c X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Dec 2019 20:57:01.9545 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: ca71eddc-cc7b-4e5b-95bd-55b658e696be X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: GgA4ehvKFms8tuqsnI7ehCtWwL40nnCo8ASgQAN6bfaiuTiey35vtXBf6thOwKD/ X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4151 X-Rspamd-Queue-Id: 47fgzN5cryz4P5F X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ferhr.onmicrosoft.com header.s=selector2-ferhr-onmicrosoft-com header.b=gjVjNV7C; dmarc=none; spf=pass (mx1.freebsd.org: domain of zec@fer.hr designates 40.107.6.88 as permitted sender) smtp.mailfrom=zec@fer.hr X-Spamd-Result: default: False [-4.36 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[ferhr.onmicrosoft.com:s=selector2-ferhr-onmicrosoft-com]; HAS_XOIP(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip4:40.107.0.0/16]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[fer.hr]; TO_DN_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[ferhr.onmicrosoft.com:+]; RCVD_IN_DNSWL_NONE(0.00)[88.6.107.40.list.dnswl.org : 127.0.3.0]; IP_SCORE(-1.36)[ipnet: 40.64.0.0/10(-3.84), asn: 8075(-2.92), country: US(-0.05)]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8075, ipnet:40.64.0.0/10, country:US]; ARC_ALLOW(-1.00)[i=1] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 20:57:06 -0000 On Fri, 20 Dec 2019 13:09:52 -0500 Nick Wolff wrote: > Marko, >=20 > Are you aware of any write ups for using ng_eiface and ng_bridge > instead of if_bridge? It is not that complex at all: # kldload ng_ether # ifconfig em0 promisc # ngctl mkpeer em0: bridge lower link0 # ngctl name em0:lower b0 # ngctl connect em0: b0: upper link1 # ngctl mkpeer b0: eiface link2 ether # ngctl mkpeer b0: eiface link3 ether # ngctl mkpeer b0: eiface link4 ether Done - this should create interfaces ngeth0, ngeth1 and ngeth2, which one can assign to vnet jails. Note that unlike epair, ngeth instances do not automatically get a MAC address assigned, at least not on 11.x / 12.x, so this is an extra step one has to perform on his own. In our setup, we actually use https://github.com/imunes/imunes to set up the (netgraph-based) virtual network and nodes (vnet jails, aka vimages). Works reasonably well, having in mind that the thing was devised as a network emulation tool, not a virtual host provisioning framework. Marko >=20 > Thanks, >=20 > Nick Wolff >=20 > On Fri, Dec 20, 2019 at 6:22 AM Marko Zec wrote: >=20 > > Perhaps you could ditch if_bridge(4) and epair(4), and try > > ng_eiface(4) with ng_bridge(4) instead? Works rock-solid 24/7 here > > on 11.2 / 11.3. > > > > Marko > > > > On Fri, 20 Dec 2019 11:19:24 +0100 > > "Patrick M. Hausen" wrote: > > =20 > > > Hi all, > > > > > > we still experience occasional network outages in production, > > > yet have not been able to find the root cause. > > > > > > We run around 50 servers with VNET jails. some of them with > > > a handful, the busiest ones with 50 or more jails each. > > > > > > Every now and then the jails are not reachable over the net, > > > anymore. The server itself is up and running, all jails are > > > up and running, one can ssh to the server but none of the > > > jails can communicate over the network. > > > > > > There seems to be no pattern to the time of occurrance except > > > that more jails on one system make it "more likely". > > > Also having more than one bridge, e.g. for private networks > > > between jails seems to increase the probability. > > > When a server shows the problem it tends to get into the state > > > rather frequently, a couple of hours inbetween. Then again > > > most servers run for weeks without exhibiting the problem. > > > That's what makes it so hard to reproduce. The last couple of > > > days one system was failing regularly until we reduced the number > > > of jails from around 80 to around 50. Now it seems stable again. > > > > > > I have a test system with lots of jails that I work with gatling > > > that did not show a single failure so far :-( > > > > > > > > > Setup: > > > > > > All jails are iocage jails with VNET interfaces. They are > > > connected to at least one bridge that starts with the > > > physical external interface as a member and gets jails' > > > epair interfaces added as they start up. All jails are managed > > > by iocage. > > > > > > ifconfig_igb0=3D"-rxcsum -rxcsum6 -txcsum -txcsum6 -vlanhwtag > > > -vlanhwtso up" cloned_interfaces=3D"bridge0" > > > ifconfig_bridge0_name=3D"inet0" > > > ifconfig_inet0=3D"addm igb0 up" > > > ifconfig_inet0_ipv6=3D"inet6 /64 auto_linklocal" > > > > > > $ iocage get interfaces vpro0087 > > > vnet0:inet0 > > > > > > $ ifconfig inet0 > > > inet0: flags=3D8843 metric 0 > > > mtu 1500 ether 90:1b:0e:63:ef:51 > > > inet6 fe80::921b:eff:fe63:ef51%inet0 prefixlen 64 scopeid > > > 0x4 inet6 prefixlen 64 > > > nd6 options=3D21 > > > groups: bridge > > > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > > > maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 > > > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > > > member: vnet0.4 > > > flags=3D143 ifmaxaddr 0 port 7 > > > priority 128 path cost 2000 member: vnet0.1 > > > flags=3D143 ifmaxaddr 0 port 6 > > > priority 128 path cost 2000 member: igb0 > > > flags=3D143 ifmaxaddr 0 port 1 > > > priority 128 path cost 2000000 > > > > > > > > > What we tried: > > > > > > At first we suspected the bridge to become "wedged" somehow. This > > > was corroborated by talking to various people at devsummits and > > > EuroBSDCon with Kristof Provost specifically suggesting that > > > if_bridge was still under giant lock and there might be a problem > > > here that the lock is not released under some race condition and > > > then the entire bridge subsystem would be stalled. That sounds > > > plausible given the random occurrance. > > > > > > But I think we can rule out that one, because: > > > > > > - ifconfig up/down does not help > > > - the host is still communicating fine over the same bridge > > > interface > > > - tearing down the bridge, kldunload (!) of if_bridge.ko followed > > > by a new kldload and reconstructing the members with `ifconfig > > > addm` does not help, either > > > - only a host reboot restores function > > > > > > Finally I created a not iocage managed jail on the problem host. > > > Please ignore the `iocage` in the path, I used it to populate the > > > root directory. But it is not started by iocage at boot time and > > > the manual config is this: > > > > > > testjail { > > > host.hostname =3D "testjail"; # hostname > > > path =3D "/iocage/jails/testjail/root"; # root directory > > > exec.clean; > > > exec.system_user =3D "root"; > > > exec.jail_user =3D "root"; > > > vnet; > > > vnet.interface =3D "epair999b"; > > > exec.prestart +=3D "ifconfig epair999 create; ifconfig > > > epair999a inet6 2A00:B580:8000:8000::1/64 auto_linklocal"; > > > exec.poststop +=3D "sleep 2; ifconfig epair999a destroy; sleep 2"; > > > # Standard stuff > > > exec.start +=3D "/bin/sh /etc/rc"; > > > exec.stop =3D "/bin/sh /etc/rc.shutdown"; > > > exec.consolelog =3D "/var/log/jail_testjail_console.log"; > > > mount.devfs; #mount devfs > > > allow.raw_sockets; #allow ping-pong > > > devfs_ruleset=3D"4"; #devfs ruleset for this jail > > > } > > > > > > $ cat /iocage/jails/testjail/root/etc/rc.conf > > > hostname=3D"testjail" > > > > > > ifconfig_epair999b_ipv6=3D"inet6 2A00:B580:8000:8000::2/64 > > > auto_linklocal" > > > > > > When I do `service jail onestart testjail` I can then ping6 the > > > jail from the host and the host from the jail. As you can see the > > > if_bridge is not involved in this traffic. > > > > > > When the host is in the wedged state and I start this testjail the > > > same way, no communication across the epair interface is possible. > > > > > > To me this seems to indicate that not the bridge but all epair > > > interfaces stop working at the very same time. > > > > > > > > > OS is RELENG_11_3, hardware and specifically network adapters > > > vary, we have igb, ix, ixl, bnxt ... > > > > > > > > > Does anyone have a suggestion what diagnostic measures could help > > > to pinpoint the culprit? The random occurrance and the fact that > > > the problem seems to prefer the production environment only makes > > > this a real pain ... > > > > > > > > > Thanks and kind regards, > > > Patrick =20 > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to > > "freebsd-net-unsubscribe@freebsd.org"=20 From owner-freebsd-net@freebsd.org Fri Dec 20 22:03:24 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BBBE91E4FCD for ; Fri, 20 Dec 2019 22:03:24 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fjRw4Ysvz4VB0 for ; Fri, 20 Dec 2019 22:03:24 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (c-73-225-95-104.hsd1.wa.comcast.net [73.225.95.104]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id xBKM3C41093518 (version=TLSv1.2 cipher=AES128-SHA bits=128 verify=NO); Fri, 20 Dec 2019 14:03:13 -0800 (PST) (envelope-from julian@freebsd.org) Subject: Re: Continuing problems in a bridged VNET setup To: Nick Wolff , Marko Zec Cc: "Patrick M. Hausen" , Kristof Provost , "freebsd-net@freebsd.org" References: <20191220122256.76942c07@x23> From: Julian Elischer Message-ID: Date: Fri, 20 Dec 2019 14:03:07 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Rspamd-Queue-Id: 47fjRw4Ysvz4VB0 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-1.97 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-0.99)[-0.992,0]; NEURAL_HAM_LONG(-0.98)[-0.977,0]; ASN(0.00)[asn:36236, ipnet:204.109.60.0/22, country:US] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Dec 2019 22:03:24 -0000 On 12/20/19 10:09 AM, Nick Wolff wrote: > Marko, > > Are you aware of any write ups for using ng_eiface and ng_bridge instead of > if_bridge? look in /usr/share/examples/netgraph here are a couple of examples of exactly what you ask for. > Thanks, > > Nick Wolff > > On Fri, Dec 20, 2019 at 6:22 AM Marko Zec wrote: > >> Perhaps you could ditch if_bridge(4) and epair(4), and try ng_eiface(4) >> with ng_bridge(4) instead? Works rock-solid 24/7 here on 11.2 / 11.3. >> >> Marko >> >> On Fri, 20 Dec 2019 11:19:24 +0100 >> "Patrick M. Hausen" wrote: >> >>> Hi all, >>> >>> we still experience occasional network outages in production, >>> yet have not been able to find the root cause. >>> >>> We run around 50 servers with VNET jails. some of them with >>> a handful, the busiest ones with 50 or more jails each. >>> >>> Every now and then the jails are not reachable over the net, >>> anymore. The server itself is up and running, all jails are >>> up and running, one can ssh to the server but none of the >>> jails can communicate over the network. >>> >>> There seems to be no pattern to the time of occurrance except >>> that more jails on one system make it "more likely". >>> Also having more than one bridge, e.g. for private networks >>> between jails seems to increase the probability. >>> When a server shows the problem it tends to get into the state >>> rather frequently, a couple of hours inbetween. Then again >>> most servers run for weeks without exhibiting the problem. >>> That's