From owner-freebsd-net@freebsd.org Sun Jan 12 07:06:20 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CB5C822697D for ; Sun, 12 Jan 2020 07:06:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47wSSD53tKz44qy for ; Sun, 12 Jan 2020 07:06:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id ABDFE22697C; Sun, 12 Jan 2020 07:06:20 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AA93A22697B for ; Sun, 12 Jan 2020 07:06:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47wSSD3yDFz44qw for ; Sun, 12 Jan 2020 07:06:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 83485FFA1 for ; Sun, 12 Jan 2020 07:06:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00C76K4q086753 for ; Sun, 12 Jan 2020 07:06:20 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00C76Ko6086752 for net@FreeBSD.org; Sun, 12 Jan 2020 07:06:20 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sun, 12 Jan 2020 07:06:17 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vas@sibptus.ru X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jan 2020 07:06:20 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #27 from Victor Sudakov --- (In reply to Bjoern A. Zeeb from comment #26) Bjoern, can you formulate in a few own words what behavior you deem appropr= iate in accordance with the later RFCs?=20 I can only say that what we have now is completely broken: you enable IPSec transport mode between FreeBSD hosts on your LAN (very easy and elegant with strongswan, as it turns out) and bummer! Your TCP does not work any more. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sun Jan 12 09:52:40 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5971622A94D for ; Sun, 12 Jan 2020 09:52:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47wX881nb0z4DCM for ; Sun, 12 Jan 2020 09:52:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 3CD0022A94C; Sun, 12 Jan 2020 09:52:40 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3B90322A94B for ; Sun, 12 Jan 2020 09:52:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47wX880sHQz4DCL for ; Sun, 12 Jan 2020 09:52:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1906419E79 for ; Sun, 12 Jan 2020 09:52:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00C9qdKt096679 for ; Sun, 12 Jan 2020 09:52:39 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00C9qdSr096678 for net@FreeBSD.org; Sun, 12 Jan 2020 09:52:39 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sun, 12 Jan 2020 09:52:40 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: julian@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jan 2020 09:52:40 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 Julian Elischer changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |julian@FreeBSD.org --- Comment #28 from Julian Elischer --- A few years ago I used the multiple routing tables to have different MTU of= one table, which was used for procsses that were going to use tunnels or ipsec. I can't remember the details of how I forced it but My memory was that the tunnels went to table 1 which was 1500 and everything s went to the default table which was 1400. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sun Jan 12 11:09:52 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6D71122BFBC for ; Sun, 12 Jan 2020 11:09:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47wYsD2KYmz4GsH for ; Sun, 12 Jan 2020 11:09:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 4FDDB22BFBB; Sun, 12 Jan 2020 11:09:52 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4FA4D22BFBA for ; Sun, 12 Jan 2020 11:09:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47wYsD1Nn0z4GsF for ; Sun, 12 Jan 2020 11:09:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2B1931AB51 for ; Sun, 12 Jan 2020 11:09:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00CB9q4G098827 for ; Sun, 12 Jan 2020 11:09:52 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00CB9qNd098826 for net@FreeBSD.org; Sun, 12 Jan 2020 11:09:52 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sun, 12 Jan 2020 11:09:51 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vas@sibptus.ru X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jan 2020 11:09:52 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #29 from Victor Sudakov --- (In reply to Julian Elischer from comment #28) > I used the multiple routing tables to have different MTU This is one of the workarounds and we have even discussed something similar= in the comments, but should not IPsec "just work" out of the box? That should = be our goal. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sun Jan 12 20:40:13 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2DC361E9BF5 for ; Sun, 12 Jan 2020 20:40:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47wpWK0WWjz4nm7 for ; Sun, 12 Jan 2020 20:40:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 11C411E9BF4; Sun, 12 Jan 2020 20:40:13 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1185C1E9BF3 for ; Sun, 12 Jan 2020 20:40:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47wpWJ6hv3z4nm6 for ; Sun, 12 Jan 2020 20:40:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E173D21503 for ; Sun, 12 Jan 2020 20:40:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00CKeCti074718 for ; Sun, 12 Jan 2020 20:40:12 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00CKeCLG074717 for net@FreeBSD.org; Sun, 12 Jan 2020 20:40:12 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242890] vmxnet3 problem when RSS option is configured Date: Sun, 12 Jan 2020 20:40:13 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: pkelsey@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jan 2020 20:40:13 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242890 --- Comment #3 from Patrick Kelsey --- (In reply to Andriy Gapon from comment #2) When I converted the vmxnet3 driver to iflib, I enabled the RSS code based = on iflib internals and looking sideways at the bnxt driver, and not so much by thinking through the RSS code's fundamental requirements. What I saw in the bnxt driver was that it was setting the RSS key using arc4rand() in bnxt_attach_pre(), and that it is always using the hash value= for the flowid in bnxt_pkt_get_l2(). That lead me to believe that the rss key value did not have to be anything specific, and is why the way the vmxnet3 = code behaves with respect to this issue is functionally the same as what bnxt do= es. If I am not missing something further, perhaps this same issue exists for t= he bnxt driver as well. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sun Jan 12 21:00:14 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4FD5A1EAA61 for ; Sun, 12 Jan 2020 21:00:14 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47wpyQ0g5Tz4q3F for ; Sun, 12 Jan 2020 21:00:14 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.nyi.freebsd.org (Postfix) id 16AE11EAA60; Sun, 12 Jan 2020 21:00:14 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 166551EAA5B for ; Sun, 12 Jan 2020 21:00:14 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47wpyP4VSrz4q33 for ; Sun, 12 Jan 2020 21:00:13 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 93FF321908 for ; Sun, 12 Jan 2020 21:00:13 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00CL0Df6025340 for ; Sun, 12 Jan 2020 21:00:13 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00CL0DYv025339 for net@FreeBSD.org; Sun, 12 Jan 2020 21:00:13 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <202001122100.00CL0DYv025339@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: net@FreeBSD.org Subject: Problem reports for net@FreeBSD.org that need special attention Date: Sun, 12 Jan 2020 21:00:13 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jan 2020 21:00:14 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- In Progress | 221146 | [ixgbe] Problem with second laggport In Progress | 235700 | oce(4) driver causes fatal trap 12 on boot with e New | 204438 | setsockopt() handling of kern.ipc.maxsockbuf limi New | 205592 | TCP processing in IPSec causes kernel panic New | 213410 | [carp] service netif restart causes hang only whe Open | 193452 | Dell PowerEdge 210 II -- Kernel panic bce (broadc Open | 194453 | [dummynet] pipe config bw parameter limited to 2G Open | 194485 | Userland cannot add IPv6 prefix routes Open | 202510 | [CARP] advertisements sourced from CARP IP cause Open | 207261 | netmap: Doesn't do TX sync with kqueue Open | 210726 | tcp connect() can return invalid EADDRINUSE (Eg: Open | 222273 | igb(4): Kernel panic (fatal trap 12) due to netwo Open | 225438 | panic in6_unlink_ifa() due to race Open | 225792 | ECMP is broken since tryforward() Open | 227720 | Kernel panic in ppp server Open | 235524 | igb(4): Ethernet interface loses active link stat Open | 236888 | ppp daemon: Allow MTU to be overridden for PPPoE Open | 236983 | bnxt(4) VLAN not operational unless explicit "ifc Open | 237072 | netgraph(4): performance issue [on HardenedBSD]? Open | 237391 | route get returns no result for network addresses Open | 237840 | Removed dummynet dependency on ipfw Open | 238324 | Add XG-C100C/AQtion AQC107 10GbE NIC driver Open | 240530 | netgraph/ng_source: Allow ng_source to inject int Open | 240944 | em(4): Crash with Intel 82571EB NIC with AMD Pile Open | 240969 | netinet6: Neighbour reachability detection broken Open | 241106 | tun/ppp: panic: vm_fault: fault on nofault entry Open | 241191 | route flush panic with RADIX_MPATH 27 problems total for which you should take action. From owner-freebsd-net@freebsd.org Mon Jan 13 01:47:06 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A81F71F1F6F for ; Mon, 13 Jan 2020 01:47:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47wxKQ44ynz3KbX for ; Mon, 13 Jan 2020 01:47:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 8C1FF1F1F6E; Mon, 13 Jan 2020 01:47:06 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8BE281F1F6D for ; Mon, 13 Jan 2020 01:47:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47wxKQ1cWXz3KbT for ; Mon, 13 Jan 2020 01:47:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3258824F41 for ; Mon, 13 Jan 2020 01:47:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00D1l61g013380 for ; Mon, 13 Jan 2020 01:47:06 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00D1l6gR013379 for net@FreeBSD.org; Mon, 13 Jan 2020 01:47:06 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 230996] em/igb: Intel i210/i350: ifconfig: enabling "vlanhwtag" renders VLAN on i210/i350 NICs unusable Date: Mon, 13 Jan 2020 01:47:05 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: jason@tubnor.net X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2020 01:47:06 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230996 --- Comment #5 from Jason Tubnor --- With vlanhwtag enabled: $ iperf3 -c 10.1.1.1=20=20=20=20 Connecting to host 10.1.1.1, port 5201 [ 5] local 10.1.1.91 port 44086 connected to 10.1.1.1 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.01 sec 35.4 KBytes 287 Kbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 1.01-2.01 sec 2.83 KBytes 23.2 Kbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 2.01-3.02 sec 0.00 Bytes 0.00 bits/sec=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20 [ 5] 3.02-4.02 sec 0.00 Bytes 0.00 bits/sec=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20 [ 5] 4.02-5.01 sec 2.83 KBytes 23.4 Kbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 5.01-6.01 sec 5.66 KBytes 46.3 Kbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 6.01-7.01 sec 5.66 KBytes 46.3 Kbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 7.01-8.01 sec 4.24 KBytes 34.8 Kbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 8.01-9.01 sec 5.66 KBytes 46.3 Kbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 9.01-10.01 sec 5.66 KBytes 46.3 Kbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-10.01 sec 67.9 KBytes 55.6 Kbits/sec sender [ 5] 0.00-10.20 sec 48.1 KBytes 38.6 Kbits/sec recei= ver iperf Done. $ iperf3 -c 10.1.1.1 -R Connecting to host 10.1.1.1, port 5201 Reverse mode, remote host 10.1.1.1 is sending [ 5] local 10.1.1.91 port 11269 connected to 10.1.1.1 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 64.5 MBytes 541 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 1.00-2.00 sec 105 MBytes 883 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 2.00-3.00 sec 111 MBytes 932 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 3.00-4.00 sec 111 MBytes 929 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 4.00-5.00 sec 112 MBytes 938 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 5.00-6.00 sec 112 MBytes 938 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 6.00-7.00 sec 111 MBytes 934 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 7.00-8.00 sec 112 MBytes 937 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 8.00-9.00 sec 112 MBytes 936 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 9.00-10.00 sec 111 MBytes 935 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-10.19 sec 1.04 GBytes 874 Mbits/sec sender [ 5] 0.00-10.00 sec 1.04 GBytes 890 Mbits/sec recei= ver iperf Done. With hwvlantag disabled (-hwvlantag): $ iperf3 -c 10.1.1.1=20=20=20=20 Connecting to host 10.1.1.1, port 5201 [ 5] local 10.1.1.91 port 46471 connected to 10.1.1.1 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 105 MBytes 877 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 1.00-2.00 sec 112 MBytes 936 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 2.00-3.00 sec 112 MBytes 936 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 3.00-4.00 sec 111 MBytes 933 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 4.00-5.01 sec 112 MBytes 931 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 5.01-6.00 sec 110 MBytes 933 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 6.00-7.00 sec 112 MBytes 936 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 7.00-8.00 sec 112 MBytes 935 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 8.00-9.00 sec 111 MBytes 935 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 9.00-10.00 sec 111 MBytes 935 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-10.00 sec 1.08 GBytes 929 Mbits/sec sender [ 5] 0.00-10.20 sec 1.08 GBytes 911 Mbits/sec recei= ver iperf Done. $ iperf3 -c 10.1.1.1 -R=20 Connecting to host 10.1.1.1, port 5201 Reverse mode, remote host 10.1.1.1 is sending [ 5] local 10.1.1.91 port 47836 connected to 10.1.1.1 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 76.1 MBytes 638 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 1.00-2.00 sec 109 MBytes 912 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 2.00-3.00 sec 112 MBytes 936 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 3.00-4.00 sec 111 MBytes 933 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 4.00-5.00 sec 112 MBytes 939 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 5.00-6.00 sec 112 MBytes 939 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 6.00-7.00 sec 110 MBytes 921 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 7.00-8.00 sec 112 MBytes 939 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 8.00-9.00 sec 112 MBytes 939 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 [ 5] 9.00-10.00 sec 112 MBytes 938 Mbits/sec=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20 - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-10.19 sec 1.05 GBytes 887 Mbits/sec sender [ 5] 0.00-10.00 sec 1.05 GBytes 903 Mbits/sec recei= ver iperf Done. ---- This is preventing an uplift of our bhyve hypervisor fleet from 11.3 to the= 12 branch. Thanks. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Jan 13 05:27:46 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 14A491F7715 for ; Mon, 13 Jan 2020 05:27:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47x2D16tscz426n for ; Mon, 13 Jan 2020 05:27:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id EA8571F7714; Mon, 13 Jan 2020 05:27:45 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E932F1F7713 for ; Mon, 13 Jan 2020 05:27:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47x2D15kKTz426m for ; Mon, 13 Jan 2020 05:27:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C014027861 for ; Mon, 13 Jan 2020 05:27:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00D5Rjj8062403 for ; Mon, 13 Jan 2020 05:27:45 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00D5Rjfh062402 for net@FreeBSD.org; Mon, 13 Jan 2020 05:27:45 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 200319] Bridge+CARP crashes/freezes Date: Mon, 13 Jan 2020 05:27:44 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: crash, needs-qa X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: gdef@wp.pl X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2020 05:27:46 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D200319 Gyver Def changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gdef@wp.pl --- Comment #18 from Gyver Def --- 12.1-STABLE FreeBSD 12.1-STABLE 0b9b015d84e(stable/12) also got this problem :-( --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Jan 13 14:14:35 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 65301224FC8 for ; Mon, 13 Jan 2020 14:14:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47xFvv22CBz4XTH for ; Mon, 13 Jan 2020 14:14:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 45AE8224FC7; Mon, 13 Jan 2020 14:14:35 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 45789224FC6 for ; Mon, 13 Jan 2020 14:14:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47xFvv1BlZz4XTG for ; Mon, 13 Jan 2020 14:14:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 248985DDB for ; Mon, 13 Jan 2020 14:14:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00DEEZU4012552 for ; Mon, 13 Jan 2020 14:14:35 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00DEEZYX012551 for net@FreeBSD.org; Mon, 13 Jan 2020 14:14:35 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 200319] Bridge+CARP crashes/freezes Date: Mon, 13 Jan 2020 14:14:03 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: crash, needs-qa X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2020 14:14:35 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D200319 --- Comment #19 from Kristof Provost --- (In reply to Gyver Def from comment #18) The problem is being worked on. In the mean time the following sysctl tweaks should make the problem less likely to trigger: net.isr.bindthreads=3D1 net.isr.maxthreads=3D256 # net.isr will always reduce it to mp_cpus net.link.epair.netisr_maxqlen=3D10240 --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Jan 13 14:16:14 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 12DDA2250AD for ; Mon, 13 Jan 2020 14:16:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47xFxn6pCPz4XbN for ; Mon, 13 Jan 2020 14:16:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id E96242250AC; Mon, 13 Jan 2020 14:16:13 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E92942250AB for ; Mon, 13 Jan 2020 14:16:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47xFxn5wWLz4XbL for ; Mon, 13 Jan 2020 14:16:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C65DE5DE0 for ; Mon, 13 Jan 2020 14:16:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00DEGD8j014843 for ; Mon, 13 Jan 2020 14:16:13 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00DEGD63014842 for net@FreeBSD.org; Mon, 13 Jan 2020 14:16:13 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 243319] Panicked laptop & local network ARP flood Date: Mon, 13 Jan 2020 14:16:13 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kevans@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2020 14:16:14 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243319 Kyle Evans changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cem@freebsd.org, | |markj@FreeBSD.org, | |net@FreeBSD.org --- Comment #1 from Kyle Evans --- CC'ing -net@ and cem/markj, the latter since it's in a panic context which leads me to believe it's perhaps debugnet related, but I've not configured debugnet/netdump at all. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Jan 13 14:18:31 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4D57322523E for ; Mon, 13 Jan 2020 14:18:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47xG0R1Rqbz4XmZ for ; Mon, 13 Jan 2020 14:18:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 2FEE822523B; Mon, 13 Jan 2020 14:18:31 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2FB3822523A for ; Mon, 13 Jan 2020 14:18:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47xG0R0ZZTz4XmX for ; Mon, 13 Jan 2020 14:18:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0A5B45DE6 for ; Mon, 13 Jan 2020 14:18:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00DEIUiY017575 for ; Mon, 13 Jan 2020 14:18:30 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00DEIUgO017574 for net@FreeBSD.org; Mon, 13 Jan 2020 14:18:30 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 243319] Panicked laptop & local network ARP flood Date: Mon, 13 Jan 2020 14:18:31 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: markj@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2020 14:18:31 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243319 --- Comment #2 from Mark Johnston --- (In reply to Kyle Evans from comment #1) What happens after the panic? Does the system attempt to dump core? Do you perhaps have a DDB script that attempts to trigger a netdump? --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Jan 13 14:26:04 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8315F2255F8 for ; Mon, 13 Jan 2020 14:26:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47xG982xSJz4YQY for ; Mon, 13 Jan 2020 14:26:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 6323F2255F5; Mon, 13 Jan 2020 14:26:04 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 61C562255F4 for ; Mon, 13 Jan 2020 14:26:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47xG980Lytz4YQV for ; Mon, 13 Jan 2020 14:26:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0322D5FB1 for ; Mon, 13 Jan 2020 14:26:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00DEQ3K2063578 for ; Mon, 13 Jan 2020 14:26:03 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00DEQ3NF063577 for net@FreeBSD.org; Mon, 13 Jan 2020 14:26:03 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 243319] Panicked laptop & local network ARP flood Date: Mon, 13 Jan 2020 14:26:03 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kevans@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2020 14:26:04 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243319 --- Comment #3 from Kyle Evans --- (In reply to Mark Johnston from comment #2) Yeah, so from the system's viewpoint it looks like an absolutely normal pan= ic and I'm at ddb prompt and able to dump (and did, because I needed to examine later if the VM panic it hit that time has been resolved since). This system doesn't use DDB scripts, but I double-checked here: # sysrc ddb_enable ddb_enable: NO and it's otherwise configured like so: # grep 'dump' rc.conf # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev=3D"AUTO" dumpon_flags=3D"-vZ" --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Jan 13 14:39:59 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3DB49225E6D for ; Mon, 13 Jan 2020 14:39:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47xGTC0wJ8z4Zgl for ; Mon, 13 Jan 2020 14:39:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 1F6DE225E69; Mon, 13 Jan 2020 14:39:59 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1F245225E67 for ; Mon, 13 Jan 2020 14:39:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47xGTB6djsz4Zgh for ; Mon, 13 Jan 2020 14:39:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DF42E61C0 for ; Mon, 13 Jan 2020 14:39:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00DEdwpQ091130 for ; Mon, 13 Jan 2020 14:39:58 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00DEdwm3091127 for net@FreeBSD.org; Mon, 13 Jan 2020 14:39:58 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 243319] Panicked laptop & local network ARP flood Date: Mon, 13 Jan 2020 14:39:58 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: markj@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2020 14:39:59 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243319 --- Comment #4 from Mark Johnston --- You could try repro'ing the problem with net.debugnet.debug=3D1 or =3D2 to = verify that the debugnet code isn't actually running somehow. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Jan 13 15:26:30 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 14C35227C1C for ; Mon, 13 Jan 2020 15:26:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47xHVs6s1nz4fBY for ; Mon, 13 Jan 2020 15:26:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id E980E227C1B; Mon, 13 Jan 2020 15:26:29 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E948F227C1A for ; Mon, 13 Jan 2020 15:26:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47xHVs5zpPz4fBX for ; Mon, 13 Jan 2020 15:26:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C91156ADF for ; Mon, 13 Jan 2020 15:26:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00DFQTnc070045 for ; Mon, 13 Jan 2020 15:26:29 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00DFQTb7070023 for net@FreeBSD.org; Mon, 13 Jan 2020 15:26:29 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 200319] Bridge+CARP crashes/freezes Date: Mon, 13 Jan 2020 15:26:28 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: crash, needs-qa X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2020 15:26:30 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D200319 --- Comment #20 from Kristof Provost --- (In reply to Kristof Provost from comment #19) I may have been conflating two different issues. To clarify: if the system fully freezes then these sysctls won't help. If t= he system keeps running, but stops passing traffic on epair interfaces those sysctls should help. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Jan 13 16:26:57 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 40C061E1FBC for ; Mon, 13 Jan 2020 16:26:57 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47xJrb6G3Mz3FFT for ; Mon, 13 Jan 2020 16:26:55 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=rKHF+Y0w77IZd+yxwnlstl/+N2wXg2NdHjQTF3S8q2E=; b=PqczglCOBjIz4n0qEopxcwCF18 XcQ6M3q0G2J8yQ5Ydocvlii0t25UKXTeUOoyl1oihwHJ1Uo/dNXjaBWxOjGYd9PycIlPyAKtJN+GL DmlvKkHH+cGfpyXNi9w7eKnsKHcMZoWd4+bGYuuh6RvXvZuQeS0nr/WTCc0W4R86Sy7E=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1ir2YC-00031f-3b for freebsd-net@freebsd.org; Mon, 13 Jan 2020 23:26:48 +0700 Date: Mon, 13 Jan 2020 23:26:48 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: Re: replacement of security/ipsec-tools Message-ID: <20200113162648.GA10976@admin.sibptus.ru> References: <50378AC0-0A0A-4E33-961F-3D180987A8C1@ellael.org> <20200110035009.GB67842@admin.sibptus.ru> <20200110065131.GA79879@admin.sibptus.ru> <20200111112307.GA62210@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="sm4nu43k4a2Rpi4c" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 47xJrb6G3Mz3FFT X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=PqczglCO; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.40 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.30)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.63), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2020 16:26:57 -0000 --sm4nu43k4a2Rpi4c Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Karl Denninger wrote: [dd] >=20 > Strongswan works fine with Win10 HOWEVER note that Windows 10 until > somewhat recently (last summer, I believe) and ALL PREVIOUS VERSIONS > (e.g. Win7, 8, etc.) had a SEVERE problem with IkeV2 connections, which Karl, Thanks a lot for the detailed info. I may need it one day. For the present, however, I'm interested not in an IPSec VPN (in Windows terminology) but in a simple transport mode IPSec between a FreeBSD and a Windows host.=20 My only option for that is IKEv1 because IKEv2 is configured on Windows 10 and Windows 2016 from PowerShell only, and I need to configure a secure connection via Group Policy editor (mmc). I'm still too weak of heart to use PowerShell for IPSec setup. I have this working successfully with racoon (on pre-shared keys) and am investigating the possibility to replace racoon with strongswan. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --sm4nu43k4a2Rpi4c Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeHJpIAAoJEA2k8lmbXsY0eAEH/A8U3IWGAuL4iw182HZ3/dTA xO/umK9QPWH+tv+1dwiOEsiRSRz5PMMOjCATQTtq5LAMxMGtoRO9J6MSlNuo/dfj usmfGG26zyKIzVZToURIGvUN4bZpROs2ZoTBLj3g6zdp3QDB0Pq346617/m3LPbj S7DGex3HJavanCZAfz/sudZ3XJrlawRD3bHDgKww58j1yoCjLizQXg49F+3LIkQO EXMkz9RLLA6FmoRTpulo7vG04W0S5Vs6j5RWCJ5IXUJuOa33COX7ZwPqdPmQwyXP Suktxq7EMKYw475rxPf3Zh0rDtmZIuFQyHDTHA+ajvdPuQAuXUByfcM+4dyBC+I= =GhCL -----END PGP SIGNATURE----- --sm4nu43k4a2Rpi4c-- From owner-freebsd-net@freebsd.org Mon Jan 13 16:28:37 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 81D9B1E20BE for ; Mon, 13 Jan 2020 16:28:37 +0000 (UTC) (envelope-from karl@denninger.net) Received: from colo1.denninger.net (colo1.denninger.net [104.236.120.