what makes it so hard to reproduce. The last couple of >>> days one system was failing regularly until we reduced the number >>> of jails from around 80 to around 50. Now it seems stable again. >>> >>> I have a test system with lots of jails that I work with gatling >>> that did not show a single failure so far :-( >>> >>> >>> Setup: >>> >>> All jails are iocage jails with VNET interfaces. They are >>> connected to at least one bridge that starts with the >>> physical external interface as a member and gets jails' >>> epair interfaces added as they start up. All jails are managed >>> by iocage. >>> >>> ifconfig_igb0="-rxcsum -rxcsum6 -txcsum -txcsum6 -vlanhwtag >>> -vlanhwtso up" cloned_interfaces="bridge0" >>> ifconfig_bridge0_name="inet0" >>> ifconfig_inet0="addm igb0 up" >>> ifconfig_inet0_ipv6="inet6 /64 auto_linklocal" >>> >>> $ iocage get interfaces vpro0087 >>> vnet0:inet0 >>> >>> $ ifconfig inet0 >>> inet0: flags=8843 metric 0 >>> mtu 1500 ether 90:1b:0e:63:ef:51 >>> inet6 fe80::921b:eff:fe63:ef51%inet0 prefixlen 64 scopeid 0x4 >>> inet6 prefixlen 64 >>> nd6 options=21 >>> groups: bridge >>> id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 >>> maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 >>> root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 >>> member: vnet0.4 flags=143 >>> ifmaxaddr 0 port 7 priority 128 path cost 2000 >>> member: vnet0.1 flags=143 >>> ifmaxaddr 0 port 6 priority 128 path cost 2000 >>> member: igb0 flags=143 >>> ifmaxaddr 0 port 1 priority 128 path cost 2000000 >>> >>> >>> What we tried: >>> >>> At first we suspected the bridge to become "wedged" somehow. This was >>> corroborated by talking to various people at devsummits and EuroBSDCon >>> with Kristof Provost specifically suggesting that if_bridge was >>> still under giant lock and there might be a problem here that the >>> lock is not released under some race condition and then the entire >>> bridge subsystem would be stalled. That sounds plausible given the >>> random occurrance. >>> >>> But I think we can rule out that one, because: >>> >>> - ifconfig up/down does not help >>> - the host is still communicating fine over the same bridge interface >>> - tearing down the bridge, kldunload (!) of if_bridge.ko followed by >>> a new kldload and reconstructing the members with `ifconfig addm` >>> does not help, either >>> - only a host reboot restores function >>> >>> Finally I created a not iocage managed jail on the problem host. >>> Please ignore the `iocage` in the path, I used it to populate the >>> root directory. But it is not started by iocage at boot time and >>> the manual config is this: >>> >>> testjail { >>> host.hostname = "testjail"; # hostname >>> path = "/iocage/jails/testjail/root"; # root directory >>> exec.clean; >>> exec.system_user = "root"; >>> exec.jail_user = "root"; >>> vnet; >>> vnet.interface = "epair999b"; >>> exec.prestart += "ifconfig epair999 create; ifconfig >>> epair999a inet6 2A00:B580:8000:8000::1/64 auto_linklocal"; >>> exec.poststop += "sleep 2; ifconfig epair999a destroy; sleep 2"; >>> # Standard stuff >>> exec.start += "/bin/sh /etc/rc"; >>> exec.stop = "/bin/sh /etc/rc.shutdown"; >>> exec.consolelog = "/var/log/jail_testjail_console.log"; >>> mount.devfs; #mount devfs >>> allow.raw_sockets; #allow ping-pong >>> devfs_ruleset="4"; #devfs ruleset for this jail >>> } >>> >>> $ cat /iocage/jails/testjail/root/etc/rc.conf >>> hostname="testjail" >>> >>> ifconfig_epair999b_ipv6="inet6 2A00:B580:8000:8000::2/64 >>> auto_linklocal" >>> >>> When I do `service jail onestart testjail` I can then ping6 the jail >>> from the host and the host from the jail. As you can see the >>> if_bridge is not involved in this traffic. >>> >>> When the host is in the wedged state and I start this testjail the >>> same way, no communication across the epair interface is possible. >>> >>> To me this seems to indicate that not the bridge but all epair >>> interfaces stop working at the very same time. >>> >>> >>> OS is RELENG_11_3, hardware and specifically network adapters vary, >>> we have igb, ix, ixl, bnxt ... >>> >>> >>> Does anyone have a suggestion what diagnostic measures could help to >>> pinpoint the culprit? The random occurrance and the fact that the >>> problem seems to prefer the production environment only makes this a >>> real pain ... >>> >>> >>> Thanks and kind regards, >>> Patrick >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@freebsd.org Sat Dec 21 01:45:08 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 855221E9CC2 for ; Sat, 21 Dec 2019 01:45:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47fpMm32wjz4g4s for ; Sat, 21 Dec 2019 01:45:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 687871E9CC1; Sat, 21 Dec 2019 01:45:08 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 683F51E9CC0 for ; Sat, 21 Dec 2019 01:45:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fpMm2905z4g4r for ; Sat, 21 Dec 2019 01:45:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 459857EE4 for ; Sat, 21 Dec 2019 01:45:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBL1j85I006639 for ; Sat, 21 Dec 2019 01:45:08 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBL1j8CE006638 for net@FreeBSD.org; Sat, 21 Dec 2019 01:45:08 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242746] ifconfig: Deleting (or re-setting) an IP address holds (leaks?) memory Date: Sat, 21 Dec 2019 01:45:08 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: needs-patch, needs-qa X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: short_desc cc bug_severity flagtypes.name bug_status keywords assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 01:45:08 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242746 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Deleting (or re-setting) an |ifconfig: Deleting (or |IP address with ifconfig |re-setting) an IP address |holds (leaks?) memory |holds (leaks?) memory CC| |net@FreeBSD.org Severity|Affects Only Me |Affects Many People Flags| |mfc-stable12?, | |mfc-stable11? Status|New |Open Keywords| |needs-patch, needs-qa Assignee|bugs@FreeBSD.org |net@FreeBSD.org --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Dec 21 02:28:30 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B8BCC1EB911 for ; Sat, 21 Dec 2019 02:28:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47fqKp4Xv9z3DbC for ; Sat, 21 Dec 2019 02:28:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 9BEC51EB90D; Sat, 21 Dec 2019 02:28:30 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9BABA1EB90C for ; Sat, 21 Dec 2019 02:28:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fqKp3jF6z3DbB for ; Sat, 21 Dec 2019 02:28:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7ABD88692 for ; Sat, 21 Dec 2019 02:28:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBL2SUgI032839 for ; Sat, 21 Dec 2019 02:28:30 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBL2SURs032838 for net@FreeBSD.org; Sat, 21 Dec 2019 02:28:30 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sat, 21 Dec 2019 02:28:28 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 02:28:30 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |net@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Dec 21 02:33:28 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 792EA1EBEA9 for ; Sat, 21 Dec 2019 02:33:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47fqRX2hydz3FCZ for ; Sat, 21 Dec 2019 02:33:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 5CAA71EBEA8; Sat, 21 Dec 2019 02:33:28 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5C7501EBEA7 for ; Sat, 21 Dec 2019 02:33:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fqRX1smqz3FCY for ; Sat, 21 Dec 2019 02:33:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3B8BB8857 for ; Sat, 21 Dec 2019 02:33:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBL2XSIc042206 for ; Sat, 21 Dec 2019 02:33:28 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBL2XSMT042200 for net@FreeBSD.org; Sat, 21 Dec 2019 02:33:28 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sat, 21 Dec 2019 02:33:27 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vas@sibptus.ru X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 02:33:28 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #3 from Victor Sudakov --- (In reply to dewayne from comment #2) I don't quite understand the second part of your question, the problem is n= ot within ISAKMP. ISAKMP works fine. The problem with TCP begins later, when a= ll SA are already established. But answering your question, the test lab uses preshared keys, racoon with a vanilla configuration. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Dec 21 08:16:45 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9C42B1CC347 for ; Sat, 21 Dec 2019 08:16:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47fz3d3hYqz41xQ for ; Sat, 21 Dec 2019 08:16:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 7EAE51CC346; Sat, 21 Dec 2019 08:16:45 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7E7281CC345 for ; Sat, 21 Dec 2019 08:16:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fz3d2nXGz41xP for ; Sat, 21 Dec 2019 08:16:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5B199C89B for ; Sat, 21 Dec 2019 08:16:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBL8Gj38037293 for ; Sat, 21 Dec 2019 08:16:45 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBL8GjOp037292 for net@FreeBSD.org; Sat, 21 Dec 2019 08:16:45 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sat, 21 Dec 2019 08:16:45 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 08:16:45 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 Eugene Grosbein changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Open CC| |eugen@freebsd.org --- Comment #4 from Eugene Grosbein --- There are multiple ways to solve this problem that work just fine for FreeB= SD 11 at least. First, one can use IPSec transport mode combined with gif tunnel and mtu=3D= 1500 for the gif. Oversized IPv4 gif packets have DF bit set to 0, as per gif(4) manual page, so they get fragmented while being transmitted over path with lowest intermediate mtu 1500 or less and no packet drops occur. Second, one can try sysctl net.inet.ipsec.dfbit=3D0 that is documented in ipsec(4) manual page for IPSec tunnel mode but maybe it works for transport mode, too. Check it out. Maybe, you can switch your IPSec to tunnel mode. Third, you can adjust TCP MSS by means of packet filters. For example, ipfw currently has additional kernel module ipfw_pmod.ko and command ipfw tcp-setmss. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Dec 21 08:33:50 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A20BC1CCA37 for ; Sat, 21 Dec 2019 08:33:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47fzRL3stJz42b0 for ; Sat, 21 Dec 2019 08:33:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 82D971CCA35; Sat, 21 Dec 2019 08:33:50 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 816B61CCA34 for ; Sat, 21 Dec 2019 08:33:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fzRL2NVbz42Zy for ; Sat, 21 Dec 2019 08:33:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4D227CC25 for ; Sat, 21 Dec 2019 08:33:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBL8Xo98008437 for ; Sat, 21 Dec 2019 08:33:50 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBL8XodK008436 for net@FreeBSD.org; Sat, 21 Dec 2019 08:33:50 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sat, 21 Dec 2019 08:33:50 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vas@sibptus.ru X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 08:33:50 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #5 from Victor Sudakov --- (In reply to Eugene Grosbein from comment #4) > First, one can use IPSec transport mode combined with gif tunnel and mtu= =3D1500 for the gif.=20 The solution with gif or if_ipsec tunnels is not scalable if you want to cr= eate a mesh of hosts with protected traffic between them. If we are talking about not more than 2-3 hosts, then the if_ipsec solution is the most elegant.=20 > Second, one can try sysctl net.inet.ipsec.dfbit=3D0 that is documented in= =20 > ipsec(4) manual page for IPSec tunnel mode=20 > but maybe it works for transport mode, too I wrote in the initial problem description that this sysctl does not work f= or transport mode. You just did not pay attention. > Third, you can adjust TCP MSS by means of packet filters.=20 I don't think I can if the packet in question is not received or transmitted via any interface (like locally generated ssh-client traffic intercepted by IPSec policies). Or I'll try if you provide an example of matching such a packet. I also tried pf's "scrub out proto 50 no-df" but there was no match. In a FreeBSD - Windows 7 combination, this kind of transport mode works transparently out of the box. I think Windows knows to adjust MSS, or something. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Dec 21 08:51:56 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id ABAFA1CCE58 for ; Sat, 21 Dec 2019 08:51:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47fzrD49Xmz431v for ; Sat, 21 Dec 2019 08:51:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 8CA481CCE57; Sat, 21 Dec 2019 08:51:56 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8B5031CCE56 for ; Sat, 21 Dec 2019 08:51:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fzrD2xccz431s for ; Sat, 21 Dec 2019 08:51:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 60853CF5D for ; Sat, 21 Dec 2019 08:51:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBL8puhZ051356 for ; Sat, 21 Dec 2019 08:51:56 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBL8puK0051355 for net@FreeBSD.org; Sat, 21 Dec 2019 08:51:56 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sat, 21 Dec 2019 08:51:56 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 08:51:56 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #6 from Eugene Grosbein --- OTOH, RFC 2401 Appendix B https://tools.ietf.org/html/rfc2401#page-1-48 sta= tes that packets generated by IPSec transport mode must be allowed to fragment = over the path and this is incompatible with current behaviour keeping DF=3D1 for= TCP and may be an error in our IPSEC stack. Adding ae@ to CC: list. Andrey, what is your opinion on the problem? Should we clear DF bit unconditionally for outgoing IPv4 IPSec transport mode packets? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Dec 21 08:56:26 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 242DA1CD0BE for ; Sat, 21 Dec 2019 08:56:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47fzxQ0BXQz43Gb for ; Sat, 21 Dec 2019 08:56:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 04D181CD0BD; Sat, 21 Dec 2019 08:56:26 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 049591CD0BC for ; Sat, 21 Dec 2019 08:56:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47fzxP6NGgz43GZ for ; Sat, 21 Dec 2019 08:56:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D66EFCFAD for ; Sat, 21 Dec 2019 08:56:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBL8uPst060273 for ; Sat, 21 Dec 2019 08:56:25 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBL8uPhb060272 for net@FreeBSD.org; Sat, 21 Dec 2019 08:56:25 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sat, 21 Dec 2019 08:56:25 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 08:56:26 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #7 from Eugene Grosbein --- (In reply to Victor Sudakov from comment #5) > I don't think I can if the packet in question is not received or transmit= ted > via any interface (like locally generated ssh-client traffic intercepted > by IPSec policies). Any outgoing packet has its destination IP address and it is not changed by IPSec transport mode. It's possible to perform routing lookup for any reach= able destination IP address to discover transmit MTU and deduce right MSS. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Dec 21 09:04:39 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6818A1CD666 for ; Sat, 21 Dec 2019 09:04:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47g06v26qNz43bZ for ; Sat, 21 Dec 2019 09:04:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 48BF11CD665; Sat, 21 Dec 2019 09:04:39 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 488431CD664 for ; Sat, 21 Dec 2019 09:04:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47g06v1GX5z43bY for ; Sat, 21 Dec 2019 09:04:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 26FDBD182 for ; Sat, 21 Dec 2019 09:04:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBL94dgf083547 for ; Sat, 21 Dec 2019 09:04:39 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBL94dxJ083546 for net@FreeBSD.org; Sat, 21 Dec 2019 09:04:39 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sat, 21 Dec 2019 09:04:39 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 09:04:39 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #8 from Eugene Grosbein --- (In reply to Victor Sudakov from comment #5) >In a FreeBSD - Windows 7 combination, this kind of transport mode works=20 > transparently out of the box. I think Windows knows to adjust MSS, or som= ething. Can you enable some TCP service at FreeBSD side (f.e. inetd/echo or ftpd) a= nd check it out if Windows sets DF=3D1 for initial encrypted TCP SYN when you connect from Windows to FreeBSD over such IPSec transport mode configuratio= n? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Dec 21 09:08:50 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E2BB51CD800 for ; Sat, 21 Dec 2019 09:08:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47g0Ck5hsbz43j3 for ; Sat, 21 Dec 2019 09:08:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id C36421CD7FE; Sat, 21 Dec 2019 09:08:50 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C32AC1CD7FD for ; Sat, 21 Dec 2019 09:08:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47g0Ck4rTsz43j2 for ; Sat, 21 Dec 2019 09:08:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A1D74D18C for ; Sat, 21 Dec 2019 09:08:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBL98oGZ007001 for ; Sat, 21 Dec 2019 09:08:50 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBL98o9S006995 for net@FreeBSD.org; Sat, 21 Dec 2019 09:08:50 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sat, 21 Dec 2019 09:08:50 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vas@sibptus.ru X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 09:08:50 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #9 from Victor Sudakov --- (In reply to Eugene Grosbein from comment #7) > It's possible to perform routing lookup for any reachable destination IP = address to discover transmit MTU and deduce right MSS. Yes, this (or similar) advice was given in https://lists.freebsd.org/pipermail/freebsd-net/2019-December/054952.html It works (I checked) but does not scale. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Dec 21 09:12:54 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DB4401CDAD9 for ; Sat, 21 Dec 2019 09:12:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47g0JQ5Wjnz443R for ; Sat, 21 Dec 2019 09:12:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id BCDC91CDAD2; Sat, 21 Dec 2019 09:12:54 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BCA6F1CDAD1 for ; Sat, 21 Dec 2019 09:12:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47g0JQ4cPjz443Q for ; Sat, 21 Dec 2019 09:12:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 99CB6D349 for ; Sat, 21 Dec 2019 09:12:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBL9CsqO067842 for ; Sat, 21 Dec 2019 09:12:54 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBL9CsEh067830 for net@FreeBSD.org; Sat, 21 Dec 2019 09:12:54 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sat, 21 Dec 2019 09:12:54 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vas@sibptus.ru X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 09:12:54 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #10 from Victor Sudakov --- (In reply to Eugene Grosbein from comment #8) > check it out if Windows sets DF=3D1 for initial encrypted TCP SYN My FreeBSD - Windows7 IPSec configuration is gone with my Windows7 workstat= ion. If it helps the cause, I can recreate with Windows 10 or Windows 2016 serve= r, it will take some time though because I don't remember very well well how y= ou set up SPD on Windows, it was somewhat non-trivial. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Dec 21 10:03:54 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C6C521CEF17 for ; Sat, 21 Dec 2019 10:03:54 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from kagate.punkt.de (kagate.punkt.de [217.29.33.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47g1RF47NHz45mZ for ; Sat, 21 Dec 2019 10:03:53 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from hugo10.ka.punkt.de (hugo10.ka.punkt.de [217.29.44.10]) by gate1.intern.punkt.de with ESMTP id xBLA3m9H074482; Sat, 21 Dec 2019 11:03:48 +0100 (CET) Received: from [217.29.46.66] (unassigned [217.29.46.66] (may be forged)) by hugo10.ka.punkt.de (8.14.2/8.14.2) with ESMTP id xBLA3mtD071949; Sat, 21 Dec 2019 11:03:48 +0100 (CET) (envelope-from hausen@punkt.de) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Subject: Re: Continuing problems in a bridged VNET setup From: "Patrick M. Hausen" In-Reply-To: Date: Sat, 21 Dec 2019 11:03:46 +0100 Cc: Kristof Provost Content-Transfer-Encoding: quoted-printable Message-Id: References: To: freebsd-net@freebsd.org X-Mailer: Apple Mail (2.3445.104.11) X-Rspamd-Queue-Id: 47g1RF47NHz45mZ X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of hausen@punkt.de designates 217.29.33.131 as permitted sender) smtp.mailfrom=hausen@punkt.de X-Spamd-Result: default: False [-2.17 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.993,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:217.29.32.0/20:c]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[punkt.de]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[131.33.29.217.list.dnswl.org : 127.0.10.0]; IP_SCORE(-0.38)[ip: (-0.36), ipnet: 217.29.32.0/20(-0.85), asn: 16188(-0.67), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:16188, ipnet:217.29.32.0/20, country:DE]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 