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47xJtX4S4Pz3FM1 for ; Mon, 13 Jan 2020 16:28:36 +0000 (UTC) (envelope-from karl@denninger.net) Received: from denninger.net (ip68-1-57-197.pn.at.cox.net [68.1.57.197]) by colo1.denninger.net (Postfix) with ESMTP id 9B76F2110A2 for ; Mon, 13 Jan 2020 11:28:05 -0500 (EST) Received: from [192.168.10.25] (D15.Denninger.Net [192.168.10.25]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by denninger.net (Postfix) with ESMTPSA id 5E2E51F107C for ; Mon, 13 Jan 2020 10:28:05 -0600 (CST) Subject: Re: replacement of security/ipsec-tools To: freebsd-net@freebsd.org References: <50378AC0-0A0A-4E33-961F-3D180987A8C1@ellael.org> <20200110035009.GB67842@admin.sibptus.ru> <20200110065131.GA79879@admin.sibptus.ru> <20200111112307.GA62210@admin.sibptus.ru> <20200113162648.GA10976@admin.sibptus.ru> From: Karl Denninger Autocrypt: addr=karl@denninger.net; prefer-encrypt=mutual; keydata= xsFNBF1Rd+gBEACmLAH7SAzdQq57ZN56QQEy0jDFfH5BvGOMZgCaP+Y5lJQ5u9WphCoCALMs Rg0o1Q9DRNWgUmy/cgsxioXAEzZFXXzOHPJhwplVOgfjxnoByD5KQhWG8Owm9QmATdtiZPSV 4UYVNUIbZv7btSnnAXysG2OUHajYS5PVeFQxFbhNFq/SS8VaXr1WEVTFa8NFKp2W3/KY1A+U KKDUlYwnOauK3fnY9chF2IRSoxAbBJFrJ4lPGz04HtzNos4Q9CBfTphKcdFjcPntNS9wrqs3 sm+7hLNTH9B2Kj6aekG5UhD03eyP+gevTgBy51RL6ULzI13Kc4aeyOByuBXrA8D2m2Ee67iy 4+ZSxM9Wn1gQce5624OWzCYIGBH2r75Bshp1KHKu36N2rN//kyKYnwl/z6UZB/S9cMUFKZgL gFx7QxpFX/HvSiBcPfcGS0meModpg6qma7/2jRoQAXacslpiT+uOfRGspNbnglkbw435RzX/ kMUclJQNZBBBUpPiGjVCjeBTiAfN8TyjS+pWzwxNCUZWbYO5xVaS0gbIhgVNoBOGn1rdTsdA PP65SRjaoL5KY6bzkkzrXLB2Djx8/p4vr0qIqxIQWbewJq3xKyKGiqI46ae77BF7k0B++Ndx g9K9UeWKl/iJ0eoI0ftR+xH3aIHTU1Or3j/tj4j8Z0tnVSyt1wARAQABzSNLYXJsIERlbm5p bmdlciA8a2FybEBkZW5uaW5nZXIubmV0PsLBfwQTAQgAKQUCXVF36AIbIwUJCWYBgAcLCQgH AwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEG8twBXrj1l4swkP/3uOzRxW16K6H4JIEIRMUEbt nxDhmk+gR/7H9phg7HtvR7i22QejZX1N1NHcGRNmBwLshWVjJkHKhCE/AM8Cf9XyaV2ft6qn g1xK6NuhapxVuaaMeCVPUzsPkTcR+JMl72ZR4Q+mJMVQButCITekmr7aIzIZ80fF0t86rnq+ O74ZGt0SAMsLV/GAKlIw8fGMi9Xj4OKDgqmxTnIoV4+0mpo26W957pnlOrjN3/6VqWUyAdHH DkyqsuP/9jx2f5pZCcD7X04+93GI+sGb1s6BOFRHq2oJgs6W0z0nPx5Ks9MDDgSQlxXAryje 17WphTR7DWn1BeF3Y8AhRkzc2+Mgc5s1i2fPe6YwvksDNOEyNXIvFV7chwDQYb0Q3I8XsoHu 2WUjXp0kVokobJPdVdY55nbY+brezweRJMiEpFtGOmoUekQWlI5KS1kE8+Xuqpm+MSxEpqY8 5ncPt0lekOrICGajlOotkUK86iVemlW1rMzMc5Xwp9j8oxa+bRtGD6u1rYz4i+qIdE+GSCBy 1nnHN/my0nefhQyHXr8wGVEbyiMZCten9fm1iXpBr0jY+tvtbo8XqZQG7Lr+3kSO6VUgc8kW IPf2HxIV7AnGUN+ddZGCcPPhb2mY/Yy7si54wJFj6YoG+/+rNjF9F5d8WeLoeUWczgHTvZmS o6F7UhjjuwzgzsFNBF1Rd+gBEADNVFS8nQ+kpKOpgtP+f3bCVxHAm7eHMbX6oew5yZiQwfD+ 1RWNWLVOMeTt7G2e5HsHpJOUwFUJhbDb0omB0r38xTSVSAig9kmUfb7tTMJG2bG7WfWykBOM WIZ4OhCf+ISv9dUkjNgx4ionWotFxwDiPRwWumVQ7WYZmRZlhDWMiaHgKvBrjJ7Y6GKPRbQc 5/0Qz9xGhXKlFxDQrrSMkyRThIOxXqdfD9z3rEsV3ZwOojzNsnkIImnQMKyIAR0FBQop34G9 wDQi7fxk8wGIfDszwfR4oAdDdPGq4gcAvE7Fd3xKyNpGyjSED5szoaFjldaZSXQIffquSUvy sFCTTLRIso5Dn9uQgi57gIv+5mnyKBfm2Z2P6pEQPSt073TED9rS0+JpniJL7rKRVpO5niqw sQJS6ht+JF88rXro+SiwxD/KeDpTuuJ10+ohLVi1Y+X82X7BIQEhqtFp9FVJSds4o/eNyaHd SoqfoeWMy3EV+rdJ3DneXcPS1BgxO57Rko5Hx3NUSVK83ovFb+Ofes9SLNdqNu3xAUcfpRdS DyxzpVbCq6Y2CIojiaweiYe5BOBhmR9OPGhqP8YD7GukYmQufAVuOrIVyctBlVPHgMBb+UX+ ItYXuX4weSJWLOsmM45xd/EYvBq2DWFpKlyihoktNzTGqxGsNeG7gCOEUTAnUwARAQABwsFl BBgBCAAPBQJdUXfoAhsMBQkJZgGAAAoJEG8twBXrj1l4Dm0P/iEx2gIHSOnvgpG799Vf2RM0 7gPbDWzDaw8YTV49H+VTOqq7RlT52aO0QfNAmtppX0V1/5f30fuSCF46NWnYGu35P/LvOAPb sLbeWCyJy4GOPN4cjsBMbgmooGdl24RdcvGMmY177o7oOSWBqXfhAj+YA6r+hEar1qxqLgwB Gy8wAId4qYSQhN/FxiQbyUs2tPAI6Wn/41pI7Hu6WgmRGpZrBv8HhVV9Gl7jallSsS/g+fhu WRbDKCknUS5SX3+w2AUFr4kf62gSSxXBxd075KnViV9c0sraAPI31XbM5QUc0Xssfaqs6Srr z4MjKaLhb7GD8C1JwI23PuGdFvk9WK996UvIyjdWIE99VSlg/5gEKkXzwx7oysrSG9BqkfGf I4addK55xRQPul0V3s2LtDoQTxg3VHrL6wrvGhYUcTHLmlsvNx1EOb5a3xBT+SUK/Ltq08LW YcmNbU/G217MlfvDJYHCb0uOtxqJFm8RiZGj2eEcLgvyWnlWCD2rfP4EqCxmpr3Ic725FiQR cBbdTV3clTgclhBG3TA9dxVjfZDcatz5cFBwXP8k5Yn9tNl90T2r79V4SNh1mCHtGTSEf449 qz9tm7EguLchjmoirJTuiipZKcalcHAHtz4VPUykdXsrfEJTzdEcujzqF6v/9CY+DjpAd3et Z0vw7xC5tS+b Message-ID: <76e41e61-3dc6-60f5-d60a-b2571906071e@denninger.net> Date: Mon, 13 Jan 2020 10:28:04 -0600 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1 MIME-Version: 1.0 In-Reply-To: <20200113162648.GA10976@admin.sibptus.ru> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-512; boundary="------------ms060409020207030905030707" X-Rspamd-Queue-Id: 47xJtX4S4Pz3FM1 X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=denninger.net; spf=pass (mx1.freebsd.org: domain of karl@denninger.net designates 104.236.120.189 as permitted sender) smtp.mailfrom=karl@denninger.net X-Spamd-Result: default: False [-7.43 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; SIGNED_SMIME(-2.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; HAS_ATTACHMENT(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_NONE(0.00)[]; DMARC_POLICY_ALLOW(-0.50)[denninger.net,none]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~]; ASN(0.00)[asn:14061, ipnet:104.236.64.0/18, country:US]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-2.53)[ip: (-9.84), ipnet: 104.236.64.0/18(-4.41), asn: 14061(1.67), country: US(-0.05)]; RECEIVED_SPAMHAUS_PBL(0.00)[197.57.1.68.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11] X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2020 16:28:37 -0000 This is a cryptographically signed message in MIME format. --------------ms060409020207030905030707 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 1/13/2020 10:26, Victor Sudakov wrote: > Karl Denninger wrote: > > [dd] > >> Strongswan works fine with Win10 HOWEVER note that Windows 10 until >> somewhat recently (last summer, I believe) and ALL PREVIOUS VERSIONS >> (e.g. Win7, 8, etc.) had a SEVERE problem with IkeV2 connections, whic= h > Karl, > > Thanks a lot for the detailed info. I may need it one day. > > For the present, however, I'm interested not in an IPSec VPN (in Window= s > terminology) but in a simple transport mode IPSec between a FreeBSD and= a > Windows host.=20 > > My only option for that is IKEv1 because IKEv2 is configured on Windows= > 10 and Windows 2016 from PowerShell only, and I need to configure a > secure connection via Group Policy editor (mmc). I'm still too weak of > heart to use PowerShell for IPSec setup. > > I have this working successfully with racoon (on pre-shared keys) and a= m > investigating the possibility to replace racoon with strongswan. Gotcha.... I misunderstood the application...=A0 I've not attempted to se= t that up here.... --=20 Karl Denninger karl@denninger.net /The Market Ticker/ /[S/MIME encrypted email preferred]/ --------------ms060409020207030905030707 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC DdgwggagMIIEiKADAgECAhMA5EiKghDOXrvfxYxjITXYDdhIMA0GCSqGSIb3DQEBCwUAMIGL MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTESMBAGA1UEBwwJTmljZXZpbGxlMRkw FwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRhIFN5c3RlbXMgQ0ExITAf BgNVBAMMGEN1ZGEgU3lzdGVtcyBMTEMgMjAxNyBDQTAeFw0xNzA4MTcxNjQyMTdaFw0yNzA4 MTUxNjQyMTdaMHsxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdGbG9yaWRhMRkwFwYDVQQKDBBD dWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRhIFN5c3RlbXMgQ0ExJTAjBgNVBAMMHEN1 ZGEgU3lzdGVtcyBMTEMgMjAxNyBJbnQgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQC1aJotNUI+W4jP7xQDO8L/b4XiF4Rss9O0B+3vMH7Njk85fZ052QhZpMVlpaaO+sCI KqG3oNEbuOHzJB/NDJFnqh7ijBwhdWutdsq23Ux6TvxgakyMPpT6TRNEJzcBVQA0kpby1DVD 0EKSK/FrWWBiFmSxg7qUfmIq/mMzgE6epHktyRM3OGq3dbRdOUgfumWrqHXOrdJz06xE9NzY vc9toqZnd79FUtE/nSZVm1VS3Grq7RKV65onvX3QOW4W1ldEHwggaZxgWGNiR/D4eosAGFxn uYeWlKEC70c99Mp1giWux+7ur6hc2E+AaTGh+fGeijO5q40OGd+dNMgK8Es0nDRw81lRcl24 SWUEky9y8DArgIFlRd6d3ZYwgc1DMTWkTavx3ZpASp5TWih6yI8ACwboTvlUYeooMsPtNa9E 6UQ1nt7VEi5syjxnDltbEFoLYcXBcqhRhFETJe9CdenItAHAtOya3w5+fmC2j/xJz29og1KH YqWHlo3Kswi9G77an+zh6nWkMuHs+03DU8DaOEWzZEav3lVD4u76bKRDTbhh0bMAk4eXriGL h4MUoX3Imfcr6JoyheVrAdHDL/BixbMH1UUspeRuqQMQ5b2T6pabXP0oOB4FqldWiDgJBGRd zWLgCYG8wPGJGYgHibl5rFiI5Ix3FQncipc6SdUzOQIDAQABo4IBCjCCAQYwHQYDVR0OBBYE FF3AXsKnjdPND5+bxVECGKtc047PMIHABgNVHSMEgbgwgbWAFBu1oRhUMNEzjODolDka5k4Q EDBioYGRpIGOMIGLMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTESMBAGA1UEBwwJ TmljZXZpbGxlMRkwFwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRhIFN5 c3RlbXMgQ0ExITAfBgNVBAMMGEN1ZGEgU3lzdGVtcyBMTEMgMjAxNyBDQYIJAKxAy1WBo2kY MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IC AQCB5686UCBVIT52jO3sz9pKuhxuC2npi8ZvoBwt/IH9piPA15/CGF1XeXUdu2qmhOjHkVLN gO7XB1G8CuluxofOIUce0aZGyB+vZ1ylHXlMeB0R82f5dz3/T7RQso55Y2Vog2Zb7PYTC5B9 oNy3ylsnNLzanYlcW3AAfzZcbxYuAdnuq0Im3EpGm8DoItUcf1pDezugKm/yKtNtY6sDyENj tExZ377cYA3IdIwqn1Mh4OAT/Rmh8au2rZAo0+bMYBy9C11Ex0hQ8zWcvPZBDn4v4RtO8g+K uQZQcJnO09LJNtw94W3d2mj4a7XrsKMnZKvm6W9BJIQ4Nmht4wXAtPQ1xA+QpxPTmsGAU0Cv HmqVC7XC3qxFhaOrD2dsvOAK6Sn3MEpH/YrfYCX7a7cz5zW3DsJQ6o3pYfnnQz+hnwLlz4MK 17NIA0WOdAF9IbtQqarf44+PEyUbKtz1r0KGeGLs+VGdd2FLA0e7yuzxJDYcaBTVwqaHhU2/ Fna/jGU7BhrKHtJbb/XlLeFJ24yvuiYKpYWQSSyZu1R/gvZjHeGb344jGBsZdCDrdxtQQcVA 6OxsMAPSUPMrlg9LWELEEYnVulQJerWxpUecGH92O06wwmPgykkz//UmmgjVSh7ErNvL0lUY UMfunYVO/O5hwhW+P4gviCXzBFeTtDZH259O7TCCBzAwggUYoAMCAQICEwCg0WvVwekjGFiO 62SckFwepz0wDQYJKoZIhvcNAQELBQAwezELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3Jp ZGExGTAXBgNVBAoMEEN1ZGEgU3lzdGVtcyBMTEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBD QTElMCMGA1UEAwwcQ3VkYSBTeXN0ZW1zIExMQyAyMDE3IEludCBDQTAeFw0xNzA4MTcyMTIx MjBaFw0yMjA4MTYyMTIxMjBaMFcxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdGbG9yaWRhMRkw FwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRswGQYDVQQDDBJrYXJsQGRlbm5pbmdlci5uZXQw ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC+HVSyxVtJhy3Ohs+PAGRuO//Dha9A 16l5FPATr6wude9zjX5f2lrkRyU8vhCXTZW7WbvWZKpcZ8r0dtZmiK9uF58Ec6hhvfkxJzbg 96WHBw5Fumd5ahZzuCJDtCAWW8R7/KN+zwzQf1+B3MVLmbaXAFBuKzySKhKMcHbK3/wjUYTg y+3UK6v2SBrowvkUBC+jxNg3Wy12GsTXcUS/8FYIXgVVPgfZZrbJJb5HWOQpvvhILpPCD3xs YJFNKEPltXKWHT7Qtc2HNqikgNwj8oqOb+PeZGMiWapsatKm8mxuOOGOEBhAoTVTwUHlMNTg 6QUCJtuWFCK38qOCyk9Haj+86lUU8RG6FkRXWgMbNQm1mWREQhw3axgGLSntjjnznJr5vsvX SYR6c+XKLd5KQZcS6LL8FHYNjqVKHBYM+hDnrTZMqa20JLAF1YagutDiMRURU23iWS7bA9tM cXcqkclTSDtFtxahRifXRI7Epq2GSKuEXe/1Tfb5CE8QsbCpGsfSwv2tZ/SpqVG08MdRiXxN 5tmZiQWo15IyWoeKOXl/hKxA9KPuDHngXX022b1ly+5ZOZbxBAZZMod4y4b4FiRUhRI97r9l CxsP/EPHuuTIZ82BYhrhbtab8HuRo2ofne2TfAWY2BlA7ExM8XShMd9bRPZrNTokPQPUCWCg CdIATQIDAQABo4IBzzCCAcswPAYIKwYBBQUHAQEEMDAuMCwGCCsGAQUFBzABhiBodHRwOi8v b2NzcC5jdWRhc3lzdGVtcy5uZXQ6ODg4ODAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF oDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMDMGCWCG SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUwHQYDVR0O BBYEFLElmNWeVgsBPe7O8NiBzjvjYnpRMIHKBgNVHSMEgcIwgb+AFF3AXsKnjdPND5+bxVEC GKtc047PoYGRpIGOMIGLMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHRmxvcmlkYTESMBAGA1UE BwwJTmljZXZpbGxlMRkwFwYDVQQKDBBDdWRhIFN5c3RlbXMgTExDMRgwFgYDVQQLDA9DdWRh IFN5c3RlbXMgQ0ExITAfBgNVBAMMGEN1ZGEgU3lzdGVtcyBMTEMgMjAxNyBDQYITAORIioIQ zl6738WMYyE12A3YSDAdBgNVHREEFjAUgRJrYXJsQGRlbm5pbmdlci5uZXQwDQYJKoZIhvcN AQELBQADggIBAJXboPFBMLMtaiUt4KEtJCXlHO/3ZzIUIw/eobWFMdhe7M4+0u3te0sr77QR dcPKR0UeHffvpth2Mb3h28WfN0FmJmLwJk+pOx4u6uO3O0E1jNXoKh8fVcL4KU79oEQyYkbu 2HwbXBU9HbldPOOZDnPLi0whi/sbFHdyd4/w/NmnPgzAsQNZ2BYT9uBNr+jZw4SsluQzXG1X lFL/qCBoi1N2mqKPIepfGYF6drbr1RnXEJJsuD+NILLooTNf7PMgHPZ4VSWQXLNeFfygoOOK FiO0qfxPKpDMA+FHa8yNjAJZAgdJX5Mm1kbqipvb+r/H1UAmrzGMbhmf1gConsT5f8KU4n3Q IM2sOpTQe7BoVKlQM/fpQi6aBzu67M1iF1WtODpa5QUPvj1etaK+R3eYBzi4DIbCIWst8MdA 1+fEeKJFvMEZQONpkCwrJ+tJEuGQmjoQZgK1HeloepF0WDcviiho5FlgtAij+iBPtwMuuLiL shAXA5afMX1hYM4l11JXntle12EQFP1r6wOUkpOdxceCcMVDEJBBCHW2ZmdEaXgAm1VU+fnQ qS/wNw/S0X3RJT1qjr5uVlp2Y0auG/eG0jy6TT0KzTJeR9tLSDXprYkN2l/Qf7/nT6Q03qyE QnnKiBXWAZXveafyU/zYa7t3PTWFQGgWoC4w6XqgPo4KV44OMYIFBzCCBQMCAQEwgZIwezEL MAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3JpZGExGTAXBgNVBAoMEEN1ZGEgU3lzdGVtcyBM TEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBDQTElMCMGA1UEAwwcQ3VkYSBTeXN0ZW1zIExM QyAyMDE3IEludCBDQQITAKDRa9XB6SMYWI7rZJyQXB6nPTANBglghkgBZQMEAgMFAKCCAkUw GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAwMTEzMTYyODA0 WjBPBgkqhkiG9w0BCQQxQgRAm6k0B5CCJ5Njd3vj9TRbjV/T6dLXgDh3PpxuSzGnH0ZB6bIl 4tHfm5COIpJlYtOs8nvWtpJXmKPhZ1DimGkF6zBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFl AwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3 DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGjBgkrBgEEAYI3EAQxgZUwgZIwezEL MAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3JpZGExGTAXBgNVBAoMEEN1ZGEgU3lzdGVtcyBM TEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBDQTElMCMGA1UEAwwcQ3VkYSBTeXN0ZW1zIExM QyAyMDE3IEludCBDQQITAKDRa9XB6SMYWI7rZJyQXB6nPTCBpQYLKoZIhvcNAQkQAgsxgZWg gZIwezELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0Zsb3JpZGExGTAXBgNVBAoMEEN1ZGEgU3lz dGVtcyBMTEMxGDAWBgNVBAsMD0N1ZGEgU3lzdGVtcyBDQTElMCMGA1UEAwwcQ3VkYSBTeXN0 ZW1zIExMQyAyMDE3IEludCBDQQITAKDRa9XB6SMYWI7rZJyQXB6nPTANBgkqhkiG9w0BAQEF AASCAgC7OtyOyDqKMBYs8MJK3XQID25Lst74RiAo13hnwePeZflhQOtqrRDjESq+VQcsHuUY 4/hOOJPvkCELRcQnTnTVhAFA7huvb5Vq70IiSd1gr/nFxWs0vvduGbs36swTQLNPTXUeCI4s 1iE65cjr/urin/5is7w2aH+0+sWZvCGeOY+zCL35/7b/x3FgHM7duXPMJ9sBlZlRu6XFXTcu CpPssY3bm8TQ+gzPRuTGhW+LW7Su/hlOeNpLifzu0C5tq3/UnMXD3BGI7iGos25JXhx98D/i Il3wVwRkcJ9zzy7iJSs26EkGoNXIUUk1Jh7h8ad39/nFfGGVLzzhAKr9CkiQSMQlS8+xv3by iuLzZsrggm1BaBG4TWB9V8WOGTq0y7shO0HAfjOpqUfOJvpVzcwl4tuUd52eDR7+lG4WYDWQ rkVP7FYY56X2qGoY91863T4+Ybh2gpyLuq3YjVenIP32VOT051qj9cxKbiAiF5o+mvz0VWsV pqO4pmfcK/9KTj7g5Xoomva632FHG6f53q+ksypirJ1rMnmclKDKx8quK38XTX6+kPia+zJH 01iY0x501mq9BimHwzzWQjRZUtCppTjqUkJBSXS2Wq1p8T2Ozzi9FW6B7Qb8TP6mlny4p1pH kvJNPCkeb8DzDZvLuDDVo9UMkCuhbKhQIsznF2JJpgAAAAAAAA== --------------ms060409020207030905030707-- From owner-freebsd-net@freebsd.org Mon Jan 13 19:10:46 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4E79B1E8FA3 for ; Mon, 13 Jan 2020 19:10:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47xNTf1Tkwz43lp for ; Mon, 13 Jan 2020 19:10:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 32F151E8FA2; Mon, 13 Jan 2020 19:10:46 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 32BBF1E8FA0 for ; Mon, 13 Jan 2020 19:10:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47xNTf0dGsz43lm for ; Mon, 13 Jan 2020 19:10:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1119F94B5 for ; Mon, 13 Jan 2020 19:10:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00DJAjAX037781 for ; Mon, 13 Jan 2020 19:10:45 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00DJAjOa037780 for net@FreeBSD.org; Mon, 13 Jan 2020 19:10:45 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 243319] Panicked laptop & local network ARP flood Date: Mon, 13 Jan 2020 19:10:45 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kevans@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2020 19:10:46 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243319 --- Comment #5 from Kyle Evans --- (In reply to Mark Johnston from comment #4) Doing this resulted in no activity from debugnet, at least. It might be worth noting that it does take a while after the initial panic = for this misbehavior to begin, and the machine is unattended and sitting idle at the ddb prompt the entire time. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Jan 13 20:02:16 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 956C61EAF24 for ; Mon, 13 Jan 2020 20:02:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47xPd43T0Xz4712 for ; Mon, 13 Jan 2020 20:02:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 76F381EAF22; Mon, 13 Jan 2020 20:02:16 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 76B481EAF21 for ; Mon, 13 Jan 2020 20:02:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47xPd42dgmz470y for ; Mon, 13 Jan 2020 20:02:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5412F9F8F for ; Mon, 13 Jan 2020 20:02:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00DK2Gha003117 for ; Mon, 13 Jan 2020 20:02:16 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00DK2GES003116 for net@FreeBSD.org; Mon, 13 Jan 2020 20:02:16 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 243319] Panicked laptop & local network ARP flood Date: Mon, 13 Jan 2020 20:02:15 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: cem@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2020 20:02:16 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243319 --- Comment #6 from Conrad Meyer --- These are different requesters? It would help to spell out which IP(s) are= the panic'd laptop. 07:55:53.025959 ARP, Request who-has 10.6.112.1 tell 10.6.112.16, length 46 07:55:53.025980 ARP, Request who-has 10.6.112.1 tell 10.6.112.18, length 46 ^^ If you don't have debugnet enabled I don't see any obvious reason debugnet would be ARPing. Plus, debugnet isn't *that* spammy and the number of ARPs= it sends is bounded; it gives up after a few tries (like, 3?). You would see obvious prints as a side effect of debugnet-enabled dump being attempted af= ter the panic, and an obvious print when the ARP request failed. If anything, I suspect this is some NIC internal firmware/hardware behavior= due to the panic'd machine not processing RX queues or something. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Jan 13 20:31:52 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AFF891EBDE8 for ; Mon, 13 Jan 2020 20:31:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47xQHD4G1gz48qv for ; Mon, 13 Jan 2020 20:31:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 920271EBDE7; Mon, 13 Jan 2020 20:31:52 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 91C251EBDE6 for ; Mon, 13 Jan 2020 20:31:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47xQHD3RXHz48qt for ; Mon, 13 Jan 2020 20:31:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6FC9FA541 for ; Mon, 13 Jan 2020 20:31:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00DKVqIs096080 for ; Mon, 13 Jan 2020 20:31:52 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00DKVqkb096076 for net@FreeBSD.org; Mon, 13 Jan 2020 20:31:52 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 243319] Panicked laptop & local network ARP flood Date: Mon, 13 Jan 2020 20:31:52 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kevans@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2020 20:31:52 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243319 --- Comment #7 from Kyle Evans --- (In reply to Conrad Meyer from comment #6) Hmm... yeah, good point- I misread '18' as '16', and those are actually the= two Windows boxen on the local segment; 10.6.112.1 being the gateway for this v= lan. I'll work on another repro and see if I can't get more context. The flood s= eems to just be a side-effect of whatever's cutting off the local network, rather than the cause. This still has to be the result of something this NIC is do= ing periodically -- disconnecting it immediately remedies the situation and loc= al connectivity is restored, and the behavior is consistent but not immediately triggered upon panic. Nagios lets us know quickly when this laptop's taken = down the Windows machines. This is the context leading up to that particular flood: 07:55:35.211083 STP 802.1d, Config, Flags [none], bridge-id 8070.04:c5:a4:5e:0d:80.8098, length 43 07:55:35.650045 68:1c:a2:10:41:10 (oui Unknown) > Broadcast, RRCP-0x23 query 07:55:36.650033 68:1c:a2:10:41:10 (oui Unknown) > Broadcast, RRCP-0x23 reply 07:55:37.211468 STP 802.1d, Config, Flags [none], bridge-id 8070.04:c5:a4:5e:0d:80.8098, length 43 07:55:37.650026 68:1c:a2:10:41:10 (oui Unknown) > Broadcast, RRCP-0x23 reply 07:55:38.650003 68:1c:a2:10:41:10 (oui Unknown) > Broadcast, RRCP-0x23 reply 07:55:39.186264 IP 10.6.112.1 > ospf-all.mcast.net: OSPFv2, Hello, length 56 07:55:39.209654 STP 802.1d, Config, Flags [none], bridge-id 8070.04:c5:a4:5e:0d:80.8098, length 43 07:55:39.649990 68:1c:a2:10:41:10 (oui Unknown) > Broadcast, RRCP-0x23 reply 07:55:40.649980 68:1c:a2:10:41:10 (oui Unknown) > Broadcast, RRCP-0x23 query 07:55:41.211537 STP 802.1d, Config, Flags [none], bridge-id 8070.04:c5:a4:5e:0d:80.8098, length 43 07:55:41.649960 68:1c:a2:10:41:10 (oui Unknown) > Broadcast, RRCP-0x23 query 07:55:42.649947 68:1c:a2:10:41:10 (oui Unknown) > Broadcast, RRCP-0x23 query 07:55:43.210181 STP 802.1d, Config, Flags [none], bridge-id 8070.04:c5:a4:5e:0d:80.8098, length 43 07:55:43.649929 68:1c:a2:10:41:10 (oui Unknown) > Broadcast, RRCP-0x23 query 07:55:44.649936 68:1c:a2:10:41:10 (oui Unknown) > Broadcast, RRCP-0x23 query 07:55:45.208168 STP 802.1d, Config, Flags [none], bridge-id 8070.04:c5:a4:5e:0d:80.8098, length 43 07:55:45.649903 68:1c:a2:10:41:10 (oui Unknown) > Broadcast, RRCP-0x23 query 07:55:46.649907 68:1c:a2:10:41:10 (oui Unknown) > Broadcast, RRCP-0x23 query 07:55:47.229691 STP 802.1d, Config, Flags [none], bridge-id 8070.04:c5:a4:5e:0d:80.8098, length 43 07:55:47.649898 68:1c:a2:10:41:10 (oui Unknown) > Broadcast, RRCP-0x23 query 07:55:48.216500 IP 10.6.112.1 > ospf-all.mcast.net: OSPFv2, Hello, length 56 07:55:48.649860 68:1c:a2:10:41:10 (oui Unknown) > Broadcast, RRCP-0x23 reply 07:55:49.255548 STP 802.1d, Config, Flags [none], bridge-id 8070.04:c5:a4:5e:0d:80.8098, length 43 07:55:49.649850 68:1c:a2:10:41:10 (oui Unknown) > Broadcast, RRCP-0x23 reply 07:55:50.649836 68:1c:a2:10:41:10 (oui Unknown) > Broadcast, RRCP-0x23 reply 07:55:51.227859 STP 802.1d, Config, Flags [none], bridge-id 8070.04:c5:a4:5e:0d:80.8098, length 43 07:55:51.649821 68:1c:a2:10:41:10 (oui Unknown) > Broadcast, RRCP-0x23 reply 07:55:52.649815 68:1c:a2:10:41:10 (oui Unknown) > Broadcast, RRCP-0x23 reply 68:1c:a2:10:41:10 is the unmanaged switch immediately upstream from the lap= top. That unmanaged switch currently has yet another unmanaged switch of the same model upstream from it that I had setup ~5 months ago to try and isolate the problem, as this has been ongoing and consistent over the last 6+ months at least (I don't panic it that frequently). Immediately upstream from that on= e is a managed switch. The Windows boxen lay on the most-upstream switch, while = this laptop and another FreeBSD laptop are on the lowest switch. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Jan 13 20:56:01 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2C9D51EC976 for ; Mon, 13 Jan 2020 20:56:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47xQq50TM6z4B8C for ; Mon, 13 Jan 2020 20:56:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 105411EC974; Mon, 13 Jan 2020 20:56:01 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 101071EC972 for ; Mon, 13 Jan 2020 20:56:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47xQq46kxXz4B89 for ; Mon, 13 Jan 2020 20:56:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E2C2BA96A for ; Mon, 13 Jan 2020 20:56:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00DKu0sv056943 for ; Mon, 13 Jan 2020 20:56:00 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00DKu0P6056942 for net@FreeBSD.org; Mon, 13 Jan 2020 20:56:00 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 243319] Panicked laptop & local network ARP flood Date: Mon, 13 Jan 2020 20:56:01 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kevans@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2020 20:56:01 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243319 --- Comment #8 from Kyle Evans --- I've uploaded a fairly noisy pcap file: https://people.freebsd.org/~kevans/re0.pcap The panicked laptop was plugged back in within a minute of starting this du= mp.=20 Around 7 minutes in at *:45/*:46 is when the local network goes away, then= I yanked the network cable out of the laptop again at about *:46:44 and local traffic was restored. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Jan 14 07:26:27 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0C2DC1FDD12 for ; Tue, 14 Jan 2020 07:26:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47xhpV6dmWz3FbM for ; Tue, 14 Jan 2020 07:26:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id E2D691FDD11; Tue, 14 Jan 2020 07:26:26 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E29301FDD10 for ; Tue, 14 Jan 2020 07:26:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47xhpV5l9Jz3FbL for ; Tue, 14 Jan 2020 07:26:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BF9321A0B9 for ; Tue, 14 Jan 2020 07:26:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00E7QQsn006417 for ; Tue, 14 Jan 2020 07:26:26 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00E7QQsJ006385 for net@FreeBSD.org; Tue, 14 Jan 2020 07:26:26 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242070] scp on 12.1p1-RELEASE is painfully slow Date: Tue, 14 Jan 2020 07:26:24 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: mrpippy@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 07:26:27 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242070 Brendan Shanks changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mrpippy@gmail.com --- Comment #6 from Brendan Shanks --- This is almost certainly a dupe of bug 236999 --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Jan 14 10:24:09 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B211E2244E0; Tue, 14 Jan 2020 10:24:09 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47xmlX4RXcz3RJv; Tue, 14 Jan 2020 10:24:08 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=AgY4uwHP7VzH222MOxneVpo+2gR5CAGbsYBuvCJrojY=; b=TmqcYQ4JQvNNkMW7OEqrYdBQMH TuLjoxZdXjfRRMZZ+2TFNz0HLV3dzPuXLwIMwz8EBcChF5XjXzZC8Mlnux1Wb/PF5jzhWMLjd4L/M c13n187kzkb0j5Qi3JONCXTvc7dAjlYszg6tmgSpuQ//aZ9qrn8Ym2x4wMJa2sT1lZIA=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1irJMk-000FXM-CF; Tue, 14 Jan 2020 17:24:06 +0700 Date: Tue, 14 Jan 2020 17:24:06 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org, freebsd-questions@freebsd.org Subject: Re: replacement of security/ipsec-tools Message-ID: <20200114102406.GA59440@admin.sibptus.ru> References: <50378AC0-0A0A-4E33-961F-3D180987A8C1@ellael.org> <20200110035009.GB67842@admin.sibptus.ru> <20200110065131.GA79879@admin.sibptus.ru> <20200111112307.GA62210@admin.sibptus.ru> <20200113162648.GA10976@admin.sibptus.ru> <76e41e61-3dc6-60f5-d60a-b2571906071e@denninger.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="MGYHOYXEY6WxJCY8" Content-Disposition: inline In-Reply-To: <76e41e61-3dc6-60f5-d60a-b2571906071e@denninger.net> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 47xmlX4RXcz3RJv X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=TmqcYQ4J; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.40 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE(-3.30)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.64), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 10:24:09 -0000 --MGYHOYXEY6WxJCY8 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Karl Denninger wrote: > > > > For the present, however, I'm interested not in an IPSec VPN (in Windows > > terminology) but in a simple transport mode IPSec between a FreeBSD and= a > > Windows host.=20 > > > > My only option for that is IKEv1 because IKEv2 is configured on Windows > > 10 and Windows 2016 from PowerShell only, and I need to configure a > > secure connection via Group Policy editor (mmc). I'm still too weak of > > heart to use PowerShell for IPSec setup. > > > > I have this working successfully with racoon (on pre-shared keys) and am > > investigating the possibility to replace racoon with strongswan. >=20 > Gotcha.... I misunderstood the application...=A0 I've not attempted to set > that up here.... In the Windows IPSec GPO, there are two options for PFS: 1. "Master key PFS" in IKE settings: http://admin.sibptus.ru/~vas/pfs_ike.j= pg 2. "Use session key PFS" in ESP settings: http://admin.sibptus.ru/~vas/pfs_= esp.jpg By default (in a GPO created from scratch) both are unchecked. Do you perchance know which connection parameters in Strongswan do they correspond to? Please note that the DF group for IKE is configured separately, and can be set to 1, 2, or 2048. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --MGYHOYXEY6WxJCY8 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeHZbGAAoJEA2k8lmbXsY0b9UH/Rjfv4oAwKHx2o2yqZulzbe5 psKKREjCv1LnaOvTDQsejv/HJnv96uiVFwuaW1/KImbxRy4zjXILJQUJO2SxOv/A kI49h6PXxdeob+Y7Tsp8TOk7LBZuvfrIR5zkwbmmAcu2fXChsvk35KuIgExOVuMq CZRZC7iu8k+xGfinqTcD4sOX213gFqDDcSOgLZ9soH9YuH+9cU0S8SdA11ijtpd4 Z/UNjDNqvVoGLlvNiJuOweIPXcDP59R0T+eYFt7oK54rflu1VO55evZ4YD8mc282 99n+ZEBE1vXO0E6lifA7slkTcRsFiahtGNHmScfAcYCYmNi0rlVtmyvvc+r9PCg= =yZ4r -----END PGP SIGNATURE----- --MGYHOYXEY6WxJCY8-- From owner-freebsd-net@freebsd.org Tue Jan 14 13:40:58 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AFCB91EB29E for ; Tue, 14 Jan 2020 13:40:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47xs6f4JKHz48rW for ; Tue, 14 Jan 2020 13:40:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 91E0A1EB29D; Tue, 14 Jan 2020 13:40:58 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 91A511EB29C for ; Tue, 14 Jan 2020 13:40:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47xs6f3Pyzz48rV for ; Tue, 14 Jan 2020 13:40:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 709981E640 for ; Tue, 14 Jan 2020 13:40:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00EDewWW018509 for ; Tue, 14 Jan 2020 13:40:58 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00EDewE1018508 for net@FreeBSD.org; Tue, 14 Jan 2020 13:40:58 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 235918] with more than 1 vlan, ix0 gets 'No carrier.' ixgbe_driver_version[] = "4.0.1-k" Date: Tue, 14 Jan 2020 13:40:58 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: piotr.pietruszewski@intel.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 13:40:58 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235918 Piotr Pietruszewski changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |piotr.pietruszewski@intel.c | |om --- Comment #2 from Piotr Pietruszewski --- (In reply to Alexandr from comment #0) (In reply to Sergey Surikov from comment #1) 1. Does the issue reproduce on 12.1-RELEASE? 2. Would it be possible to share part of /etc/rc.conf describing ix configuration? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Jan 14 14:45:34 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E83D61ED112 for ; Tue, 14 Jan 2020 14:45:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47xtYB5xcSz4DhJ for ; Tue, 14 Jan 2020 14:45:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id CA0221ED110; Tue, 14 Jan 2020 14:45:34 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C9C801ED10F for ; Tue, 14 Jan 2020 14:45:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47xtYB54jLz4DhG for ; Tue, 14 Jan 2020 14:45:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A594B1F3B7 for ; Tue, 14 Jan 2020 14:45:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00EEjYrD011895 for ; Tue, 14 Jan 2020 14:45:34 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00EEjYJx011892 for net@FreeBSD.org; Tue, 14 Jan 2020 14:45:34 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 235918] with more than 1 vlan, ix0 gets 'No carrier.' ixgbe_driver_version[] = "4.0.1-k" Date: Tue, 14 Jan 2020 14:45:34 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: surikovs@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 14:45:35 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235918 --- Comment #3 from Sergey Surikov --- (In reply to Piotr Pietruszewski from comment #2) 1) Yes, it`s reproduce 12.1-RELEASE (dev.ix.1.iflib.driver_version: 4.0.1-k) 2)=20 ifconfig_ix1=3D"inet 1.2.3.4/28 -lro -tso" vlans_ix1=3D"966 961 965" ifconfig_ix1_966=3D"inet 10.20.30.2/24" ifconfig_ix1_961=3D"inet 83.29.19.46/28" ifconfig_ix1_965=3D"inet 10.30.11.2/24" --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Jan 14 14:54:53 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DA39D1ED5DB for ; Tue, 14 Jan 2020 14:54:53 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47xtlw5GxYz4FF4 for ; Tue, 14 Jan 2020 14:54:52 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1irNad-000MAj-T8 for freebsd-net@freebsd.org; Tue, 14 Jan 2020 17:54:43 +0300 Date: Tue, 14 Jan 2020 17:54:43 +0300 From: Slawa Olhovchenkov To: freebsd-net@freebsd.org Subject: Intel ix staled under heavy load Message-ID: <20200114145443.GG38096@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-Rspamd-Queue-Id: 47xtlw5GxYz4FF4 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of slw@zxy.spb.ru has no SPF policy when checking 195.70.199.98) smtp.mailfrom=slw@zxy.spb.ru X-Spamd-Result: default: False [0.88 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.37)[-0.374,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[zxy.spb.ru]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_TLS_LAST(0.00)[]; NEURAL_SPAM_LONG(0.26)[0.261,0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:5495, ipnet:195.70.192.0/19, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.09)[asn: 5495(0.43), country: RU(0.01)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 14:54:53 -0000 I am see strange behavior of Intel ix card (82599ES 10-Gigabit SFI/SFP+ Network Connection). Under heavy load in NETMAP mode NIC is lost input traffic, i.e. all packets counted as `dev.ix.1.mac_stats.rx_missed_packets`, netstat show high traffic rate: # netstat -nbI ix1 1 input ix1 output packets errs idrops bytes packets errs bytes colls 14204463 0 0 965903486 2 0 414 0 14204467 0 0 965903756 0 0 0 0 14204478 0 0 965904512 2 0 193 0 14204470 0 0 965903962 0 0 0 0 my program don't get any input packets, all input netmap rings staled (cur/head/tail): ix1#0 640/640/640 ix1#1 52/52/52 ix1#2 1012/1012/1012 ix1#3 631/631/631 Hardware rings also staled: dev.ix.1.queue3.rxd_tail: 631 dev.ix.1.queue3.rxd_head: 631 dev.ix.1.queue2.rxd_tail: 1011 dev.ix.1.queue2.rxd_head: 1012 dev.ix.1.queue1.rxd_tail: 51 dev.ix.1.queue1.rxd_head: 52 dev.ix.1.queue0.rxd_tail: 639 dev.ix.1.queue0.rxd_head: 640 iflib rings also staled: dev.ix.1.iflib.rxq3.rxq_fl0.credits: 0 dev.ix.1.iflib.rxq3.rxq_fl0.cidx: 631 dev.ix.1.iflib.rxq3.rxq_fl0.pidx: 0 dev.ix.1.iflib.rxq2.rxq_fl0.credits: 0 dev.ix.1.iflib.rxq2.rxq_fl0.cidx: 1012 dev.ix.1.iflib.rxq2.rxq_fl0.pidx: 0 dev.ix.1.iflib.rxq1.rxq_fl0.credits: 0 dev.ix.1.iflib.rxq1.rxq_fl0.cidx: 52 dev.ix.1.iflib.rxq1.rxq_fl0.pidx: 0 dev.ix.1.iflib.rxq0.rxq_fl0.credits: 0 dev.ix.1.iflib.rxq0.rxq_fl0.cidx: 640 dev.ix.1.iflib.rxq0.rxq_fl0.pidx: 0 Interraupt's mostly don't generated: # sysctl dev.ix.1 | grep irq ; sleep 10 ; sysctl dev.ix.1 | grep irq dev.ix.1.queue3.irqs: 4375622959 dev.ix.1.queue2.irqs: 4282320604 dev.ix.1.queue1.irqs: 4196905785 dev.ix.1.queue0.irqs: 4195682690 dev.ix.1.link_irq: 314 dev.ix.1.queue3.irqs: 4375622959 dev.ix.1.queue2.irqs: 4282320610 dev.ix.1.queue1.irqs: 4196905785 dev.ix.1.queue0.irqs: 4195682690 What is problem? How to resolve this? From owner-freebsd-net@freebsd.org Tue Jan 14 15:02:26 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A654A1EDA20 for ; Tue, 14 Jan 2020 15:02:26 +0000 (UTC) (envelope-from hps@selasky.org) Received: from mail.turbocat.net (turbocat.net [IPv6:2a01:4f8:c17:6c4b::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47xtwd4NHNz4FfH for ; Tue, 14 Jan 2020 15:02:24 +0000 (UTC) (envelope-from hps@selasky.org) Received: from hps2020.home.selasky.org (unknown [62.141.129.235]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by mail.turbocat.net (Postfix) with ESMTPSA id 3310A2602EB; Tue, 14 Jan 2020 16:02:17 +0100 (CET) Subject: Re: Intel ix staled under heavy load To: Slawa Olhovchenkov , freebsd-net@freebsd.org References: <20200114145443.GG38096@zxy.spb.ru> From: Hans Petter Selasky Message-ID: <1deada88-beae-9747-d505-5fe142dd5c37@selasky.org> Date: Tue, 14 Jan 2020 16:01:03 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1 MIME-Version: 1.0 In-Reply-To: <20200114145443.GG38096@zxy.spb.ru> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47xtwd4NHNz4FfH X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of hps@selasky.org designates 2a01:4f8:c17:6c4b::2 as permitted sender) smtp.mailfrom=hps@selasky.org X-Spamd-Result: default: False [-4.94 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:mail.turbocat.net]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[selasky.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-2.64)[ip: (-9.20), ipnet: 2a01:4f8::/29(-2.47), asn: 24940(-1.51), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 15:02:26 -0000 On 2020-01-14 15:54, Slawa Olhovchenkov wrote: > What is problem? How to resolve this? Iff you do "ifconfig xxx down" and then "ifconfig xxx up" and the interface comes back, this is a known issue in iflib. --HPS From owner-freebsd-net@freebsd.org Tue Jan 14 15:07:43 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 91B351EDC99 for ; Tue, 14 Jan 2020 15:07:43 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47xv2k4GDvz4Fp1 for ; Tue, 14 Jan 2020 15:07:42 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1irNnA-000MOx-QP; Tue, 14 Jan 2020 18:07:40 +0300 Date: Tue, 14 Jan 2020 18:07:40 +0300 From: Slawa Olhovchenkov To: Hans Petter Selasky Cc: freebsd-net@freebsd.org Subject: Re: Intel ix staled under heavy load Message-ID: <20200114150740.GH38096@zxy.spb.ru> References: <20200114145443.GG38096@zxy.spb.ru> <1deada88-beae-9747-d505-5fe142dd5c37@selasky.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1deada88-beae-9747-d505-5fe142dd5c37@selasky.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-Rspamd-Queue-Id: 47xv2k4GDvz4Fp1 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of slw@zxy.spb.ru has no SPF policy when checking 195.70.199.98) smtp.mailfrom=slw@zxy.spb.ru X-Spamd-Result: default: False [0.50 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.69)[-0.687,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[zxy.spb.ru]; AUTH_NA(1.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.20)[0.197,0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:5495, ipnet:195.70.192.0/19, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.09)[asn: 5495(0.43), country: RU(0.01)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 15:07:43 -0000 On Tue, Jan 14, 2020 at 04:01:03PM +0100, Hans Petter Selasky wrote: > On 2020-01-14 15:54, Slawa Olhovchenkov wrote: > > What is problem? How to resolve this? > > Iff you do "ifconfig xxx down" and then "ifconfig xxx up" and the > interface comes back, yes, traffic comes back > this is a known issue in iflib. Unresolved? From owner-freebsd-net@freebsd.org Tue Jan 14 15:09:45 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3D4921EDDB8 for ; Tue, 14 Jan 2020 15:09:45 +0000 (UTC) (envelope-from hps@selasky.org) Received: from mail.turbocat.net (turbocat.net [IPv6:2a01:4f8:c17:6c4b::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47xv543y8Wz4FvB for ; Tue, 14 Jan 2020 15:09:44 +0000 (UTC) (envelope-from hps@selasky.org) Received: from hps2020.home.selasky.org (unknown [62.141.129.235]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by mail.turbocat.net (Postfix) with ESMTPSA id 060CE2604F9; Tue, 14 Jan 2020 16:09:42 +0100 (CET) Subject: Re: Intel ix staled under heavy load To: Slawa Olhovchenkov Cc: freebsd-net@freebsd.org References: <20200114145443.GG38096@zxy.spb.ru> <1deada88-beae-9747-d505-5fe142dd5c37@selasky.org> <20200114150740.GH38096@zxy.spb.ru> From: Hans Petter Selasky Message-ID: Date: Tue, 14 Jan 2020 16:08:28 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1 MIME-Version: 1.0 In-Reply-To: <20200114150740.GH38096@zxy.spb.ru> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47xv543y8Wz4FvB X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of hps@selasky.org designates 2a01:4f8:c17:6c4b::2 as permitted sender) smtp.mailfrom=hps@selasky.org X-Spamd-Result: default: False [-4.94 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:mail.turbocat.net:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[selasky.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-2.64)[ip: (-9.20), ipnet: 2a01:4f8::/29(-2.47), asn: 24940(-1.51), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 15:09:45 -0000 On 2020-01-14 16:07, Slawa Olhovchenkov wrote: >> this is a known issue in iflib. > Unresolved? See mail I sent off-list. --HPS From owner-freebsd-net@freebsd.org Tue Jan 14 18:21:46 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 31D331F2AF7 for ; Tue, 14 Jan 2020 18:21:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47xzLf0drZz4VMh for ; Tue, 14 Jan 2020 18:21:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 15F651F2AF6; Tue, 14 Jan 2020 18:21:46 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 15BF11F2AF5 for ; Tue, 14 Jan 2020 18:21:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47xzLd6vVTz4VMg for ; Tue, 14 Jan 2020 18:21:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E875921B6B for ; Tue, 14 Jan 2020 18:21:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00EILjB7086908 for ; Tue, 14 Jan 2020 18:21:45 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00EILjsx086838 for net@FreeBSD.org; Tue, 14 Jan 2020 18:21:45 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241047] iflib: fail to compile kernel on FreeBSD 12.1-BETA2: Fatal error: ifdi_if.h file not found. Date: Tue, 14 Jan 2020 18:21:44 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: tommyhp2@gmail.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 18:21:46 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241047 Tommy P changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tommyhp2@gmail.com --- Comment #1 from Tommy P --- I'm also encountering this on 12.0 upgraded to 12.1: --- if_em.o --- In file included from /usr/src12.1/sys/dev/e1000/if_em.c:30: /usr/src12.1/sys/dev/e1000/if_em.h:91:10: fatal error: 'ifdi_if.h' file not found #include "ifdi_if.h" ^~~~~~~~~~~ The 'ifdi_if.h' does not exist within src (r356738) per: find /usr/src12.1 -type f -name 'ifdi_if.h' Yet, specifying 'device iflib' in the kernel config does work while that en= try does not exists in GENERIC nor needed in 12.0. --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Jan 14 18:26:19 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 77D321F2C64 for ; Tue, 14 Jan 2020 18:26:19 +0000 (UTC) (envelope-from ncrogers@gmail.com) Received: from mail-vs1-xe36.google.com (mail-vs1-xe36.google.com [IPv6:2607:f8b0:4864:20::e36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47xzRt1mQnz4Vf3 for ; Tue, 14 Jan 2020 18:26:17 +0000 (UTC) (envelope-from ncrogers@gmail.com) Received: by mail-vs1-xe36.google.com with SMTP id x18so8858463vsq.4 for ; Tue, 14 Jan 2020 10:26:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Lm+9n1NyZf8H3Eew1LIqiSHoh1DvEafImb530n7uoqI=; b=l4gMzS1tCWJFg3JMc5OkoHEN5WKwho0TJoiT9GleBd96jcjpyiGi97MOqT660h05hz 7tcf2beO0f1d6i/HPOxpjnyqpWdxCyB2MOQRuYpdQEcnjKecR2wvqFIzmQbN5P0xzc0y 9mhlTJeKy2Ws4UMQa3TeF9mkGMOpmkmS99OyaWdh+U87APTogmk60B67yfYwEModuqvT Lz2laJtKB5ErUyBi5VULktPFCOvkBn0z8dc73WMVTsyz3XbzpeYLvAgVWM4sr0Xf0zMO kXoaF1lf9OFm1qI31/75m/Wje9il3Oi69wUxG4X91lxkC79mRxjem+meigginZWSfAAa AVJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Lm+9n1NyZf8H3Eew1LIqiSHoh1DvEafImb530n7uoqI=; b=VlP+nEY1bY8IIlLJW8LSFrq0dzAlv5B7TkIjKqeT0yw8Wq+sz93BGU0B8sC4qbj0o/ pS//h6wYsYNkUF88T+kX2R4QlYobvfl1eX8NCTY0LrJ/bWbUihS+44VNZx/6cRGwNDRQ l9qaDz4p3DlIxRgwput4dYKwFNvXJZjuI+spDjkgzJogHxEbzMcjxZAp8JY5g2s2foXW g40whsDdX1K3yg4jR9UVbeMl/Hb9TIFneh2Db4BroSVR6yEMYezQxaW7r3w4xkK72HWO h2aI2tXku6w1YafXQ2J6nMXO5TDhnA1Qc2LBrY+1IqDzfH1Lj0IPvapDZJ7Siw5BhN2N 7XZA== X-Gm-Message-State: APjAAAVHKnwdx+fZwgKpdYJIuHHRsx52TNlFS1X9p1gc9v5nlTszHDOK yO951yYP5cZr7eK9FOEpnlnHKLYLP+3iVAJ2H2gc7gdd X-Google-Smtp-Source: APXvYqz3CDSnJSeTN/6NnzUnhvhUC9vuNP6HWPSjtZsuggNPv1N21ANN/bHFBnXAa3/+/oeb7rrmlk3Slxdipi9AciE= X-Received: by 2002:a67:af15:: with SMTP id v21mr2051190vsl.161.1579026376952; Tue, 14 Jan 2020 10:26:16 -0800 (PST) MIME-Version: 1.0 References: <20200114145443.GG38096@zxy.spb.ru> <1deada88-beae-9747-d505-5fe142dd5c37@selasky.org> <20200114150740.GH38096@zxy.spb.ru> In-Reply-To: From: Nick Rogers Date: Tue, 14 Jan 2020 13:26:05 -0500 Message-ID: Subject: Re: Intel ix staled under heavy load To: Hans Petter Selasky Cc: Slawa Olhovchenkov , "freebsd-net@freebsd.org" X-Rspamd-Queue-Id: 47xzRt1mQnz4Vf3 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=l4gMzS1t; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of ncrogers@gmail.com designates 2607:f8b0:4864:20::e36 as permitted sender) smtp.mailfrom=ncrogers@gmail.com X-Spamd-Result: default: False [-2.00 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; URI_COUNT_ODD(1.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-9.63), ipnet: 2607:f8b0::/32(-2.09), asn: 15169(-1.83), country: US(-0.05)]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[6.3.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 18:26:19 -0000 On Tue, Jan 14, 2020 at 10:09 AM Hans Petter Selasky wrote: > On 2020-01-14 16:07, Slawa Olhovchenkov wrote: > >> this is a known issue in iflib. > > Unresolved? > > See mail I sent off-list. > I would be interested to know if this is resolved or not as well. > > --HPS > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@freebsd.org Tue Jan 14 18:47:23 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3463F1F3249 for ; Tue, 14 Jan 2020 18:47:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47xzwC0hchz4WQZ for ; Tue, 14 Jan 2020 18:47:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 15DD41F3247; Tue, 14 Jan 2020 18:47:23 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 159FB1F3246 for ; Tue, 14 Jan 2020 18:47:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47xzwB5Qmxz4WQY for ; Tue, 14 Jan 2020 18:47:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B37152207F for ; Tue, 14 Jan 2020 18:47:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00EIlM1b084823 for ; Tue, 14 Jan 2020 18:47:22 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00EIlMmo084822 for net@FreeBSD.org; Tue, 14 Jan 2020 18:47:22 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 241047] iflib: fail to compile kernel on FreeBSD 12.1-BETA2: Fatal error: ifdi_if.h file not found. Date: Tue, 14 Jan 2020 18:47:22 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: tommyhp2@gmail.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2020 18:47:23 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241047 --- Comment #2 from Tommy P --- I did some digging and found: 12.0 sys/conf/files: net/ifdi_if.m optional ether pci 12.1 sys/conf/files: net/ifdi_if.m optional ether pci iflib I assume that 'device iflib' is now required going forward within the kern= el configuration file? --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Jan 15 02:52:36 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C47F21FCAAC for ; Wed, 15 Jan 2020 02:52:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47yBh44s86z3xRl for ; Wed, 15 Jan 2020 02:52:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id A624A1FCAAB; Wed, 15 Jan 2020 02:52:36 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A5EA11FCAAA for ; Wed, 15 Jan 2020 02:52:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47yBh441r3z3xRj for ; Wed, 15 Jan 2020 02:52:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8593327B21 for ; Wed, 15 Jan 2020 02:52:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00F2qamI028353 for ; Wed, 15 Jan 2020 02:52:36 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00F2qaDs028352 for net@FreeBSD.org; Wed, 15 Jan 2020 02:52:36 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 231416] dhcp / dhclient: bad udp checksums if running on a vlan on a Intel I211 / Broadcom interfaces Date: Wed, 15 Jan 2020 02:52:35 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: shurd@FreeBSD.org X-Bugzilla-Flags: mfc-stable11+ X-Bugzilla-Changed-Fields: see_also keywords flagtypes.name assigned_to cc bug_file_loc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2020 02:52:36 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D231416 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.freebsd.org/bu | |gzilla/show_bug.cgi?id=3D2= 309 | |96 Keywords|needs-patch, needs-qa | Flags|mfc-stable11? |mfc-stable11+ Assignee|net@FreeBSD.org |shurd@FreeBSD.org CC| |net@FreeBSD.org URL| |https://reviews.freebsd.org | |/D17404 --- Comment #13 from Kubilay Kocak --- ^Triage: - Assign to committer that resolved - Track MFC's=20 - HEAD was 12.x base r339207 - MFC'd to stable/11 in base r342789 by marius --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Jan 15 02:52:40 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9FBEE1FCABF for ; Wed, 15 Jan 2020 02:52:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47yBh83rXhz3xTp for ; Wed, 15 Jan 2020 02:52:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 83F521FCABE; Wed, 15 Jan 2020 02:52:40 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 83BDF1FCABD for ; Wed, 15 Jan 2020 02:52:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47yBh8326xz3xTk for ; Wed, 15 Jan 2020 02:52:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6320427B33 for ; Wed, 15 Jan 2020 02:52:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00F2qeA0028536 for ; Wed, 15 Jan 2020 02:52:40 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00F2qekH028535 for net@FreeBSD.org; Wed, 15 Jan 2020 02:52:40 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 230996] em/igb: Intel i210/i350: ifconfig: enabling "vlanhwtag" renders VLAN on i210/i350 NICs unusable Date: Wed, 15 Jan 2020 02:52:35 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: see_also Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2020 02:52:40 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230996 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.freebsd.org/bu | |gzilla/show_bug.cgi?id=3D2= 314 | |16 --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Jan 15 03:03:26 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 761731FCFA3 for ; Wed, 15 Jan 2020 03:03:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47yBwZ2Y8Sz3y2n for ; Wed, 15 Jan 2020 03:03:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 5760D1FCFA2; Wed, 15 Jan 2020 03:03:26 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 55A5F1FCFA1 for ; Wed, 15 Jan 2020 03:03:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47yBwZ1dD3z3y2m for ; Wed, 15 Jan 2020 03:03:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 31FD527D3C for ; Wed, 15 Jan 2020 03:03:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00F33QvZ058560 for ; Wed, 15 Jan 2020 03:03:26 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00F33QM1058559 for net@FreeBSD.org; Wed, 15 Jan 2020 03:03:26 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 230996] em/igb: Intel i210/i350: ifconfig: enabling "vlanhwtag" renders VLAN on i210/i350 NICs unusable Date: Wed, 15 Jan 2020 03:03:25 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: IntelNetworking, needs-qa, performance, regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? mfc-stable12? X-Bugzilla-Changed-Fields: bug_status keywords cc version flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2020 03:03:26 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230996 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Open Keywords| |needs-qa, performance, | |regression CC| |freebsd@intel.com, | |koobs@FreeBSD.org, | |net@FreeBSD.org Version|CURRENT |12.0-RELEASE Flags| |maintainer-feedback?(freebs | |d@intel.com), mfc-stable12? --- Comment #6 from Kubilay Kocak --- @All For anyone affected, please provide (in a single attachment), so that = the isolation/failure mode matrix is clearer: - Exact FreeBSD version: uname -a output - /var/run/dmesg.boot output - pciconf -lv output - *minimum* network (and jail if appropriate) configuration that reproduces= the results, sanitized where necessary.=20 - Additional details: - rx/tx affected, only rx, only tx? - only when bridge or tap? @Jason If per our twitter conversation you could confirm/reproduce on latest HEAD, that would be great. ^Triage: - Track earliest affected FreeBSD version - Request feedback from maintainer --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Jan 15 04:30:07 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 91F9C1FEB22 for ; Wed, 15 Jan 2020 04:30:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47yDrb3N1dz42yk for ; Wed, 15 Jan 2020 04:30:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 73CA91FEB21; Wed, 15 Jan 2020 04:30:07 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 738F91FEB20 for ; Wed, 15 Jan 2020 04:30:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47yDrb2ZDZz42yj for ; Wed, 15 Jan 2020 04:30:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 53AEAD56 for ; Wed, 15 Jan 2020 04:30:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00F4U7FD066369 for ; Wed, 15 Jan 2020 04:30:07 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00F4U7LW066368 for net@FreeBSD.org; Wed, 15 Jan 2020 04:30:07 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 221919] ixl: TX queue hang when using TSO and having a high and mixed network load Date: Wed, 15 Jan 2020 04:30:03 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-STABLE X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: erj@freebsd.org X-Bugzilla-Flags: mfc-stable11+ X-Bugzilla-Changed-Fields: bug_file_loc resolution bug_status flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2020 04:30:07 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D221919 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |https://reviews.freebsd.org | |/D14985 Resolution|--- |FIXED Status|New |Closed Flags| |mfc-stable11+ --- Comment #26 from Kubilay Kocak --- ^Triage:=20 - Close (appears resolved) - Track MFC - head was 12.x in base r333149 - MFC'd to stable/11 in base r333343 --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Wed Jan 15 05:48:57 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 975BC221474 for ; Wed, 15 Jan 2020 05:48:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47yGbY3VbMz46Jy for ; Wed, 15 Jan 2020 05:48:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 764F0221473; Wed, 15 Jan 2020 05:48:57 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 760FF221472 for ; Wed, 15 Jan 2020 05:48:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47yGbY2d8Fz46Jw for ; Wed, 15 Jan 2020 05:48:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 55A251BD6 for ; Wed, 15 Jan 2020 05:48:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00F5mvQi098158 for ; Wed, 15 Jan 2020 05:48:57 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00F5mv1U098157 for net@FreeBSD.org; Wed, 15 Jan 2020 05:48:57 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 230996] em/igb: Intel i210/i350: ifconfig: enabling "vlanhwtag" renders VLAN on i210/i350 NICs unusable Date: Wed, 15 Jan 2020 05:48:56 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: IntelNetworking, needs-qa, performance, regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: jason@tubnor.net X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? mfc-stable12? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2020 05:48:57 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230996 --- Comment #7 from Jason Tubnor --- FreeBSD myhostname 13.0-CURRENT FreeBSD 13.0-CURRENT #0 r356528: Thu Jan 9 04:56:46 UTC 2020=20=20=20=20 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 See attachment for full dmesg igb2: flags=3D8943 metric 0= mtu 1500 =20=20=20=20=20=20=20 options=3D4e527bb ether ac:1f:6b:71:aa:dd media: Ethernet autoselect (1000baseT ) status: active nd6 options=3D29 vlan1: flags=3D8943 metric = 0 mtu 1500 options=3D4200401 ether ac:1f:6b:71:aa:dd inet6 fe80::ae1f:6bff:fe71:aadd%vlan1 prefixlen 64 tentative scopeid 0x6 inet 10.1.1.10 netmask 0xffffff00 broadcast 10.1.1.255 groups: vlan vlan: 1 vlanpcp: 0 parent interface: igb2 media: Ethernet autoselect (1000baseT ) status: active nd6 options=3D29 vm-vlan1: flags=3D8843 metric 0 mtu= 1500 ether 8a:3c:0f:b9:aa:bb id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: tap0 flags=3D143 ifmaxaddr 0 port 11 priority 128 path cost 2000000 member: vlan1 flags=3D143 ifmaxaddr 0 port 6 priority 128 path cost 20000 groups: bridge vm-switch viid-05c3b@ nd6 options=3D1 tap0: flags=3D8943 metric 0= mtu 1500 description: vmnet-guest-0-vlan1 options=3D80000 ether 58:9c:fc:10:ff:aa inet6 fe80::5a9c:fcff:fe10:ffaa%tap0 prefixlen 64 tentative scopeid= 0xb groups: tap vm-port media: Ethernet autoselect status: active nd6 options=3D29 Opened by PID 10095 - Additional details: - only rx - when vlan interface is bridged to a tap and performing test between bhy= ve guest and physical computer on the same subnet external from the host --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Wed Jan 15 05:50:21 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 581B522159E for ; Wed, 15 Jan 2020 05:50:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47yGd91lw6z46Pv for ; Wed, 15 Jan 2020 05:50:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 3C28322159D; Wed, 15 Jan 2020 05:50:21 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3BF2222159C for ; Wed, 15 Jan 2020 05:50:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47yGd90yTfz46Pt for ; Wed, 15 Jan 2020 05:50:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1C87C1BE4 for ; Wed, 15 Jan 2020 05:50:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00F5oKLB000311 for ; Wed, 15 Jan 2020 05:50:20 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00F5oKgM000310 for net@FreeBSD.org; Wed, 15 Jan 2020 05:50:20 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 230996] em/igb: Intel i210/i350: ifconfig: enabling "vlanhwtag" renders VLAN on i210/i350 NICs unusable Date: Wed, 15 Jan 2020 05:50:20 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: IntelNetworking, needs-qa, performance, regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: jason@tubnor.net X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? mfc-stable12? X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2020 05:50:21 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230996 --- Comment #8 from Jason Tubnor --- Created attachment 210748 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D210748&action= =3Dedit dmesg of -CURRENT host with same issue. --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Jan 15 08:41:18 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3703B225798 for ; Wed, 15 Jan 2020 08:41:18 +0000 (UTC) (envelope-from hps@selasky.org) Received: from mail.turbocat.net (turbocat.net [88.99.82.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47yLQN23DQz4Fkr for ; Wed, 15 Jan 2020 08:41:15 +0000 (UTC) (envelope-from hps@selasky.org) Received: from hps2020.home.selasky.org (unknown [62.141.129.235]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by mail.turbocat.net (Postfix) with ESMTPSA id E2F542602AB; Wed, 15 Jan 2020 09:41:08 +0100 (CET) Subject: Re: Intel ix staled under heavy load To: Nick Rogers Cc: "freebsd-net@freebsd.org" , Slawa Olhovchenkov References: <20200114145443.GG38096@zxy.spb.ru> <1deada88-beae-9747-d505-5fe142dd5c37@selasky.org> <20200114150740.GH38096@zxy.spb.ru> From: Hans Petter Selasky Message-ID: Date: Wed, 15 Jan 2020 09:41:06 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47yLQN23DQz4Fkr X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of hps@selasky.org designates 88.99.82.50 as permitted sender) smtp.mailfrom=hps@selasky.org X-Spamd-Result: default: False [-5.39 / 15.00]; ARC_NA(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+a:mail.turbocat.net:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[selasky.org]; NEURAL_HAM_MEDIUM(-0.98)[-0.977,0]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_SCORE(-3.11)[ip: (-9.34), ipnet: 88.99.0.0/16(-4.71), asn: 24940(-1.51), country: DE(-0.02)]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:88.99.0.0/16, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2020 08:41:18 -0000 On 2020-01-14 19:26, Nick Rogers wrote: > On Tue, Jan 14, 2020 at 10:09 AM Hans Petter Selasky > wrote: > >> On 2020-01-14 16:07, Slawa Olhovchenkov wrote: >>>> this is a known issue in iflib. >>> Unresolved? >> >> See mail I sent off-list. >> > > I would be interested to know if this is resolved or not as well. > No, not yet. Slawa, can you dump the iflib sysctl's when the card is in the stalled state? --HPS From owner-freebsd-net@freebsd.org Wed Jan 15 10:15:34 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6D245227705 for ; Wed, 15 Jan 2020 10:15:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47yNWB2LY4z4LFM for ; Wed, 15 Jan 2020 10:15:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 4EB56227704; Wed, 15 Jan 2020 10:15:34 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4E7B8227703 for ; Wed, 15 Jan 2020 10:15:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47yNWB1QS6z4LFL for ; Wed, 15 Jan 2020 10:15:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2B0BF4FBF for ; Wed, 15 Jan 2020 10:15:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00FAFYYB055856 for ; Wed, 15 Jan 2020 10:15:34 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00FAFY65055855 for net@FreeBSD.org; Wed, 15 Jan 2020 10:15:34 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 240608] if_vmx(4): iflib - Panic with INVARIANTS: Memory modified after free (12.1-pre-QA) Date: Wed, 15 Jan 2020 10:15:33 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: crash, needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: avg@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2020 10:15:34 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240608 --- Comment #10 from Andriy Gapon --- We (Panzura) are still getting this panic semi-regularly. I have been trying to root cause the bug, but I am failing at it so far. I am afraid that we will to revert vmxnet3 code to the pre-iflib state. It's kind of a lose-lose situation, unfortunately. --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Jan 15 11:57:48 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A706D1F1569 for ; Wed, 15 Jan 2020 11:57:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47yQn840SPz4QPQ for ; Wed, 15 Jan 2020 11:57:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 876B91F1568; Wed, 15 Jan 2020 11:57:48 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 85FD61F1567 for ; Wed, 15 Jan 2020 11:57:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47yQn82tN5z4QPN for ; Wed, 15 Jan 2020 11:57:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5E50C6315 for ; Wed, 15 Jan 2020 11:57:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00FBvmL8048137 for ; Wed, 15 Jan 2020 11:57:48 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00FBvmYh048134 for net@FreeBSD.org; Wed, 15 Jan 2020 11:57:48 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 235918] with more than 1 vlan, ix0 gets 'No carrier.' ixgbe_driver_version[] = "4.0.1-k" Date: Wed, 15 Jan 2020 11:57:46 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: piotr.pietruszewski@intel.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2020 11:57:48 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235918 --- Comment #4 from Piotr Pietruszewski --- (In reply to Sergey Surikov from comment #3) We have trouble reproducing this bug in our environment. 1. What media type are you using? 2. What type of link partner is used with ix1 interface? 3. Do you force any options in /boot/loader.conf? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Jan 15 13:05:29 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DAD0F1F3475 for ; Wed, 15 Jan 2020 13:05:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47ySHF5Y2tz4Tl6 for ; Wed, 15 Jan 2020 13:05:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id BC59C1F3474; Wed, 15 Jan 2020 13:05:29 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BB0701F3473 for ; Wed, 15 Jan 2020 13:05:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47ySHF4FZfz4Tl5 for ; Wed, 15 Jan 2020 13:05:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8D6D17076 for ; Wed, 15 Jan 2020 13:05:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00FD5TJt005823 for ; Wed, 15 Jan 2020 13:05:29 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00FD5TF0005822 for net@FreeBSD.org; Wed, 15 Jan 2020 13:05:29 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 235918] with more than 1 vlan, ix0 gets 'No carrier.' ixgbe_driver_version[] = "4.0.1-k" Date: Wed, 15 Jan 2020 13:05:29 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: surikovs@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2020 13:05:29 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235918 --- Comment #5 from Sergey Surikov --- (In reply to Piotr Pietruszewski from comment #4) 1) media: Ethernet autoselect (10Gbase-SR ) plugged: SFP/SFP+/SFP28 10G Base-SR (LC) vendor: PROLABS PN: EX-SFP-10GE-SR-C 2) juniper ex4550 3) Nothing for devices/network. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Jan 15 14:24:11 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D00421F5026 for ; Wed, 15 Jan 2020 14:24:11 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47yV226Fjrz4Yfc for ; Wed, 15 Jan 2020 14:24:09 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1irjaW-0007XI-Vx; Wed, 15 Jan 2020 17:24:05 +0300 Date: Wed, 15 Jan 2020 17:24:04 +0300 From: Slawa Olhovchenkov To: Hans Petter Selasky Cc: Nick Rogers , "freebsd-net@freebsd.org" Subject: Re: Intel ix staled under heavy load Message-ID: <20200115142404.GL89045@zxy.spb.ru> References: <20200114145443.GG38096@zxy.spb.ru> <1deada88-beae-9747-d505-5fe142dd5c37@selasky.org> <20200114150740.GH38096@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-Rspamd-Queue-Id: 47yV226Fjrz4Yfc X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of slw@zxy.spb.ru has no SPF policy when checking 195.70.199.98) smtp.mailfrom=slw@zxy.spb.ru X-Spamd-Result: default: False [1.98 / 15.00]; ARC_NA(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; IP_SCORE(0.09)[asn: 5495(0.42), country: RU(0.01)]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[zxy.spb.ru]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.81)[0.810,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(0.18)[0.183,0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:5495, ipnet:195.70.192.0/19, country:RU]; FREEMAIL_CC(0.00)[gmail.com]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2020 14:24:11 -0000 On Wed, Jan 15, 2020 at 09:41:06AM +0100, Hans Petter Selasky wrote: > On 2020-01-14 19:26, Nick Rogers wrote: > > On Tue, Jan 14, 2020 at 10:09 AM Hans Petter Selasky > > wrote: > > > >> On 2020-01-14 16:07, Slawa Olhovchenkov wrote: > >>>> this is a known issue in iflib. > >>> Unresolved? > >> > >> See mail I sent off-list. > >> > > > > I would be interested to know if this is resolved or not as well. > > > > No, not yet. > > Slawa, can you dump the iflib sysctl's when the card is in the stalled > state? Last dump was for the stalled state. I mean my case is flow-control related: set dev.ix.0.fc=0 and dev.ix.0.fc=1 and down/up interface resolve issuse. Don't know this is driver related or iflib related. From owner-freebsd-net@freebsd.org Wed Jan 15 14:55:54 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9DB4F1F5841 for ; Wed, 15 Jan 2020 14:55:54 +0000 (UTC) (envelope-from jjasen@gmail.com) Received: from mail-ua1-x92e.google.com (mail-ua1-x92e.google.com [IPv6:2607:f8b0:4864:20::92e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47yVkd50Nhz4Zxw for ; Wed, 15 Jan 2020 14:55:53 +0000 (UTC) (envelope-from jjasen@gmail.com) Received: by mail-ua1-x92e.google.com with SMTP id y23so6335386ual.2 for ; Wed, 15 Jan 2020 06:55:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=rmWq/55NnaGZ8bQvR5ULB53S+kKJDi/vhwnQPel7KSo=; b=QYAE8aq0nCZvcjGPnP+pXd8pweGmHRFatruUkA7rW18VMWJ3fWu3Mxslsnrisge8Ln sVErsWZhlsABiSqwDVVtYYq0SNKhU1Si46ic1k2373z7mquGFqPtnGG4tRlgiGsEm1M7 1rUeF/QXUMyX5/E2CVdwYQ4EIxpKZ7/cPkX4iUxbJVec9Y0jvfmRgKXwsEpkztBDJPK+ J5npnGhqKguusUNq8LJkitucZq+YudVjBUBjgItY1mSw4IYdOzDzH/3LtugBQG4rYyHT YIrEMAWUbr3T1cJVLzG+0PKraXRdhnXEfM+anWxhBDawF0Llv/73GU+Nmn/bB8rL9PtW XDhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=rmWq/55NnaGZ8bQvR5ULB53S+kKJDi/vhwnQPel7KSo=; b=dWy56BhLm/A7pTrnG/+RJQ8sTT015ulxWRHvYJ/yvoOx6Yssa/+3oh0/1HVNl6TlUS OhDvme4OjHFvehQ78chqpLotjP5wwrKl17eSwnaeH7WKcT62Jz4NtaZPqo+MU3Xjbc7t 7SBCuUt2oHsDFH80ZVACri+Xgp2kAWs7Jlm1UBY+QpsC+iNm5WwJho6u5nPFXtrspYYj FzzBFwG9kBtRmQtV44mI0T2qi3U726z7Vzv5VKwnhGXxiJCz0kv54EamMyIBanxqBQ6R 4gd+ulvHpPn7F03p6nUUgmXyL/rmYW3iAbFLKWnzhOcVrx+3YSl5Jo4N27Ij7OHYskDQ SNFw== X-Gm-Message-State: APjAAAUcVhLswjUsKFDWgc4xLBz5UhOs/l6NJhGuZons/bNMOdlil61E pQ0xa3Rtl7VG2IBvdxbF2C5nwlB/Qx/r4QxlfY1qDSJ8 X-Google-Smtp-Source: APXvYqyp93SMkaJducN2QboSemTwt5jKOuVRlGAr+yTdMwjb3rvJJaLSAeKTSLZ0JKuis+JylHaArxqXO4H5iACcIhg= X-Received: by 2002:ab0:6258:: with SMTP id p24mr5635424uao.24.1579100152106; Wed, 15 Jan 2020 06:55:52 -0800 (PST) MIME-Version: 1.0 From: John Jasen Date: Wed, 15 Jan 2020 09:55:41 -0500 Message-ID: Subject: unexplained latency, interrupt spikes and loss of throughput on FreeBSD router/firewall system To: FreeBSD Net X-Rspamd-Queue-Id: 47yVkd50Nhz4Zxw X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=QYAE8aq0; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of jjasen@gmail.com designates 2607:f8b0:4864:20::92e as permitted sender) smtp.mailfrom=jjasen@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(0.00)[ip: (-9.41), ipnet: 2607:f8b0::/32(-2.09), asn: 15169(-1.83), country: US(-0.05)]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[e.2.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2020 14:55:54 -0000 Executive summary: Periodically, load will spike on network interrupts on one of our firewalls. Latency will quickly climb to the point that things are unresponsive, sessions will timeout, and bandwidth will plummet. We do not see increases in ethernet pause frames, drops, errors, or anything else like that from the system. Usually, the quickest fix is to failover to the backup firewall. At that time, the backup firewall behaves normally and interrupt load drops on the afflicted firewall device. I'm stumped. Networking says its these systems. I believe its something on other side. Any ideas? Background information: FreeBSD 11.3-RELEASE-p3 hw.machine: amd64 hw.model: Intel(R) Xeon(R) CPU E5-2697 v2 @ 2.70GHz hw.ncpu: 24 hw.machine_arch: amd64 Firewall: pf failover: CARP network cards: seen with Chelsio T5-580 and T6 series cards. other networking information: VLANs are in use. Occasional LAGG usage as well. When this occurs, some of the interrupts dedicated to cxgbe queues spike to 100%. Latency climbs to the point that TCP timeouts start kicking in, and users start complaining. Bandwidth drops from 2-3Gbs to ~100-200Mbs netstat shows no increase of error or drop packets. sysctl shows no increase in pause frames. I'm happy to provide further information. From owner-freebsd-net@freebsd.org Wed Jan 15 15:14:33 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 57F181F60BF for ; Wed, 15 Jan 2020 15:14:33 +0000 (UTC) (envelope-from mike@sentex.net) Received: from pyroxene2a.sentex.ca (pyroxene19.sentex.ca [IPv6:2607:f3e0:0:3::19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "pyroxene.sentex.ca", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47yW883tBvz4bsf for ; Wed, 15 Jan 2020 15:14:32 +0000 (UTC) (envelope-from mike@sentex.net) Received: from [IPv6:2607:f3e0:0:4:9144:94f1:31aa:b9bf] ([IPv6:2607:f3e0:0:4:9144:94f1:31aa:b9bf]) by pyroxene2a.sentex.ca (8.15.2/8.15.2) with ESMTPS id 00FFEVC0033499 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Wed, 15 Jan 2020 10:14:31 -0500 (EST) (envelope-from mike@sentex.net) Subject: Re: unexplained latency, interrupt spikes and loss of throughput on FreeBSD router/firewall system To: John Jasen , FreeBSD Net References: From: mike tancsa Autocrypt: addr=mike@sentex.net; keydata= mQENBFywzOMBCACoNFpwi5MeyEREiCeHtbm6pZJI/HnO+wXdCAWtZkS49weOoVyUj5BEXRZP xflV2ib2hflX4nXqhenaNiia4iaZ9ft3I1ebd7GEbGnsWCvAnob5MvDZyStDAuRxPJK1ya/s +6rOvr+eQiXYNVvfBhrCfrtR/esSkitBGxhUkBjOti8QwzD71JVF5YaOjBAs7jZUKyLGj0kW yDg4jUndudWU7G2yc9GwpHJ9aRSUN8e/mWdIogK0v+QBHfv/dsI6zVB7YuxCC9Fx8WPwfhDH VZC4kdYCQWKXrm7yb4TiVdBh5kgvlO9q3js1yYdfR1x8mjK2bH2RSv4bV3zkNmsDCIxjABEB AAG0HW1pa2UgdGFuY3NhIDxtaWtlQHNlbnRleC5uZXQ+iQFUBBMBCAA+FiEEmuvCXT0aY6hs 4SbWeVOEFl5WrMgFAlywzOYCGwMFCQHhM4AFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ eVOEFl5WrMhnPAf7Bf+ola0V9t4i8rwCMGvzkssGaxY/5zNSZO9BgSgfN0WzgmBEOy/3R4km Yn5KH94NltJYAAE5hqkFmAwK6psOqAR9cxHrRfU+gV2KO8pCDc6K/htkQcd/mclJYpCHp6Eq EVJOiAxcNaYuHZkeMdXDuvvI5Rk82VHk84BGgxIqIrhLlkguoPbXOOa+8c/Mpb1sRAGZEOuX EzKNC49+GS9gKW6ISbanyPsGEcFyP7GKMzcHBPf3cPrewZQZ6gBoNscasL6IJeAQDqzQAxbU GjO0qBSMRgnLXK7+DJlxrYdHGXqNbV6AYsmHJ6c2WWWiuRviFBqXinlgJ2FnYebZPAfWibkB DQRcsMzkAQgA1Dpo/xWS66MaOJLwA28sKNMwkEk1Yjs+okOXDOu1F+0qvgE8sVmrOOPvvWr4 axtKRSG1t2QUiZ/ZkW/x/+t0nrM39EANV1VncuQZ1ceIiwTJFqGZQ8kb0+BNkwuNVFHRgXm1 qzAJweEtRdsCMohB+H7BL5LGCVG5JaU0lqFU9pFP40HxEbyzxjsZgSE8LwkI6wcu0BLv6K6c Lm0EiHPOl5G8kgRi38PS7/6s3R8QDsEtbGsYy6O82k3zSLIjuDBwA9GRaeigGppTxzAHVjf5 o9KKu4O7gC2KKVHPegbXS+GK7DU0fjzX57H5bZ6komE5eY4p3oWT/CwVPSGfPs8jOwARAQAB iQE8BBgBCAAmFiEEmuvCXT0aY6hs4SbWeVOEFl5WrMgFAlywzOQCGwwFCQHhM4AACgkQeVOE Fl5WrMhmjQf/dBCjAVn1J0GzSsHiLvSAQz1cchbdy8LD0Tnpzjgp5KLU7sNojbI8vqt4yKAi cayI88j8+xxNXPMWM4pHELuUuVHS5XTpHa/wwulUtI5w/zyKlUDsIvqTPZLUEwH7DfNBueVM WyNaIjV2kxSmM8rNMC+RkgyfbjGLCkmWsMRVuLIUYpl5D9WHmenUbiErlKU2KvEEXEg/aLKq 3m/AdM9RAYsP9O4l+sAZEfyYoNJzDhTZMzn/9Q0uFPLK9smDQh4WBTFaApveVJPHRKmHPoNF Xxj+yScYdQ4SKH34WnhNSELvnZQ3ulH5tpASmm0w+GxfZqSc8+QCwoKtBRDUxoE56A== Message-ID: <4f7207fa-1ca8-df40-1c43-1c7ccfdf9afa@sentex.net> Date: Wed, 15 Jan 2020 10:14:31 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 47yW883tBvz4bsf X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mike@sentex.net designates 2607:f3e0:0:3::19 as permitted sender) smtp.mailfrom=mike@sentex.net X-Spamd-Result: default: False [-2.68 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.97)[-0.967,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ptr]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; HFILTER_HELO_IP_A(1.00)[pyroxene2a.sentex.ca]; DMARC_NA(0.00)[sentex.net]; HFILTER_HELO_NORES_A_OR_MX(0.30)[pyroxene2a.sentex.ca]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-1.71)[ipnet: 2607:f3e0::/32(-4.93), asn: 11647(-3.54), country: CA(-0.09)]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:11647, ipnet:2607:f3e0::/32, country:CA]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2020 15:14:33 -0000 On 1/15/2020 9:55 AM, John Jasen wrote: > Executive summary: > > Periodically, load will spike on network interrupts on one of our > firewalls. Latency will quickly climb to the point that things are > unresponsive, sessions will timeout, and bandwidth will plummet. A couple of wild stabs... Are the routers generating any odd amount of ICMP response traffic at the time ? e.g. port|host unreachable etc ? (maybe track netstat -s -p icmp). Are there any bursts of icmp redirects happening ? I know that can slog a router sometimes-- Try instrumenting the appropriate oids (sysctl -a | grep -i redirect)  to see if thats the case.  A lot of small packets ?  If possible maybe a network tap in front of the boxes to capture / profile the traffic before/after to see if there is something like a big scan happening or DOS with many small packets etc.  If thats not possible, do you have enough spare CPU to do some netflow analysis on the box ? Or maybe take some periodic snapshots of the interface stats and compare normal to bad periods via sysctl -A dev.cxl | grep "_frames_" Good luck!     ---Mike From owner-freebsd-net@freebsd.org Wed Jan 15 21:45:54 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5DC7F1FE670 for ; Wed, 15 Jan 2020 21:45:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47ygqk1PYHz44bC for ; Wed, 15 Jan 2020 21:45:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 301611FE66F; Wed, 15 Jan 2020 21:45:54 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2FD5E1FE66E for ; Wed, 15 Jan 2020 21:45:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47ygqj70Cdz44b9 for ; Wed, 15 Jan 2020 21:45:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E72C7D241 for ; Wed, 15 Jan 2020 21:45:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00FLjrQI045940 for ; Wed, 15 Jan 2020 21:45:53 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00FLjroL045938 for net@FreeBSD.org; Wed, 15 Jan 2020 21:45:53 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 230996] em/igb: Intel i210/i350: ifconfig: enabling "vlanhwtag" renders VLAN on i210/i350 NICs unusable Date: Wed, 15 Jan 2020 21:45:52 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: IntelNetworking, needs-qa, performance, regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: jason@tubnor.net X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? mfc-stable12? X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2020 21:45:54 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230996 --- Comment #9 from Jason Tubnor --- Created attachment 210777 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D210777&action= =3Dedit pciconf -lv of host running -CURRENT --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Wed Jan 15 22:24:19 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5029C1FF7C3 for ; Wed, 15 Jan 2020 22:24:19 +0000 (UTC) (envelope-from nparhar@gmail.com) Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47yhh21VK8z47Mh for ; Wed, 15 Jan 2020 22:24:18 +0000 (UTC) (envelope-from nparhar@gmail.com) Received: by mail-pl1-x634.google.com with SMTP id ay11so7438045plb.0 for ; Wed, 15 Jan 2020 14:24:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=82HGVpe2Ffum+GkjHFZTAXSboZ7F+gW8tzf/9oRh/nA=; b=C6ND2dsHS4IYcmMcSeU7cEJ/8ZqiZjvjj6wzc42y5xLx6VITi7YtTY3y6iqxlJ+dNj 5lPoPzIs2G+LGaBDOZd6+gOw2g89sP8g7LN392+StszxgjHlBX8DVen0GUFhNCmGL9zR FR5bl9ijxpO7YNWSEONNxveG2NeMNIi+TqIAkviVnNaAbWJDsHDkwZEIqZn42+zU3eXX BcFpWFvbauVcZdKDPXNl4HwI8BFvhStxg5Hrumnous6sYOLoDfjoSDz2WleIOwvGnwDx 5YIdSVHhvdYmE42qMjQ9ov33bE3GsXiJcr+7oYoFbWHF+p/1fGXESB7jUhWJtd+kSEsY njAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=82HGVpe2Ffum+GkjHFZTAXSboZ7F+gW8tzf/9oRh/nA=; b=WoWkQBiUSCI/IPWHZiQ2cihpl//QQOFQ0eRrtAdxG9e54WHD6DaNBJMOvTQ4Ffxgnr H2SAxu8NNWy9kdgKcebMzL4yn+IVA+Gwor5AHd7dtYQlYwf1f+rbljZFEiP+PWjPj6Y4 Z9XoDHTTmh2FfTahmPolc49NpKeKEY8nT6fD+VZtEDnIFdQq3RnG7dJbU4/TjwFnBdg3 lXkyIKYxL/Yxt4RJ8uWtDtr3nnqUwJ4aWLojGtP/Ai6b6i3wkmtLoRDX8RwQ3fNoDCzj R351bwss8mtNnkAkW9KQm+jHKtFcqtx5p+gtchl7Z4bkTpFE3SQEBM8cztR1/k3qi117 2bPQ== X-Gm-Message-State: APjAAAXMRVzrFM90i5rAWVOv7e+/3n9tjTIm37NoyDbEGGoiHnsOShlh C6iTASfY0FBXa6HhEUY5OCq/lweM X-Google-Smtp-Source: APXvYqzYA+NuWhC3SdC0Wb4uwkOOh3aEAz1pD55xg0OcIgeLQzrVXVa5i8N9gG2jGH/dE+pFP8JqSg== X-Received: by 2002:a17:90a:ca12:: with SMTP id x18mr2653953pjt.66.1579127056576; Wed, 15 Jan 2020 14:24:16 -0800 (PST) Received: from [10.192.166.0] (stargate.chelsio.com. [12.32.117.8]) by smtp.googlemail.com with ESMTPSA id a10sm22185350pgm.81.2020.01.15.14.24.15 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 15 Jan 2020 14:24:15 -0800 (PST) Subject: Re: unexplained latency, interrupt spikes and loss of throughput on FreeBSD router/firewall system To: John Jasen , FreeBSD Net References: From: Navdeep Parhar Message-ID: Date: Wed, 15 Jan 2020 14:24:14 -0800 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47yhh21VK8z47Mh X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=C6ND2dsH; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of nparhar@gmail.com designates 2607:f8b0:4864:20::634 as permitted sender) smtp.mailfrom=nparhar@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-8.87), ipnet: 2607:f8b0::/32(-2.09), asn: 15169(-1.83), country: US(-0.05)]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[4.3.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2020 22:24:19 -0000 On 1/15/20 6:55 AM, John Jasen wrote: > Executive summary: > > Periodically, load will spike on network interrupts on one of our > firewalls. Latency will quickly climb to the point that things are > unresponsive, sessions will timeout, and bandwidth will plummet. Is this with 9000 MTU? Can you please post "netstat -m" from this system? Assuming this is 9000 MTU, try setting this in /boot/loader.conf and reboot: hw.cxgbe.largest_rx_cluster=4096 > We do not see increases in ethernet pause frames, drops, errors, or > anything else like that from the system. This part is strange. The incoming frames are either being dropped (errors or overflows) or getting throttled via pause frames. I'd have expected "netstat -dI " to show errors or drops or "sysctl dev.cc dev.cxl | grep pause" to show some activity. Can you please double check? Regards, Navdeep > > Usually, the quickest fix is to failover to the backup firewall. At that > time, the backup firewall behaves normally and interrupt load drops on the > afflicted firewall device. > > I'm stumped. Networking says its these systems. I believe its something on > other side. > > Any ideas? > > Background information: > FreeBSD 11.3-RELEASE-p3 > hw.machine: amd64 > hw.model: Intel(R) Xeon(R) CPU E5-2697 v2 @ 2.70GHz > hw.ncpu: 24 > hw.machine_arch: amd64 > Firewall: pf > failover: CARP > network cards: seen with Chelsio T5-580 and T6 series cards. > other networking information: VLANs are in use. Occasional LAGG usage as > well. > > When this occurs, some of the interrupts dedicated to cxgbe queues spike > to 100%. Latency climbs to the point that TCP timeouts start kicking in, > and users start complaining. Bandwidth drops from 2-3Gbs to ~100-200Mbs > > netstat shows no increase of error or drop packets. sysctl shows no > increase in pause frames. > > I'm happy to provide further information. > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@freebsd.org Thu Jan 16 01:43:03 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A682F2246FD for ; Thu, 16 Jan 2020 01:43:03 +0000 (UTC) (envelope-from jjasen@gmail.com) Received: from mail-vs1-xe32.google.com (mail-vs1-xe32.google.com [IPv6:2607:f8b0:4864:20::e32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47yn5L6J81z4HZW for ; Thu, 16 Jan 2020 01:43:02 +0000 (UTC) (envelope-from jjasen@gmail.com) Received: by mail-vs1-xe32.google.com with SMTP id g15so11711333vsf.1 for ; Wed, 15 Jan 2020 17:43:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=yp3zCGkP25oQvK21VE3Y+QWm0K39ynYvLsZpijkiC2o=; b=I81c5MqSxkaupimtAUxR5yQJ1VeTJ/qz00Y2kDJeaMrnRpFr1RP3pu0A7tlwe0Ld8l urPhgkGiInF2BPoFeyptxS0PBK7JFM763P+vomituBRrov2/N24nhfUA5cvO1c8MGceg YVtikKraLFWAnSWcQIyRt7soKWo4aX4xR7KBkx+NHj5NdlV0TIOc6AM1wr5vi8kcZ9l9 qf0slP4SxGUQKR3wgPWPbfxkVFO89dknbJZQmKyC+kBVkHXzSeZMoDY6RvjTyVDDi2Za bi0UNGQAj6hU+ELjfc1602h20uzHFpnYDmqTcj26TkmGI/Lf2bjutvm73jYqP8Ldh4sK c4RA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=yp3zCGkP25oQvK21VE3Y+QWm0K39ynYvLsZpijkiC2o=; b=NcKLyEMDX32LP7OkMBVjixP6bwPpsh/97m2v0HMvPPmfuvihssz4+dKrif7KVirLOe iSq3+rYZ7ZXCY/2GDRS6CvB+1XZNJ1AyCZHQSHqUfQFRDJQGMfM0QII/kmMxCLrt0fBT hnDGE5eL3zT7fqlOoJ/4gWsE9UChzVMbOevB1DbnOVrBSMjWphj+Nrf84PWZ0xwFoWBo LfrQH9tCod9/D+9I+JC4S5hysQeSrWbYAGyrir3BhEiodvBcRSSOCot/50Dv2Deok1zu vEPsNKCox9Gq2+cp0f47xfdESym0SiBB0r+9BCVotcumD/eAu3L4iVB5Y0XjqE2Tr3Pb pB+g== X-Gm-Message-State: APjAAAXeBO1TchqveGH46fUuum1JHkKzkRopmjK3OBHcpGxvTokp+v16 tia+WVqcgB+y8M1VNvjtBxhJrTo/UWiOI0tAXvQ= X-Google-Smtp-Source: APXvYqypYUvK2hmS2kOCuGzLp3/7eJEAnn2m4DK8GgBJmpUxG5PAIfoydBsSEWNo0EnnTGaF+N6k7X/xOnuc1/z1MuA= X-Received: by 2002:a67:3145:: with SMTP id x66mr46939vsx.157.1579138981729; Wed, 15 Jan 2020 17:43:01 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: John Jasen Date: Wed, 15 Jan 2020 20:42:50 -0500 Message-ID: Subject: Re: unexplained latency, interrupt spikes and loss of throughput on FreeBSD router/firewall system To: Navdeep Parhar , FreeBSD Net X-Rspamd-Queue-Id: 47yn5L6J81z4HZW X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=I81c5MqS; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of jjasen@gmail.com designates 2607:f8b0:4864:20::e32 as permitted sender) smtp.mailfrom=jjasen@gmail.com X-Spamd-Result: default: False [-2.00 / 15.00]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; URI_COUNT_ODD(1.00)[1]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-9.54), ipnet: 2607:f8b0::/32(-2.09), asn: 15169(-1.83), country: US(-0.05)]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2.3.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 01:43:03 -0000 On Wed, Jan 15, 2020 at 5:24 PM Navdeep Parhar wrote: > On 1/15/20 6:55 AM, John Jasen wrote: > > Executive summary: > > > > Periodically, load will spike on network interrupts on one of our > > firewalls. Latency will quickly climb to the point that things are > > unresponsive, sessions will timeout, and bandwidth will plummet. > > Is this with 9000 MTU? Can you please post "netstat -m" from this > system? 25683/15822/41505 mbufs in use (current/cache/total) 8190/8340/16530/2038296 mbuf clusters in use (current/cache/total/max) 8190/8255 mbuf+clusters out of packet secondary zone in use (current/cache) 2576/293/2869/1019147 4k (page size) jumbo clusters in use (current/cache/total/max) 540546/1917/542463/10000000 9k jumbo clusters in use (current/cache/total/max) 0/0/0/169857 16k jumbo clusters in use (current/cache/total/max) 4898018K/39060K/4937079K bytes allocated to network (current/cache/total) 0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters) 0/0/0 requests for mbufs delayed (mbufs/clusters/mbuf+clusters) 0/0/0 requests for jumbo clusters delayed (4k/9k/16k) 0/53561/0 requests for jumbo clusters denied (4k/9k/16k) 0 sendfile syscalls 0 sendfile syscalls completed without I/O request 0 requests for I/O initiated by sendfile 0 pages read by sendfile as part of a request 0 pages were valid at time of a sendfile request 0 pages were requested for read ahead by applications 0 pages were read ahead by sendfile 0 times sendfile encountered an already busy page 0 requests for sfbufs denied 0 requests for sfbufs delayed > Assuming this is 9000 MTU, try setting this in > /boot/loader.conf and reboot: > > hw.cxgbe.largest_rx_cluster=4096 > We're already there. > > > We do not see increases in ethernet pause frames, drops, errors, or > > anything else like that from the system. > > This part is strange. The incoming frames are either being dropped > (errors or overflows) or getting throttled via pause frames. I'd have > expected "netstat -dI " to show errors or drops or "sysctl dev.cc > dev.cxl | grep pause" to show some activity. Can you please double check? > After a prior event on a firewall cluster, I started pushing pause frames and netstat drops/errors to elasticsearch. They remained constant and unchanging during this incident. I checked again, and they're still a flat line. > > Regards, > Navdeep > Thanks! > From owner-freebsd-net@freebsd.org Thu Jan 16 07:49:43 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C492622C9D6 for ; Thu, 16 Jan 2020 07:49:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47yxDR4pmWz4bVQ for ; Thu, 16 Jan 2020 07:49:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id A521122C9D5; Thu, 16 Jan 2020 07:49:43 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A4E9022C9D4 for ; Thu, 16 Jan 2020 07:49:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47yxDR3xf1z4bVH for ; Thu, 16 Jan 2020 07:49:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DF8C11C0EC for ; Thu, 16 Jan 2020 07:49:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00G7ngm1009036 for ; Thu, 16 Jan 2020 07:49:42 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00G7ngnX009035 for net@FreeBSD.org; Thu, 16 Jan 2020 07:49:42 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 240608] if_vmx(4): iflib - Panic with INVARIANTS: Memory modified after free (12.1-pre-QA) Date: Thu, 16 Jan 2020 07:49:40 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: crash, needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: avg@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 07:49:43 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240608 --- Comment #11 from Andriy Gapon --- Not sure if that's relevant, but one thing I noticed is that the converted driver lost handling of rxcd->error field. The old code would do: if (rxcd->error) { rxq->vxrxq_stats.vmrxs_ierrors++; m_freem(m); return; } But in the iflib world the error is simply ignored. --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Jan 16 09:05:35 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F119322F312 for ; Thu, 16 Jan 2020 09:05:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47yyvz6BzHz3CZ2 for ; Thu, 16 Jan 2020 09:05:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id D4BE422F311; Thu, 16 Jan 2020 09:05:35 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D487422F310 for ; Thu, 16 Jan 2020 09:05:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47yyvz5NBtz3CZ1 for ; Thu, 16 Jan 2020 09:05:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B3EBA1CF8C for ; Thu, 16 Jan 2020 09:05:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00G95Zme005472 for ; Thu, 16 Jan 2020 09:05:35 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00G95Zo6005462 for net@FreeBSD.org; Thu, 16 Jan 2020 09:05:35 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 240608] if_vmx(4): iflib - Panic with INVARIANTS: Memory modified after free (12.1-pre-QA) Date: Thu, 16 Jan 2020 09:05:35 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: crash, needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: avg@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 09:05:36 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240608 --- Comment #12 from Andriy Gapon --- Also, to be honest, I do not understand how ifl_fragidx and ifl_rx_bitmap on the one hand and ifl_pidx and ifl_cidx on the other work together. The map potentially allows for an arbitrary mix of free and busy descriptors while cidx/pidx assume strictly linear iteration. --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Thu Jan 16 10:14:03 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7C51B2313FF for ; Thu, 16 Jan 2020 10:14:03 +0000 (UTC) (envelope-from agapon@gmail.com) Received: from mail-lj1-f177.google.com (mail-lj1-f177.google.com [209.85.208.177]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47z0Qy3lFfz3Hdh for ; Thu, 16 Jan 2020 10:14:02 +0000 (UTC) (envelope-from agapon@gmail.com) Received: by mail-lj1-f177.google.com with SMTP id z22so21996319ljg.1 for ; Thu, 16 Jan 2020 02:14:02 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:openpgp:autocrypt:message-id :date:user-agent:mime-version:content-language :content-transfer-encoding; bh=iwC4awA37RF+20Tm45ADqNShYtUynHypiR7hi3IIEww=; b=CHGd7/h0uNS48DcLkNVWt2fxo2wBp3qkJSUqOZ/1SZuCTFNuIxDqhHaIyIBcloRyuC FvABqKeFtKv7FAL/4r3sRLtAnAzoRiU0VK8rMZYceZyoqInyt6mVGhInqz1OJM6wI3dY NE/349yfpHzydb1UCgKeqTBHLbJ6lRsfScVJiHvqmKBkH76sEx1ilgdADh0tksyWSX+L prLLq/MycuBy1ohIqqflKfXhI6uFaGVgM5PZ7ndcPgtak7AGQu1JZ5zBsUXW9APXdJam cEmLGb3XiTJ1Si2RtwDPL87RBOsGtwiAmWexjDgpgD2vEDowpVIhfh+cLdnojcO7rSyF IFzQ== X-Gm-Message-State: APjAAAU3WqEDnNCU3m6VYPB7f0wriJWoYHSd/uisoTMKj+DwJf3+FPVG HJgR6onVqs4wt4g73IbhrBDKX3o3 X-Google-Smtp-Source: APXvYqziBsTm1zHPV+/hz3T7iiW9jZ8GCxho73MGF6SlWsSjM2fKlX0lwpt1dNJ8yiACct9kwD60rQ== X-Received: by 2002:a2e:b0c4:: with SMTP id g4mr1786883ljl.83.1579169640456; Thu, 16 Jan 2020 02:14:00 -0800 (PST) Received: from [192.168.0.88] (east.meadow.volia.net. [93.72.151.96]) by smtp.googlemail.com with ESMTPSA id m13sm10153306lfo.40.2020.01.16.02.13.59 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 16 Jan 2020 02:13:59 -0800 (PST) To: freebsd-net From: Andriy Gapon Subject: iflib: how to signal that a packet has an error? Openpgp: preference=signencrypt Autocrypt: addr=avg@FreeBSD.org; prefer-encrypt=mutual; keydata= mQINBFm4LIgBEADNB/3lT7f15UKeQ52xCFQx/GqHkSxEdVyLFZTmY3KyNPQGBtyvVyBfprJ7 mAeXZWfhat6cKNRAGZcL5EmewdQuUfQfBdYmKjbw3a9GFDsDNuhDA2QwFt8BmkiVMRYyvI7l N0eVzszWCUgdc3qqM6qqcgBaqsVmJluwpvwp4ZBXmch5BgDDDb1MPO8AZ2QZfIQmplkj8Y6Z AiNMknkmgaekIINSJX8IzRzKD5WwMsin70psE8dpL/iBsA2cpJGzWMObVTtCxeDKlBCNqM1i gTXta1ukdUT7JgLEFZk9ceYQQMJJtUwzWu1UHfZn0Fs29HTqawfWPSZVbulbrnu5q55R4PlQ /xURkWQUTyDpqUvb4JK371zhepXiXDwrrpnyyZABm3SFLkk2bHlheeKU6Yql4pcmSVym1AS4 dV8y0oHAfdlSCF6tpOPf2+K9nW1CFA8b/tw4oJBTtfZ1kxXOMdyZU5fiG7xb1qDgpQKgHUX8 7Rd2T1UVLVeuhYlXNw2F+a2ucY+cMoqz3LtpksUiBppJhw099gEXehcN2JbUZ2TueJdt1FdS ztnZmsHUXLxrRBtGwqnFL7GSd6snpGIKuuL305iaOGODbb9c7ne1JqBbkw1wh8ci6vvwGlzx rexzimRaBzJxlkjNfMx8WpCvYebGMydNoeEtkWldtjTNVsUAtQARAQABtB5BbmRyaXkgR2Fw b24gPGF2Z0BGcmVlQlNELm9yZz6JAlQEEwEIAD4WIQS+LEO7ngQnXA4Bjr538m7TUc1yjwUC WbgsiAIbIwUJBaOagAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRB38m7TUc1yj+JAEACV l9AK/nOWAt/9cufV2fRj0hdOqB1aCshtSrwHk/exXsDa4/FkmegxXQGY+3GWX3deIyesbVRL rYdtdK0dqJyT1SBqXK1h3/at9rxr9GQA6KWOxTjUFURsU7ok/6SIlm8uLRPNKO+yq0GDjgaO LzN+xykuBA0FlhQAXJnpZLcVfPJdWv7sSHGedL5ln8P8rxR+XnmsA5TUaaPcbhTB+mG+iKFj GghASDSfGqLWFPBlX/fpXikBDZ1gvOr8nyMY9nXhgfXpq3B6QCRYKPy58ChrZ5weeJZ29b7/ QdEO8NFNWHjSD9meiLdWQaqo9Y7uUxN3wySc/YUZxtS0bhAd8zJdNPsJYG8sXgKjeBQMVGuT eCAJFEYJqbwWvIXMfVWop4+O4xB+z2YE3jAbG/9tB/GSnQdVSj3G8MS80iLS58frnt+RSEw/ psahrfh0dh6SFHttE049xYiC+cM8J27Aaf0i9RflyITq57NuJm+AHJoU9SQUkIF0nc6lfA+o JRiyRlHZHKoRQkIg4aiKaZSWjQYRl5Txl0IZUP1dSWMX4s3XTMurC/pnja45dge/4ESOtJ9R 8XuIWg45Oq6MeIWdjKddGhRj3OohsltKgkEU3eLKYtB6qRTQypHHUawCXz88uYt5e3w4V16H lCpSTZV/EVHnNe45FVBlvK7k7HFfDDkryLkCDQRZuCyIARAAlq0slcsVboY/+IUJdcbEiJRW be9HKVz4SUchq0z9MZPX/0dcnvz/gkyYA+OuM78dNS7Mbby5dTvOqfpLJfCuhaNYOhlE0wY+ 1T6Tf1f4c/uA3U/YiadukQ3+6TJuYGAdRZD5EqYFIkreARTVWg87N9g0fT9BEqLw9lJtEGDY EWUE7L++B8o4uu3LQFEYxcrb4K/WKmgtmFcm77s0IKDrfcX4doV92QTIpLiRxcOmCC/OCYuO jB1oaaqXQzZrCutXRK0L5XN1Y1PYjIrEzHMIXmCDlLYnpFkK+itlXwlE2ZQxkfMruCWdQXye syl2fynAe8hvp7Mms9qU2r2K9EcJiR5N1t1C2/kTKNUhcRv7Yd/vwusK7BqJbhlng5ZgRx0m WxdntU/JLEntz3QBsBsWM9Y9wf2V4tLv6/DuDBta781RsCB/UrU2zNuOEkSixlUiHxw1dccI 6CVlaWkkJBxmHX22GdDFrcjvwMNIbbyfQLuBq6IOh8nvu9vuItup7qemDG3Ms6TVwA7BD3j+ 3fGprtyW8Fd/RR2bW2+LWkMrqHffAr6Y6V3h5kd2G9Q8ZWpEJk+LG6Mk3fhZhmCnHhDu6CwN MeUvxXDVO+fqc3JjFm5OxhmfVeJKrbCEUJyM8ESWLoNHLqjywdZga4Q7P12g8DUQ1mRxYg/L HgZY3zfKOqcAEQEAAYkCPAQYAQgAJhYhBL4sQ7ueBCdcDgGOvnfybtNRzXKPBQJZuCyIAhsM BQkFo5qAAAoJEHfybtNRzXKPBVwQAKfFy9P7N3OsLDMB56A4Kf+ZT+d5cIx0Yiaf4n6w7m3i ImHHHk9FIetI4Xe54a2IXh4Bq5UkAGY0667eIs+Z1Ea6I2i27Sdo7DxGwq09Qnm/Y65ADvXs 3aBvokCcm7FsM1wky395m8xUos1681oV5oxgqeRI8/76qy0hD9WR65UW+HQgZRIcIjSel9vR XDaD2HLGPTTGr7u4v00UeTMs6qvPsa2PJagogrKY8RXdFtXvweQFz78NbXhluwix2Tb9ETPk LIpDrtzV73CaE2aqBG/KrboXT2C67BgFtnk7T7Y7iKq4/XvEdDWscz2wws91BOXuMMd4c/c4 OmGW9m3RBLufFrOag1q5yUS9QbFfyqL6dftJP3Zq/xe+mr7sbWbhPVCQFrH3r26mpmy841ym dwQnNcsbIGiBASBSKksOvIDYKa2Wy8htPmWFTEOPRpFXdGQ27awcjjnB42nngyCK5ukZDHi6 w0qK5DNQQCkiweevCIC6wc3p67jl1EMFY5+z+zdTPb3h7LeVnGqW0qBQl99vVFgzLxchKcl0 R/paSFgwqXCZhAKMuUHncJuynDOP7z5LirUeFI8qsBAJi1rXpQoLJTVcW72swZ42IdPiboqx NbTMiNOiE36GqMcTPfKylCbF45JNX4nF9ElM0E+Y8gi4cizJYBRr2FBJgay0b9Cp Message-ID: <724363cd-99e3-5f73-e40a-38adc5125a13@FreeBSD.org> Date: Thu, 16 Jan 2020 12:13:58 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Firefox/60.0 Thunderbird/60.9.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 47z0Qy3lFfz3Hdh X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of agapon@gmail.com designates 209.85.208.177 as permitted sender) smtp.mailfrom=agapon@gmail.com X-Spamd-Result: default: False [-2.07 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; FORGED_SENDER(0.30)[avg@FreeBSD.org,agapon@gmail.com]; RECEIVED_SPAMHAUS_PBL(0.00)[96.151.72.93.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; SUBJECT_ENDS_QUESTION(1.