10:03:54 -0000 Hi all, Now my two most problematic systems stall about once a day. And I can reliably stall my test system after I increased the number of VNET jails to 100. So now I have an unused test system that is in the wedged state. What now? I could provide SSH access if needed. Kind regards, Patrick --=20 punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de info@punkt.de AG Mannheim 108285 Gesch=C3=A4ftsf=C3=BChrer: J=C3=BCrgen Egeling, Daniel Lienert, Fabian = Stein From owner-freebsd-net@freebsd.org Sat Dec 21 12:14:11 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E16431D2AA6 for ; Sat, 21 Dec 2019 12:14:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47g4Kb5kx8z4Cq9 for ; Sat, 21 Dec 2019 12:14:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id C2DD61D2AA5; Sat, 21 Dec 2019 12:14:11 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C16751D2AA4 for ; Sat, 21 Dec 2019 12:14:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47g4Kb4bStz4Cq8 for ; Sat, 21 Dec 2019 12:14:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 98240F379 for ; Sat, 21 Dec 2019 12:14:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBLCEBjR074739 for ; Sat, 21 Dec 2019 12:14:11 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBLCEBrA074730 for net@FreeBSD.org; Sat, 21 Dec 2019 12:14:11 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sat, 21 Dec 2019 12:14:11 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 12:14:11 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #11 from Eugene Grosbein --- (In reply to Victor Sudakov from comment #9) It does scale: with racoon, you can use phase1 up-script to create specific routes with -mtu 1400 automatically. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Dec 21 12:15:28 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 620B91D2BD8 for ; Sat, 21 Dec 2019 12:15:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47g4M41lhqz4D2Z for ; Sat, 21 Dec 2019 12:15:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 3C14F1D2BD6; Sat, 21 Dec 2019 12:15:28 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3BD241D2BD5 for ; Sat, 21 Dec 2019 12:15:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47g4M35bH7z4D2S for ; Sat, 21 Dec 2019 12:15:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BB442F37C for ; Sat, 21 Dec 2019 12:15:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBLCFRjX032211 for ; Sat, 21 Dec 2019 12:15:27 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBLCFRRI032204 for net@FreeBSD.org; Sat, 21 Dec 2019 12:15:27 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sat, 21 Dec 2019 12:15:28 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 12:15:28 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #12 from Eugene Grosbein --- (In reply to Victor Sudakov from comment #10) Windows 7 should be fine. I don't think newer versions of Windows have a regression dealing with DF bit. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Dec 21 13:02:14 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 07DEB1D3B96 for ; Sat, 21 Dec 2019 13:02:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47g5P16TJbz4Fyp for ; Sat, 21 Dec 2019 13:02:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id DE37F1D3B95; Sat, 21 Dec 2019 13:02:13 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DDFDF1D3B94 for ; Sat, 21 Dec 2019 13:02:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47g5P15dQNz4Fyk for ; Sat, 21 Dec 2019 13:02:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BCBC4FC32 for ; Sat, 21 Dec 2019 13:02:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBLD2Ded048592 for ; Sat, 21 Dec 2019 13:02:13 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBLD2Due048591 for net@FreeBSD.org; Sat, 21 Dec 2019 13:02:13 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sat, 21 Dec 2019 13:02:13 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 13:02:14 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #13 from Eugene Grosbein --- (In reply to Victor Sudakov from comment #5) > Or I'll try if you provide an example of matching such a packet. This works for me: ipfw add tcp-setmss 1418 tcp from any to 'table(1)' tcpflags syn out ipfw add tcp-setmss 1418 tcp from 'table(1)' to any tcpflags syn in --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Dec 21 17:41:29 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 08C551D8F47 for ; Sat, 21 Dec 2019 17:41:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47gCbD6VRmz4TMJ for ; Sat, 21 Dec 2019 17:41:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id DF04D1D8F46; Sat, 21 Dec 2019 17:41:28 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DECDB1D8F45 for ; Sat, 21 Dec 2019 17:41:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47gCbD5cxWz4TMH for ; Sat, 21 Dec 2019 17:41:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BC6E01ADAA for ; Sat, 21 Dec 2019 17:41:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBLHfSOd088193 for ; Sat, 21 Dec 2019 17:41:28 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBLHfSCw088192 for net@FreeBSD.org; Sat, 21 Dec 2019 17:41:28 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sat, 21 Dec 2019 17:41:28 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vas@sibptus.ru X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 17:41:29 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #14 from Victor Sudakov --- (In reply to Eugene Grosbein from comment #11) > you can use phase1 up-script to create specific routes A clever idea. A host route to $REMOTE_ADDR via... via what? Maybe sourcing rc.conf for $defaultrouter would be sufficient in most cases. Your idea about ipfw. Can it really match locally created packets not passi= ng via any interface? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Dec 21 20:29:44 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7C4F91DBFEE for ; Sat, 21 Dec 2019 20:29:44 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from kagate.punkt.de (kagate.punkt.de [217.29.33.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47gHKM20Qsz4bd1 for ; Sat, 21 Dec 2019 20:29:43 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from hugo10.ka.punkt.de (hugo10.ka.punkt.de [217.29.44.10]) by gate1.intern.punkt.de with ESMTP id xBLKTfHO081211 for ; Sat, 21 Dec 2019 21:29:41 +0100 (CET) Received: from [217.29.46.77] (unassigned [217.29.46.77] (may be forged)) by hugo10.ka.punkt.de (8.14.2/8.14.2) with ESMTP id xBLKTfHX089116 for ; Sat, 21 Dec 2019 21:29:41 +0100 (CET) (envelope-from hausen@punkt.de) From: "Patrick M. Hausen" Mime-Version: 1.0 (1.0) Subject: Re: Continuing problems in a bridged VNET setup Date: Sat, 21 Dec 2019 21:29:41 +0100 Message-Id: <8BAFB6C3-AA6C-4AA6-8037-3B102F15101D@punkt.de> References: In-Reply-To: To: freebsd-net@freebsd.org X-Mailer: iPad Mail (17C54) X-Rspamd-Queue-Id: 47gHKM20Qsz4bd1 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of hausen@punkt.de designates 217.29.33.131 as permitted sender) smtp.mailfrom=hausen@punkt.de X-Spamd-Result: default: False [-0.90 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.79)[-0.788,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:217.29.32.0/20]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; URI_COUNT_ODD(1.00)[3]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; MV_CASE(0.50)[]; NEURAL_HAM_LONG(-0.94)[-0.940,0]; RCVD_IN_DNSWL_NONE(0.00)[131.33.29.217.list.dnswl.org : 127.0.10.0]; IP_SCORE(-0.37)[ip: (-0.35), ipnet: 217.29.32.0/20(-0.84), asn: 16188(-0.66), country: DE(-0.02)]; DMARC_NA(0.00)[punkt.de]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:16188, ipnet:217.29.32.0/20, country:DE]; MID_RHS_MATCH_FROM(0.00)[] Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 20:29:44 -0000 Hi all, kp@ and bz@ stepped in to help, now that we finally have a non-productive te= st system that is capable of reproducing the problem. Seems like it is related or identical to this bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D227100 Just to keep everyone informed and justify the noise on the list ;-) A very merry Christmas or whatever your favourite pastime at this time of ye= ar may be. Take care, Patrick= From owner-freebsd-net@freebsd.org Sat Dec 21 23:24:29 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 11F161DF27F for ; Sat, 21 Dec 2019 23:24:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47gMC06q4Sz3GSv for ; Sat, 21 Dec 2019 23:24:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id EA05A1DF272; Sat, 21 Dec 2019 23:24:28 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E9CE71DF271 for ; Sat, 21 Dec 2019 23:24:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47gMC05y74z3GSt for ; Sat, 21 Dec 2019 23:24:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C7BF31EA69 for ; Sat, 21 Dec 2019 23:24:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBLNOSJL034325 for ; Sat, 21 Dec 2019 23:24:28 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBLNOSWn034322 for net@FreeBSD.org; Sat, 21 Dec 2019 23:24:28 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sat, 21 Dec 2019 23:24:28 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 23:24:29 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #15 from Eugene Grosbein --- (In reply to Victor Sudakov from comment #14) Routing lookup can be performed within shell script, too: gw=3D$(route -n get "$REMOTE_ADDR" | awk '/gateway: / {print $2}') As for ipfw. First, ipfw never requied matching on some interface name, thi= s is optional. Second, every outgoing locally generated packet has its outgoing interface anyway including targeted to same host, these go out via lo0. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Dec 21 23:56:58 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B09FA1DFC84 for ; Sat, 21 Dec 2019 23:56:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47gMwV4Gxbz3HZr for ; Sat, 21 Dec 2019 23:56:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 92BC21DFC83; Sat, 21 Dec 2019 23:56:58 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9283B1DFC82 for ; Sat, 21 Dec 2019 23:56:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47gMwV3PbRz3HZq for ; Sat, 21 Dec 2019 23:56:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 706041EFA5 for ; Sat, 21 Dec 2019 23:56:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBLNuwWn016353 for ; Sat, 21 Dec 2019 23:56:58 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBLNuwXq016352 for net@FreeBSD.org; Sat, 21 Dec 2019 23:56:58 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sat, 21 Dec 2019 23:56:57 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Dec 2019 23:56:58 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #16 from Eugene Grosbein --- Created attachment 210122 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D210122&action= =3Dedit net.inet.ipsec.trans.cleardf For testing: new sysctl net.inet.ipsec.trans.cleardf is zero by default. If= set to 1, it forces clearing DF bit for outgoing encrypted transport mode packe= ts. --=20 You are receiving this mail because: You are the assignee for the bug.=