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; R_DKIM_NA(0.00)[]; FROM_NEQ_ENVFROM(0.00)[avg@FreeBSD.org,agapon@gmail.com]; TO_DOM_EQ_FROM_DOM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; DMARC_NA(0.00)[FreeBSD.org]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; RCVD_IN_DNSWL_NONE(0.00)[177.208.85.209.list.dnswl.org : 127.0.5.0]; IP_SCORE(-1.07)[ip: (-0.41), ipnet: 209.85.128.0/17(-3.08), asn: 15169(-1.83), country: US(-0.05)]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 10:14:03 -0000 I am comparing vmxnet3 driver code before and after its conversion to iflib. The old code used to do this: if (rxcd->error) { rxq->vxrxq_stats.vmrxs_ierrors++; m_freem(m); return; } A vmx rx completion descriptor has a field that signals an error. In practice I can see that something like this can happen: (kgdb) p $4.vxrxq_comp_ring.vxcr_u.rxcd[444] $8 = {rxd_idx = 80, pad1 = 0, eop = 0, sop = 1, qid = 0, rss_type = 0, no_csum = 0, pad2 = 0, rss_hash = 0, len = 2048, error = 0, vlan = 0, vtag = 0, csum = 0, csum_ok = 0, udp = 0, tcp = 0, ipcsum_ok = 0, ipv6 = 0, ipv4 = 0, fragment = 0, fcs = 0, type = 3, gen = 1} (kgdb) p $4.vxrxq_comp_ring.vxcr_u.rxcd[445] $9 = {rxd_idx = 108, pad1 = 0, eop = 0, sop = 0, qid = 4, rss_type = 0, no_csum = 0, pad2 = 0, rss_hash = 0, len = 2048, error = 0, vlan = 0, vtag = 0, csum = 0, csum_ok = 0, udp = 0, tcp = 0, ipcsum_ok = 0, ipv6 = 0, ipv4 = 0, fragment = 0, fcs = 0, type = 3, gen = 1} (kgdb) p $4.vxrxq_comp_ring.vxcr_u.rxcd[446] $10 = {rxd_idx = 109, pad1 = 0, eop = 0, sop = 0, qid = 4, rss_type = 0, no_csum = 0, pad2 = 0, rss_hash = 0, len = 2048, error = 0, vlan = 0, vtag = 0, csum = 0, csum_ok = 0, udp = 0, tcp = 0, ipcsum_ok = 0, ipv6 = 0, ipv4 = 0, fragment = 0, fcs = 0, type = 3, gen = 1} (kgdb) p $4.vxrxq_comp_ring.vxcr_u.rxcd[447] $11 = {rxd_idx = 110, pad1 = 0, eop = 0, sop = 0, qid = 4, rss_type = 0, no_csum = 0, pad2 = 0, rss_hash = 0, len = 2048, error = 0, vlan = 0, vtag = 0, csum = 0, csum_ok = 0, udp = 0, tcp = 0, ipcsum_ok = 0, ipv6 = 0, ipv4 = 0, fragment = 0, fcs = 0, type = 3, gen = 1} ⋮ (kgdb) p $4.vxrxq_comp_ring.vxcr_u.rxcd[455] $12 = {rxd_idx = 118, pad1 = 0, eop = 0, sop = 0, qid = 4, rss_type = 0, no_csum = 0, pad2 = 0, rss_hash = 0, len = 2048, error = 0, vlan = 0, vtag = 0, csum = 0, csum_ok = 0, udp = 0, tcp = 0, ipcsum_ok = 0, ipv6 = 0, ipv4 = 0, fragment = 0, fcs = 0, type = 3, gen = 1} (kgdb) p $4.vxrxq_comp_ring.vxcr_u.rxcd[456] $13 = {rxd_idx = 119, pad1 = 0, eop = 0, sop = 0, qid = 4, rss_type = 0, no_csum = 0, pad2 = 0, rss_hash = 0, len = 2048, error = 0, vlan = 0, vtag = 0, csum = 0, csum_ok = 0, udp = 0, tcp = 0, ipcsum_ok = 0, ipv6 = 0, ipv4 = 0, fragment = 0, fcs = 0, type = 3, gen = 1} (kgdb) p $4.vxrxq_comp_ring.vxcr_u.rxcd[457] $14 = {rxd_idx = 120, pad1 = 0, eop = 1, sop = 0, qid = 4, rss_type = 0, no_csum = 0, pad2 = 0, rss_hash = 0, len = 2048, error = 1, vlan = 0, vtag = 0, csum = 0, csum_ok = 0, udp = 0, tcp = 0, ipcsum_ok = 0, ipv6 = 0, ipv4 = 0, fragment = 0, fcs = 1, type = 3, gen = 1} So, we have a start-of-packet descriptor (sop=1) followed by a bunch of "continuation" descriptors (sop=0, eop=0) followed by the final end-of-packet descriptor (eop=1). And the final descriptor has error=1. I am not sure what kind of an error is signaled in that fashion. The old code would discard such a packet upon seeing eop=1 and error=1. But the new code never examines the error field at all and, so, it passes up to iflib all the fragments described by the descriptors and iflib assembles them into a packet. I am not sure if that's a problem or not. But if we assume that that's a problem, then how should the driver let iflib know that the packet should be ignored? Should we extend the iflib interface or is there a way to achieve that using the current interface? Thank you! -- Andriy Gapon From owner-freebsd-net@freebsd.org Thu Jan 16 11:09:14 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E86E7232F87 for ; Thu, 16 Jan 2020 11:09:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47z1ff5xJwz3LtR for ; Thu, 16 Jan 2020 11:09:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id CA099232F86; Thu, 16 Jan 2020 11:09:14 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C9C74232F85 for ; Thu, 16 Jan 2020 11:09:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47z1ff4g2Rz3LtP for ; Thu, 16 Jan 2020 11:09:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 974ED1E6B9 for ; Thu, 16 Jan 2020 11:09:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00GB9Eqd015501 for ; Thu, 16 Jan 2020 11:09:14 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00GB9E9q015500 for net@FreeBSD.org; Thu, 16 Jan 2020 11:09:14 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 240608] if_vmx(4): iflib - Panic with INVARIANTS: Memory modified after free (12.1-pre-QA) Date: Thu, 16 Jan 2020 11:09:14 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: crash, needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: avg@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 11:09:15 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240608 --- Comment #13 from Andriy Gapon --- I see one potential problem related to ifl_fragidx. _iflib_fl_refill() has this logic: frag_idx =3D fl->ifl_fragidx; bit_ffc_at(fl->ifl_rx_bitmap, frag_idx, fl->ifl_size,=20=20= =20=20=20=20=20=20=20=20=20 &frag_idx);=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20 if (frag_idx < 0)=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20 bit_ffc(fl->ifl_rx_bitmap, fl->ifl_size, &frag_idx); bit_set(fl->ifl_rx_bitmap, frag_idx); fl->ifl_fragidx =3D frag_idx; So, ifl_fragidx is used to store the latest set bit in ifl_rx_bitmap. bit_ffc_at() finds the first cleared bit at or after the start position. Typically, that means /after/ as the bit /at/ frag_idx is set. But let's consider this scenario. Somehow the hardware consumes descriptors very fast, faster than they are refilled. Let's say we refilled descriptor= s up to index N, so ifl_fragidx=3DN and ifl_pidx=3DN+1. Let's say the hardware = consumed all descriptors available to it. That means that the whole ifl_rx_bitmap is clear and ifl_cidx=3DN+1. Now we do the next refill and we start searching= from ifl_fragidx. That position is free now, so bit_ffc_at() will return it. At this point ifl_fragidx and ifl_pidx get out of sync. We populate various software resources by frag_idx, but we program the hardware by pidx. For example, we will allocate a cluster at index N, but program its bus address= in a descriptor at index N+1. That will mess up things for a driver that expects that indexes are always advanced linearly. There is a simple solution. Either we should store frag_idx + 1 to ifl_fragidx for the benefit of the n= ext refill or we should call bit_ffc_at() with frag_idx + 1 as a starting posit= ion. --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Thu Jan 16 11:52:58 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 385E6234250 for ; Thu, 16 Jan 2020 11:52:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47z2d60pphz3P7k for ; Thu, 16 Jan 2020 11:52:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 1A24923424F; Thu, 16 Jan 2020 11:52:58 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 19EAF23424E for ; Thu, 16 Jan 2020 11:52:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47z2d572ssz3P7j for ; Thu, 16 Jan 2020 11:52:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id ED4D31F03A for ; Thu, 16 Jan 2020 11:52:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00GBqvjB057389 for ; Thu, 16 Jan 2020 11:52:57 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00GBqvRl057388 for net@FreeBSD.org; Thu, 16 Jan 2020 11:52:57 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 240608] if_vmx(4): iflib - Panic with INVARIANTS: Memory modified after free (12.1-pre-QA) Date: Thu, 16 Jan 2020 11:52:57 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: crash, needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: avg@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 11:52:58 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240608 --- Comment #14 from Andriy Gapon --- As to why the hardware can exhaust all descriptors in a free list. I think that there is a certain impedance mismatch. iflib_rxeof() takes its budget in terms of full packets and also iflib_rxd_avail() works in the same terms. __iflib_fl_refill_lt() is called with a limit equal to budget + 8.=20 But the descriptors are used by packet fragments and a single packet may ha= ve many fragments. Also, a driver like vmx may waste some descriptors[*] for reasons that are known only to vmware. For example, in one crash dumps that I have here I see that iflib_rxeof() w= as processing its 11th packet (rx_pkts =3D 11, avail =3D 7, budget =3D 16) and= that packet had iri_nfrags =3D 14. It's conceivable that such a batch could exhaust all descriptors populated = by the last refill. [*] eop=3D1, sop=3D1, len=3D0 but a command descriptor 141 in rx queue 0 is "co= nsumed": (kgdb) p $19.vxcr_u.rxcd[475] $22 =3D {rxd_idx =3D 141, pad1 =3D 0, eop =3D 1, sop =3D 1, qid =3D 0, rss_= type =3D 0, no_csum =3D 0, pad2 =3D 0, rss_hash =3D 0, len =3D 0, error =3D 0, vlan =3D= 0, vtag =3D 0, csum =3D 0, csum_ok =3D 0, udp =3D 0, tcp =3D 0, ipcsum_ok =3D 0, ipv6 =3D = 0, ipv4 =3D 0, fragment =3D 0, fcs =3D 0, type =3D 3, gen =3D 1} --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Thu Jan 16 11:53:38 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 00282234306 for ; Thu, 16 Jan 2020 11:53:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47z2ds6GF8z3PDk for ; Thu, 16 Jan 2020 11:53:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id D6EB2234305; Thu, 16 Jan 2020 11:53:37 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D6B60234304 for ; Thu, 16 Jan 2020 11:53:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47z2ds5Mtyz3PDj for ; Thu, 16 Jan 2020 11:53:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B3E801F04C for ; Thu, 16 Jan 2020 11:53:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00GBrbm7058287 for ; Thu, 16 Jan 2020 11:53:37 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00GBrbfH058286 for net@FreeBSD.org; Thu, 16 Jan 2020 11:53:37 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 243126] Assertion fl->ifl_cidx == cidx failed at /usr/src/sys/net/iflib.c:2531 Date: Thu, 16 Jan 2020 11:53:37 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: avg@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 11:53:38 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243126 --- Comment #5 from Andriy Gapon --- Still looking for help from iflib developers. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Jan 16 13:41:59 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E42E4237823 for ; Thu, 16 Jan 2020 13:41:59 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward104j.mail.yandex.net (forward104j.mail.yandex.net [IPv6:2a02:6b8:0:801:2::107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47z52t2HLpz41F5; Thu, 16 Jan 2020 13:41:57 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback20j.mail.yandex.net (mxback20j.mail.yandex.net [IPv6:2a02:6b8:0:1619::114]) by forward104j.mail.yandex.net (Yandex) with ESMTP id 30E684A0408; Thu, 16 Jan 2020 16:41:54 +0300 (MSK) Received: from myt6-016ca1315a73.qloud-c.yandex.net (myt6-016ca1315a73.qloud-c.yandex.net [2a02:6b8:c12:4e0e:0:640:16c:a131]) by mxback20j.mail.yandex.net (mxback/Yandex) with ESMTP id WHxO7htc9k-fsIeS03g; Thu, 16 Jan 2020 16:41:54 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1579182114; bh=MEd59aDDkqiwGD2B0ogBe7i5cUWX+IJwP9LrSjWaYeM=; h=In-Reply-To:Cc:To:From:Subject:Date:References:Message-ID; b=QUPOCEkOy7YLAI9kh9va4jAFJSEy3n2nCwBjubFtIRIcLVLFS+X9fHe+PoekHS0bD 7X1RbZAxtEjcPzq2iusPVCnAFTyg6IcNjrFrRFAkcu50K3+3gL45ZpJVovb0lQzfpv FJX7WR84GznOZ5hw/v3c7P0A/AIrf4k3qkvsOurE= Received: by myt6-016ca1315a73.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id mZPMNicFFU-frUCs7h3; Thu, 16 Jan 2020 16:41:53 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) Subject: Re: IPSec transport mode, mtu, fragmentation... From: "Andrey V. Elsukov" To: Victor Sudakov , freebsd-net@freebsd.org Cc: Michael Tuexen References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= mQENBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAG0JUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT6JATgEEwECACIFAkwB F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+ +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAy5AQ0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAYkBHwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: Date: Thu, 16 Jan 2020 16:39:38 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="UdI63y4JQTEXyNrorslBaTkHKDLjaY5ti" X-Rspamd-Queue-Id: 47z52t2HLpz41F5 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.ru header.s=mail header.b=QUPOCEkO; dmarc=pass (policy=none) header.from=yandex.ru; spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates 2a02:6b8:0:801:2::107 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru X-Spamd-Result: default: False [-5.10 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[yandex.ru]; R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0::/52]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[yandex.ru:+]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-9.62), ipnet: 2a02:6b8::/32(-4.72), asn: 13238(-3.81), country: RU(0.01)]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[yandex.ru.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; RCVD_TLS_LAST(0.00)[]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[7.0.1.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.8.0.0.0.0.0.8.b.6.0.2.0.a.2.list.dnswl.org : 127.0.5.0] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 13:42:00 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --UdI63y4JQTEXyNrorslBaTkHKDLjaY5ti Content-Type: multipart/mixed; boundary="lxdILHK8pmzGhibobjOpuOG0LiMgiYaAh"; protected-headers="v1" From: "Andrey V. Elsukov" To: Victor Sudakov , freebsd-net@freebsd.org Cc: Michael Tuexen Message-ID: Subject: Re: IPSec transport mode, mtu, fragmentation... References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> In-Reply-To: <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> --lxdILHK8pmzGhibobjOpuOG0LiMgiYaAh Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 23.12.2019 15:00, Andrey V. Elsukov wrote: > On 20.12.2019 18:23, Victor Sudakov wrote: >> Dear Colleagues, >> >> I've set up IPSec in transport mode between two regular FreeBSD hosts,= >> for testing. Now TCP sessions between those hosts don't work normally >> any more. For example, scp is stalled almost immediately after startin= g >> a file transfer, and so is interactive ssh eventually. >> >> I feel that the problem is somehow related to MTU, MSS and fragmentati= on >> of ESP packets, because: >> >> 1. When IPSec is disabled, I can "ping -s1472 -D" the remote host all >> right.=20 >> >> 2. When IPSec is enabled, the maximum packet size I've been able to se= nd >> through is "ping -s1414 -D". ("ping -s1415 -D host-b" already disappea= rs >> in the void). >=20 > I think the silence from ping is due to IPsec works asynchronously. > I.e. when application sends data to the stack, it receives good feedbac= k > and thinks that data was send successful then it waits for reply. > But IPsec consumes the data and then encrypted data will be send from > crypto thread via callback. And now they can not be fragmented due to > IP_DF bit, but there are no app waiting for this error code. >=20 > Similar problem is with TCP. Probably we can try to send PRC_MSGSIZE > notify when EMSGSIZE is returned from ip_output(). At least for TCP. Hi, I prepared the PoC patch that should fix the problem with TCP and transport mode IPsec. But I have not free time currently to properly test and debug it. It is only compile-tested. But If you want, you can try :) Currently only IPv4 support is implemented. https://people.freebsd.org/~ae/ipsec_transport_mode_ctlinput.diff --=20 WBR, Andrey V. Elsukov --lxdILHK8pmzGhibobjOpuOG0LiMgiYaAh-- --UdI63y4JQTEXyNrorslBaTkHKDLjaY5ti Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl4gZ5oACgkQAcXqBBDI oXoW4Af8CBfDEcD9xj6PJ7etRJwiQiTjI5j5SD8NhSTwxZpRLUsIN3V9FCeeivcM QrYh32Gtgu/QijHQaTZlLo6kdRpfXHDzG6GDXXW3MI1y/lANlwAz7zfMTKB/fgjk XoOE/oho35dVFS8xKFNfoAXFiEGN9AtpAp75oOFvze8dlVvxS5CnxSZ5R3XHWBnw IbqltrZxJguCRFcdyazchAcHNzgLlL7WOzXmlCkMS1UhHbgVv5qWxJacbBu1scg6 loIccnu0PhEgxEqhxgq19ruF+nsgHdHhVTNnqdia6egmHEHoyzHhMd5e7jnC+cj2 TuOM+QCdbCs2bbhzvE63OEqH0m2j+w== =UuVz -----END PGP SIGNATURE----- --UdI63y4JQTEXyNrorslBaTkHKDLjaY5ti-- From owner-freebsd-net@freebsd.org Thu Jan 16 14:21:42 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2966F1E8F44 for ; Thu, 16 Jan 2020 14:21:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47z5wk0Nm6z44GL for ; Thu, 16 Jan 2020 14:21:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 0D4BA1E8F43; Thu, 16 Jan 2020 14:21:42 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0D1401E8F42 for ; Thu, 16 Jan 2020 14:21:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47z5wj6h1Xz44GH for ; Thu, 16 Jan 2020 14:21:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C6BB320CDB for ; Thu, 16 Jan 2020 14:21:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00GELfcL045988 for ; Thu, 16 Jan 2020 14:21:41 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00GELft0045987 for net@FreeBSD.org; Thu, 16 Jan 2020 14:21:41 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 240608] if_vmx(4): iflib - Panic with INVARIANTS: Memory modified after free (12.1-pre-QA) Date: Thu, 16 Jan 2020 14:21:39 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: crash, needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: pkelsey@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 14:21:42 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240608 --- Comment #15 from Patrick Kelsey --- (In reply to Andriy Gapon from comment #11) Regarding ignoring rxd->error in the iflib driver: Just as a piece of background information, one thing that is true is that rxd->error can only be set when rx->eop is set (according to reference driv= er sources). In the error case, we still need iflib to do all of the related completion queue/free list processing for descriptors from sop to eop, but we also have knowledge that the packet is 'bad'. The current treatment of the error indication case is based on the followin= g.=20 There is no facility in the iflib interface (now, or when this driver was written) to indicate this case to iflib. So the vmx driver submits the pac= ket anyway, under the reasoning that it is already possible to receive damaged packets from the network (that pass the checksum checks and so on). It is perhaps not strictly optimal to not take advantage of the early knowledge t= hat the packet is bad, but this does not introduce a new possible condition for= the network stack, and this is a rare event. Considering this again, this approach does rely on the virtual device to not provide damaged fragment length indicators (meaning something greater than = the configured buffer size) in the error case, and perhaps we should not trust = it to do so, in which case the minimal change to what we currently have would = be to check rxd->error, and if set, consider the length of the eop fragment to= be zero. iflib probably needs an audit on all of the cases of receiving zero length fragments. I may have some time next week to re-analyze the current iflib descriptor/f= ree list mechanism and how the vmx driver interacts with it in order to determi= ne whether there is a bug in the vmx driver, the iflib implementation has shif= ted since the vmx driver was written in a way that breaks the vmx driver, or everything looks OK and there is some other root cause here. --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Jan 16 14:25:19 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 957DB1E9265 for ; Thu, 16 Jan 2020 14:25:19 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47z60t1h0pz44RT; Thu, 16 Jan 2020 14:25:17 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 00GEOt5E026175 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 16 Jan 2020 14:25:01 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: bu7cher@yandex.ru Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id 00GEOrL0031641 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 16 Jan 2020 21:24:53 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: IPSec transport mode, mtu, fragmentation... To: "Andrey V. Elsukov" , Victor Sudakov , freebsd-net@freebsd.org References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> Cc: Michael Tuexen From: Eugene Grosbein Message-ID: Date: Thu, 16 Jan 2020 21:24:47 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.0 SPF_PASS SPF: sender matches SPF record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 47z60t1h0pz44RT X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-3.86 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(-1.76)[ip: (-4.78), ipnet: 2a01:4f8::/29(-2.48), asn: 24940(-1.51), country: DE(-0.02)]; FREEMAIL_TO(0.00)[yandex.ru]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 14:25:19 -0000 16.01.2020 20:39, Andrey V. Elsukov wrote: > I prepared the PoC patch that should fix the problem with TCP and > transport mode IPsec. But I have not free time currently to properly > test and debug it. It is only compile-tested. But If you want, you can > try :) > Currently only IPv4 support is implemented. > > https://people.freebsd.org/~ae/ipsec_transport_mode_ctlinput.diff In fact, I've faced this problem long time ago too and I work around it with different approaches like "ipfw tcp-setmss" (MSS adjust) or by using IPSec transport mode with gif(4) interface removing DF bit out of encapsulated packets. I was going to test your patch with my home router but the patch does not apply to stable/11, at all. Do you have time to adjust it to stable/11 ? From owner-freebsd-net@freebsd.org Thu Jan 16 14:33:20 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 63D2E1E974A for ; Thu, 16 Jan 2020 14:33:20 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward105p.mail.yandex.net (forward105p.mail.yandex.net [77.88.28.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47z6B72wR2z44y2; Thu, 16 Jan 2020 14:33:19 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback1g.mail.yandex.net (mxback1g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:162]) by forward105p.mail.yandex.net (Yandex) with ESMTP id 261B74D41434; Thu, 16 Jan 2020 17:33:16 +0300 (MSK) Received: from myt3-ecf07668b98a.qloud-c.yandex.net (myt3-ecf07668b98a.qloud-c.yandex.net [2a02:6b8:c12:4f2b:0:640:ecf0:7668]) by mxback1g.mail.yandex.net (mxback/Yandex) with ESMTP id psmhGdeMKv-XFw4O2Ej; Thu, 16 Jan 2020 17:33:16 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1579185196; bh=pK2frvll+QBphXi15F12kHeIf/HifGmS9m8xf0DHWiM=; h=In-Reply-To:From:To:Subject:Cc:Date:References:Message-ID; b=LHOVPO2Zn212mSMlJoro9vuRd11NPeDXycwfM/fk0J+CPxbVRENXg44MUNrzosiya uJ22qLCN1Ijd/yXihfJxaVHCiDRR4Q9NHK5VimK/GeAMN+WJxisdG9dNbwNGPrTg4p 6YjKMhpb7/a4VfiNk731feQhgVoR3OBP2jZi6PJo= Received: by myt3-ecf07668b98a.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id pccwEhLpfR-XFVih4Zv; Thu, 16 Jan 2020 17:33:15 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) Subject: Re: IPSec transport mode, mtu, fragmentation... To: Eugene Grosbein , Victor Sudakov , freebsd-net@freebsd.org Cc: Michael Tuexen References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= mQENBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAG0JUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT6JATgEEwECACIFAkwB F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+ +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAy5AQ0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAYkBHwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: Date: Thu, 16 Jan 2020 17:30:59 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="wByn78GEMizZ8jVshN98zBqvkVx2Rrdp6" X-Rspamd-Queue-Id: 47z6B72wR2z44y2 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.ru header.s=mail header.b=LHOVPO2Z; dmarc=pass (policy=none) header.from=yandex.ru; spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates 77.88.28.108 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru X-Spamd-Result: default: False [-5.20 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:77.88.0.0/18]; FREEMAIL_FROM(0.00)[yandex.ru]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[yandex.ru:+]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[108.28.88.77.list.dnswl.org : 127.0.5.1]; ASN(0.00)[asn:13238, ipnet:77.88.0.0/18, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[yandex.ru.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; IP_SCORE(0.00)[ip: (-9.75), ipnet: 77.88.0.0/18(-4.80), asn: 13238(-3.81), country: RU(0.01)]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 14:33:20 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --wByn78GEMizZ8jVshN98zBqvkVx2Rrdp6 Content-Type: multipart/mixed; boundary="5xIqNMgNJ6JapmsPLLedZFI5yWBwH6Otj"; protected-headers="v1" From: "Andrey V. Elsukov" To: Eugene Grosbein , Victor Sudakov , freebsd-net@freebsd.org Cc: Michael Tuexen Message-ID: Subject: Re: IPSec transport mode, mtu, fragmentation... References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> In-Reply-To: --5xIqNMgNJ6JapmsPLLedZFI5yWBwH6Otj Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 16.01.2020 17:24, Eugene Grosbein wrote: > 16.01.2020 20:39, Andrey V. Elsukov wrote: >=20 >> I prepared the PoC patch that should fix the problem with TCP and >> transport mode IPsec. But I have not free time currently to properly >> test and debug it. It is only compile-tested. But If you want, you can= >> try :) >> Currently only IPv4 support is implemented. >> >> https://people.freebsd.org/~ae/ipsec_transport_mode_ctlinput.diff >=20 > In fact, I've faced this problem long time ago too and I work around it= with different approaches > like "ipfw tcp-setmss" (MSS adjust) or by using IPSec transport mode > with gif(4) interface removing DF bit out of encapsulated packets. >=20 > I was going to test your patch with my home router but the patch does n= ot apply to stable/11, at all. > Do you have time to adjust it to stable/11 ? I tried apply the patch with `svn patch` and it applies cleanly. The only needed change is moving `#include ipsec_support.h` to the top of file. --=20 WBR, Andrey V. Elsukov --5xIqNMgNJ6JapmsPLLedZFI5yWBwH6Otj-- --wByn78GEMizZ8jVshN98zBqvkVx2Rrdp6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl4gc6QACgkQAcXqBBDI oXonFAgAkfk26mp9Ye/lsxX3r14FPNFlUSyaXlp/+fDtHP2T6S6GK5Cbhv2wvWcO 7SMoojU3WFLo8Wb8FnP0k66yCgZaKGTQqiPE8Z3B3pZJ3Oo8QS1L5wvG8Et+oHdG v9mESz95qN/R/7hZauKLs55qEtQbzdV7lJgZmnGLt7PQglpl79s1GZFb/YRD/sp4 p+wTix3HpjHLNMAgOSUju8NdX6F6R4ZFerSgCqEE1vdehDXaOPReN51alOt1arrx bVFRWIa5DVXJIlkOt+KJwZavB8eSXBwkwUhh6PPPcdq2X3NTyUZaC4btaErU4/hj HfswuYpWyeyRZaVhgaLICpupN1WGig== =b6mn -----END PGP SIGNATURE----- --wByn78GEMizZ8jVshN98zBqvkVx2Rrdp6-- From owner-freebsd-net@freebsd.org Thu Jan 16 14:38:24 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2B8151E9B8B for ; Thu, 16 Jan 2020 14:38:24 +0000 (UTC) (envelope-from agapon@gmail.com) Received: from mail-lf1-f52.google.com (mail-lf1-f52.google.com [209.85.167.52]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47z6Hz2cDtz45G6 for ; Thu, 16 Jan 2020 14:38:23 +0000 (UTC) (envelope-from agapon@gmail.com) Received: by mail-lf1-f52.google.com with SMTP id l18so15673851lfc.1 for ; Thu, 16 Jan 2020 06:38:23 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:openpgp:autocrypt:message-id :date:user-agent:mime-version:content-language :content-transfer-encoding; bh=6Cukd0dkd0IQ+joaUBea8zL3psqS8rR2YBSYAyQkJGo=; b=smQhNtCiVmU4ged/FDNEYCC9YZkMPykau0uaGPuRqRIZ7fPYA7LFOK7SorsVA7wndo Wr3MXEnqEtOn/kB3LR/nRjv5W+VbxY7U6Xz6MVrbnxqO9G31t2yqC8Ee+YUkAyLD0qqG L8yHItPg3c9a3Ze22PsBX4oUtDl5HIHolgNhTmBJNNtqLK5aGkjpzfdyXIRWgmfRvbyJ /BreFmNLTjvwP5ss0HZ68E8mP3rLvRTAi6j8zo3/3xBvVBRDqvp8JsDhwPQAhGzVxy58 u1LI/dnvaXjZiy/nNStAD6dDWymR310TAWkjcLTBS16NbWJlkmU2FUlJ0ihHW4RzJ/7V Px1w== X-Gm-Message-State: APjAAAW+htV68yHY1KaxYn2k3+F8a1+A2tDDki/K4BZYBHRZP0fLwIg/ e5vTOrHHXFaHH5kbx5l5h6jmY1te X-Google-Smtp-Source: APXvYqz5AKg4fSnNnACpEpY120ZL7w13yOkLID0L34o276QYZynHuf0uI9BJDYkrXun5jmkblsIioQ== X-Received: by 2002:a19:ae04:: with SMTP id f4mr2565500lfc.64.1579185501044; Thu, 16 Jan 2020 06:38:21 -0800 (PST) Received: from [192.168.0.88] (east.meadow.volia.net. [93.72.151.96]) by smtp.googlemail.com with ESMTPSA id i197sm10746577lfi.56.2020.01.16.06.38.19 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 16 Jan 2020 06:38:20 -0800 (PST) To: freebsd-net From: Andriy Gapon Subject: iflib: assemble_segments -> rxd_frag_to_sd -> pfil_run_hooks Openpgp: preference=signencrypt Autocrypt: addr=avg@FreeBSD.org; prefer-encrypt=mutual; keydata= mQINBFm4LIgBEADNB/3lT7f15UKeQ52xCFQx/GqHkSxEdVyLFZTmY3KyNPQGBtyvVyBfprJ7 mAeXZWfhat6cKNRAGZcL5EmewdQuUfQfBdYmKjbw3a9GFDsDNuhDA2QwFt8BmkiVMRYyvI7l N0eVzszWCUgdc3qqM6qqcgBaqsVmJluwpvwp4ZBXmch5BgDDDb1MPO8AZ2QZfIQmplkj8Y6Z AiNMknkmgaekIINSJX8IzRzKD5WwMsin70psE8dpL/iBsA2cpJGzWMObVTtCxeDKlBCNqM1i gTXta1ukdUT7JgLEFZk9ceYQQMJJtUwzWu1UHfZn0Fs29HTqawfWPSZVbulbrnu5q55R4PlQ /xURkWQUTyDpqUvb4JK371zhepXiXDwrrpnyyZABm3SFLkk2bHlheeKU6Yql4pcmSVym1AS4 dV8y0oHAfdlSCF6tpOPf2+K9nW1CFA8b/tw4oJBTtfZ1kxXOMdyZU5fiG7xb1qDgpQKgHUX8 7Rd2T1UVLVeuhYlXNw2F+a2ucY+cMoqz3LtpksUiBppJhw099gEXehcN2JbUZ2TueJdt1FdS ztnZmsHUXLxrRBtGwqnFL7GSd6snpGIKuuL305iaOGODbb9c7ne1JqBbkw1wh8ci6vvwGlzx rexzimRaBzJxlkjNfMx8WpCvYebGMydNoeEtkWldtjTNVsUAtQARAQABtB5BbmRyaXkgR2Fw b24gPGF2Z0BGcmVlQlNELm9yZz6JAlQEEwEIAD4WIQS+LEO7ngQnXA4Bjr538m7TUc1yjwUC WbgsiAIbIwUJBaOagAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRB38m7TUc1yj+JAEACV l9AK/nOWAt/9cufV2fRj0hdOqB1aCshtSrwHk/exXsDa4/FkmegxXQGY+3GWX3deIyesbVRL rYdtdK0dqJyT1SBqXK1h3/at9rxr9GQA6KWOxTjUFURsU7ok/6SIlm8uLRPNKO+yq0GDjgaO LzN+xykuBA0FlhQAXJnpZLcVfPJdWv7sSHGedL5ln8P8rxR+XnmsA5TUaaPcbhTB+mG+iKFj GghASDSfGqLWFPBlX/fpXikBDZ1gvOr8nyMY9nXhgfXpq3B6QCRYKPy58ChrZ5weeJZ29b7/ QdEO8NFNWHjSD9meiLdWQaqo9Y7uUxN3wySc/YUZxtS0bhAd8zJdNPsJYG8sXgKjeBQMVGuT eCAJFEYJqbwWvIXMfVWop4+O4xB+z2YE3jAbG/9tB/GSnQdVSj3G8MS80iLS58frnt+RSEw/ psahrfh0dh6SFHttE049xYiC+cM8J27Aaf0i9RflyITq57NuJm+AHJoU9SQUkIF0nc6lfA+o JRiyRlHZHKoRQkIg4aiKaZSWjQYRl5Txl0IZUP1dSWMX4s3XTMurC/pnja45dge/4ESOtJ9R 8XuIWg45Oq6MeIWdjKddGhRj3OohsltKgkEU3eLKYtB6qRTQypHHUawCXz88uYt5e3w4V16H lCpSTZV/EVHnNe45FVBlvK7k7HFfDDkryLkCDQRZuCyIARAAlq0slcsVboY/+IUJdcbEiJRW be9HKVz4SUchq0z9MZPX/0dcnvz/gkyYA+OuM78dNS7Mbby5dTvOqfpLJfCuhaNYOhlE0wY+ 1T6Tf1f4c/uA3U/YiadukQ3+6TJuYGAdRZD5EqYFIkreARTVWg87N9g0fT9BEqLw9lJtEGDY EWUE7L++B8o4uu3LQFEYxcrb4K/WKmgtmFcm77s0IKDrfcX4doV92QTIpLiRxcOmCC/OCYuO jB1oaaqXQzZrCutXRK0L5XN1Y1PYjIrEzHMIXmCDlLYnpFkK+itlXwlE2ZQxkfMruCWdQXye syl2fynAe8hvp7Mms9qU2r2K9EcJiR5N1t1C2/kTKNUhcRv7Yd/vwusK7BqJbhlng5ZgRx0m WxdntU/JLEntz3QBsBsWM9Y9wf2V4tLv6/DuDBta781RsCB/UrU2zNuOEkSixlUiHxw1dccI 6CVlaWkkJBxmHX22GdDFrcjvwMNIbbyfQLuBq6IOh8nvu9vuItup7qemDG3Ms6TVwA7BD3j+ 3fGprtyW8Fd/RR2bW2+LWkMrqHffAr6Y6V3h5kd2G9Q8ZWpEJk+LG6Mk3fhZhmCnHhDu6CwN MeUvxXDVO+fqc3JjFm5OxhmfVeJKrbCEUJyM8ESWLoNHLqjywdZga4Q7P12g8DUQ1mRxYg/L HgZY3zfKOqcAEQEAAYkCPAQYAQgAJhYhBL4sQ7ueBCdcDgGOvnfybtNRzXKPBQJZuCyIAhsM BQkFo5qAAAoJEHfybtNRzXKPBVwQAKfFy9P7N3OsLDMB56A4Kf+ZT+d5cIx0Yiaf4n6w7m3i ImHHHk9FIetI4Xe54a2IXh4Bq5UkAGY0667eIs+Z1Ea6I2i27Sdo7DxGwq09Qnm/Y65ADvXs 3aBvokCcm7FsM1wky395m8xUos1681oV5oxgqeRI8/76qy0hD9WR65UW+HQgZRIcIjSel9vR XDaD2HLGPTTGr7u4v00UeTMs6qvPsa2PJagogrKY8RXdFtXvweQFz78NbXhluwix2Tb9ETPk LIpDrtzV73CaE2aqBG/KrboXT2C67BgFtnk7T7Y7iKq4/XvEdDWscz2wws91BOXuMMd4c/c4 OmGW9m3RBLufFrOag1q5yUS9QbFfyqL6dftJP3Zq/xe+mr7sbWbhPVCQFrH3r26mpmy841ym dwQnNcsbIGiBASBSKksOvIDYKa2Wy8htPmWFTEOPRpFXdGQ27awcjjnB42nngyCK5ukZDHi6 w0qK5DNQQCkiweevCIC6wc3p67jl1EMFY5+z+zdTPb3h7LeVnGqW0qBQl99vVFgzLxchKcl0 R/paSFgwqXCZhAKMuUHncJuynDOP7z5LirUeFI8qsBAJi1rXpQoLJTVcW72swZ42IdPiboqx NbTMiNOiE36GqMcTPfKylCbF45JNX4nF9ElM0E+Y8gi4cizJYBRr2FBJgay0b9Cp Message-ID: <65fd52e7-0c1c-82af-2c88-cd739c857a91@FreeBSD.org> Date: Thu, 16 Jan 2020 16:38:19 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Firefox/60.0 Thunderbird/60.9.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47z6Hz2cDtz45G6 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of agapon@gmail.com designates 209.85.167.52 as permitted sender) smtp.mailfrom=agapon@gmail.com X-Spamd-Result: default: False [-3.08 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; DMARC_NA(0.00)[FreeBSD.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; MIME_TRACE(0.00)[0:+]; TO_DN_ALL(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[52.167.85.209.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; IP_SCORE(-1.08)[ip: (-0.46), ipnet: 209.85.128.0/17(-3.08), asn: 15169(-1.83), country: US(-0.05)]; FORGED_SENDER(0.30)[avg@FreeBSD.org,agapon@gmail.com]; RECEIVED_SPAMHAUS_PBL(0.00)[96.151.72.93.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[avg@FreeBSD.org,agapon@gmail.com]; MID_RHS_MATCH_FROM(0.00)[]; TO_DOM_EQ_FROM_DOM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 14:38:24 -0000 Something that confuses me in the iflib code. I see that assemble_segments() repeatedly calls rxd_frag_to_sd() until all fragments / segments of a packet are processee. rxd_frag_to_sd() can call pfil_run_hooks() for each fragment: if (rxq->pfil != NULL && PFIL_HOOKED_IN(rxq->pfil) && pf_rv != NULL) { payload = *sd->ifsd_cl; payload += ri->iri_pad; len = ri->iri_len - ri->iri_pad; *pf_rv = pfil_run_hooks(rxq->pfil, payload, ri->iri_ifp, len | PFIL_MEMPTR | PFIL_IN, NULL); What confuses it is how the hooks can understand whether they are looking at the first fragment or the N-th. As far as I can see, the hooks get only the raw data and its length. So, isn't it possible that a hook can misinterpret some arbitrary data in N-th fragment as, e.g., some header field that is expected to be only in the first fragment? I could be missing something obvious here as I've never dealt with iflib until recently and never with pfil code at all. Thanks! P.S. Also, there is an else clause for the above if: } else { fl->ifl_sds.ifsd_m[cidx] = NULL; *pf_rv = PFIL_PASS; } If pf_rv can be NULL, shouldn't that be checked in this branch as well? -- Andriy Gapon From owner-freebsd-net@freebsd.org Thu Jan 16 15:53:16 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BE9B91ED123 for ; Thu, 16 Jan 2020 15:53:16 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47z7yM4855z4CRc; Thu, 16 Jan 2020 15:53:15 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=zldqQgl1DrvBc1DwfFVATHMQJOToH+gebOZdxxTM5OY=; b=STnxZxh7mZ6/I+zUiR34BGOABb 8eEwPQtjoZIHj5pMaFUTXq+2ipZyXMOtFz9LgQ5L8VFsX3YitlDfwofGIZAK/jGRkPaUq2Ti+N6P+ 4xjUQywSvPE4XnTBpHHxCi0BemNOqgf8wucFpVmB72bDPFLr1deNfGF26T91uNoF3gD0=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1is7SD-0000Fk-Fq; Thu, 16 Jan 2020 22:53:05 +0700 Date: Thu, 16 Jan 2020 22:53:05 +0700 From: Victor Sudakov To: Eugene Grosbein Cc: "Andrey V. Elsukov" , freebsd-net@freebsd.org, Michael Tuexen Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <20200116155305.GA465@admin.sibptus.ru> References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VbJkn9YxBvnuCH5J" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 47z7yM4855z4CRc X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=STnxZxh7; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.41 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; IP_SCORE(-3.31)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.68), country: US(-0.05)]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; FREEMAIL_CC(0.00)[yandex.ru]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 15:53:16 -0000 --VbJkn9YxBvnuCH5J Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Eugene Grosbein wrote: >=20 > > I prepared the PoC patch that should fix the problem with TCP and > > transport mode IPsec. But I have not free time currently to properly > > test and debug it. It is only compile-tested. But If you want, you can > > try :) > > Currently only IPv4 support is implemented. > >=20 > > https://people.freebsd.org/~ae/ipsec_transport_mode_ctlinput.diff >=20 > In fact, I've faced this problem long time ago too and I work around it w= ith different approaches > like "ipfw tcp-setmss" (MSS adjust) or by using IPSec transport mode > with gif(4) interface removing DF bit out of encapsulated packets. >=20 > I was going to test your patch with my home router but the patch does not= apply to stable/11, at all. > Do you have time to adjust it to stable/11 ? What beats me is that I cannot reproduce this problem in bhyve. In this packet dump: http://admin.sibptus.ru/~vas/ipsec1.pcap.gz I'm scp-ing a 50M file from 192.168.246.10 (bhyve guest) to 192.168.246.1 (bhyve host), and I see no fragments, and the largets packet is 1466 bytes, and the scp never stalls nor fails. Why is it NOT broken this time? Both hosts are 12.1-RELEASE-p1. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --VbJkn9YxBvnuCH5J Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeIIbhAAoJEA2k8lmbXsY0AkkH/389HQVIP9uikJV3TMCeijtD 2+VALcn04wYpzJVReFIEYIdcE2hmxa+EusRdVA3pOFFSixWr/xmsH0+OeHvpZIlU ZxDqNccij/4d4RApuN1lR73wZTfJmIQPA4EPD6AHKLPlzYstGfUyDHJ/cVrIgVwD hMkWtyULpg/DzAbZ0E3asKY+o0dfgeLiPst/qNkLKo4C+o3zy8b2g/hOtH80+q+7 gsZNqSjqoBg9Qn8IG+7H5UcgbYjySR6jSHQMTrNenIyIKe5jn0VcESMJqsw4eWd0 qnNBCdQF5tbSENZzM+AaI2PCeww8HqF1P71J9ozOiSwzwhWLFH9W2m8sTzwC6ow= =EbVp -----END PGP SIGNATURE----- --VbJkn9YxBvnuCH5J-- From owner-freebsd-net@freebsd.org Thu Jan 16 15:58:03 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 065531ED2BE for ; Thu, 16 Jan 2020 15:58:03 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47z83s6ktjz4Cf4; Thu, 16 Jan 2020 15:58:01 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 00GFvsIm027182 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 16 Jan 2020 15:57:55 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: vas@sibptus.ru Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id 00GFvqlO032670 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 16 Jan 2020 22:57:52 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: IPSec transport mode, mtu, fragmentation... To: Victor Sudakov References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <20200116155305.GA465@admin.sibptus.ru> Cc: freebsd-net@freebsd.org, "Andrey V. Elsukov" , Michael Tuexen From: Eugene Grosbein Message-ID: <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> Date: Thu, 16 Jan 2020 22:57:47 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20200116155305.GA465@admin.sibptus.ru> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.0 SPF_PASS SPF: sender matches SPF record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 47z83s6ktjz4Cf4 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-3.86 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(-1.76)[ip: (-4.79), ipnet: 2a01:4f8::/29(-2.48), asn: 24940(-1.51), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 15:58:03 -0000 16.01.2020 22:53, Victor Sudakov wrote: > What beats me is that I cannot reproduce this problem in bhyve. In this > packet dump: http://admin.sibptus.ru/~vas/ipsec1.pcap.gz I'm scp-ing a > 50M file from 192.168.246.10 (bhyve guest) to 192.168.246.1 (bhyve > host), and I see no fragments, and the largets packet is 1466 bytes, and > the scp never stalls nor fails. > > Why is it NOT broken this time? > > Both hosts are 12.1-RELEASE-p1. I could not reproduce the problem with unpatched recent stable/11, either :-) From owner-freebsd-net@freebsd.org Thu Jan 16 16:07:48 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 13CA21ED955 for ; Thu, 16 Jan 2020 16:07:48 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47z8H700hvz4DXn; Thu, 16 Jan 2020 16:07:46 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=QUHR8sTewZno43rtz5dolTb6nH60Kl4RAuPlv0yuZVE=; b=ZGzCfP39r+A15LDiZZZmQrYfZ+ 0ZKFufRHWUkWKe2j4S0GUBQra4OKqHhEa0yThWKM6UYCqVLb6leyBScWJEkCT8quxaQoEU3JAh9g0 ILBa1XmZKiJj+iQJ1ZaSIHhDXAJn8k1DnkKGYGfmEMIlokZmWtIvX6FFpNPx6BiDHq9o=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1is7gP-0000Q0-At; Thu, 16 Jan 2020 23:07:45 +0700 Date: Thu, 16 Jan 2020 23:07:45 +0700 From: Victor Sudakov To: Eugene Grosbein Cc: freebsd-net@freebsd.org, "Andrey V. Elsukov" , Michael Tuexen Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <20200116160745.GA1356@admin.sibptus.ru> References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="82I3+IH0IqGh5yIs" Content-Disposition: inline In-Reply-To: <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 47z8H700hvz4DXn X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=ZGzCfP39; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.41 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+mx:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; IP_SCORE(-3.31)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.69), country: US(-0.05)]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 16:07:48 -0000 --82I3+IH0IqGh5yIs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Eugene Grosbein wrote: >=20 > > What beats me is that I cannot reproduce this problem in bhyve. In this > > packet dump: http://admin.sibptus.ru/~vas/ipsec1.pcap.gz I'm scp-ing a > > 50M file from 192.168.246.10 (bhyve guest) to 192.168.246.1 (bhyve > > host), and I see no fragments, and the largets packet is 1466 bytes, and > > the scp never stalls nor fails. > >=20 > > Why is it NOT broken this time? > >=20 > > Both hosts are 12.1-RELEASE-p1. >=20 > I could not reproduce the problem with unpatched recent stable/11, either= :-) Is there a way to view the MSS in the TCP segments before encryption or after decryption? I want to compare them in situations with IPSec enabled and disabled. I've never been able to see anything in "tcpdump -i enc0", probably it cannot do transport mode IPSec because the man page talks about "outer and inner header." --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --82I3+IH0IqGh5yIs Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeIIpRAAoJEA2k8lmbXsY04SwIAKsORwXhKl8DLH9MpRduWbyt 032Y5dxP+yMedCWQGJDSVg907WyGXJ3Gs8FsnGf1TPQfprNn9S+IpC9KjH1QwaB9 njC3Cie7mIRIosM5RUymgRtV4AIQqB2t1ifIv54ogkeukNyXYIk+Hrrm7L4+jtDu NncKCpa9dgwaM/gNroSsLSdszVnXFbp4YS3qBSUqv1jVEnjqDw4kKpRs4cA0wZv2 cCqSViGU2D9W3s8u/ueXntDuivTNXGVLENf604hvQCIxfUuavcuE7MDEPO1ffISY CCn7EKsEWjXp5iYNq5uggQ7bN+I4ZC9mmxULXtZtI2A17WJou26jnqDGE945Vrw= =xff3 -----END PGP SIGNATURE----- --82I3+IH0IqGh5yIs-- From owner-freebsd-net@freebsd.org Thu Jan 16 16:35:18 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6A5501EE5C0 for ; Thu, 16 Jan 2020 16:35:18 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47z8tr6qHfz4G0W; Thu, 16 Jan 2020 16:35:16 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 00GGZ5ZS027618 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 16 Jan 2020 16:35:06 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: vas@sibptus.ru Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id 00GGZ2LA033141 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 16 Jan 2020 23:35:02 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: IPSec transport mode, mtu, fragmentation... To: Victor Sudakov References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> Cc: freebsd-net@freebsd.org, "Andrey V. Elsukov" , Michael Tuexen From: Eugene Grosbein Message-ID: <72355e03-1cf8-c58f-3aec-b0a21e631870@grosbein.net> Date: Thu, 16 Jan 2020 23:34:56 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20200116160745.GA1356@admin.sibptus.ru> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.0 SPF_PASS SPF: sender matches SPF record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 47z8tr6qHfz4G0W X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-3.86 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(-1.76)[ip: (-4.80), ipnet: 2a01:4f8::/29(-2.48), asn: 24940(-1.51), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 16:35:18 -0000 16.01.2020 23:07, Victor Sudakov wrote: >>> What beats me is that I cannot reproduce this problem in bhyve. In this >>> packet dump: http://admin.sibptus.ru/~vas/ipsec1.pcap.gz I'm scp-ing a >>> 50M file from 192.168.246.10 (bhyve guest) to 192.168.246.1 (bhyve >>> host), and I see no fragments, and the largets packet is 1466 bytes, and >>> the scp never stalls nor fails. >>> >>> Why is it NOT broken this time? >>> >>> Both hosts are 12.1-RELEASE-p1. >> >> I could not reproduce the problem with unpatched recent stable/11, either :-) > > Is there a way to view the MSS in the TCP segments before encryption or > after decryption? I want to compare them in situations with IPSec > enabled and disabled. > > I've never been able to see anything in "tcpdump -i enc0", probably it > cannot do transport mode IPSec because the man page talks about "outer > and inner header." enc0 does what you need but before you use it, remember: 1) before starting, you better change sysctls to: net.enc.in.ipsec_filter_mask=0 net.enc.out.ipsec_filter_mask=0 so using enc0 does not pass packets over netpfilter rules extra time; 2) don't forget: ifconfig enc0 up 3) tcpdump has no means to filter by inner attributes in case of tunnel mode; it still shows decoded IPSec transport mode packets correctly. From owner-freebsd-net@freebsd.org Thu Jan 16 16:39:17 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 903A11EE83A for ; Thu, 16 Jan 2020 16:39:17 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward100j.mail.yandex.net (forward100j.mail.yandex.net [IPv6:2a02:6b8:0:801:2::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47z8zS0fQJz4GFq; Thu, 16 Jan 2020 16:39:15 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback15g.mail.yandex.net (mxback15g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:94]) by forward100j.mail.yandex.net (Yandex) with ESMTP id 3898450E0758; Thu, 16 Jan 2020 19:39:12 +0300 (MSK) Received: from myt4-ee976ce519ac.qloud-c.yandex.net (myt4-ee976ce519ac.qloud-c.yandex.net [2a02:6b8:c00:1da4:0:640:ee97:6ce5]) by mxback15g.mail.yandex.net (mxback/Yandex) with ESMTP id mKMJ4OLYFj-dC0CNSF0; Thu, 16 Jan 2020 19:39:12 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1579192752; bh=U3C4pPoCBMDKTfF0RueJpKBUB7RGJUdI8EAwiy76xNQ=; h=In-Reply-To:From:To:Subject:Cc:Date:References:Message-ID; b=nm2xOHyJjrY7mAH5D09TpfN+1q/iuk+4tsmXO7+H4x01ajxOF7+RpGqjgZyKdly5w Ir1wLdPnbmBsT4s3cYYMihxs3fG/LbUNiyR/ry04slH9EgiyGCuOPPrjouxbbtkTzb oW6YL8JFRnIDGgLp49q6mY3uxLFtLzrUghyfzEu0= Received: by myt4-ee976ce519ac.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id NNkRR0jPRe-dBUmMEpN; Thu, 16 Jan 2020 19:39:11 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) Subject: Re: IPSec transport mode, mtu, fragmentation... To: Victor Sudakov , Eugene Grosbein Cc: freebsd-net@freebsd.org, Michael Tuexen References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= mQENBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAG0JUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT6JATgEEwECACIFAkwB F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+ +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAy5AQ0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAYkBHwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <97b07801-da80-0665-aaa9-57184a52ce0f@yandex.ru> Date: Thu, 16 Jan 2020 19:36:51 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20200116160745.GA1356@admin.sibptus.ru> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="z7OlqF60UnZ6RtaY6Sq9DYDWzQRdoDSQQ" X-Rspamd-Queue-Id: 47z8zS0fQJz4GFq X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.ru header.s=mail header.b=nm2xOHyJ; dmarc=pass (policy=none) header.from=yandex.ru; spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates 2a02:6b8:0:801:2::100 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru X-Spamd-Result: default: False [-5.10 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[yandex.ru]; R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0::/52]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[yandex.ru:+]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-8.70), ipnet: 2a02:6b8::/32(-4.72), asn: 13238(-3.81), country: RU(0.01)]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[yandex.ru.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; RCVD_TLS_LAST(0.00)[]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[0.0.1.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.8.0.0.0.0.0.8.b.6.0.2.0.a.2.list.dnswl.org : 127.0.5.0] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 16:39:17 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --z7OlqF60UnZ6RtaY6Sq9DYDWzQRdoDSQQ Content-Type: multipart/mixed; boundary="QTouuRJEBBnaSeob6V7UsC1dhstCu13ya"; protected-headers="v1" From: "Andrey V. Elsukov" To: Victor Sudakov , Eugene Grosbein Cc: freebsd-net@freebsd.org, Michael Tuexen Message-ID: <97b07801-da80-0665-aaa9-57184a52ce0f@yandex.ru> Subject: Re: IPSec transport mode, mtu, fragmentation... References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> In-Reply-To: <20200116160745.GA1356@admin.sibptus.ru> --QTouuRJEBBnaSeob6V7UsC1dhstCu13ya Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 16.01.2020 19:07, Victor Sudakov wrote: > Eugene Grosbein wrote: >> >>> What beats me is that I cannot reproduce this problem in bhyve. In th= is >>> packet dump: http://admin.sibptus.ru/~vas/ipsec1.pcap.gz I'm scp-ing = a >>> 50M file from 192.168.246.10 (bhyve guest) to 192.168.246.1 (bhyve >>> host), and I see no fragments, and the largets packet is 1466 bytes, = and >>> the scp never stalls nor fails. >>> >>> Why is it NOT broken this time? >>> >>> Both hosts are 12.1-RELEASE-p1. >> >> I could not reproduce the problem with unpatched recent stable/11, eit= her :-) >=20 > Is there a way to view the MSS in the TCP segments before encryption or= > after decryption? I want to compare them in situations with IPSec > enabled and disabled. >=20 > I've never been able to see anything in "tcpdump -i enc0", probably it > cannot do transport mode IPSec because the man page talks about "outer > and inner header." For transport mode inner and outer headers will be the same. I guess the problem can be reproduced in the lab using the following conf= ig: [Host A] <--> [Router] <--> [Host B] IPsec should be configured between hosts A and B. Then you need to reduce MTU on the router. This should lead to ICMP NEEDFRAG messages from the router, and then host should correctly handle them. --=20 WBR, Andrey V. Elsukov --QTouuRJEBBnaSeob6V7UsC1dhstCu13ya-- --z7OlqF60UnZ6RtaY6Sq9DYDWzQRdoDSQQ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl4gkSMACgkQAcXqBBDI oXoFCwf/QhJkuf+DeK4lo6sTpaC+MPJwbSrxjzje5JlR3olYkF7rZPfq7heSbNol 6zHXB/gyk+NneppXuqcUmGloBlLZX+1rgPcZfh5re9sQmavQrB5gF9PNQpEe+A/2 TvgMGE05uLsfXmGRYNQqXXoSsYzbiLFYugtNzofG4FRhB3PT93vef2zcpBNZ2XO+ G67zqT1TuqAYuJOZ27Pchaz2lBMKchybe1WALniPTi7wM2voSwXWxPBViwfz0pPr 6NiBdghgM5EcrT/YjS9v0Ovbfi9A6jx5+u7/gE2B93VpgJHVJoL8eDb1rH4lG0T3 iuJmH4lFcn5jv2KGMZXsV9h+O7Dceg== =L09n -----END PGP SIGNATURE----- --z7OlqF60UnZ6RtaY6Sq9DYDWzQRdoDSQQ-- From owner-freebsd-net@freebsd.org Thu Jan 16 18:00:17 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E9EA41F0909 for ; Thu, 16 Jan 2020 18:00:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47zBmx60nXz4Msg for ; Thu, 16 Jan 2020 18:00:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id CC4EC1F0908; Thu, 16 Jan 2020 18:00:17 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CAF9F1F0907 for ; Thu, 16 Jan 2020 18:00:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47zBmx4tHDz4Msd for ; Thu, 16 Jan 2020 18:00:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A2B9F23648 for ; Thu, 16 Jan 2020 18:00:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00GI0Hx4016741 for ; Thu, 16 Jan 2020 18:00:17 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00GI0HD2016740 for net@FreeBSD.org; Thu, 16 Jan 2020 18:00:17 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 243392] vmx driver input buffer corruption Date: Thu, 16 Jan 2020 18:00:17 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: avg@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 18:00:18 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243392 Andriy Gapon changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pkelsey@freebsd.org Assignee|bugs@FreeBSD.org |net@FreeBSD.org --- Comment #1 from Andriy Gapon --- I am seeing a somewhat similar problem. When scp-ing a large file from a hardware host to a VM with vmxnet3 interfa= ce, I see that the copy starts very fast at first, but then it stalls for many seconds and then suddenly it becomes fast again and the copy completes. If a file is very large, then the stall+recovery can happen a few times bef= ore the copy is complete. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Jan 16 19:22:31 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 93C1A1F28D7 for ; Thu, 16 Jan 2020 19:22:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47zDbq3TVyz4Snm for ; Thu, 16 Jan 2020 19:22:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 775C31F28D6; Thu, 16 Jan 2020 19:22:31 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 772231F28D5 for ; Thu, 16 Jan 2020 19:22:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47zDbq2dcRz4Snk for ; Thu, 16 Jan 2020 19:22:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 55F42246C7 for ; Thu, 16 Jan 2020 19:22:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00GJMVae001806 for ; Thu, 16 Jan 2020 19:22:31 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00GJMVOC001771 for net@FreeBSD.org; Thu, 16 Jan 2020 19:22:31 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 243392] vmx driver input buffer corruption Date: Thu, 16 Jan 2020 19:22:30 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: pkelsey@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 19:22:31 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243392 --- Comment #2 from Patrick Kelsey --- Have you tried running an image with this patch in place: https://svnweb.freebsd.org/base?view=3Drevision&revision=3D356703? If you do not have that patch, you should try to see if you can reproduce y= our issue without TSO enabled, specifically without a TSO packet ever attempted= to be sent (for example by ensuring TSO is disabled for that interface in /etc/rc.conf). Without the above patch in place, and TSO enabled, it may be possible (that is, has not been ruled out) for the state of the virtual dev= ice to become corrupted via the sending of TSO packets, so disabling TSO on the interface later might not make a difference. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Jan 16 19:23:59 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 897D01F29F3 for ; Thu, 16 Jan 2020 19:23:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47zDdW36GJz4SvP for ; Thu, 16 Jan 2020 19:23:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 6AAAE1F29F2; Thu, 16 Jan 2020 19:23:59 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6A7191F29F1 for ; Thu, 16 Jan 2020 19:23:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47zDdW2Ff8z4SvN for ; Thu, 16 Jan 2020 19:23:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 48C60246CC for ; Thu, 16 Jan 2020 19:23:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00GJNx3W092472 for ; Thu, 16 Jan 2020 19:23:59 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00GJNxae092470 for net@FreeBSD.org; Thu, 16 Jan 2020 19:23:59 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 243392] vmx driver input buffer corruption Date: Thu, 16 Jan 2020 19:23:59 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: pkelsey@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 19:23:59 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243392 --- Comment #3 from Patrick Kelsey --- (In reply to Patrick Kelsey from comment #2) Ah, sorry, just saw that you stated you are running with that patch in plac= e. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Jan 16 23:31:39 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EB04A1F9B0D for ; Thu, 16 Jan 2020 23:31:39 +0000 (UTC) (envelope-from eric@vangyzen.net) Received: from smtp.vangyzen.net (hotblack.vangyzen.net [IPv6:2607:fc50:1000:7400:216:3eff:fe72:314f]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47zL7H1FJ5z3HPj; Thu, 16 Jan 2020 23:31:38 +0000 (UTC) (envelope-from eric@vangyzen.net) Received: from disco.vangyzen.net (unknown [70.97.188.230]) by smtp.vangyzen.net (Postfix) with ESMTPSA id 883235648D; Thu, 16 Jan 2020 17:31:32 -0600 (CST) To: davidcs@FreeBSD.org, freebsd-net@freebsd.org From: Eric van Gyzen Subject: Strange logic in r336438 Message-ID: Date: Thu, 16 Jan 2020 17:31:27 -0600 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47zL7H1FJ5z3HPj X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of eric@vangyzen.net designates 2607:fc50:1000:7400:216:3eff:fe72:314f as permitted sender) smtp.mailfrom=eric@vangyzen.net X-Spamd-Result: default: False [-5.33 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[vangyzen.net]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE(-3.03)[ip: (-7.33), ipnet: 2607:fc50:1000::/36(-3.92), asn: 36236(-3.83), country: US(-0.05)]; RCPT_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:36236, ipnet:2607:fc50:1000::/36, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2020 23:31:40 -0000 I was just reviewing r336438: https://svnweb.freebsd.org/base?view=revision&revision=336438 In bxe_interrupt_detach(), the nested loops over sc->num_queues don't look right. We drain the taskqueues for queue 0, but then free the taskqueues for queues 1-N without draining them. Should the second loop come _after_ the first loop, instead of _in_ it? Eric From owner-freebsd-net@freebsd.org Fri Jan 17 09:36:49 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 02D11228867 for ; Fri, 17 Jan 2020 09:36:49 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47zbYX0Yhbz4HP7; Fri, 17 Jan 2020 09:36:47 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=s7zjizpx1IDCt9wWx9rtEVLTkL4XrWP7Ci9lMzakVJE=; b=gB1yvi0AprdfmlbniQGqnDlwXE hrWOlr90/+Pjl8b/P9X2w0PV5WYh89Bx9EeUCtRC/offonsBWUuh4Yg8OmMnVolCMoIQyGVlj3V1O NfGPASLl/JlTTjDx2tL6DbB1CFadgKv/G5fbXrELL0mMww9AUtWXq9d5Xv8vMS4jCJy8=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1isO3Z-000E3S-6o; Fri, 17 Jan 2020 16:36:45 +0700 Date: Fri, 17 Jan 2020 16:36:45 +0700 From: Victor Sudakov To: Eugene Grosbein Cc: freebsd-net@freebsd.org, "Andrey V. Elsukov" , Michael Tuexen Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <20200117093645.GA51899@admin.sibptus.ru> References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <72355e03-1cf8-c58f-3aec-b0a21e631870@grosbein.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="d6Gm4EdcadzBjdND" Content-Disposition: inline In-Reply-To: <72355e03-1cf8-c58f-3aec-b0a21e631870@grosbein.net> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 47zbYX0Yhbz4HP7 X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=gB1yvi0A; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.41 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; IP_SCORE(-3.31)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.69), country: US(-0.05)]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jan 2020 09:36:49 -0000 --d6Gm4EdcadzBjdND Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Eugene Grosbein wrote: >=20 > >>> What beats me is that I cannot reproduce this problem in bhyve. In th= is > >>> packet dump: http://admin.sibptus.ru/~vas/ipsec1.pcap.gz I'm scp-ing a > >>> 50M file from 192.168.246.10 (bhyve guest) to 192.168.246.1 (bhyve > >>> host), and I see no fragments, and the largets packet is 1466 bytes, = and > >>> the scp never stalls nor fails. > >>> > >>> Why is it NOT broken this time? > >>> > >>> Both hosts are 12.1-RELEASE-p1. > >> > >> I could not reproduce the problem with unpatched recent stable/11, eit= her :-) > >=20 > > Is there a way to view the MSS in the TCP segments before encryption or > > after decryption? I want to compare them in situations with IPSec > > enabled and disabled. > >=20 > > I've never been able to see anything in "tcpdump -i enc0", probably it > > cannot do transport mode IPSec because the man page talks about "outer > > and inner header." >=20 > enc0 does what you need but before you use it, remember: >=20 > 1) before starting, you better change sysctls to: >=20 > net.enc.in.ipsec_filter_mask=3D0 > net.enc.out.ipsec_filter_mask=3D0 >=20 > so using enc0 does not pass packets over netpfilter rules extra time; >=20 > 2) don't forget: ifconfig enc0 up Perhaps I was forgetting some of those steps previously, because this time I got the desired traffic from enc0.=20 >=20 > 3) tcpdump has no means to filter by inner attributes in case of tunnel m= ode; > it still shows decoded IPSec transport mode packets correctly. Most importantly, Wireshark recognizes it as "Encapsulation type: OpenBSD enc(4) encapsulating interface" and shows the contents correctly. Back to the point. I've figured out that both encrypted (in transport mode) and unencrypted TCP segments have the same MSS=3D1460. Then I'm completely at a loss how the encrypted packets avoid being fragmented. TCP has no way to know in advance that encryption overhead will be added. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --d6Gm4EdcadzBjdND Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeIYAtAAoJEA2k8lmbXsY0/YUIAJlPiqAcUg7lzK50R2m20g+u nNTC+XBgaC56YkYWZtQXxLTNrZPbgXsUHdJXPiUnqQM6lWTWZ0nTdpy7PC9H0PgZ ZmeoXHzh+oKqT+Y5mWwylisGoqFetExkpE2prGp8u73y36N4VTJU4PSRBl0hAkz+ 4dG4xuNz8ZDql7QnPiEQZe5KY9BNC73Wl/2bZw19XfMdKMJ8rEHrUbA66skKVXxi 1xQeRjXiZpv38UwWc1UZ4AkYlNpkuLCXukEKkJFnF+7NtKE9hOIOqW2can07W0yY k6LbY62azEgrJEpa7E+mAChotX+Z2h3r4VNUV2u7za8WjfP2uFBmugxxRbvymSM= =LK9w -----END PGP SIGNATURE----- --d6Gm4EdcadzBjdND-- From owner-freebsd-net@freebsd.org Fri Jan 17 09:46:16 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 94A16228DBA for ; Fri, 17 Jan 2020 09:46:16 +0000 (UTC) (envelope-from hps@selasky.org) Received: from mail.turbocat.net (turbocat.net [IPv6:2a01:4f8:c17:6c4b::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47zbmR5Yjqz4JBy; Fri, 17 Jan 2020 09:46:15 +0000 (UTC) (envelope-from hps@selasky.org) Received: from hps2020.home.selasky.org (unknown [62.141.129.235]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by mail.turbocat.net (Postfix) with ESMTPSA id 101F026033F; Fri, 17 Jan 2020 10:46:13 +0100 (CET) Subject: Re: Strange logic in r336438 To: Eric van Gyzen , davidcs@FreeBSD.org, freebsd-net@freebsd.org References: From: Hans Petter Selasky Message-ID: Date: Fri, 17 Jan 2020 10:46:01 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 47zbmR5Yjqz4JBy X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of hps@selasky.org designates 2a01:4f8:c17:6c4b::2 as permitted sender) smtp.mailfrom=hps@selasky.org X-Spamd-Result: default: False [-4.94 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+a:mail.turbocat.net:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[selasky.org]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_SCORE(-2.65)[ip: (-9.21), ipnet: 2a01:4f8::/29(-2.48), asn: 24940(-1.52), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jan 2020 09:46:16 -0000 On 2020-01-17 00:31, Eric van Gyzen wrote: > I was just reviewing r336438: > > https://svnweb.freebsd.org/base?view=revision&revision=336438 > > In bxe_interrupt_detach(), the nested loops over sc->num_queues don't > look right.  We drain the taskqueues for queue 0, but then free the > taskqueues for queues 1-N without draining them.  Should the second loop > come _after_ the first loop, instead of _in_ it? > Hi, taskqueue_free() will do some kind of last minute draining, if you look at the implementation. However if you want to ensure all tasks are completed, taskqueue_drain() before free() is preferred. --HPS From owner-freebsd-net@freebsd.org Fri Jan 17 09:51:33 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 58BF6228F5B for ; Fri, 17 Jan 2020 09:51:33 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward100j.mail.yandex.net (forward100j.mail.yandex.net [IPv6:2a02:6b8:0:801:2::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47zbtW5xMcz4JWs; Fri, 17 Jan 2020 09:51:31 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback5j.mail.yandex.net (mxback5j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10e]) by forward100j.mail.yandex.net (Yandex) with ESMTP id A966650E049F; Fri, 17 Jan 2020 12:51:27 +0300 (MSK) Received: from myt3-ecf07668b98a.qloud-c.yandex.net (myt3-ecf07668b98a.qloud-c.yandex.net [2a02:6b8:c12:4f2b:0:640:ecf0:7668]) by mxback5j.mail.yandex.net (mxback/Yandex) with ESMTP id 7esKZvlbAo-pRJa6ATQ; Fri, 17 Jan 2020 12:51:27 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1579254687; bh=j88JIgn1BbgJ5HE8+FAT/mWFXgfBvLMDhg5N+GXEwPY=; h=In-Reply-To:From:To:Subject:Cc:Date:References:Message-ID; b=F38LQk46JtVkhvSh3wkalJDFpeDlLR2etkOrvJoZThBo8EGvtoghVXmJtVc+8b2z1 QFW2oymnY+ceMpteSztMXPdNS+2f13nFBp9SORwRwZIE0Q1g4r5iyKv07/j5qbBEVC Dpa6g3BfgGpgJTORMBBibghM3M7PQDh3RdasyhQk= Received: by myt3-ecf07668b98a.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id UMEkUiTQhd-pQV44uLw; Fri, 17 Jan 2020 12:51:27 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) Subject: Re: IPSec transport mode, mtu, fragmentation... To: Victor Sudakov , Eugene Grosbein Cc: freebsd-net@freebsd.org, Michael Tuexen References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <72355e03-1cf8-c58f-3aec-b0a21e631870@grosbein.net> <20200117093645.GA51899@admin.sibptus.ru> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= mQENBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAG0JUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT6JATgEEwECACIFAkwB F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+ +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAy5AQ0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAYkBHwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <7c153a5a-db38-2770-89c7-9f95f59d29de@yandex.ru> Date: Fri, 17 Jan 2020 12:49:08 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20200117093645.GA51899@admin.sibptus.ru> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="61B2Pq2xS9VT5qbiTNl5r8Kb9IEdTujJx" X-Rspamd-Queue-Id: 47zbtW5xMcz4JWs X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.ru header.s=mail header.b=F38LQk46; dmarc=pass (policy=none) header.from=yandex.ru; spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates 2a02:6b8:0:801:2::100 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru X-Spamd-Result: default: False [-5.10 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[yandex.ru]; R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0::/52]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[yandex.ru:+]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-8.82), ipnet: 2a02:6b8::/32(-4.72), asn: 13238(-3.81), country: RU(0.01)]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[yandex.ru.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; RCVD_TLS_LAST(0.00)[]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[0.0.1.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.8.0.0.0.0.0.8.b.6.0.2.0.a.2.list.dnswl.org : 127.0.5.0] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jan 2020 09:51:33 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --61B2Pq2xS9VT5qbiTNl5r8Kb9IEdTujJx Content-Type: multipart/mixed; boundary="PRHbJGYtaUEHm3ZCLRWbC1yeLxWmDMTCk"; protected-headers="v1" From: "Andrey V. Elsukov" To: Victor Sudakov , Eugene Grosbein Cc: freebsd-net@freebsd.org, Michael Tuexen Message-ID: <7c153a5a-db38-2770-89c7-9f95f59d29de@yandex.ru> Subject: Re: IPSec transport mode, mtu, fragmentation... References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <72355e03-1cf8-c58f-3aec-b0a21e631870@grosbein.net> <20200117093645.GA51899@admin.sibptus.ru> In-Reply-To: <20200117093645.GA51899@admin.sibptus.ru> --PRHbJGYtaUEHm3ZCLRWbC1yeLxWmDMTCk Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 17.01.2020 12:36, Victor Sudakov wrote: > Back to the point. I've figured out that both encrypted (in transport > mode) and unencrypted TCP segments have the same MSS=3D1460. Then I'm > completely at a loss how the encrypted packets avoid being fragmented. > TCP has no way to know in advance that encryption overhead will be > added. For IPsec endpoints (i.e. when you encrypt own sessions) TCP for each outgoing packet invokes IPSEC_HDRSIZE() method, that returns approximate size required for IPsec, and using this information it calculates MSS. I think this should work in this way. --=20 WBR, Andrey V. Elsukov --PRHbJGYtaUEHm3ZCLRWbC1yeLxWmDMTCk-- --61B2Pq2xS9VT5qbiTNl5r8Kb9IEdTujJx Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl4hgxQACgkQAcXqBBDI oXqv+ggAv07sU9tZpEWpZtjNLvUxRT0NJCVvQ8eiNK4DsnMdGWGyQ1iNt6XD+5Kf uTOHD+vCt+naH/q+YG1Kp1QrevdAjMro1N0zDLi5Tc5F1x7U+5s7WOzxVl/7dgPE v+RngWrthhNKALUVWbhHm7wdJT3lWxVtfIEBxo0aAwuUAUeWCyUgzUw7yk9mLN1e sjIxX7Fnofr00+/qjEN0Ik8m4VfQvMO8+JNvuuRIhvNkUrTySzmfSwtiOZKyjJUH v9MLaoXAg5AjwJfA6hJ6kkP2Og98DK/fK8ylCx26CCoywE3BLMaqzfdYMvIjsMPd Y7lBhDjjsIbuKAMB6r6/NBnAutdaIw== =wrnW -----END PGP SIGNATURE----- --61B2Pq2xS9VT5qbiTNl5r8Kb9IEdTujJx-- From owner-freebsd-net@freebsd.org Fri Jan 17 09:51:38 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1CBD0228F7C for ; Fri, 17 Jan 2020 09:51:38 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47zbtc5Kdpz4JXH; Fri, 17 Jan 2020 09:51:36 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 00H9pKkW041877 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 17 Jan 2020 09:51:25 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: vas@sibptus.ru Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id 00H9pIjF042082 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 17 Jan 2020 16:51:19 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: IPSec transport mode, mtu, fragmentation... To: Victor Sudakov References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <72355e03-1cf8-c58f-3aec-b0a21e631870@grosbein.net> <20200117093645.GA51899@admin.sibptus.ru> Cc: freebsd-net@freebsd.org, "Andrey V. Elsukov" , Michael Tuexen From: Eugene Grosbein Message-ID: <70b0b855-189b-03c2-0712-fc1e35640702@grosbein.net> Date: Fri, 17 Jan 2020 16:51:13 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20200117093645.GA51899@admin.sibptus.ru> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.0 SPF_PASS SPF: sender matches SPF record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 47zbtc5Kdpz4JXH X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-3.86 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(-1.76)[ip: (-4.79), ipnet: 2a01:4f8::/29(-2.48), asn: 24940(-1.52), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jan 2020 09:51:38 -0000 17.01.2020 16:36, Victor Sudakov пишет: > Back to the point. I've figured out that both encrypted (in transport > mode) and unencrypted TCP segments have the same MSS=1460. Then I'm > completely at a loss how the encrypted packets avoid being fragmented. > TCP has no way to know in advance that encryption overhead will be > added. If outgoing route (f.e. default route) has lower MTU, kernel should respond with EMSGSIZE to TCP's attempt to send oversized packet when PMTUD is enabled. If PMTUD discovers that path mtu is low, it should store this information in the hostcache (see sysctl net.inet.tcp.hostcache.list) and use hostcache's MTU for same goal. From owner-freebsd-net@freebsd.org Fri Jan 17 10:30:27 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7BF6F229F06 for ; Fri, 17 Jan 2020 10:30:27 +0000 (UTC) (envelope-from tuexen@freebsd.org) Received: from drew.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.franken.de", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47zclR174sz4LJ1 for ; Fri, 17 Jan 2020 10:30:26 +0000 (UTC) (envelope-from tuexen@freebsd.org) Received: from [IPv6:2a02:8109:1140:c3d:532:e64c:68b9:f8a2] (unknown [IPv6:2a02:8109:1140:c3d:532:e64c:68b9:f8a2]) (Authenticated sender: macmic) by mail-n.franken.de (Postfix) with ESMTPSA id 6453C72106C11; Fri, 17 Jan 2020 11:30:22 +0100 (CET) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.40.2.2.4\)) Subject: Re: IPSec transport mode, mtu, fragmentation... From: Michael Tuexen In-Reply-To: <7c153a5a-db38-2770-89c7-9f95f59d29de@yandex.ru> Date: Fri, 17 Jan 2020 11:30:21 +0100 Cc: Victor Sudakov , Eugene Grosbein , freebsd-net@freebsd.org Content-Transfer-Encoding: 7bit Message-Id: References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <72355e03-1cf8-c58f-3aec-b0a21e631870@grosbein.net> <20200117093645.GA51899@admin.sibptus.ru> <7c153a5a-db38-2770-89c7-9f95f59d29de@yandex.ru> To: "Andrey V. Elsukov" X-Mailer: Apple Mail (2.3608.40.2.2.4) X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=disabled version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-n.franken.de X-Rspamd-Queue-Id: 47zclR174sz4LJ1 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-0.07 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-0.80)[-0.796,0]; NEURAL_SPAM_LONG(0.72)[0.724,0]; ASN(0.00)[asn:680, ipnet:2001:638::/32, country:DE] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jan 2020 10:30:27 -0000 > On 17. Jan 2020, at 10:49, Andrey V. Elsukov wrote: > > On 17.01.2020 12:36, Victor Sudakov wrote: >> Back to the point. I've figured out that both encrypted (in transport >> mode) and unencrypted TCP segments have the same MSS=1460. Then I'm >> completely at a loss how the encrypted packets avoid being fragmented. >> TCP has no way to know in advance that encryption overhead will be >> added. > > For IPsec endpoints (i.e. when you encrypt own sessions) TCP for each > outgoing packet invokes IPSEC_HDRSIZE() method, that returns approximate > size required for IPsec, and using this information it calculates MSS. I > think this should work in this way. Can't you then use that also when the MSS is computed to be sent out in the MSS option? That would avoid using ICMP. Best regards Michael > > -- > WBR, Andrey V. Elsukov > From owner-freebsd-net@freebsd.org Fri Jan 17 10:37:58 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E0CD222A276 for ; Fri, 17 Jan 2020 10:37:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47zcw66RLVz4Lhg for ; Fri, 17 Jan 2020 10:37:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id DCD4822A275; Fri, 17 Jan 2020 10:37:58 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DC9AC22A274 for ; Fri, 17 Jan 2020 10:37:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47zcw66GsLz4Lhf for ; Fri, 17 Jan 2020 10:37:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D2B847579 for ; Fri, 17 Jan 2020 10:37:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00HAbwtG063353 for ; Fri, 17 Jan 2020 10:37:58 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00HAbwVp063352 for net@FreeBSD.org; Fri, 17 Jan 2020 10:37:58 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 243392] vmx driver input buffer corruption Date: Fri, 17 Jan 2020 10:37:58 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: alexandr.oleynikov@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jan 2020 10:37:58 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243392 --- Comment #4 from alexandr.oleynikov@gmail.com --- I did some more tests. Hope this will provide some more information. First one with recompiled kernel with TSO patch. As a network load was a fi= le coping to server using samba=20 ifconfig vmx1 vmx1: flags=3D8943 metric 0= mtu 9000 =20=20=20=20=20=20=20 options=3De403bb ether 00:50:56:be:f0:13 inet 172.31.255.2 netmask 0xffffff00 broadcast 172.31.255.255 media: Ethernet autoselect status: active nd6 options=3D29 # tcpdump -i vmx1 icmp & # tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vmx1, link-type EN10MB (Ethernet), capture size 262144 bytes # ping -s 8000 172.31.255.3 PING 172.31.255.3 (172.31.255.3): 8000 data bytes 11:59:07.108253 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 0, length 8008 11:59:07.108425 IP 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, = seq 0, length 8008 8008 bytes from 172.31.255.3: icmp_seq=3D0 ttl=3D128 time=3D0.226 ms 11:59:08.126583 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 1, length 8008 11:59:08.126754 IP 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, = seq 1, length 8008 8008 bytes from 172.31.255.3: icmp_seq=3D1 ttl=3D128 time=3D0.213 ms --- skipped some lines --- 12:00:20.401492 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 71, length 8008 8008 bytes from 172.31.255.3: icmp_seq=3D71 ttl=3D128 time=3D0.550 ms 12:00:20.402010 IP 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, = seq 71, length 8008 12:00:21.408758 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 72, length 8008 8008 bytes from 172.31.255.3: icmp_seq=3D72 ttl=3D128 time=3D2.303 ms 12:00:21.410995 IP 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, = seq 72, length 8008 12:00:24.527165 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 73, length 8008 8008 bytes from 172.31.255.3: icmp_seq=3D73 ttl=3D128 time=3D133.291 ms 12:00:24.592341 IP 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, = seq 73, length 8008 12:00:25.569300 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 74, length 8008 12:00:25.662953 IP 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, = seq 74, length 8008 --- after seqnum 73 packets received by kernel and seen with tcpdump but not returned to ping process --- skipped some lines ---=20 12:01:27.114142 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 134, length 8008 12:01:27.160943 IP 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, = seq 134, length 8008 12:01:28.125972 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 135, length 8008 12:01:28.126346 IP truncated-ip - 7982 bytes missing! 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, seq 135, length 8008 --- received malformed L2 frame from seqnum >=3D 135 12:01:29.198552 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 136, length 8008 12:01:29.223302 IP truncated-ip - 7810 bytes missing! 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, seq 136, length 8008 12:01:30.214849 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 137, length 8008 12:01:30.221687 IP truncated-ip - 7822 bytes missing! 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, seq 137, length 8008 12:01:31.246460 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 138, length 8008 --- skip some lines 12:01:37.514942 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 144, length 8008 12:01:37.517865 IP truncated-ip - 7808 bytes missing! 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, seq 144, length 8008 12:01:38.579626 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 145, length 8008 12:01:38.615120 IP truncated-ip - 7928 bytes missing! 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, seq 145, length 8008 12:01:39.603253 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 146, length 8008 12:01:40.614996 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 147, length 8008 12:01:40.615183 IP 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, = seq 146, length 8008 --- difference in 1 second between sending and receiveng reply from seqnum = 146 12:01:40.615201 IP truncated-ip - 7928 bytes missing! 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, seq 147, length 8008 8008 bytes from 172.31.255.3: icmp_seq=3D146 ttl=3D128 time=3D1011.985 ms 12:01:41.657600 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 148, length 8008 12:01:42.701072 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 149, length 8008 12:01:42.701321 IP 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, = seq 148, length 8008 8008 bytes from 172.31.255.3: icmp_seq=3D148 ttl=3D128 time=3D1043.763 ms 12:01:43.615120 IP truncated-ip - 7928 bytes missing! 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, seq 149, length 8008 12:01:43.714982 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 150, length 8008 12:01:43.988367 IP truncated-ip - 7808 bytes missing! 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, seq 150, length 8008 12:01:44.787457 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 151, length 8008 12:01:44.788966 IP truncated-ip - 7782 bytes missing! 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, seq 151, length 8008 12:01:45.815011 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 152, length 8008 12:01:45.970727 IP truncated-ip - 7976 bytes missing! 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, seq 152, length 8008 12:01:46.834089 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 153, length 8008 12:01:47.615212 IP truncated-ip - 7928 bytes missing! 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, seq 153, length 8008 12:01:47.897600 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 154, length 8008 12:01:48.914981 IP 172.31.255.2 > 172.31.255.3: ICMP echo request, id 30548, seq 155, length 8008 12:01:48.915192 IP 172.31.255.3 > 172.31.255.2: ICMP echo reply, id 30548, = seq 154, length 8008 8008 bytes from 172.31.255.3: icmp_seq=3D154 ttl=3D128 time=3D1017.638 ms --- some packet reveived undamaged but with delay in 1 second When i try using iperf as network load source in most cases was kernel pani= c as result: Fatal trap 12: page fault while in kernel mode cpuid =3D 1; apic id =3D 02 fault virtual address =3D 0x0 fault code =3D supervisor write data, page not present instruction pointer =3D 0x20:0xffffffff80cef252 stack pointer =3D 0x28:0xfffffe00753547c0 frame pointer =3D 0x28:0xfffffe00753548a0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 0 (if_io_tqg_1) trap number =3D 12 panic: page fault cpuid =3D 1 time =3D 1579255990 KDB: stack backtrace: #0 0xffffffff80c1d297 at kdb_backtrace+0x67 #1 0xffffffff80bd05cd at vpanic+0x19d #2 0xffffffff80bd0423 at panic+0x43 #3 0xffffffff810a7d2c at trap_fatal+0x39c #4 0xffffffff810a7d79 at trap_pfault+0x49 #5 0xffffffff810a736f at trap+0x29f #6 0xffffffff81081a0c at calltrap+0x8 #7 0xffffffff80ce9be5 at _task_fn_rx+0x75 #8 0xffffffff80c1bb54 at gtaskqueue_run_locked+0x144 #9 0xffffffff80c1b7b8 at gtaskqueue_thread_loop+0x98 #10 0xffffffff80b90c23 at fork_exit+0x83 #11 0xffffffff81082a4e at fork_trampoline+0xe Uptime: 16m42s Then reverting to default kernel, disabling tso and reboot: # uname -a FreeBSD ******************* 12.1-RELEASE-p1 FreeBSD 12.1-RELEASE-p1 GENERI= C=20 amd64 # ifconfig vmx1 vmx1: flags=3D8843 metric 0 mtu 9000 =20=20=20=20=20=20=20 options=3De400bb ether 00:50:56:be:f0:13 inet 172.31.255.2 netmask 0xffffff00 broadcast 172.31.255.255 media: Ethernet autoselect status: active nd6 options=3D29 # iperf3 -c 172.31.255.2 -p 1234 Connecting to host 172.31.255.2, port 1234 [ 5] local 172.31.255.5 port 32466 connected to 172.31.255.2 port 1234 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.03 sec 497 MBytes 4.05 Gbits/sec 11 8.74 KBytes [ 5] 1.03-2.07 sec 0.00 Bytes 0.00 bits/sec 3 8.74 KBytes [ 5] 2.07-3.06 sec 0.00 Bytes 0.00 bits/sec 1 8.74 KBytes [ 5] 3.06-4.02 sec 0.00 Bytes 0.00 bits/sec 1 8.74 KBytes [ 5] 4.02-5.01 sec 0.00 Bytes 0.00 bits/sec 0 8.74 KBytes [ 5] 5.01-6.03 sec 0.00 Bytes 0.00 bits/sec 1 8.74 KBytes [ 5] 6.03-7.06 sec 0.00 Bytes 0.00 bits/sec 0 8.74 KBytes [ 5] 7.06-8.04 sec 0.00 Bytes 0.00 bits/sec 0 8.74 KBytes [ 5] 8.04-9.07 sec 0.00 Bytes 0.00 bits/sec 0 8.74 KBytes [ 5] 9.07-10.01 sec 0.00 Bytes 0.00 bits/sec 1 8.74 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.01 sec 497 MBytes 416 Mbits/sec 18 sender [ 5] 0.00-10.60 sec 496 MBytes 393 Mbits/sec recei= ver # ping -s 8000 172.31.255.5 PING 172.31.255.5 (172.31.255.5): 8000 data bytes 8008 bytes from 172.31.255.5: icmp_seq=3D0 ttl=3D64 time=3D0.322 ms 12:22:09.903151 IP 172.31.255.2 > 172.31.255.5: ICMP echo request, id 10122, seq 0, length 8008 12:22:09.903253 IP 172.31.255.5 > 172.31.255.2: ICMP echo reply, id 10122, = seq 0, length 8008 12:22:10.922205 IP 172.31.255.2 > 172.31.255.5: ICMP echo request, id 10122, seq 1, length 8008 12:22:10.922300 IP 172.31.255.5 > 172.31.255.2: ICMP echo reply, id 10122, = seq 1, length 8008 8008 bytes from 172.31.255.5: icmp_seq=3D1 ttl=3D64 time=3D0.147 ms 12:22:11.969930 IP 172.31.255.2 > 172.31.255.5: ICMP echo request, id 10122, seq 2, length 8008 12:22:11.970035 IP 172.31.255.5 > 172.31.255.2: ICMP echo reply, id 10122, = seq 2, length 8008 8008 bytes from 172.31.255.5: icmp_seq=3D2 ttl=3D64 time=3D0.159 ms 12:22:12.997254 IP 172.31.255.2 > 172.31.255.5: ICMP echo request, id 10122, seq 3, length 8008 12:22:12.997386 IP 172.31.255.5 > 172.31.255.2: ICMP echo reply, id 10122, = seq 3, length 8008 8008 bytes from 172.31.255.5: icmp_seq=3D3 ttl=3D64 time=3D0.175 ms 12:22:14.029823 IP 172.31.255.2 > 172.31.255.5: ICMP echo request, id 10122, seq 4, length 8008 12:22:14.030017 IP 172.31.255.5 > 172.31.255.2: ICMP echo reply, id 10122, = seq 4, length 8008 8008 bytes from 172.31.255.5: icmp_seq=3D4 ttl=3D64 time=3D0.237 ms 12:22:15.058570 IP 172.31.255.2 > 172.31.255.5: ICMP echo request, id 10122, seq 5, length 8008 12:22:15.058769 IP 172.31.255.5 > 172.31.255.2: ICMP echo reply, id 10122, = seq 5, length 8008 8008 bytes from 172.31.255.5: icmp_seq=3D5 ttl=3D64 time=3D0.241 ms 12:22:16.096803 IP 172.31.255.2 > 172.31.255.5: ICMP echo request, id 10122, seq 6, length 8008 12:22:16.096896 IP 172.31.255.5 > 172.31.255.2: ICMP echo reply, id 10122, = seq 6, length 8008 8008 bytes from 172.31.255.5: icmp_seq=3D6 ttl=3D64 time=3D0.139 ms 12:22:17.136966 IP 172.31.255.2 > 172.31.255.5: ICMP echo request, id 10122, seq 7, length 8008 12:22:17.137224 IP 172.31.255.5 > 172.31.255.2: ICMP echo reply, id 10122, = seq 7, length 8008 12:22:18.164014 IP 172.31.255.2 > 172.31.255.5: ICMP echo request, id 10122, seq 8, length 8008 12:22:18.164194 IP 172.31.255.5 > 172.31.255.2: ICMP echo reply, id 10122, = seq 8, length 8008 --- packets stops sending to ping process --- skip some lines --- -- but after some time packets againg sending to ping process 12:26:15.636917 IP 172.31.255.2 > 172.31.255.5: ICMP echo request, id 10122, seq 238, length 8008 12:26:15.637147 IP 172.31.255.5 > 172.31.255.2: ICMP echo reply, id 10122, = seq 238, length 8008 12:26:16.696907 IP 172.31.255.2 > 172.31.255.5: ICMP echo request, id 10122, seq 239, length 8008 12:26:16.697100 IP 172.31.255.5 > 172.31.255.2: ICMP echo reply, id 10122, = seq 239, length 8008 8008 bytes from 172.31.255.5: icmp_seq=3D239 ttl=3D64 time=3D0.256 ms 12:26:17.756044 IP 172.31.255.2 > 172.31.255.5: ICMP echo request, id 10122, seq 240, length 8008 12:26:17.756178 IP 172.31.255.5 > 172.31.255.2: ICMP echo reply, id 10122, = seq 240, length 8008 8008 bytes from 172.31.255.5: icmp_seq=3D240 ttl=3D64 time=3D0.190 ms 12:26:18.796861 IP 172.31.255.2 > 172.31.255.5: ICMP echo request, id 10122, seq 241, length 8008 12:26:18.796982 IP 172.31.255.5 > 172.31.255.2: ICMP echo reply, id 10122, = seq 241, length 8008 8008 bytes from 172.31.255.5: icmp_seq=3D241 ttl=3D64 time=3D0.176 ms 12:26:19.836847 IP 172.31.255.2 > 172.31.255.5: ICMP echo request, id 10122, seq 242, length 8008 12:26:19.836981 IP 172.31.255.5 > 172.31.255.2: ICMP echo reply, id 10122, = seq 242, length 8008 8008 bytes from 172.31.255.5: icmp_seq=3D242 ttl=3D64 time=3D0.192 ms --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Fri Jan 17 11:16:04 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9C9C122B045 for ; Fri, 17 Jan 2020 11:16:04 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward105j.mail.yandex.net (forward105j.mail.yandex.net [5.45.198.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47zdm30G5yz4NQ5; Fri, 17 Jan 2020 11:16:02 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback25o.mail.yandex.net (mxback25o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::76]) by forward105j.mail.yandex.net (Yandex) with ESMTP id EAED1B21297; Fri, 17 Jan 2020 14:15:59 +0300 (MSK) Received: from myt2-ea6a2e0cbf34.qloud-c.yandex.net (myt2-ea6a2e0cbf34.qloud-c.yandex.net [2a02:6b8:c00:2e8e:0:640:ea6a:2e0c]) by mxback25o.mail.yandex.net (mxback/Yandex) with ESMTP id mQmJh178OA-FxaSWxQu; Fri, 17 Jan 2020 14:15:59 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1579259759; bh=KZL6LcrpUODbkttzkQ4hdH9GQFWb2/KlvkyGAH4FOqA=; h=In-Reply-To:Cc:To:From:Subject:Date:References:Message-ID; b=WxMdwWKRusHLqDra6uUVIt3OAnSI8SzXmRbfq9wbiWgMSinzJNlqFZUpd0NRS1Jaq enr0EP8axqihLQ4t9Zatf34ZGFmNwHCSDv0dAs/1iuZppeT3L9EW54LOctuVm6cUvB IRt28wVgajZbGOY+EqNqVgfwV8euT5gZwkA8XLtU= Received: by myt2-ea6a2e0cbf34.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id MhaOaUzb3A-FxWWN7Gc; Fri, 17 Jan 2020 14:15:59 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) Subject: Re: IPSec transport mode, mtu, fragmentation... From: "Andrey V. Elsukov" To: Victor Sudakov , Eugene Grosbein Cc: freebsd-net@freebsd.org, Michael Tuexen References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <97b07801-da80-0665-aaa9-57184a52ce0f@yandex.ru> Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= mQENBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAG0JUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT6JATgEEwECACIFAkwB F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+ +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAy5AQ0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAYkBHwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <6ace842b-69b7-7f0f-43ed-7f7df5c640d5@yandex.ru> Date: Fri, 17 Jan 2020 14:13:40 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <97b07801-da80-0665-aaa9-57184a52ce0f@yandex.ru> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Epta8CRWP9SqlpgxwvckQbjGarn7x2oyJ" X-Rspamd-Queue-Id: 47zdm30G5yz4NQ5 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.ru header.s=mail header.b=WxMdwWKR; dmarc=pass (policy=none) header.from=yandex.ru; spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates 5.45.198.248 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru X-Spamd-Result: default: False [-5.20 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:5.45.192.0/19]; FREEMAIL_FROM(0.00)[yandex.ru]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[yandex.ru:+]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[248.198.45.5.list.dnswl.org : 127.0.5.1]; ASN(0.00)[asn:13238, ipnet:5.45.192.0/18, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[yandex.ru.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; IP_SCORE(0.00)[ip: (-9.76), ipnet: 5.45.192.0/18(-4.85), asn: 13238(-3.81), country: RU(0.01)]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jan 2020 11:16:04 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Epta8CRWP9SqlpgxwvckQbjGarn7x2oyJ Content-Type: multipart/mixed; boundary="gfAA6NTmidSrdgFXsXnl5UPAEJjtN9KaW"; protected-headers="v1" From: "Andrey V. Elsukov" To: Victor Sudakov , Eugene Grosbein Cc: freebsd-net@freebsd.org, Michael Tuexen Message-ID: <6ace842b-69b7-7f0f-43ed-7f7df5c640d5@yandex.ru> Subject: Re: IPSec transport mode, mtu, fragmentation... References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <97b07801-da80-0665-aaa9-57184a52ce0f@yandex.ru> In-Reply-To: <97b07801-da80-0665-aaa9-57184a52ce0f@yandex.ru> --gfAA6NTmidSrdgFXsXnl5UPAEJjtN9KaW Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 16.01.2020 19:36, Andrey V. Elsukov wrote: > For transport mode inner and outer headers will be the same. > I guess the problem can be reproduced in the lab using the following co= nfig: >=20 > [Host A] <--> [Router] <--> [Host B] >=20 > IPsec should be configured between hosts A and B. Then you need to > reduce MTU on the router. This should lead to ICMP NEEDFRAG messages > from the router, and then host should correctly handle them. I have tested this scenario, and it doesn't work. So, I will report back when there will be some working solution. --=20 WBR, Andrey V. Elsukov --gfAA6NTmidSrdgFXsXnl5UPAEJjtN9KaW-- --Epta8CRWP9SqlpgxwvckQbjGarn7x2oyJ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl4hluQACgkQAcXqBBDI oXpb9Af7B8cmY5CXJn8wNxrZdVTBBcKzeb40MhE6yk3X/8lTE9AtqOTr4M8FJ3+9 YcUvaerzY5k8JxinOX4iYeQUZtopkuqk6wNHr1+JTJmOOhlN8MdC+QlkiNk4vWde RsBE2IMD8XJ9wDnbkQrjGqNE8245MUv8tS45IwVd4L2rHPEdyVAK3MQSrfRsw+5a VKCK92CW1+K33K/IPcFCSL9atEwJCo7ZQSlDmcquit7vDkx/WZmdyNojGC5EmNI0 xTN9/0OjkGXpZE765yTpaHQ2AhgwCpaqVdDlQ/hX1V+8iUTnU5zKWIYpQfi6/67o XkLixklNsylPzIu3R8M6RFIXTAjPqA== =mHUv -----END PGP SIGNATURE----- --Epta8CRWP9SqlpgxwvckQbjGarn7x2oyJ-- From owner-freebsd-net@freebsd.org Fri Jan 17 15:04:50 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AD7F61F0946 for ; Fri, 17 Jan 2020 15:04:50 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47zkr14bsYz4Zx5; Fri, 17 Jan 2020 15:04:49 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=Vpbg2uUZ5xB7J9wjo36LA1mFBJGdmf6F92B/jwPm0nU=; b=Tlc0q1p9UgPrk4EGs8fA5u9LPw Ug2Ivyj9KGEHI+T9toqLCDXCpu+CTO7SNAfYU7ZTky6BZ9Qda8x3+qwqEQjeqotFEsklfw/V7G2W6 XkZKu566E1E9IJpcvATl3DD+i9S3u6YMJUSveT4hQHYa3aHct2SxFfYd4MSLJSFJxrjw=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1isTAz-000HMt-16; Fri, 17 Jan 2020 22:04:45 +0700 Date: Fri, 17 Jan 2020 22:04:45 +0700 From: Victor Sudakov To: "Andrey V. Elsukov" Cc: Eugene Grosbein , freebsd-net@freebsd.org, Michael Tuexen Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <20200117150445.GA66677@admin.sibptus.ru> References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <72355e03-1cf8-c58f-3aec-b0a21e631870@grosbein.net> <20200117093645.GA51899@admin.sibptus.ru> <7c153a5a-db38-2770-89c7-9f95f59d29de@yandex.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="bg08WKrSYDhXBjb5" Content-Disposition: inline In-Reply-To: <7c153a5a-db38-2770-89c7-9f95f59d29de@yandex.ru> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 47zkr14bsYz4Zx5 X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=Tlc0q1p9; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.42 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; IP_SCORE(-3.32)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.70), country: US(-0.05)]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FREEMAIL_TO(0.00)[yandex.ru]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jan 2020 15:04:50 -0000 --bg08WKrSYDhXBjb5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Andrey V. Elsukov wrote: > On 17.01.2020 12:36, Victor Sudakov wrote: > > Back to the point. I've figured out that both encrypted (in transport > > mode) and unencrypted TCP segments have the same MSS=3D1460. Then I'm > > completely at a loss how the encrypted packets avoid being fragmented. > > TCP has no way to know in advance that encryption overhead will be > > added. >=20 > For IPsec endpoints (i.e. when you encrypt own sessions) TCP for each > outgoing packet invokes IPSEC_HDRSIZE() method, that returns approximate > size required for IPsec, and using this information it calculates MSS.=20 I observe in Wireshark that the MSS is the same in encrypted and unencrypted segments. > I think this should work in this way. Obviouisly it is not working this way, if it were, I'd see different MSS values, but this is not the case. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --bg08WKrSYDhXBjb5 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeIc0NAAoJEA2k8lmbXsY0Pr4IAKh6vDcxWXYVHdSw21S09UWs OEQexRibu/osY0kH1llsyZLczBoEZ3mKOW571ld7FFA7r7Scyh/KejppWYRVZTp4 1bMGwV73Zy4Z78D6FR5L/zZ5Ga6b8brj0DU4PZtKeqj5O8rdEYPFIGmB/n1GBkWr YuPqSFQtyMFwRmLvQVKGbVJmV7025yBZWx2LapVPqEjKfALHU3bKX1ELOUXOpNT5 Tf/bH4d8dow2c+/3+M7wJc+iMT1ylLwQdps1IbWXIWoTzCkn3EuI6ms3RDfej9Rp ku9ms1kfpSMUHnhuTuRTPSAUvZi1MuT8YN/7dI6qMJGp3b1zo5clxbugtyhFk5o= =Z0mt -----END PGP SIGNATURE----- --bg08WKrSYDhXBjb5-- From owner-freebsd-net@freebsd.org Fri Jan 17 15:09:30 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 118B41F0B5F for ; Fri, 17 Jan 2020 15:09:30 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47zkxP2DXCz4bBn; Fri, 17 Jan 2020 15:09:29 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=C0Dogs2ABgVqcn8OM6EsyhA/mGVjfGDU97X4DikX98I=; b=OYolc5bLFcZtaEqrCsXEdJxXkw iM/GdxwIqrysmyTrpoQrqrXKcwZg8k81g7kYoP/bg+5bIeM4fPaeo6QvTzvbwEozv+7R8SnVl7LlK iJpyHaPFhuACGUgkGhJThvJvAQlw4LmMoiuFB+a9lu0Bp1wQptjixGxYrtr4KbI3NJfg=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1isTFY-000HPY-1h; Fri, 17 Jan 2020 22:09:28 +0700 Date: Fri, 17 Jan 2020 22:09:28 +0700 From: Victor Sudakov To: Eugene Grosbein Cc: freebsd-net@freebsd.org, "Andrey V. Elsukov" , Michael Tuexen Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <20200117150928.GB66677@admin.sibptus.ru> References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <72355e03-1cf8-c58f-3aec-b0a21e631870@grosbein.net> <20200117093645.GA51899@admin.sibptus.ru> <70b0b855-189b-03c2-0712-fc1e35640702@grosbein.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="RASg3xLB4tUQ4RcS" Content-Disposition: inline In-Reply-To: <70b0b855-189b-03c2-0712-fc1e35640702@grosbein.net> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 47zkxP2DXCz4bBn X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=OYolc5bL; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.42 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+mx:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; IP_SCORE(-3.32)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.71), country: US(-0.05)]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jan 2020 15:09:30 -0000 --RASg3xLB4tUQ4RcS Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Eugene Grosbein wrote: > 17.01.2020 16:36, Victor Sudakov =D0=BF=D0=B8=D1=88=D0=B5=D1=82: >=20 > > Back to the point. I've figured out that both encrypted (in transport > > mode) and unencrypted TCP segments have the same MSS=3D1460. Then I'm > > completely at a loss how the encrypted packets avoid being fragmented. > > TCP has no way to know in advance that encryption overhead will be > > added. >=20 > If outgoing route (f.e. default route) has lower MTU, kernel should respo= nd with EMSGSIZE > to TCP's attempt to send oversized packet when PMTUD is enabled. >=20 > If PMTUD discovers that path mtu is low, it should store this information= in the hostcache > (see sysctl net.inet.tcp.hostcache.list) and use hostcache's MTU for same= goal. Should this result in a smaller MSS in TCP to such hosts? PS "sysctl net.inet.tcp.hostcache.list | grep 192.168.246.11" yields nothing, and yet 192.168.246.11 is the VM with which I have a transport mode SA. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --RASg3xLB4tUQ4RcS Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeIc4oAAoJEA2k8lmbXsY0tV8H/2imb08pHf9dWZz5ssP6D9Nu 8U6UJen0w4OPqVDJ3aPp3eoetbg+twP3gIvXPpsxREq3t0VbRy6aPZlrDFT2odO2 rnrlQ9kej/2YqMfPSvhbPUqIMkTkIZX0Vfzke02uEA0gi8gsMuQQ7wYX6iHoo86W SaieSitwaxA4YjnCUse359OLffM6g06uQeWGPEIl08JpKqFb3y9e8EfuS+PcgFhN E0qR9+l15amssoGztDY1Yv/3j/Nm8Zwlv7x0NLNuXuAhpVuOSbIMozvquV+B4bKS YG2/qUXR1oN6bNREM/OLVbSZSUc5CNQE3Z3dlz1BuRlj4cTvIymbCk9LITMDvak= =V3Vg -----END PGP SIGNATURE----- --RASg3xLB4tUQ4RcS-- From owner-freebsd-net@freebsd.org Fri Jan 17 15:11:02 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B4BE21F0DFB for ; Fri, 17 Jan 2020 15:11:02 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47zkz96tFnz4bJs; Fri, 17 Jan 2020 15:11:01 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=eNWNuoMby9Cwh6Q85VNnq57yT3A278QJ4dm6X+A21sc=; b=k10NSYKrTpEg/bUQ8wAIQaYzg3 fBCqKFyAuKctW+UuHfL2hXr3eqTWLJoxTsKCZ/SYKGa7VQGZyDhP1jc74Xix9peHS0JMBiw17DQde hYdGVhOqqmlkaH5E2ne/EJ/ROOB4rkrq5hY1wDFqVf3YaNlJ5RJgbSQy2DjgLlANkw6g=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1isTH1-000HQi-4x; Fri, 17 Jan 2020 22:10:59 +0700 Date: Fri, 17 Jan 2020 22:10:59 +0700 From: Victor Sudakov To: "Andrey V. Elsukov" Cc: Eugene Grosbein , freebsd-net@freebsd.org, Michael Tuexen Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <20200117151059.GC66677@admin.sibptus.ru> References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <97b07801-da80-0665-aaa9-57184a52ce0f@yandex.ru> <6ace842b-69b7-7f0f-43ed-7f7df5c640d5@yandex.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pAwQNkOnpTn9IO2O" Content-Disposition: inline In-Reply-To: <6ace842b-69b7-7f0f-43ed-7f7df5c640d5@yandex.ru> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 47zkz96tFnz4bJs X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=k10NSYKr; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.42 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+mx:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; IP_SCORE(-3.32)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.72), country: US(-0.05)]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FREEMAIL_TO(0.00)[yandex.ru]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jan 2020 15:11:02 -0000 --pAwQNkOnpTn9IO2O Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Andrey V. Elsukov wrote: > On 16.01.2020 19:36, Andrey V. Elsukov wrote: > > For transport mode inner and outer headers will be the same. > > I guess the problem can be reproduced in the lab using the following co= nfig: > >=20 > > [Host A] <--> [Router] <--> [Host B] > >=20 > > IPsec should be configured between hosts A and B. Then you need to > > reduce MTU on the router. This should lead to ICMP NEEDFRAG messages > > from the router, and then host should correctly handle them. >=20 > I have tested this scenario, and it doesn't work. So, I will report back > when there will be some working solution. By "it doesn't work" you mean everything is suddenly fine and good? :-) --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --pAwQNkOnpTn9IO2O Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeIc6DAAoJEA2k8lmbXsY0n5IH/iSuFJK7Y0mPoTRRb2Ju/2eh Zaig9o99NKwdMGLanBOJ4hzrmngbdqmp372j9Nv5ia5BKINmCpuRcUWJKA+yA5mi Koz8n25Ubrnsc9aZtn/tpa2WDttc618xTZZNx47c8OlOYUelQgLDgFaCMwqQdSJt spJMELCdSkDeIXwGcU695jtsaUb0ImIOuBJUNmuJXt64PoI2993AOnzZkIEtYLFJ jabLLeHCXMwlaUxDhoCN0pYdWgyjO3z+0IUfdZts3Qoc7nPKgBinPyJrO46o1Ie/ eRAkM/GImYxISC2fkxEOpP+lINNb3nD68jD5Px0nDvNuY/WMcdDBip76PSKnXzo= =fl1B -----END PGP SIGNATURE----- --pAwQNkOnpTn9IO2O-- From owner-freebsd-net@freebsd.org Fri Jan 17 15:38:09 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 92A9C1F17F8 for ; Fri, 17 Jan 2020 15:38:09 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47zlZT09bXz4ctn; Fri, 17 Jan 2020 15:38:08 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 00HFbvcm045698 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 17 Jan 2020 15:37:58 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: vas@sibptus.ru Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id 00HFbuCC045220 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 17 Jan 2020 22:37:56 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: IPSec transport mode, mtu, fragmentation... To: Victor Sudakov References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <72355e03-1cf8-c58f-3aec-b0a21e631870@grosbein.net> <20200117093645.GA51899@admin.sibptus.ru> <70b0b855-189b-03c2-0712-fc1e35640702@grosbein.net> <20200117150928.GB66677@admin.sibptus.ru> Cc: freebsd-net@freebsd.org, "Andrey V. Elsukov" , Michael Tuexen From: Eugene Grosbein Message-ID: <16550199-67b9-d331-0c1e-4afa0e8b361c@grosbein.net> Date: Fri, 17 Jan 2020 22:37:50 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20200117150928.GB66677@admin.sibptus.ru> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.0 SPF_PASS SPF: sender matches SPF record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 47zlZT09bXz4ctn X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-3.87 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-0.998,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(-1.77)[ip: (-4.84), ipnet: 2a01:4f8::/29(-2.49), asn: 24940(-1.52), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jan 2020 15:38:09 -0000 17.01.2020 22:09, Victor Sudakov wrote: >>> Back to the point. I've figured out that both encrypted (in transport >>> mode) and unencrypted TCP segments have the same MSS=1460. Then I'm >>> completely at a loss how the encrypted packets avoid being fragmented. >>> TCP has no way to know in advance that encryption overhead will be >>> added. >> >> If outgoing route (f.e. default route) has lower MTU, kernel should respond with EMSGSIZE >> to TCP's attempt to send oversized packet when PMTUD is enabled. >> >> If PMTUD discovers that path mtu is low, it should store this information in the hostcache >> (see sysctl net.inet.tcp.hostcache.list) and use hostcache's MTU for same goal. > > Should this result in a smaller MSS in TCP to such hosts? > > PS "sysctl net.inet.tcp.hostcache.list | grep 192.168.246.11" yields > nothing, and yet 192.168.246.11 is the VM with which I have a transport > mode SA. I guess that Path MTU in such case is 1500, so PMTUD won't help here. From owner-freebsd-net@freebsd.org Sat Jan 18 09:49:41 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D2C0A22E592 for ; Sat, 18 Jan 2020 09:49:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 480Cnx5K3sz3HhP for ; Sat, 18 Jan 2020 09:49:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id B68CE22E58F; Sat, 18 Jan 2020 09:49:41 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B654922E58E for ; Sat, 18 Jan 2020 09:49:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 480Cnx4SNfz3HhN for ; Sat, 18 Jan 2020 09:49:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9483D20099 for ; Sat, 18 Jan 2020 09:49:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 00I9nfGw028946 for ; Sat, 18 Jan 2020 09:49:41 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 00I9nfK5028945 for net@FreeBSD.org; Sat, 18 Jan 2020 09:49:41 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 243420] page fault in if_io_tqg_0 on virtualized guest Date: Sat, 18 Jan 2020 09:49:40 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: crash, needs-qa X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: avg@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Jan 2020 09:49:41 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243420 Andriy Gapon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|virtualization@FreeBSD.org |net@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Jan 18 10:55:34 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0D77522FE02 for ; Sat, 18 Jan 2020 10:55:34 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 480FFw4wL0z3LjK; Sat, 18 Jan 2020 10:55:32 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=TFshsEUFHftfUdRIuZZpkrh1dABTt/wcc4SCosHhCaU=; b=Ck/FMACKxGLMVIrASAx1qsJLNJ Yi5ur9npXw078TEa7mPodZeiNIo2Wh4F3MB2G/0Ir5UvqhHEfJuhRGG+9Xt+1rTBVM4kgmCzoZG3R lf9M67VE8yG7a8XolYzd3IoiBxyZBAcAyIokpHt5qLaGxEREbYePlSOE5xVO2CfCPKa4=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1isllE-00032O-PS; Sat, 18 Jan 2020 17:55:24 +0700 Date: Sat, 18 Jan 2020 17:55:24 +0700 From: Victor Sudakov To: Eugene Grosbein Cc: freebsd-net@freebsd.org, "Andrey V. Elsukov" , Michael Tuexen Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <20200118105524.GA10042@admin.sibptus.ru> References: <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <72355e03-1cf8-c58f-3aec-b0a21e631870@grosbein.net> <20200117093645.GA51899@admin.sibptus.ru> <70b0b855-189b-03c2-0712-fc1e35640702@grosbein.net> <20200117150928.GB66677@admin.sibptus.ru> <16550199-67b9-d331-0c1e-4afa0e8b361c@grosbein.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="LQksG6bCIzRHxTLp" Content-Disposition: inline In-Reply-To: <16550199-67b9-d331-0c1e-4afa0e8b361c@grosbein.net> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 480FFw4wL0z3LjK X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=Ck/FMACK; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.42 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; IP_SCORE(-3.32)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.74), country: US(-0.05)]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Jan 2020 10:55:34 -0000 --LQksG6bCIzRHxTLp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable >=20 > >>> Back to the point. I've figured out that both encrypted (in transport > >>> mode) and unencrypted TCP segments have the same MSS=3D1460. Then I'm > >>> completely at a loss how the encrypted packets avoid being fragmented. > >>> TCP has no way to know in advance that encryption overhead will be > >>> added. Here: http://admin.sibptus.ru/~vas/ftp-pcap.tar.gz you can find two identical FTP sessions, the only difference being ipsec=3Doff during one session and ipsec=3Don during the other one. As I said, in both the sessions MSS=3D1460 which is already odd, and I can't explain to myself why file transfer still works without MSS ajustment. Moreover, something fishy is happening in the encrypted session: there are many TCP retransmissions (I was capturing on the FTP server's side, so there are many segments with the same sequence number). How would you explain this? There are almost no retransmissions in the unencrypted sessio= n. All this is happening in a lab environment (one bhyve VM is an FTP server and the other downloads a file from the first), both VMs are on the same bridge interface. There are almost 19,000 packets in the encrypted file vs 12,000 in the plain file, I think because of those excessive retransmissions. Could the retransmissions be some artifact of the enc(4) interface I was capturing the encrypted session on? --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --LQksG6bCIzRHxTLp Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeIuQcAAoJEA2k8lmbXsY0GnQH/jcg5OErEpJ4O9GEq2Zal9eJ BmHfXooLS4sQUyygtKK1r+7BsbNWOj/9KSSTmfouSfJw6bHoa1NO4mEWjfzzW0vW gC/BXEEMPpcraX9JbYChM/aCLmkwbYUrFJH6cGeTNNlrzbtW+9vau+xkjiV0wLLk zPC9LCyfibIyZ3Ywc5YsdwgQ4pihoolXZgFzyjIQw7YGGm5xoy4X1P3ODygujU50 0IC1ceAk+RwDOKX6cz6LdsXxjow33JzVU3X80S65rBMs/RR7qvp8SRoldCkZPKGM 0WjxMIvcYiaVi+Uid0isLVbsKGFL79qg0oo8Pzbie9NtZT94hS4tOn3b1q/Ou/A= =+Tjq -----END PGP SIGNATURE----- --LQksG6bCIzRHxTLp-- From owner-freebsd-net@freebsd.org Sat Jan 18 11:17:04 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5F09C1F0CB2 for ; Sat, 18 Jan 2020 11:17:04 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 480Fkl0h2vz3MrG; Sat, 18 Jan 2020 11:17:02 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 00IBGsHF060049 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 18 Jan 2020 11:16:55 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: vas@sibptus.ru Received: from [10.58.0.10] (dadvw [10.58.0.10]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id 00IBGqEO059851 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sat, 18 Jan 2020 18:16:52 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: IPSec transport mode, mtu, fragmentation... To: Victor Sudakov References: <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <72355e03-1cf8-c58f-3aec-b0a21e631870@grosbein.net> <20200117093645.GA51899@admin.sibptus.ru> <70b0b855-189b-03c2-0712-fc1e35640702@grosbein.net> <20200117150928.GB66677@admin.sibptus.ru> <16550199-67b9-d331-0c1e-4afa0e8b361c@grosbein.net> <20200118105524.GA10042@admin.sibptus.ru> Cc: freebsd-net@freebsd.org, "Andrey V. Elsukov" , Michael Tuexen From: Eugene Grosbein Message-ID: Date: Sat, 18 Jan 2020 18:16:45 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20200118105524.GA10042@admin.sibptus.ru> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 480Fkl0h2vz3MrG X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-3.88 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(-1.78)[ip: (-4.89), ipnet: 2a01:4f8::/29(-2.49), asn: 24940(-1.52), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Jan 2020 11:17:04 -0000 18.01.2020 17:55, Victor Sudakov wrote: >>>>> Back to the point. I've figured out that both encrypted (in transport >>>>> mode) and unencrypted TCP segments have the same MSS=1460. Then I'm >>>>> completely at a loss how the encrypted packets avoid being fragmented. >>>>> TCP has no way to know in advance that encryption overhead will be >>>>> added. > > Here: http://admin.sibptus.ru/~vas/ftp-pcap.tar.gz you can find two > identical FTP sessions, the only difference being ipsec=off during one > session and ipsec=on during the other one. > > As I said, in both the sessions MSS=1460 which is already odd, and I > can't explain to myself why file transfer still works without MSS > ajustment. > > Moreover, something fishy is happening in the encrypted session: there > are many TCP retransmissions (I was capturing on the FTP server's side, > so there are many segments with the same sequence number). How would you > explain this? There are almost no retransmissions in the unencrypted session. > > All this is happening in a lab environment (one bhyve VM is an FTP > server and the other downloads a file from the first), both VMs are on > the same bridge interface. There are almost 19,000 packets in the > encrypted file vs 12,000 in the plain file, I think because of those > excessive retransmissions. > > Could the retransmissions be some artifact of the enc(4) interface I was > capturing the encrypted session on? I doubt it. And I can't explain this, but maybe it's work of PMTUD Blackhole detection? Look at sysctl net.inet.tcp | fgrep blackhole_ From owner-freebsd-net@freebsd.org Sat Jan 18 11:50:07 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3D7FC1F1C6D for ; Sat, 18 Jan 2020 11:50:07 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 480GSt3nfZz3P8X; Sat, 18 Jan 2020 11:50:06 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=ZBMyhG4RIznGFOrUGxV9Os0zziVgIxGUF/t6y3qhT68=; b=TFgqfljT20JQXFBNWGKhVRXWpN 0OWdeTnMMckdF63S0wuzNP5I+NJMmYdHf3f6+C0KoL8ClJt0CLKeAlf20PTYfDbuTQNQz4TpRXbQr 2x0b8ccSnkaFjUYVqJ9t2Qvb+Fd8H7UBmXez4JabBF18JoAr22eXquF0BW1mOc4NxP94=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1ismc8-0003Zg-Lj; Sat, 18 Jan 2020 18:50:04 +0700 Date: Sat, 18 Jan 2020 18:50:04 +0700 From: Victor Sudakov To: Eugene Grosbein Cc: freebsd-net@freebsd.org, "Andrey V. Elsukov" , Michael Tuexen Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <20200118115004.GA13555@admin.sibptus.ru> References: <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <72355e03-1cf8-c58f-3aec-b0a21e631870@grosbein.net> <20200117093645.GA51899@admin.sibptus.ru> <70b0b855-189b-03c2-0712-fc1e35640702@grosbein.net> <20200117150928.GB66677@admin.sibptus.ru> <16550199-67b9-d331-0c1e-4afa0e8b361c@grosbein.net> <20200118105524.GA10042@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="6TrnltStXW4iwmi0" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 480GSt3nfZz3P8X X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=TFgqfljT; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.43 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; IP_SCORE(-3.33)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.75), country: US(-0.05)]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Jan 2020 11:50:07 -0000 --6TrnltStXW4iwmi0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Eugene Grosbein wrote: >=20 > >>>>> Back to the point. I've figured out that both encrypted (in transpo= rt > >>>>> mode) and unencrypted TCP segments have the same MSS=3D1460. Then I= 'm > >>>>> completely at a loss how the encrypted packets avoid being fragment= ed. > >>>>> TCP has no way to know in advance that encryption overhead will be > >>>>> added. > >=20 > > Here: http://admin.sibptus.ru/~vas/ftp-pcap.tar.gz you can find two > > identical FTP sessions, the only difference being ipsec=3Doff during one > > session and ipsec=3Don during the other one. > >=20 > > As I said, in both the sessions MSS=3D1460 which is already odd, and I > > can't explain to myself why file transfer still works without MSS > > ajustment. > >=20 > > Moreover, something fishy is happening in the encrypted session: there > > are many TCP retransmissions (I was capturing on the FTP server's side, > > so there are many segments with the same sequence number). How would you > > explain this? There are almost no retransmissions in the unencrypted se= ssion. > >=20 > > All this is happening in a lab environment (one bhyve VM is an FTP > > server and the other downloads a file from the first), both VMs are on > > the same bridge interface. There are almost 19,000 packets in the > > encrypted file vs 12,000 in the plain file, I think because of those > > excessive retransmissions. > >=20 > > Could the retransmissions be some artifact of the enc(4) interface I was > > capturing the encrypted session on? >=20 > I doubt it. And I can't explain this,=20 But do you agree that the traffic dumps contain an anomaly? > but maybe it's work of PMTUD Blackhole detection? > Look at sysctl net.inet.tcp | fgrep blackhole_ On both 192.168.246.10 and 192.168.246.11: root@fbsd-test1:~vas # sysctl net.inet.tcp | fgrep blackhole_ net.inet.tcp.v6pmtud_blackhole_mss: 1220 net.inet.tcp.pmtud_blackhole_mss: 1200 net.inet.tcp.pmtud_blackhole_detection: 0 root@fbsd-test2:~ # sysctl net.inet.tcp | fgrep blackhole_ net.inet.tcp.v6pmtud_blackhole_mss: 1220 net.inet.tcp.pmtud_blackhole_mss: 1200 net.inet.tcp.pmtud_blackhole_detection: 0 root@fbsd-test2:~ #=20 --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --6TrnltStXW4iwmi0 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeIvDsAAoJEA2k8lmbXsY0Pc0H/RCJZvdb3hgIRoVZlBZwD15F 6Xco2+ji/pf9LstucIjPzZXBIjjBLbkn7aAb7lADXE0e7vXzFLFNzxSDiB6LTCfB xzrjvAbPMaeQX/Bg2SPl3GlzGkorQRDEkgp5RsbTX2YUIwBzovooiSduFdNPt/8g ET9bF2d03i0DoDS8Kp0OT+RTaFpZ/u+B5p59rhCUR0cM88PmkETX3OjXeWH/WSF8 RMDH80yT19NeEa8oCke1dMf2UmL3KPpKhxuxq+iclfs4KRliq0ngREvdn3hK5jf9 khKlVWJRFkuwVwXasmop+OTsBUkQkX99m3jpoyvpLSSqrUwixUss+dDgWLlFZ/k= =Tlj/ -----END PGP SIGNATURE----- --6TrnltStXW4iwmi0-- From owner-freebsd-net@freebsd.org Sat Jan 18 14:45:35 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 63BD51F7E04 for ; Sat, 18 Jan 2020 14:45:35 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-qk1-x741.google.com (mail-qk1-x741.google.com [IPv6:2607:f8b0:4864:20::741]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 480LML1Zm0z42dh for ; Sat, 18 Jan 2020 14:45:33 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: by mail-qk1-x741.google.com with SMTP id 21so25784867qky.4 for ; Sat, 18 Jan 2020 06:45:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tenebras-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gLWSzhIdz21RyTUWkUmZpapFME9/pfVnhzZmC3ZsVLM=; b=0zrqcxkEjGvTczi2+8uKGziTKahdS1daXzeZKOrPOswyCteUqjK+Wdl2y1FwLfzomw TaJIAoBsWLOFjy7GDnI7hZ7NwuERv8acIRG0rvaqpeeFD61crSWb+Xunu5sk+pIIGkRA wJ0Gly7K6Zs4tCdfVnFWhdu5gZHGtBUmWfgoI39FyT8RlbcasO5HePYHXywHa/PQiGQA 23lpctoLwJtFIAsvgSt3qa3+Wef1+sZb9zmKgm3W/tdr5UxRotYfFmEUCnrUU3/rvFXF w854bmaLF36DK9TD2Bl2qaGl3h3gsnxjjAlCxS17egsQcXbQA56CPzt/kNdOLSwsn/u4 acRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gLWSzhIdz21RyTUWkUmZpapFME9/pfVnhzZmC3ZsVLM=; b=EK3HdjM6b6gsI1bhH5hy/T98OZdRIzlXL8CmQzimF/vY9oElGfVDxGq8NT/Fvzszw5 0v8S0IfSyWiNBq/0mXsQS7koBGqygpJ1dcVDGz3KDYMTIgen4fujPqbLrc3vNjVllrlJ uByavCh0Va0NZXixL5rJw5AEd05W5nVFt5RbfUSinYn1CFpecnYMcG+vsum4pfMxd2T3 55S15arjmFBD6u2o3DfU5siUu3LalFT7ST3UPFJbhYEcWQ/KStXK8n88EqNZ3Pvu/IS7 gLsWG1/bFLoFASkT0JEC27VFHwDzXgGnI0ehRcRFQ6qjwuyG3eAAMEVAWKl1x4E3+Mpt zjcw== X-Gm-Message-State: APjAAAXulfhjohW1aZXKA5JCAhHQoGofNiHyp8GN9k52p0zwUFy7olNR FRv+Rh/ZqhSFUN5XRTA8epeHhzMn225tLDq58mrjGw== X-Google-Smtp-Source: APXvYqyaGYz1U6ymnJWp15al+QNssgaB/jxohUv3ik7BAnKR5bTKizoWZ0UX1ca8O9I1joiaK40HX3P3XgSn7I4y+LE= X-Received: by 2002:ae9:dc85:: with SMTP id q127mr43333815qkf.460.1579358732945; Sat, 18 Jan 2020 06:45:32 -0800 (PST) MIME-Version: 1.0 References: <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <72355e03-1cf8-c58f-3aec-b0a21e631870@grosbein.net> <20200117093645.GA51899@admin.sibptus.ru> <70b0b855-189b-03c2-0712-fc1e35640702@grosbein.net> <20200117150928.GB66677@admin.sibptus.ru> <16550199-67b9-d331-0c1e-4afa0e8b361c@grosbein.net> <20200118105524.GA10042@admin.sibptus.ru> In-Reply-To: From: Michael Sierchio Date: Sat, 18 Jan 2020 06:44:56 -0800 Message-ID: Subject: Re: IPSec transport mode, mtu, fragmentation... To: Eugene Grosbein Cc: Victor Sudakov , "freebsd-net@freebsd.org" , "Andrey V. Elsukov" , Michael Tuexen X-Rspamd-Queue-Id: 480LML1Zm0z42dh X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tenebras-com.20150623.gappssmtp.com header.s=20150623 header.b=0zrqcxkE; dmarc=none; spf=none (mx1.freebsd.org: domain of kudzu@tenebras.com has no SPF policy when checking 2607:f8b0:4864:20::741) smtp.mailfrom=kudzu@tenebras.com X-Spamd-Result: default: False [-2.70 / 15.00]; ARC_NA(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; R_DKIM_ALLOW(-0.20)[tenebras-com.20150623.gappssmtp.com:s=20150623]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; DMARC_NA(0.00)[tenebras.com]; RCPT_COUNT_FIVE(0.00)[5]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[tenebras-com.20150623.gappssmtp.com:+]; RCVD_IN_DNSWL_NONE(0.00)[1.4.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; IP_SCORE(-0.40)[ip: (1.94), ipnet: 2607:f8b0::/32(-2.08), asn: 15169(-1.83), country: US(-0.05)]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Jan 2020 14:45:35 -0000 [apologies for top-posting] What is the result of > sysctl net.enc ? This might be a clue about the packets, which you could be seeing twice. On Sat, Jan 18, 2020 at 3:17 AM Eugene Grosbein wrote: > 18.01.2020 17:55, Victor Sudakov wrote: > > >>>>> Back to the point. I've figured out that both encrypted (in transpo= rt > >>>>> mode) and unencrypted TCP segments have the same MSS=3D1460. Then I= 'm > >>>>> completely at a loss how the encrypted packets avoid being > fragmented. > >>>>> TCP has no way to know in advance that encryption overhead will be > >>>>> added. > > > > Here: http://admin.sibptus.ru/~vas/ftp-pcap.tar.gz you can find two > > identical FTP sessions, the only difference being ipsec=3Doff during on= e > > session and ipsec=3Don during the other one. > > > > As I said, in both the sessions MSS=3D1460 which is already odd, and I > > can't explain to myself why file transfer still works without MSS > > ajustment. > > > > Moreover, something fishy is happening in the encrypted session: there > > are many TCP retransmissions (I was capturing on the FTP server's side, > > so there are many segments with the same sequence number). How would yo= u > > explain this? There are almost no retransmissions in the unencrypted > session. > > > > All this is happening in a lab environment (one bhyve VM is an FTP > > server and the other downloads a file from the first), both VMs are on > > the same bridge interface. There are almost 19,000 packets in the > > encrypted file vs 12,000 in the plain file, I think because of those > > excessive retransmissions. > > > > Could the retransmissions be some artifact of the enc(4) interface I wa= s > > capturing the encrypted session on? > > I doubt it. And I can't explain this, but maybe it's work of PMTUD > Blackhole detection? > Look at sysctl net.inet.tcp | fgrep blackhole_ > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > --=20 "Well," Brahm=C4=81 said, "even after ten thousand explanations, a fool is = no wiser, but an intelligent person requires only two thousand five hundred." - The Mah=C4=81bh=C4=81rata From owner-freebsd-net@freebsd.org Sat Jan 18 23:35:09 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A83542362A0 for ; Sat, 18 Jan 2020 23:35:09 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 480Z6P19F5z4Ytd; Sat, 18 Jan 2020 23:35:09 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (c-73-225-95-104.hsd1.wa.comcast.net [73.225.95.104]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id 00INZ4v9094318 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sat, 18 Jan 2020 15:35:05 -0800 (PST) (envelope-from julian@freebsd.org) Subject: Re: IPSec transport mode, mtu, fragmentation... To: Eugene Grosbein , Victor Sudakov Cc: freebsd-net@freebsd.org, "Andrey V. Elsukov" , Michael Tuexen References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <20200116155305.GA465@admin.sibptus.ru> <55f7bafa-24c4-9810-0d21-f82cb332ee2d@grosbein.net> <20200116160745.GA1356@admin.sibptus.ru> <72355e03-1cf8-c58f-3aec-b0a21e631870@grosbein.net> <20200117093645.GA51899@admin.sibptus.ru> <70b0b855-189b-03c2-0712-fc1e35640702@grosbein.net> From: Julian Elischer Message-ID: Date: Sat, 18 Jan 2020 15:34:58 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: <70b0b855-189b-03c2-0712-fc1e35640702@grosbein.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 480Z6P19F5z4Ytd X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [0.16 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-0.71)[-0.711,0]; NEURAL_SPAM_LONG(0.87)[0.869,0]; ASN(0.00)[asn:36236, ipnet:204.109.60.0/22, country:US] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Jan 2020 23:35:09 -0000 On 1/17/20 1:51 AM, Eugene Grosbein wrote: > 17.01.2020 16:36, Victor Sudakov пишет: > >> Back to the point. I've figured out that both encrypted (in transport >> mode) and unencrypted TCP segments have the same MSS=1460. Then I'm >> completely at a loss how the encrypted packets avoid being fragmented. >> TCP has no way to know in advance that encryption overhead will be >> added. Using multiple routing tables we could add a mechanism to the ipsec code so that encapsulated sessions are referred to one routing table and that the "envelope" routes are referencing another (specified in ipsec setup) routing table.  The two routing tables would have different MTUs.  This mechanism/framework would also be useful for other tunneling protocols in general. > If outgoing route (f.e. default route) has lower MTU, kernel should respond with EMSGSIZE > to TCP's attempt to send oversized packet when PMTUD is enabled. > > If PMTUD discovers that path mtu is low, it should store this information in the hostcache > (see sysctl net.inet.tcp.hostcache.list) and use hostcache's MTU for same goal. > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >