From nobody Mon Aug 19 10:05:02 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WnSrZ21dsz5Sjtm for ; Mon, 19 Aug 2024 10:05:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WnSrZ03q9z4N6Y for ; Mon, 19 Aug 2024 10:05:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724061902; a=rsa-sha256; cv=none; b=LTQYyZ6qdqT4kZDbu6pxksZix4vpgeULdQvbwZQQQEYeUp8bQF9MyLha/WKp8gqfkC4nqP qBvSGnbjsrcdHRYlBsi8UjWXgKhk6B5XSRv95E+loMC1m62t4lvwV274iYai/+UOLsksY9 I9enADW9s1GyBhBoWuhj4GUv9c0RfSTTb9iYLz1Vwb7OfkqJ2ELZ5awTKvkQa76RcPLk2w IUWDq6XZTB4twcDFmbdfE6e4qKsFAOB66HdeRlo4baaMxH8WdMIjWhQWcpzE2w2+6Mr5Br f978RO6NLVpnDxAsLpdir/3o/KpEab1wjpqJeHK7f18vOd/fiyeMu099f9vL9A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724061902; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=u8VKh9DA7dOj6aN5ziloziAR2DMTHMUXQPZf9gUjfo8=; b=o7bUOIa5o09t3wEpoo7ae1aN6lEerPTCFl8jpbiPF2MXjS1RSiNhOTxJoQYibzTLtrJ6d5 +ZOsl2R2PRvLLpcAGFZWM517TIXtYwaXrKFCvHesqAdxlVyvlSEfuPSSJkHrRfXRyZhKE7 h9P0ZoxqvdZ7iaIOi/MZHXdbQjM7ftcCsSIYZdX6OIMSOjmJMFPnMIMqDGvBU9zt6weMbe +obxpQnfLRi+CdYIk9hMu0jAtjEGTV5amdjk9HqpiVeMurpscHc5/83luHtFUYg5gXygLe JlbkGRUZHrrtlpg71XGmTacnj2z/iCZvZE7iYJgyhuK5L8jz7m9Tt1Di3nVSZg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WnSrY6nb5z1Bmw for ; Mon, 19 Aug 2024 10:05:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47JA51XC000796 for ; Mon, 19 Aug 2024 10:05:01 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47JA51pD000794 for net@FreeBSD.org; Mon, 19 Aug 2024 10:05:01 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 103135] [ipsec] ipsec with ipfw divert (not NAT) encodes a packet twice breaking PMTUD Date: Mon, 19 Aug 2024 10:05:02 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 6.1-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: Overcome By Events X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status resolution cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D103135 Eugene Grosbein changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Open |Closed Resolution|--- |Overcome By Events CC| |eugen@freebsd.org --=20 You are receiving this mail because: You are on the CC list for the bug.= From nobody Tue Aug 20 01:43:32 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WnsgT0Dmxz5TyX1 for ; Tue, 20 Aug 2024 01:43:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WnsgS5gj5z41dc for ; Tue, 20 Aug 2024 01:43:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724118212; a=rsa-sha256; cv=none; b=Dxzl10TanbWDke6FdZx8G/7pCrVOTegj17eLZwRvf4CrIyGUZ+W30f3kIKxRcBBENoNwkK WTY4lVn/o3guo5uSjAFDQmmSRXmMBAx7IrY2Sx31BF/MuGtQWZyuoeR+H/lLe5yCtsp/UH xrfNPCV0eJ+4EjlihA4nS79Xqj2egk51EP5AlLz13iZ/0L3w1QUvuE33h6FLQbLESb4Cmy 4bk0HwpMf0d2q+/eOVwDrG5KHbGuZ+OK37y0m9rbzfspkpRBlL1jR5Mfe5u5KnTAAro8H+ 4gaeuQiwkbGRP8bJ68NJIw1ndp95QdTSU/fAMi5teDCnVCD3Q9x7ZUK5TjayyQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724118212; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Z0CkfrcpVS3zEUmY2oFgdInDx39rSrFhVNtKhSzZpUg=; b=Dd0akz4L1cvHsBy50lhnd1zXCDftgX1gfP4JF5Rz/L/Dkj22KD8ThGUJOaB7INBMvsQD7z yxBX5pIRZxafD9mGdS9vm7GDDosN9Kmcq9QgyZrEXehLc8qDeuTVrxEprQts8EqQHCedMd cRAjkx4zYHahTvr1LjkKHnRNUCMqoNS7csXb/UBIeLs3OfbkFFV6/W/7FpH/+iWv4Q/3mC 6onMVeR0u1RBQS/y0hFuTm5OlGk3CdfJ2Sr1u7nliPU5hQBZMDkLYfUgiKvcSmJjBQwQmK 2qE3s6LsAZ1NoFPcSAyX3b2Qgrc7jn/ijIU5Gjgebm4iXCE/KmvYue4NtTpMmA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WnsgS5HNczgf4 for ; Tue, 20 Aug 2024 01:43:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47K1hWCU085867 for ; Tue, 20 Aug 2024 01:43:32 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47K1hWG9085866 for net@FreeBSD.org; Tue, 20 Aug 2024 01:43:32 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280097] Warning printed when FIBs are expanded is unhelpful and confusing Date: Tue, 20 Aug 2024 01:43:32 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: zlei@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280097 --- Comment #15 from Zhenlei Huang --- (In reply to Jeremy Cooper from comment #13) > I am reopening this because the main problem was the content of the messa= ge, > not problems about when it is displayed. As it stands, the current soluti= on > still retains the CONFUSING wording. Ah, I think the original warning message > WARNING: Adding ifaddrs to all fibs has been turned off by default. Consi= der tuning net.add_addr_allfibs if needed says exactly what it intends. Please note `Adding ifaddrs to all fibs` is a feature although it is not highlighted in the warning message. I'd admit th= at `ifaddrs` is more a developer friendly word, it refers to `interface addres= ses` exactly. > I propose that the warning be changed ever so slightly so that the user c= an tell > 1. When it was generated (when net.fibs is adjusted) Now only when the first time increasing `net.fibs` and `net.add_addr_allfib= s =3D=3D 0`. > 2. That the warning is a reminder, not the detection of a problem. Emm, the message was introduced to be a WARNING, exactly. And a WARNING does not necessarily mean a problem is detected. In this case it is something important ( a noticeable breaking change ) that user should be aware. (In reply to Jeremy Cooper from comment #14) > Pardon me, that was my old wording. I think I proposed the following in m= y last round: >+ printf("%s adjusted to %d. REMINDER: " The `adjusted to` is redundant. When doing the tuning ``` # sysctl net.fibs=3D2 net.fibs: 1 -> 2 ``` The console should print the new value (by default). >+ "Interface addresses are no longer automatically a= dded " >+ "to additional FIBs. Consider setting %s if needed= \n", The `additional` is not accurate. If so then what is the current FIB ? I'd prefer keep `tuning`. I think it is more natural. We are tuning a sysctl knob. >+ "net.fibs", >+ num_tables, > "net.add_addr_allfibs"); >+ If you insist then I'd propose to reword `ifaddrs` to `interface addresses`. The message will end up with ``` WARNING: Adding interface addresses to all fibs has been turned off by defa= ult. Consider tuning net.add_addr_allfibs if needed ``` Is it clear enough to you ? --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Aug 20 09:46:29 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wp4Nk3R84z5SmYd for ; Tue, 20 Aug 2024 09:46:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wp4Nk2Nnkz47jd for ; Tue, 20 Aug 2024 09:46:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724147190; a=rsa-sha256; cv=none; b=HSF/Gcy6fm62eVvz/cgmfgeX0eNnl00shBTIB4q9d6riII/B8eEbN5Y8W4vF+0+/8UVmK4 +myvDU6bnE2aGkNPPLXQOHEuUFRFgE/sQR4oOB4Vg8zsrzGbSjk7icvcIwL48LIMXCwHFJ 8LxtBk275/vYC91UTjEctqP2JTT6IFKZqm/LQX2aAUGDKYwAEP3C0AHq8h+vj1r1iE70mB WVCV92Lc4Z+kkXLoGb8zclkYRO0dmYb6JWWju/xxM2F3HRho320Q/Uz6Wjbu6Al6GJBH0V mg5uRwvQG+oe1BokdykWnOTrL2mznIMjFH/8AYAOIcdEPrxC2SW29U1PzSWOAA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724147190; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9TC/MsJp53fk1XTzPr5OlzNh83SSLLp/HAMwy5NZ3PY=; b=kvOidmBdijzSLF233taXdLE9bQJfDxwq/u+a74huVtW11+W6AhriAMGclkWpiCJ55qKr9/ d6lsBmYZsSR7XzmDCz8pmgZJ/xLaaQ5YIkM4PRBULDXOizdmNlo8jKJCP7IsazOnOA2Dm2 tPvulpQD5G9soV57cMQ+DuJvdfigSbwDOzV1P/zkZPd16wEaXJ3kG2GdYKbkWTozQFRe3s q5Bxc+4RYIM8Qfvp0Gde+4nYN1R5sTtdf9pHSTlJojF4EDSghQ9seBGOhWeRwXEfpLbFBz SWecr4xxH0pGbb13jFoJCrOR+Ma1qrvE5YL3gEEdxnlDpbAxcjbHcDk5yuF1pg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wp4Nk1yhHzvYS for ; Tue, 20 Aug 2024 09:46:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47K9kUVK037870 for ; Tue, 20 Aug 2024 09:46:30 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47K9kUM8037863 for net@FreeBSD.org; Tue, 20 Aug 2024 09:46:30 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280871] dhclient run from netif without taking fib into account Date: Tue, 20 Aug 2024 09:46:29 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: 14.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: tatsuki_makino@hotmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280871 Tatsuki Makino changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tatsuki_makino@hotmail.com --- Comment #1 from Tatsuki Makino --- For the past few days, I've been experimenting with settings in similar are= as :) Since the default gate obtained from DHCP is not set in the fib, I think the workaround is as follows. Write the following chunk to /etc/dhclient-enter-hooks route() { case "${interface}" in vlan4087) command route ${1:+"$@" -fib 1} ;; *) command route ${1:+"$@"} esac } --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Aug 20 14:15:27 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WpBM55zwmz5TCKH for ; Tue, 20 Aug 2024 14:15:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WpBM54rFqz4jvY for ; Tue, 20 Aug 2024 14:15:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724163329; a=rsa-sha256; cv=none; b=YbBD01zdnHgqEEJooNcZsZHy0Sn4JdwhJ7uxzs/0Vhhp1UxofL000vbTWroWpL0kLRkOLi GQOs+Dmkj2tMvg97gA4xs7jjeRKvIst93+PVp3JvbxlUUnVYFZHG9T/F8xKcxMRQlgYMmZ 0XBVzAlrzQVj2N+rdDMWfQ9GOjpbdczecw+hn3AlWTT2aYeig81gQRn4t0zD+zaHnrmQUE fmUoHP4RAPHltoqqA8+AWl+C4cLvFRdw9uDbRjw2KFhQWBVqQ1+/RF5fdGRdNxBHbjQoOf NgyDpjJZxzfqh0pQ76LeSCI6YufRcoH86dXdq8/rPBWS2Atg/HgP9TaXIjwhpw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724163329; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iMUHOjWt3pxZluhDbkYfu2Wdw9bgkSzQsBKreo+zGb8=; b=N0Fa3nI2WyrghZQP+yBTAoc3Rt8b93aEqNKadChNXhJsUXo9Fg8W9eSW8Ct+DdIH11xehF rpkxbeTwaqMFtoL7Rn23QehLBNJ5rKcVYkq/0T5My7KFb3/rTD2TgIIcoNq/P+WDfa5Xup 5WL6TrAquTKWynLmv3mu2bIkOa7kYYFamM4Ts5GlvUc/azI/PJHr147KXPVkMuclK3kyRH xeKZDj/qqW++jVxKjlLi4EIipkr1vtvLxeDM+rlEy0KJz+4mWc5QtSpM/0whRsbDB5smlV zpb7P9I5ZozN19QC56vSp1Z0sZpTHOAHZs9CrOD+HaiOmcnVvxbJ3Xv5YzRqXw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WpBM54QDqz13mS for ; Tue, 20 Aug 2024 14:15:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47KEFT06081410 for ; Tue, 20 Aug 2024 14:15:29 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47KEFTnZ081409 for net@FreeBSD.org; Tue, 20 Aug 2024 14:15:29 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Tue, 20 Aug 2024 14:15:27 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: franco@opnsense.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #21 from Franco Fichtner --- Both extra patches combined look promising. There are some conflicting rep= orts on whether they fix all edge cases: 1. mtr may still have issues. 2. IPv6 ICMP ping packets appear to be dropped sometimes. 3. Client devices (Android and Chromecast) disconnecting sporadically. Both things are confirmed working on kernels prior to this SA or when rever= ted. In the spirit of moving this along we will ship the fixes instead of reverts and will be happy to assist with remaining issues if they persist. Cheers, Franco --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Aug 20 14:21:48 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WpBVX2S97z5TDTQ for ; Tue, 20 Aug 2024 14:21:56 +0000 (UTC) (envelope-from franco@opnsense.org) Received: from EUR02-AM0-obe.outbound.protection.outlook.com (mail-am0eur02on2096.outbound.protection.outlook.com [40.107.247.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WpBVV3qSJz4lmd for ; Tue, 20 Aug 2024 14:21:54 +0000 (UTC) (envelope-from franco@opnsense.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=deciso0.onmicrosoft.com header.s=selector1-deciso0-onmicrosoft-com header.b=fMZVSWRV; dmarc=pass (policy=quarantine) header.from=opnsense.org; spf=pass (mx1.freebsd.org: domain of franco@opnsense.org designates 40.107.247.96 as permitted sender) smtp.mailfrom=franco@opnsense.org; arc=pass ("microsoft.com:s=arcselector10001:i=1") ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=nFveSwJa/fRVe1PylWNUj/qCa5gh5D+JbAm+5fApwLGoGgyKAzpNIGhUdeWbZ5gC4B2jfzlOJlJwS2gy0TNjhgATdIKXsRxZD/oj7QvG6j4LehwdjKPwYAjSBO9wKXesfTmXyTeC0h/8DSojjF9i+Y3qE5U6ZrjJCfTAylNt40KkfGHGbzNb8iWGzo1/FbU56GTx3LaoQW7j23e34X9/Uil2/ed+yaY951gxxo/QBK9kS8WdLdrf687O6wUdOM/ybyZIliEB6kJd7nrdKcfUkKPc38CXnNRln61zA0qo74/K9d/kybAKSKOAur4M1mSf32qsVkG6tyRz2cyHrxsPiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=65RaIjcUb5ytw4dVb4lJDG6bIY6HsjFgytRiYmY3Bms=; b=n/yYqsqX85SOK1tgQkN+Y1+fQRfjGSlMQbNHoKhAXd9AYkX/QH+KDyQaYhfhiBnfmVWA1c65woXXXImL1NuosJxtVpa7UnzSqJpD2SkesSfbc4fp0WFbCD/V0m+7kQ3F7XZL4/4t/9F+MxfFHgpxfMrBom+7uNIYn2q50tsIn3AQgBNQOiIEQZ70cP0xE1tFXze0hJMgnK/AfQMH8r7PfSyd43b+NG/Xlaio901NvpQ0DKz4dFX0k+EGM5k+78qSOzCVfy+iVVVaEo7jirC1FU/TdZHMXka0XOzjcK/qHWBtcTkVc2OMsvx+ty9mwtbbGE21PdcLsySUWwPF5OpaYg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=opnsense.org; dmarc=pass action=none header.from=opnsense.org; dkim=pass header.d=opnsense.org; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=deciso0.onmicrosoft.com; s=selector1-deciso0-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=65RaIjcUb5ytw4dVb4lJDG6bIY6HsjFgytRiYmY3Bms=; b=fMZVSWRVw/YXpUzA+B/1i7PSCQgjz23/2KB6DRsPHuyYiljs374qPSzda4EI9XocIBhMj6tC4WcINlp5432c9ofBvrcearPc7Q0+mH0z+MvyAyPwfkUwXK5/9pEgp7Eel/5Wi6eeBDN2ic9sLOnI4mWGsZZ8dQ0wjB2DR+8U4Oo= Received: from GV1P193MB2420.EURP193.PROD.OUTLOOK.COM (2603:10a6:150:27::11) by AS8P193MB1399.EURP193.PROD.OUTLOOK.COM (2603:10a6:20b:393::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7875.21; Tue, 20 Aug 2024 14:21:49 +0000 Received: from GV1P193MB2420.EURP193.PROD.OUTLOOK.COM ([fe80::1c3b:6e9e:ef75:ff71]) by GV1P193MB2420.EURP193.PROD.OUTLOOK.COM ([fe80::1c3b:6e9e:ef75:ff71%5]) with mapi id 15.20.7875.019; Tue, 20 Aug 2024 14:21:48 +0000 From: Franco Fichtner To: "net@freebsd.org" Subject: leaked igmp packets on multicast cleanup Thread-Topic: leaked igmp packets on multicast cleanup Thread-Index: AQHa8wvbAknTNPQiEEKuJRqOXjsPIA== Date: Tue, 20 Aug 2024 14:21:48 +0000 Message-ID: Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1P193MB2420:EE_|AS8P193MB1399:EE_ x-ms-office365-filtering-correlation-id: 0bab29cf-72d5-4960-dc2e-08dcc1236da7 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|38070700018; x-microsoft-antispam-message-info: =?Windows-1252?Q?xACCi4rSErRKOXDGqc6P1mbAcjgxYa0XkZkoF2UyuHoNJLJK7+lrh7L+?= =?Windows-1252?Q?/CfwlzmCG1D8qxu2DqVdkGLO7qwZYRVbVEr0lfwX43Sx3jqbEXOV1Db+?= =?Windows-1252?Q?CoxpJMphTPRJ6zt/2krFr0u2daknd3E2qwNKJE3JNfDS4ysbXijQlDLm?= =?Windows-1252?Q?eX2LSDepDVN2sw6XKJiRCokL+JA2mH9T0SqQderAK2oYGTTfpMzeXziT?= =?Windows-1252?Q?lyQed1fXZqEjvrrOcSf7GvJkoYUmrv6MYw9wspLgSKAsc2rrUcgf06DQ?= =?Windows-1252?Q?73tLGaCWyq7CMn7V3gb0WKGJapQhgL+1II3WkGAPJWhgf/9sn/9uRKGU?= =?Windows-1252?Q?OkJnK0l9/r1mVU+17HCdPXkShBvoQjdFkrpoScTOvMhhymq5qEBFtT4h?= =?Windows-1252?Q?zl8QiEWbwUhB/c8SypC6sodCH5CBJbtE6cXODDGhlSdANpZZG45pkl1l?= =?Windows-1252?Q?x6Ztc6BR+YH5Zm7d08xBX4FnBPFxOJRBTMzhFjUaPWtvsaaeGzewcEpr?= =?Windows-1252?Q?BFMBex2U5CB81FO+R1MKCAVIUQQG2Otd/wYYWnH9P6rLEO2sLj1QhJ0L?= =?Windows-1252?Q?dc1iWecAdg2a/iU6A3vbRhNd+q1VeTVklkvYZr1Qrdr2kxGUsDFLShsq?= =?Windows-1252?Q?k8slVGHEox2L7Y1nN7iqwC+CNCxba6Nzqe6968cG7Df8b8rq2XCNw8eX?= =?Windows-1252?Q?FEc2hpIbSyzFh0UySRgZ21aW9OT1wFZuC0RUNGQy5O3JlkqJzqgIZhOE?= =?Windows-1252?Q?bCBUmGUTzaOL1XTnYaUGVzmypert1iz5SOtHWLi82SO1y216JlhwMfaC?= =?Windows-1252?Q?Cbn2WZb/5uELNPOEemyksUE5cdrpPGyXvKGM9E5QH9qYy+TV0oWWdVzr?= =?Windows-1252?Q?LEYNWBccOBN1sWuz2au/sLFDiriYTBNcL9cSkoGlewsySrlyJdL1YxH3?= =?Windows-1252?Q?Hm2fJeZSTgDVO3ySrUWaPXHq4jZ3Mddo+bMYh8qkqCbSv3/QzZphCPyU?= =?Windows-1252?Q?s0cpRremhAfZUdUuwUTNxDwG4TgYei3AIt9Rp/Bd/kQhSeIjdIsC/N1H?= =?Windows-1252?Q?S8ReLjTH4FMpStaCKntxPZLCnhD0mwenQV1nZ/oXYJGM7xPTJGfD2Iwm?= =?Windows-1252?Q?bYpqDopvK1xKoXtOCCPbnjsvkGoXXL7+n/jTmknVwW12vlz+B+8QpgNN?= =?Windows-1252?Q?Cw6dEJ6sfhQWKXSa+VMc6+6eleDVY6cswkJw8STQElCawog+NsO0GGe4?= =?Windows-1252?Q?rMTQ8lBG7bzgJrgWWUt0Nb1Kpxjn9NqWgqS4Z1Piv53eJLyUZDnf+5Jt?= =?Windows-1252?Q?m03BztCUeRaIulFLepqfT7tNh/PeColEW694px1bRhW7Wq/ktTS6gk+l?= =?Windows-1252?Q?0nhGlydM4ho3J+SuhBdwzvLlzKjbkRXoZ7am+mak0Ml2k3H7/j1la1l9?= =?Windows-1252?Q?qeDwIcrfgrs3ZjiG3KfIkl9DM9SPYUtIsIYaJ90Dnx8=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1P193MB2420.EURP193.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(38070700018);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?feoAByOCmS5GIppF2N/oa6qZDre/VIMbP35LmckEFA8GcXY9UnPUFmgB?= =?Windows-1252?Q?l7DHVlutRYOzYbdnR03GJr1bIX3KJnbz8lYaH8An/LGYqmjB3RuFqan7?= =?Windows-1252?Q?aI5te8QD9SjAchcA8CyXMqCswZ81t2Vpy75bvlNtd+qZ+VtSSUe7OObT?= =?Windows-1252?Q?inaa+25/9zTEhwCHusibgrF4s/uGd3bRxjOGQeZsdNEDqT3ovQCMHygL?= =?Windows-1252?Q?m6sp1kyz8BVdQHwSo53QEfpcsq2GUj48Y9yLl6h+xNS/DkaLL/7IADBW?= =?Windows-1252?Q?vnakHA8UcB7XlMKMiiF912MtJOCWX7jDgroDH1/W2+fmeVylT0cksStx?= =?Windows-1252?Q?hyUhWO+YqTx0ppkKTPmmZNeQ5lse9QCxD8Ic+b39CiBHdFbGKIbqyXMY?= =?Windows-1252?Q?6sH94X0QS2LRem6v0lbyJq+7KwxqZoICiJjNK7y+OvpuG0kRmIsPz7TN?= =?Windows-1252?Q?DTmG95BGT0KeN3xY1nlha4fFHAbkbnYyt+/7vZuj1o7IKZ33Ez/ZIbd3?= =?Windows-1252?Q?CKMvspG4DpCYoCVUBFU1ceq+hBxf4vD5UY3qMPzA/3uJoasFlQyalIsm?= =?Windows-1252?Q?/imUOQlqxhIp4MrzpVJp0odIabtEywbdHgjL5LIUGKrW0H3CheQ4RHxG?= =?Windows-1252?Q?YNZgxupWYSYQzSsrVuF2fHVgyH1Hhlv+7wWN5tXpMGS/HkB+NGnpBYGu?= =?Windows-1252?Q?CleJVpkyu7Q2Gv+arrmRAj/4JAA8zPl6SwPSRSssqKhjOQNhQKFWdMUn?= =?Windows-1252?Q?b4LtaV+O6Fql5dSSFN9Y3LBq9rfADCMqtt60rY91XQoIbYRgA7ruxYso?= =?Windows-1252?Q?bqhx8JYTkxjNPQlrf3o/7kdmu0UwI/hp8nXmU45SgwsT2jY05/r2F4sk?= =?Windows-1252?Q?QTU4EEIH48hikkViYBCGU/FVRYU6hLEhNpQYhsqNlJUMjO8kkdt9yH1f?= =?Windows-1252?Q?0zdjCNvqeS21kdYCt6Xm24U9dFyjr7aUP2dfGdGQLhIQw7ZJrHhS+ClL?= =?Windows-1252?Q?4CjJtad1HvuAWlI8Z7V+J9U+SnTtkuRtOURI5cAROpWYsIcMd6qMlYct?= =?Windows-1252?Q?zUFk9xy/ZeNOzxjkleUq1ydHrn9rfZSYHAx/QDn1lqk4PqQHx71krh8r?= =?Windows-1252?Q?WYKTAs6e34esQDqfvoyczbxIu/wRH8RJfOOHcYA+5Z/AYPsl0Y0oN7fK?= =?Windows-1252?Q?a/tFsGcBuWJCA+D50bL3zlbL5b/HgyU8VQMqqEO3AfpNU9yhwmrDj3KO?= =?Windows-1252?Q?qgtWGDQGICmDCkfNsUkvqxa07TB0EgDVHenyrKdVnma1DNE1SjL/KPbd?= =?Windows-1252?Q?EUZ3zV6CHjr5EhsDC6a4QbNBxJjlYNMSzyGPcEpTnN3Xc7dn/JEpWWa8?= =?Windows-1252?Q?GuP2SSlDQou7DmBVEGeElWRLyLVibqCjmlGAEq5RSeWbOVXGNH12osGh?= =?Windows-1252?Q?Pbu02AG4UmdytEBA2im2vqGBeqRDRmybXLkbn257PiJY0/XOn3n5gZSd?= =?Windows-1252?Q?t/eOkItOfFC8nvvxDL1UoxE1XJjYVHqn3o7Fqw/XvlVA6YJ/FQDvPV3m?= =?Windows-1252?Q?huJa1LRZhnMnud081DUwU9vPzE4PLsKmdEmKiCUPFTm3Wzt+uBpxElnh?= =?Windows-1252?Q?I7R5s1BzUCx8+sgkXB4oIP0rPdsSv1vtIGUbUt26ez43RowEaKFLGA5e?= =?Windows-1252?Q?dhTmXBQBd/CaV6JzY/3rAhg4LczPUOurJARzuQc+ZCYWl9bjMN30qA?= =?Windows-1252?Q?=3D=3D?= Content-Type: multipart/alternative; boundary="_000_GV1P193MB242075F91278FFA11EFD667DA68D2GV1P193MB2420EURP_" List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 X-OriginatorOrg: opnsense.org X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1P193MB2420.EURP193.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 0bab29cf-72d5-4960-dc2e-08dcc1236da7 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Aug 2024 14:21:48.6944 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 0035f53c-6fda-4dca-a17f-cf54bb21f5b8 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: i+fb4yDRYpni8SM4MnPDnd51OMIIBtywFLvRn3ugGW3AILTX4SlBf2f88B2T/2TCFrBJuy/QxdCFP0f2uzEJyA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8P193MB1399 X-Spamd-Bar: ---- X-Spamd-Result: default: False [-5.00 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector10001:i=1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; DMARC_POLICY_ALLOW(-0.50)[opnsense.org,quarantine]; R_DKIM_ALLOW(-0.20)[deciso0.onmicrosoft.com:s=selector1-deciso0-onmicrosoft-com]; R_SPF_ALLOW(-0.20)[+ip4:40.107.0.0/16]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; ASN(0.00)[asn:8075, ipnet:40.104.0.0/14, country:US]; MISSING_XM_UA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RWL_MAILSPIKE_POSSIBLE(0.00)[40.107.247.96:from]; MLMMJ_DEST(0.00)[net@freebsd.org]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[40.107.247.96:from]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_EQ_ADDR_ALL(0.00)[]; DKIM_TRACE(0.00)[deciso0.onmicrosoft.com:+] X-Rspamd-Queue-Id: 4WpBVV3qSJz4lmd --_000_GV1P193MB242075F91278FFA11EFD667DA68D2GV1P193MB2420EURP_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Hi, This references https://reviews.freebsd.org/D46190 as it is currently broken on FreeBSD 14.0/14.1 but fixed on main. I=92m sending this because so far I got no reaction from anyone Involved. It would be nice to get this on stable/14 at least. Cheers, Franco --_000_GV1P193MB242075F91278FFA11EFD667DA68D2GV1P193MB2420EURP_ Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable

Hi,

 

This references https://reviews.freebsd.org/D46190 as it is

currently broken on FreeBSD 14.= 0/14.1 but fixed on main.

 

I=92m sending this because so f= ar I got no reaction from anyone

Involved. It would be nice to g= et this on stable/14 at least.

 

 

Cheers,

Franco

--_000_GV1P193MB242075F91278FFA11EFD667DA68D2GV1P193MB2420EURP_-- From nobody Tue Aug 20 15:16:27 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WpCjT2VQCz5TJ92 for ; Tue, 20 Aug 2024 15:16:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WpCjT1RNqz4vpL for ; Tue, 20 Aug 2024 15:16:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724166989; a=rsa-sha256; cv=none; b=dEh0glKpIZWAb9rzZdiwjv0Yf+G3athwJRb9/BmJDcRKVl1AkAWRHISGAHvtNtEDO5Tq4q mmjDWEr5rf6bfBGj7GbZSMDrfHe7q4eFA2vVkQQHqilLYsOaZrkfPqoem1t5zn+crwbSxa SEPMJTGV4I+IIAAHSZaA2FQKkrE112npRezSSZHTfLyrBvZBqhNO+lQYGLgWcNOLa4wNL8 Ik+9InPdbXc//+EakXyQtluCxcA5oFI0ijra2D71oZa/gj3uY1U0q2fLWT1yzzqWKZ6CZR /ty15pYKVzTNTYf6uLqexekLlo3EJyt1WH7nCKoDXtfDSJjZIKywYWhhfWipXw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724166989; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sYUtLOEvERc4JGrR+CAsWvvV4zwy5UGAS6gr/IiUHCc=; b=YKPlSybp19yIJokDRzxj8pW3E+kGbFCmNOMPNKVJeYok1+uRIz7+bvSk9OWLMjLNTYyu7w wR/FW4U9GLzbNcJmqiDO2mvSdchY7vrTAaGx3B5V1dbOnMk8tkxgWGLXkN4pvc7uvNdVlw +/XuELHsY8z+RBrdwaXHgQjlmFHLIvYCHqIMOAF/ohWqfpfS/0plso5wqfUkyqrY7CZCyQ NiWswju8sCEH7TLB922dMg/PajmlOWNBmcIqm8mFF/AHyDLNDyykHLboreLCwmQobGDR1T qF8kKSZlHCa8C/DuqR7inZZx8bkdk0uYSvEPYnUuIDfm8MfI0zzzu0oXZu5xBA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WpCjT13tbz155j for ; Tue, 20 Aug 2024 15:16:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47KFGTlg033779 for ; Tue, 20 Aug 2024 15:16:29 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47KFGT4i033777 for net@FreeBSD.org; Tue, 20 Aug 2024 15:16:29 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Tue, 20 Aug 2024 15:16:27 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #22 from commit-hook@FreeBSD.org --- A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D46c4fc50d3012ca3c8756df243589add3= 6b70830 commit 46c4fc50d3012ca3c8756df243589add36b70830 Author: Kristof Provost AuthorDate: 2024-08-14 09:29:30 +0000 Commit: Kristof Provost CommitDate: 2024-08-20 15:15:10 +0000 pf: invert direction for inner icmp state lookups (e.g. traceroute with icmp) ok henning, jsing Also extend the test case to cover this scenario. PR: 280701 Obtained from: OpenBSD MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 89f6723288b0d27d3f14f93e6e83f672fa2b8aca) sys/netpfil/pf/pf.c | 21 +++++++++++---------- tests/sys/netpfil/pf/icmp.sh | 4 +++- tests/sys/netpfil/pf/icmp6.sh | 4 +++- 3 files changed, 17 insertions(+), 12 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Aug 20 15:16:32 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WpCjX6Drtz5TJC8 for ; Tue, 20 Aug 2024 15:16:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WpCjX4vzxz3whv for ; Tue, 20 Aug 2024 15:16:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724166992; a=rsa-sha256; cv=none; b=LWnDMmZcuWCq+av73ky3t7vYBAjQJ/0KNMf7jX2UfvCZkPailssvdCGYjPi4TCD+vyijeT uj2EI7XwU/IYeAXUYyoQaoGvJvJ0AYGWzaoMsR0cQg8Js6CcmViV8kwpReDs8LQ3VIMWIk ac9+EoRl878S5AGRTFIPzRESvvi/qq4MF1ASSOdc5aWThI1DNQbfcMlLj9PgpX0w536T+7 w6z24MZGK5qzkplU49HtlnZvsdA871Gg6qkNThifbk6CaBpVLOurwKCVK+ah5PSU5q3Ib4 FHuNeo50R9/0zNdTo5QfxgymcQ1GY47VJ2MZuNqP8SZVl2Ya5EnVHCWe5hcZwQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724166992; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gPe8QvTblEiVPwEHPZbGj8SurfP4Ovdt+8BIfiXq+1Y=; b=mrx9BCaB7dJ2gcWT3ivNJC5AnaolBQdXbwkVZ6qKwnTS4oh2+dctMbZL2wKHbvXtqgeZPb K7QW7CRmohbR/vUmYVudTRUnsGAKw1u7y6dFb90qqwEFvmcnlJ16Op+Fk0GnmF/xBxe4Tm OzwlNhCnqu32Zb7r9o9rtmWFuICC2iqC/Vr/XYjgG+oikuHHcng4c28dI7dhbCXiy1G1zT 0ZeR1RAJ9SHC9a29bdR8KDnQaRHlDZhZ67APq/B1roUIQcsGS+eqDQbir2huYe0CftGxJa HRFrWumGRCiVrJ+acrFOzaf6O2aKrp3DX19ATO3GraO2cC5UqP4lSk+GSOLRFg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WpCjX4MVmz15Hs for ; Tue, 20 Aug 2024 15:16:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47KFGWmL033998 for ; Tue, 20 Aug 2024 15:16:32 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47KFGWTd033997 for net@FreeBSD.org; Tue, 20 Aug 2024 15:16:32 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Tue, 20 Aug 2024 15:16:32 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #23 from commit-hook@FreeBSD.org --- A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D3455a02b5aed6f24f425b6a4fad4256fe= 74b13ed commit 3455a02b5aed6f24f425b6a4fad4256fe74b13ed Author: Kristof Provost AuthorDate: 2024-08-12 10:14:43 +0000 Commit: Kristof Provost CommitDate: 2024-08-20 15:15:10 +0000 pf tests: ensure that traceroutes using ICMP work PR: 280701 MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 34063cb714602972b6d985ad747fc8f66a8daae1) tests/sys/netpfil/pf/icmp.sh | 65 +++++++++++++++++++++++++++++++++++++++= ++++ tests/sys/netpfil/pf/icmp6.sh | 65 +++++++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 130 insertions(+) --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Aug 20 15:16:34 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WpCjc1f0Mz5TJV0 for ; Tue, 20 Aug 2024 15:16:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WpCjb3Z8Bz3wlq for ; Tue, 20 Aug 2024 15:16:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724166995; a=rsa-sha256; cv=none; b=vSXIFWE8nLZrne16dPwQryA+bCaQJaCilGrkV07xgQK7qVja/Xa4uE8akL7+gABHX4LmiQ c3Koo22FVrgt58lJlfuqxE1y1o0J2BnMphwEaNZBgi/f6EcSrD7Hz/He0XcuBT874SwFSk arE6mYDzc1tZoUsgH4yhb/R+Cb+6caSkaHtgr+kwWklqT/0exIpHp8A9Jvzq/wZyeMt12G yaki1hEGDR5nSOuZCe5A8mYq2sc5XStvbQfBi3WYVNuxMz6VjYmqsVIq3VFjt834J08PwY zczQ6f0WcZtibx8AhtPV5A1iLKjZqEzvgDB10WtIh3NNMKS1Xmr2hZL2nwfjxQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724166995; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=exlLXxnobJ0EGo88YdOYdEf5L2pi1f7Smkh0fu8WKVQ=; b=NIkD4NU9n9XYJsQiHmcMtLmgidht7tICOH+QKWJYUIV3Hy0dtfvWt9X3bU6OZ2C1d4xvtl PxOkjQfLGbSKJvn/H9tSwU7KE9wb3XI5VPKxaoeCYpSDBHE7ETjAhesCUUYXWe5BvUWq0P dZF7SI32XA2Am8wCgUwUr5Uiw4PN7orkPZxoe9blqQ6zVz8tRdRaX1KgEnjkOYuAccFLTn s7L+mI/+zzLIvecyvL6XdIex584HOZ6U+OQuyM1Xu1QqsRVK+UnVLH6zdMZPaSqMvVBDn1 aSC8p/bRt8X9SO6iYkat8O1QCct8r6ERxTfCeAJpZ8PdxeXTYZUxwQpVYkqRPQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WpCjb39l1z153M for ; Tue, 20 Aug 2024 15:16:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47KFGZUb034191 for ; Tue, 20 Aug 2024 15:16:35 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47KFGZHu034190 for net@FreeBSD.org; Tue, 20 Aug 2024 15:16:35 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Tue, 20 Aug 2024 15:16:34 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #24 from commit-hook@FreeBSD.org --- A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D27a1a56b0d2e6ffa6ab1de69ef84fe66b= 7fd41e0 commit 27a1a56b0d2e6ffa6ab1de69ef84fe66b7fd41e0 Author: Kristof Provost AuthorDate: 2024-08-12 14:07:35 +0000 Commit: Kristof Provost CommitDate: 2024-08-20 15:15:09 +0000 pf: fix icmp-in-icmp state lookup In 534ee17e6 pf state checking for ICMP(v6) was made stricter. This cha= nge failed to correctly set the pf_pdesc for ICMP-in-ICMP lookups, resultin= g in ICMP error packets potentially being dropped incorrectly. Specially, it copied the ICMP header into a separate variable, not into= the pf_pdesc. Populate the required pf_pdesc fields for the embedded ICMP packet's st= ate lookup. PR: 280701 MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 2da98eef1f352c496ffd458b4c68ddee972bb903) sys/netpfil/pf/pf.c | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Aug 20 15:16:37 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WpCjf4NsMz5TJLP for ; Tue, 20 Aug 2024 15:16:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WpCjd6sKQz4vwk for ; Tue, 20 Aug 2024 15:16:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724166998; a=rsa-sha256; cv=none; b=FQUDTXdALf1GLVDybq+DzMuc/ZYBkRxeEAJHcklVVAFgLV9NOtQERtyO8e2u6t1WGQdUmI DGFIrcdiSTIsfNYYBQQnk2UwGn9EaUwVbr2X1Tm6+aEeYg2ZS87ag0fa9rh5WOWm+cGkft Mwt8ShFFJ+8h2ILMtnPRNALkFyxme3yEJy30ZjF21LF17d7P8zzoMI9Xdh/YV6R4/7l0dp S7SbEzWrqfeOtns9zmW/R3377Lx3hSgxwfYNxUUZ/7yP9WGHsJDtYmCs4ZZVgabV+giXN2 ADaJ02kstvSrPrQJjcgc1SFnEhBGaE01RFR3iEQp/adrir2FJM38vJV44m1Y9A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724166998; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZDfs9xVKD2PjgBwmV1q98JlOxSySUDSf3pSKpv2FeLg=; b=vdoVCmwxbpR2mmsGiW40DUym/83UFoOV+FSOc8RlDT1Tz/jenIZk3XJbNu8Ic7rtLDoScf gF5A9w8VKfZiKmnC37EBRC6d9HIa+nrrNLNUzkU8dchaCJBkYhRuzTeJ71OXdBP7pcwRjO gRSMXY4n9HKo3V8vVEKOe/xK5NS/3VfGWXLpHhVnjlGvC5jm1exDNL3cSMWcqD/RhafaZo sBH03Yy+AkhJK7tcHgkhROAUioqPDQXLkslqN5wCvS2TAmnMWl/qBgMRFkZDQjKljNg9Nx bQsoOHGogtKfeLgO1SXEbfkbh2eRQBBUTvUIJQ0Zczg6ybmt4Q41fFTvj/l/ww== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WpCjd68qbz15Bp for ; Tue, 20 Aug 2024 15:16:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47KFGbtt034378 for ; Tue, 20 Aug 2024 15:16:37 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47KFGbx1034375 for net@FreeBSD.org; Tue, 20 Aug 2024 15:16:37 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Tue, 20 Aug 2024 15:16:37 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #25 from commit-hook@FreeBSD.org --- A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D5f3f07397a7909e8f9449d1aa0b465159= cbf0d60 commit 5f3f07397a7909e8f9449d1aa0b465159cbf0d60 Author: Kristof Provost AuthorDate: 2024-08-14 09:29:30 +0000 Commit: Kristof Provost CommitDate: 2024-08-20 07:25:21 +0000 pf: invert direction for inner icmp state lookups (e.g. traceroute with icmp) ok henning, jsing Also extend the test case to cover this scenario. PR: 280701 Obtained from: OpenBSD MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 89f6723288b0d27d3f14f93e6e83f672fa2b8aca) sys/netpfil/pf/pf.c | 21 +++++++++++---------- tests/sys/netpfil/pf/icmp.sh | 4 +++- tests/sys/netpfil/pf/icmp6.sh | 4 +++- 3 files changed, 17 insertions(+), 12 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Aug 20 15:16:40 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WpCjk1CnRz5TJVG for ; Tue, 20 Aug 2024 15:16:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WpCjj4KW9z3whc for ; Tue, 20 Aug 2024 15:16:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724167001; a=rsa-sha256; cv=none; b=g7zKjK9M/+/A7/M4ouGgAYaBaSgN21v1kvPYY61DI633E4MCLOVqRb7NFCZdpI0VExm6Jb 4+Gax41KcmX53+qBbENY7BFpqCf5Ua0UjjyDWB0ZnV6gQrM8/GZ9i75Anxo1F1ZWUDEA16 4REpLZ6KUkq44XSLE1hGZmTlXojIJhXN/yP6MQdgGwWkonfVSr5rU7vDsNQ3knpimCymdB 5tMnrz85qphl10ShNwisntpN8PlWZpXa9UXuQJ6ROS/dBN+qbM6x311yp55eiPcYwkpIN7 JIOJBhM8tO/wEa/ycNfNZ+dEK/UZxFojPQ2vdYpMlMGBGJ0/jHatMryfL8O0gg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724167001; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aXKTqKs0BJ+JHcbKNeCND2yza946Mjq7d5RKWJlm9zA=; b=mAuqOmsY6w1w4zKcobKN/VyExgmXTK4UQxUMYTvIs4CNJDvwo6bTIpFFQ2q/CYd5uHbkSy aEuWmDPWG7CTngHEPi44i5+hB1pYYBhaLV/tDvrfBvur7zdeONPGUgX/wb3EL4dgFE0tYV /dW7WCAXFgXINypwgO6hjHLur49DfPy3MEOJXpXSRIm93z0bPwyPOtaXWArjy+WAvMgI1m WQMB2fDmtw36iUOcD/Kxoe2DmP27qUS/wwUpb3qrvkehjQXifsfTt8O9WjCK/Hz+M6QkhU TRMiyFSsqiOlQNoq6eefeux0ai9sm3bi616hLFhRwtk8BJ180FInR1VIcal/5Q== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WpCjj3vnlz15Kn for ; Tue, 20 Aug 2024 15:16:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47KFGfLC034649 for ; Tue, 20 Aug 2024 15:16:41 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47KFGftQ034648 for net@FreeBSD.org; Tue, 20 Aug 2024 15:16:41 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Tue, 20 Aug 2024 15:16:40 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #26 from commit-hook@FreeBSD.org --- A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D0d8d4cc3ea47f1ee61d749b22b135eb73= c7d33cd commit 0d8d4cc3ea47f1ee61d749b22b135eb73c7d33cd Author: Kristof Provost AuthorDate: 2024-08-12 14:07:35 +0000 Commit: Kristof Provost CommitDate: 2024-08-20 07:21:51 +0000 pf: fix icmp-in-icmp state lookup In 534ee17e6 pf state checking for ICMP(v6) was made stricter. This cha= nge failed to correctly set the pf_pdesc for ICMP-in-ICMP lookups, resultin= g in ICMP error packets potentially being dropped incorrectly. Specially, it copied the ICMP header into a separate variable, not into= the pf_pdesc. Populate the required pf_pdesc fields for the embedded ICMP packet's st= ate lookup. PR: 280701 MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 2da98eef1f352c496ffd458b4c68ddee972bb903) sys/netpfil/pf/pf.c | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Aug 20 15:16:42 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WpCjm0HPFz5TJVS for ; Tue, 20 Aug 2024 15:16:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WpCjl5GZHz3wsH for ; Tue, 20 Aug 2024 15:16:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724167003; a=rsa-sha256; cv=none; b=lzYNP+cIp9TSHelF7V8ebAZPgENQJyehKIrvWtAjgjF9eI0aAMQkvhTjf0QnImgx1A91tM r4rtGWq0vmyuie0PrTBqUm29SJKg0rVlEQIp1Lj4Zuyal3XhqM32LSpywgbEiqAoZa7hTl Z2Vr0FLbf2l2exIIZcVqYh5/R9/Rll0U3cAefshdNN5i7i9niDtc1A+WjkuQ4qe4dwA7EV yi1g+5vsa7onWFDdYwr3i6QZYgplI5JOpa0QHCAsFkkxyUqZCCeHRUEnLj3ImFpPQRvF6L afzj8QY9TTvYhKX1gmMmoC7srscPXgAUqlglb0hMSTe4SSWSKa+xu5rtcjykNA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724167003; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lsD4DY4ef+v56rqMLu6mY/cKAKlggSbcPgsgPl1GU0E=; b=uIb3zxNtoQimPsXoI87rqyX+cZEiz6sMyByQRJHGKvqg2j/z4DVnoY0eE2rnbJf5MQig2e dKOV7HUebwPWmPeKAX+eP70aSX1SH4lR3RwHYeuQsy9n7c/JBHaOyZwcY/UT1uT38JD8IP d2ysWcVXBBW2A7v/RQC9eAghd6G5MgP2J85Ml4DJJ3Vz5dcd1ETS0ZCCPS7jAHSrHZiD3c jrNSwOh//ehAFQKqxWBADeLPcw8vW/3TJwnxbmGRBKMwk50unNNYY4E89LKIVeIqiUNwH0 1pDdcuZNXHxieXrID/mMbml7IeImOSOjGeEtHA4ujTlLzfFFU8d1Gdv3NPyzrw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WpCjl4v2cz145l for ; Tue, 20 Aug 2024 15:16:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47KFGhO3034827 for ; Tue, 20 Aug 2024 15:16:43 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47KFGhjS034826 for net@FreeBSD.org; Tue, 20 Aug 2024 15:16:43 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Tue, 20 Aug 2024 15:16:42 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #27 from commit-hook@FreeBSD.org --- A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D7024e1066d5aba76dbbc85eb191357da7= d32c619 commit 7024e1066d5aba76dbbc85eb191357da7d32c619 Author: Kristof Provost AuthorDate: 2024-08-12 10:14:43 +0000 Commit: Kristof Provost CommitDate: 2024-08-20 07:21:57 +0000 pf tests: ensure that traceroutes using ICMP work PR: 280701 MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 34063cb714602972b6d985ad747fc8f66a8daae1) tests/sys/netpfil/pf/icmp.sh | 65 +++++++++++++++++++++++++++++++++++++++= ++++ tests/sys/netpfil/pf/icmp6.sh | 65 +++++++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 130 insertions(+) --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Aug 20 17:31:53 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WpGjj3xM2z5TVhl for ; Tue, 20 Aug 2024 17:31:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WpGjj2hmcz4GlP for ; Tue, 20 Aug 2024 17:31:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724175113; a=rsa-sha256; cv=none; b=uVi3FoMVL4Vb+isl0YFdth/TFqlQZPBG+KBzR8GUP/UYlpSZwk+hv7bCbkUKHSrOvJPEHr 8pSGzm5hdhgY0iB+OMXI+7mmBaIJMsNIhpL++W+4qQFZZRm5TsI+9x1u799ZXvfMc/QrC5 6ZVfpSONoqNFR9o8/o+IpylWGAfJUGeijejUbnGYictueMG8j8CIWzg6grYnaIAB3cReVg dtDrzogjtmFd1yI4J5SQ+wGbvssQwxUbzgJd61Sm44m/9aQANZjtboORalYy48C7acQnyM zFvrIoCpgVCfZlsTNmPaPMJKownvLdeACjPIK7GiGRJltcP4GTRuXF2QenG9jQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724175113; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tJM7yXSQrRO2kW8g/HQ7hXLlTn/SNfVl5ey9tC/jw9o=; b=boxCVVjmv9FeB4dawacVcIv9Xfq8bgZIA4qx5yFJTG+LuPLuQfWwjMjZTnSdrRp9xyZH/7 Ybpa1bzjOUyOvdKpIWctMbHav4Hrp17As0uCbMy2DtrnGfXLZRasLaXNnJMj4CurwDxOi3 d+fa3NFMf+ev1rHZtveHreQoVrwmvbw4WKcTShKsgaYERIxrhsTu3lNNcv/8eHIYmDffie ylchSIjwKDTuJ1a+WHH8gmYgn5Te3Tzn0VV7St2e23WIA5SY+Pt+782FchIatLYR86pQEy Mp3v3SU32TaBXol0UEWQIA+Wh7sNwx9NvrTnXKtp06ITqq6vwkuXpfggciA6NA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WpGjj2Gy6z18b3 for ; Tue, 20 Aug 2024 17:31:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47KHVrQt007062 for ; Tue, 20 Aug 2024 17:31:53 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47KHVrmc007061 for net@FreeBSD.org; Tue, 20 Aug 2024 17:31:53 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280097] Warning printed when FIBs are expanded is unhelpful and confusing Date: Tue, 20 Aug 2024 17:31:53 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: jeremy.fbbg@baymoo.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280097 --- Comment #16 from Jeremy Cooper --- (In reply to Zhenlei Huang from comment #15) No, this is not clear enough for me. My issue is not with the word "ifaddrs= "; it with these two points, which I will repeat again: 1. The user needs to know why the message was generated at this particular point in the boot process. 2. The user needs to know that this message is a reminder, not the detectio= n of an immediate problem, and given just a tiny hint about how to make the mess= age go away. As a kernel developer it may be very clear to you why the message was generated. But it's not at all clear to the average admin. This message scr= olls by very quickly at boot and is VERY hard to interpret in its current form. The message needs to address both of these points. And to do that, it needs= to: 1. Mention that setting "net.fibs" is what triggered the message. 2. Give actionable steps that the user can take to eliminate the problem. My wording accomplishes both of these. I just ask that you still solve both issues if you choose to change it. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Aug 20 17:41:35 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WpGww225Kz5TW9Y for ; Tue, 20 Aug 2024 17:41:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WpGww10m7z4JyB for ; Tue, 20 Aug 2024 17:41:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724175696; a=rsa-sha256; cv=none; b=NEgqXgcVXk+fviKgMoX6snU3yYHl67Za383UinSQtFjteome9piWtencJYJk3H28xygzN9 JDpyQ123YGW9xFOlO6uIkpr/OlrB9ymO6DSLUtHK/T9NFj8D2xC0simFcntxD1XOtubWHt BkbcYnL47+jSXV8Bdy88tnQxZivgymh8a++ltM9FcAAGJE1hJ6A2T/sDajTlZq/ZCKtQNa 0KcU9FoIoEMJCBfH6YEp/NuDOrmYLzK+AuwZqbd5db29gIXv6KvwZNl38efuHdZ3jKKkY2 Zw0vcBcKSNLDzPFJ/LOaoWYtt7u0boNPLT2QLNYsUY7dcYTkfRO9SqcQQbtUmg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724175696; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TqXQMUOCnjnb5vgQ95IQYQDTA8MGG8nCF0UAPyPvpVA=; b=UqenCeiBNUHsi1XMJLJSsb4V13chyaseF3MFD1pBLVg/0XpdaWaZIbRsp4gz8/ZQyNZgBo NGVLl/kVlpz5a+Kk+UnFyGaNkEqb9wewwfHzTkQ2fG2YTlIFAAQVagHT9YChKIfcJnrq4R 7JLz/FL6IA6UoIDxuzc0krGGMFE6CuNOhQ4Atb/v7TWEUvSv6MIVmO7AMA9bK/mKOYYgHQ E7/Rd3qKX8fyZd7VIKdMXXAHim9sZzc7N2wE2V+JYiXET5uOQAmKN6MECPoAYxgIDtKAVs j9UWQ5BCBldmmD2WnO7r6RyaU5Xb0MNI9/FVN9rOEuCjM1vzRRP9awlUFnh/YQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WpGww0dGsz18qJ for ; Tue, 20 Aug 2024 17:41:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47KHfZWo045002 for ; Tue, 20 Aug 2024 17:41:35 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47KHfZGH044997 for net@FreeBSD.org; Tue, 20 Aug 2024 17:41:35 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280097] Warning printed when FIBs are expanded is unhelpful and confusing Date: Tue, 20 Aug 2024 17:41:35 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: jeremy.fbbg@baymoo.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280097 --- Comment #17 from Jeremy Cooper --- (In reply to Zhenlei Huang from comment #15) Also I want to clear up a misunderstanding you may have. You wrote: > The `adjusted to` is redundant. When doing the tuning > ``` > # sysctl net.fibs=3D2 > net.fibs: 1 -> 2 > ``` > The console should print the new value (by default). If you `sysctl` to set the variable, sure. It will give you immediate feedb= ack about the old and new values.=20 But what about when the variable was set AT BOOT, by `/boot/loader.conf`? My /boot/loader.conf is ``` net.fibs=3D2 ``` and it triggers this warning at boot. That's what has been so irritating. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Aug 20 21:08:32 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WpMWj6stpz5SdHp for ; Tue, 20 Aug 2024 21:08:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WpMWj3z6nz4kRk for ; Tue, 20 Aug 2024 21:08:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724188113; a=rsa-sha256; cv=none; b=YAIzDUPWzmWPUBvO8cM0zRtI7fQS+dmaedVHz9j5r8KB57/lmb7mWxxmkHlza9gi0UapNr ctI1Inow8M2yMad0Lv8qGHwPqI117f4XFLqrFN0Xn+BCHVxpRtr2Qsj8vt/GfKxBaUPxgM lU7J12YYbPubv616nxoA8DRisjAppQWuRg+nejciPcg7loTYyowRcTgyRAOttzXr7l4yqi Gr0l+obL+1PGTy6jzBqVVKKfLsQqKW8XcPxyzd1lxKopqBI0xDI6hYpuiImxDdRjCErJFg AduwBt++rIfc/kQT3KXXQPPQ/6IQbu9fPzbl2eSaV6u3Hi9NhMlTtI1dKgbqUQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724188113; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WgPXCWRiXZSBx5KQbq8UFoIxkHqoN9Q5rNRZs/qLjFE=; b=GFOKikmH2F/PiRUaZNHNDjeg9xxt/gHWpocxcOYbyZR9PUm8nlULo/4M4t3tXdjq1d0rFp iqia4+mhTsP59q2sa+bQM0savkmIa+25LCME4Y0qA98Oac+SrogV+O6bIixRsQxVM/zNlZ 5rFVQPbwHkuqJGiWKaGbWpmkIZIYow27c0Id4Z1yI2ccL+zqUr2bRVWlYAppQXKGvqCuAP fs1Q2ubjTWmP9f5pOySMKITR4XA3q+CzBkauvOXWaeDQcCC7A0uK7mKC/NydfwFRlunZG0 Sm5rCJ8oZmjTIUCsPVLxBA+72sc9eFoTZLgBSj01bfMV3aypNKC89ctprHI4tA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WpMWj3bXhzFtd for ; Tue, 20 Aug 2024 21:08:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47KL8XgL003241 for ; Tue, 20 Aug 2024 21:08:33 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47KL8XVG003240 for net@FreeBSD.org; Tue, 20 Aug 2024 21:08:33 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280097] Warning printed when FIBs are expanded is unhelpful and confusing Date: Tue, 20 Aug 2024 21:08:32 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: zarychtam@plan-b.pwste.edu.pl X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280097 Marek Zarychta changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zarychtam@plan-b.pwste.edu. | |pl --- Comment #18 from Marek Zarychta --- (In reply to Jeremy Cooper from comment #17) >My /boot/loader.conf is >``` >net.fibs=3D2 >``` > >and it triggers this warning at boot. That's what has been so irritating. I hereby protest!=20 What is this bug report about? I found the aforementioned warning extremely useful in the past, it saved me a lot of time when after the OS upgrade all= the jails lost connectivity with some parts of the network. Furthermore, I grea= tly appreciate the intention of melifaro@, who left this in the code. Today, af= ter a couple of years, this warning is no longer relevant and the code generati= ng it should probably be wiped not only from CURRENT, but also from STABLE, at least from stable/14. Cheers Marek --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Aug 20 21:10:33 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WpMZ14z9Nz5SdKm for ; Tue, 20 Aug 2024 21:10:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WpMZ13pJmz4lPx for ; Tue, 20 Aug 2024 21:10:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724188233; a=rsa-sha256; cv=none; b=cpDpBFqfTh9rlh3lg2rtI5flELteBgoqfvL5jBhX3/HxUN5xKgmlvBz8LCHINFd9USqW8Z rC43bo73XvOW3WJI5lKp5HcXfgqrRO8h3zhtpDv8ZTSlPJbGbrxfD4PDs1ymFJ4RiHYbZS qkUiSh8go9KvhIiXCtuwYJYASemZUub41SngzdjOD9XOAOxhM4jtDyaOEVQs4OKmFm0T5w p6oXYELq09baYMJpKZbjKvF8E8NBGQStKu7tAgChrX+zeLkklJre0BTjrFpPsDv6cMdFA5 eL1nNuLGp/6jCEYCseCvqJtNYJ0x0OwRshUA89/MBCdWxX0W6MiJcwwIiMR/Pg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724188233; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=U356mUNxHYQwKcjAqnf34gegvTAdWfTI/wyllHGO9Nc=; b=n6qRgC4fn/dE2EIRIcJ4EdWJ81NwpoIsguw8d+i+2ZEU5+DlY07USe/tDbSV+w2yzIiOsd PAOb0/ym6qJiAUq3ClPA8Yzk+ygYSFAPWw3i1j/yNSf7TCfVcRCUlr66AX82UP44g+ZB2Z KFAW8CqMsFTVgmRD5BDTfYME1IXpEz6/Apuoo5uTENscqT8SC57WNT18GJxPSivgBWhbbd SpWGIGvIXSaR/nVFbi4qblJD3aQ+wIAINAGEUrOEVId5HhjPln4+E45l6cs5pzf/hU+o+H 5KPxKeqrpOCkGa6jY2ykssss4Cdz3REOP+MUdEvc3QLwnZZT9O7l8putxamKhw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WpMZ13QTwzGH4 for ; Tue, 20 Aug 2024 21:10:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47KLAXK1009287 for ; Tue, 20 Aug 2024 21:10:33 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47KLAXWS009286 for net@FreeBSD.org; Tue, 20 Aug 2024 21:10:33 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280097] Warning printed when FIBs are expanded is unhelpful and confusing Date: Tue, 20 Aug 2024 21:10:33 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: jeremy.fbbg@baymoo.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280097 --- Comment #19 from Jeremy Cooper --- (In reply to Marek Zarychta from comment #18) > What is this bug report about? The Warning printed when FIBs are expanded is unhelpful and confusing and c= ould be improved. I'm trying to improve the message, not eliminate it. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Aug 20 21:35:36 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WpN6y5wBRz5SgV4 for ; Tue, 20 Aug 2024 21:35:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WpN6y4cvzz4nh5 for ; Tue, 20 Aug 2024 21:35:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724189738; a=rsa-sha256; cv=none; b=LhL4rIqe0tVA32RIR+cXLPvoDtXRv2Gk3euZiFIxToqZ/1VKXcFPGm9WryJDyi2ChHpcq5 Y1+OJv6RQGE3NynyANCLFxObTZTchHfHSk1nOMyEzv7p2/41uY96Fgk0+d3ZakE2rCY+HG TCRVK8tTvTCQ1pCwC0ka291lFsPcQKPdomsX+AdH3z36THERFDIP4wFWMpckUq7v6oGzTl tf4+MZ7pwvPanVcERcH9ccAMRo5rSVmdpI3bSe0YIQncxc86hWrgISlGiNYy4qgfpdePez LFQStLct6U6yEMmRfOeNllJkgaeNkolwUTRXj7QICWOl0QSshkcHtTd8JBopEA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724189738; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jJZF/NVmw2ROdZ/lZC2YZugIg7MO8s5j8r1mFfrpvzQ=; b=o1kwYv8/CTlGwKhlpORfE+P4KhQAUd+vqaJlgPWKUY33WDX2qRzihYvIGtFg/xAAhfDRJX xSAhcjs75oe1LtMrXODmioYUc0cCquF3w4mHQkBwrHOW7OruM27SWmAXfZm6lLBJhPh7Q+ c9u/WwGx3hE1reqMhVa3Rr6AdXz1pmP6Pa5AuJA623OyDmgqlFqzOBTQYZnluQ+5BMnCAC xGdwcKWfuEQD7sZ0tld/v88eKLnYDHJMW5Rh2/2WoeNdes65GWHKtuh7l8VtnhXvVp3/EI HbXIybBCei7zGgkVaJMFYPWx5h6iLpoWKGPjUxqpaHTaXbM/o/4ubcCX6EUCYA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WpN6y4BtjzGsh for ; Tue, 20 Aug 2024 21:35:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47KLZcoa013644 for ; Tue, 20 Aug 2024 21:35:38 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47KLZc0c013636 for net@FreeBSD.org; Tue, 20 Aug 2024 21:35:38 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280705] 0.0.0.0/32 is equivalent to 127.0.0.1/32, which may be considered a security flaw Date: Tue, 20 Aug 2024 21:35:36 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280705 --- Comment #13 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D417b35a97b7669eb0bf417b43e97cccbe= dbce6f9 commit 417b35a97b7669eb0bf417b43e97cccbedbce6f9 Author: Mark Johnston AuthorDate: 2024-08-20 21:31:57 +0000 Commit: Mark Johnston CommitDate: 2024-08-20 21:31:57 +0000 netinet: Add a sysctl to allow disabling connections to INADDR_ANY See the discussion in Bugzilla PR 280705 for context. PR: 280705 MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D46259 sys/netinet/in_pcb.c | 8 +++++++- sys/netinet6/in6_pcb.c | 12 +++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Wed Aug 21 07:45:02 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wpdf86vw9z5TNpL for ; Wed, 21 Aug 2024 07:45:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wpdf85CLqz4TQd for ; Wed, 21 Aug 2024 07:45:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724226304; a=rsa-sha256; cv=none; b=Gbc6REngrgHTBqkJbsv2Zk1jZZB9j04uHcIHgHk038OKj7mv0fPHdLjzFTDwhRnPeWdL0B OEcjMYIHV0Dw2Byzerz3GFE5khXBJ1gKNhmMlGRqSF6yV5xr0sfYcD5UUrrjMGFXsFov0L qFVvnCZKXpcf1utFNeYq65HCZk0r86JE7GgslXbGyq1vEmlHtKIG+7fLN4hWQGkq7BiJ3c 7ueiLskTSaKdvMVdkQN/7MMDNxiLe6aC2o0Y6mYuXb4dE35+rwXLTUfr476LgVLgpCu94E j2SFLA2iQgmws2cS5/gsHUGwhGdUIB7v8HHZGI6+mSnpl1rX0L8cxqPrGJRYIg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724226304; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Zc+c0pt6wGQ7nBC/qz/9UH1RncpAmT7a22iHzNV5fL4=; b=pGPkeZDn7Hew2T3G4Y8AtLn7jDNgdQF1u3r00XO8wMOHWmcLU9hz+hQ+f8AAY/lHoE1wWP 6XhS26Vat2+2tZe8jLEL5nbPYoDlxT+cGxgzcswSl824SVA+0MPaG/Li8XJ23RN8zDqkEV FVv8DKNuZDLWONs5K/fpwcEMClN0qX2L1z/q1msMUSDvkaMTQW8043esfusQCHlqcooTMD CaSvoK2mruzvqOa3l3kN11MjmoyXJkxfVDehthJI5/nAyKnsbJwQz7WIy/w/I0Y2b3HIvs rVt6R6jwuwpHzM9rSThUKYCb8jCIplLVfkGWuBkcSjEX9y1Qo5PA5nkiRDWgBQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wpdf84d1GzZqD for ; Wed, 21 Aug 2024 07:45:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47L7j4cq024095 for ; Wed, 21 Aug 2024 07:45:04 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47L7j4NF024094 for net@FreeBSD.org; Wed, 21 Aug 2024 07:45:04 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Wed, 21 Aug 2024 07:45:02 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #28 from commit-hook@FreeBSD.org --- A commit in branch releng/13.4 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D6a7bac2ae79667c2b31169a8d0e914109= 86336fa commit 6a7bac2ae79667c2b31169a8d0e91410986336fa Author: Kristof Provost AuthorDate: 2024-08-12 10:14:43 +0000 Commit: Kristof Provost CommitDate: 2024-08-21 07:44:16 +0000 pf tests: ensure that traceroutes using ICMP work PR: 280701 Approved by: re (cperciva) MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 34063cb714602972b6d985ad747fc8f66a8daae1) (cherry picked from commit 7024e1066d5aba76dbbc85eb191357da7d32c619) tests/sys/netpfil/pf/icmp.sh | 65 +++++++++++++++++++++++++++++++++++++++= ++++ tests/sys/netpfil/pf/icmp6.sh | 65 +++++++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 130 insertions(+) --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Wed Aug 21 07:45:08 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WpdfG1kq5z5TNrL for ; Wed, 21 Aug 2024 07:45:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WpdfG0BVFz4TbC for ; Wed, 21 Aug 2024 07:45:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724226310; a=rsa-sha256; cv=none; b=Q/Vi1zjv3DyCW0CHIJE6yhfGezYxodq2167cJIUn/DDfySaRMf0TAE7N2RZTfDUcmAN01h 8gDG0LqUqVhK07sNVgd8D3Dmj0I7ZHYcgzanDKDiS0Kjbd202FOA6dIQ/vNuEWLtwFFjp9 Y8jdDsnnXyix0PE+xj0baQ85APchSF0DbipeH1g/sX1Cpa75xb7nWEh1PgQZ7xH5ztuUj6 tM8tpUndozUD02Kss5y9EquPYnWOIJ+faKCBu3N8YK0cgNaKb02RIlY71wJSPBycR4qxlB I2iAdcwXo2duvgkuEbWbWDejJn3RDn8fD0Bi+yo/dvp4Lb0MvplcxMRpT5ShLw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724226310; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=h/5Anw5D5UjP2p4YnePV+D7AOcfzqy2iFlOIBinGI9c=; b=qZDMwBGcb3AOSPv/H1IWznlvNY/REiNNTC+RLJ9Qh/eSax6lLZ7hKviFzAB6WBvhTbuf3m p6RTw71Tk4MVhBiFuulOhVTYQhlRHincax5SoC51kt1v/cbR5n+w3tAOTgjDwcYiA4O74k EBvnYobr5YpbdFIZusjeEPsTVjkA/0E/AER4wnJbUibTMbrCA4/NdnCmPHpdQOEs1ynXu+ rqEb77RMledAu7rskU9eayw3lWYjsj5aXeE0ycl9ybDZzX+Y0HXhu0/CToB6XikcZhuquI 2rw4CB13uJZfJpxCsh5+qqhRw7FkXRHTlj4gmnpP7rvrgsxDjqsVAGcY5xjsbg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WpdfF6VL8zZt7 for ; Wed, 21 Aug 2024 07:45:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47L7j9Wb024437 for ; Wed, 21 Aug 2024 07:45:09 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47L7j9jm024436 for net@FreeBSD.org; Wed, 21 Aug 2024 07:45:09 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Wed, 21 Aug 2024 07:45:08 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #29 from commit-hook@FreeBSD.org --- A commit in branch releng/13.4 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D9c67287ccfb7257d140b46c8d8aed7276= c94d5f1 commit 9c67287ccfb7257d140b46c8d8aed7276c94d5f1 Author: Kristof Provost AuthorDate: 2024-08-14 09:29:30 +0000 Commit: Kristof Provost CommitDate: 2024-08-21 07:44:25 +0000 pf: invert direction for inner icmp state lookups (e.g. traceroute with icmp) ok henning, jsing Also extend the test case to cover this scenario. PR: 280701 Approved by: re (cperciva) Obtained from: OpenBSD MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 89f6723288b0d27d3f14f93e6e83f672fa2b8aca) (cherry picked from commit 5f3f07397a7909e8f9449d1aa0b465159cbf0d60) sys/netpfil/pf/pf.c | 21 +++++++++++---------- tests/sys/netpfil/pf/icmp.sh | 4 +++- tests/sys/netpfil/pf/icmp6.sh | 4 +++- 3 files changed, 17 insertions(+), 12 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Wed Aug 21 07:45:11 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WpdfH4kpvz5TP3s for ; Wed, 21 Aug 2024 07:45:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WpdfH1YnZz4TbR for ; Wed, 21 Aug 2024 07:45:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724226311; a=rsa-sha256; cv=none; b=QM/6OSLu0CqlrfNhV0ekQQvxGxbAhuFpDNyn2DgMfLJQ0yOCrLfZyUhwRrQCKtCwOSaAYd Eo3sczeKdAU1UfaxqIfe8M5Sqy6OFTB2idBtYK3LFe5uL93xKClvhhXAey6kipL2uVd0EU 6aEHPQsuK3Ebz+KXdJUyaOkCKDlHbAilHrbLiiSNYtgjAsuR7fvMCR7LtsTJ1hi+hPD+zW RvDiKl+RCJQZUynL5puFSXKFPIgNlbegBNltABHFLKtTXphK0GMKX2JdQ+UgtgeKzir/PL Uu9jETILvRsGRx58e3JBre75jsVTzUizjqk1o+Wnh6Yq64m9ST0UmK9qmoc/9g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724226311; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RWuPwoozNewLNHaOMsXu7kUf1vi1I4SyX/ezKm7yOXA=; b=EyP+xubCyLy3Q+otLNJePfwvzm5OrXcsCj2vRu7uVVvCeh/mpK+JGEYrE282mQ2zReCaj+ lQQuZG1UdAVC/Zeb8O83ZnEdKrPJo5Pfgvl8EcvbkHc+SPNL/MYA9OMU28IW/4q4XTrGKU fysmgXuetuQ7B3IegLepxG9ijnjYohxpbJHAadfMy3tHWC8BEFggUhVX8T5E5oMV7JmplH K9jusYmu54ZxX+ajrAie3J5V1IZPKMzsRw/KgYoH1uZNxJ0zUXX9aIdoQsMtmJsILnYkFf wpZ0nBHcfQlDuOdkt5+otfKac0QzOKNG/tdrMqE0oG30jFRXulpP2CrRbu08Xg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WpdfH19sSzbDB for ; Wed, 21 Aug 2024 07:45:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47L7jBhk024551 for ; Wed, 21 Aug 2024 07:45:11 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47L7jBSU024541 for net@FreeBSD.org; Wed, 21 Aug 2024 07:45:11 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Wed, 21 Aug 2024 07:45:11 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #30 from commit-hook@FreeBSD.org --- A commit in branch releng/13.4 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D7d3a0370c8a3dadad0739ed88fc265366= 49119c5 commit 7d3a0370c8a3dadad0739ed88fc26536649119c5 Author: Kristof Provost AuthorDate: 2024-08-12 14:07:35 +0000 Commit: Kristof Provost CommitDate: 2024-08-21 07:44:01 +0000 pf: fix icmp-in-icmp state lookup In 534ee17e6 pf state checking for ICMP(v6) was made stricter. This cha= nge failed to correctly set the pf_pdesc for ICMP-in-ICMP lookups, resultin= g in ICMP error packets potentially being dropped incorrectly. Specially, it copied the ICMP header into a separate variable, not into= the pf_pdesc. Populate the required pf_pdesc fields for the embedded ICMP packet's st= ate lookup. PR: 280701 Approved by: re (cperciva) MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 2da98eef1f352c496ffd458b4c68ddee972bb903) (cherry picked from commit 0d8d4cc3ea47f1ee61d749b22b135eb73c7d33cd) sys/netpfil/pf/pf.c | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Wed Aug 21 12:43:56 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WpmH12t5Fz5Tpw7 for ; Wed, 21 Aug 2024 12:43:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WpmH11sblz449M for ; Wed, 21 Aug 2024 12:43:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724244237; a=rsa-sha256; cv=none; b=N6Gu6ZAVar8jvMnLiYdpqXQpS2imLZsD6nsESh3hrpp35SqZoGbGOthEPpzNdHpZg5P2fr pBOGJVZwp2yIwxySp70yX+5JTDoQTbCSvlAPB7KegJ41XRLc2tEvih4yWf0//96mmSSQf3 Mrd3KhyOgAolKYGslwAoRJTpH+BvUqGFz+F9EkdJNeyEJg8xCFDNTiaV7XfgYT8sI3cJoH /AUUdXKg7/CtqddX+AlfjbmgvJanxKooDTCG9IjnROB2pKwhAsGLZZ4E4932TPJHpkkLbV qKAW66FiQ2A1OLZ6hbOAkHXt95K8A2g+J1buHMaTX/TaVNMbCA8eAosJgXI8dw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724244237; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dMCJLFzfLPu+qewLQEvBNOZ1xgpAi9sTW5L9Z4qiNao=; b=rEZML+QY3rnFC8hI5qDOVN1F1JJ31muIZJRYK2D7SArmk6ngorla3+T0Krz1iNLId4z1cH oZ0yZHKu9ncqDh8oMKz341Zr52eYjof4q135IJOe5q0vuZBcKDemhSomkYZRd3MQKEcC7K 6Y45eMhjVk1lau7Y0peVFK2hERIbzkt3oy4ImhId9fQe0Z/eZjOXYd1p71hDnXvpZ1tG14 1i1kNoasDIztuY2aynfp3/Yg5GnUU/TWx90jnkx3bUyxQZutki5Lar88Il2jH4naRximWS EO3xsvC4fxeZaDsUuj0/tMty50VAlXlXOPtmxFsm5CA7xqkMU/H3sgddFIzVgQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WpmH11RSCzksY for ; Wed, 21 Aug 2024 12:43:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47LChv0x082787 for ; Wed, 21 Aug 2024 12:43:57 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47LChvjr082786 for net@FreeBSD.org; Wed, 21 Aug 2024 12:43:57 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Wed, 21 Aug 2024 12:43:56 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: franco@opnsense.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #31 from Franco Fichtner --- According to multiple users the ICMP patch series causes stalls in neighbor discovery and only a full revert brings back the desired behaviour. A TCP dump showed that the Cisco is sending ICMP6 neighbour solicitations, which are answered by the opnsense with a large delay. The cisco switch looses it's IPv6 neighbour. tcpdump -n -i ix0 icmp6 and host fe80::86b8:2ff:fe1a:c67f 07:34:42.764553 IP6 fe80::86b8:2ff:fe1a:c67f > 2001:xxxx:x:x::x:2: ICMP6, neighbor solicitation, who has 2001:xxxx:x:x::x:2, length 32 07:34:43.852542 IP6 fe80::86b8:2ff:fe1a:c67f > 2001:xxxx:x:x::x:2: ICMP6, neighbor solicitation, who has 2001:xxxx:x:x::x:2, length 32 07:34:44.940525 IP6 fe80::86b8:2ff:fe1a:c67f > 2001:xxxx:x:x::x:2: ICMP6, neighbor solicitation, who has 2001:xxxx:x:x::x:2, length 32 07:34:46.094207 IP6 fe80::86b8:2ff:fe1a:c67f > ff02::1:ff56:2: ICMP6, neigh= bor solicitation, who has 2001:xxxx:x:x::x:2, length 32 07:34:47.120778 IP6 fe80::86b8:2ff:fe1a:c67f > ff02::1:ff56:2: ICMP6, neigh= bor solicitation, who has 2001:xxxx:x:x::x:2, length 32 07:34:48.201460 IP6 fe80::86b8:2ff:fe1a:c67f > ff02::1:ff56:2: ICMP6, neigh= bor solicitation, who has 2001:xxxx:x:x::x:2, length 32 07:34:49.336747 IP6 fe80::86b8:2ff:fe1a:c67f > ff02::1:ff56:2: ICMP6, neigh= bor solicitation, who has 2001:xxxx:x:x::x:2, length 32 07:34:50.360952 IP6 fe80::86b8:2ff:fe1a:c67f > ff02::1:ff56:2: ICMP6, neigh= bor solicitation, who has 2001:xxxx:x:x::x:2, length 32 07:34:51.385618 IP6 fe80::86b8:2ff:fe1a:c67f > ff02::1:ff56:2: ICMP6, neigh= bor solicitation, who has 2001:xxxx:x:x::x:2, length 32 07:34:52.436467 IP6 fe80::86b8:2ff:fe1a:c67f > ff02::1:ff56:2: ICMP6, neigh= bor solicitation, who has 2001:xxxx:x:x::x:2, length 32 07:34:53.529962 IP6 fe80::86b8:2ff:fe1a:c67f > ff02::1:ff56:2: ICMP6, neigh= bor solicitation, who has 2001:xxxx:x:x::x:2, length 32 07:34:54.617082 IP6 fe80::86b8:2ff:fe1a:c67f > ff02::1:ff56:2: ICMP6, neigh= bor solicitation, who has 2001:xxxx:x:x::x:2, length 32 07:34:55.717592 IP6 fe80::86b8:2ff:fe1a:c67f > ff02::1:ff56:2: ICMP6, neigh= bor solicitation, who has 2001:xxxx:x:x::x:2, length 32 07:34:56.765964 IP6 fe80::86b8:2ff:fe1a:c67f > ff02::1:ff56:2: ICMP6, neigh= bor solicitation, who has 2001:xxxx:x:x::x:2, length 32 07:34:57.796680 IP6 fe80::86b8:2ff:fe1a:c67f > ff02::1:ff56:2: ICMP6, neigh= bor solicitation, who has 2001:xxxx:x:x::x:2, length 32 07:34:58.888994 IP6 fe80::86b8:2ff:fe1a:c67f > ff02::1:ff56:2: ICMP6, neigh= bor solicitation, who has 2001:xxxx:x:x::x:2, length 32 07:34:58.889051 IP6 fe80::3eec:efff:fe70:7326 > fe80::86b8:2ff:fe1a:c67f: ICMP6, neighbor advertisement, tgt is 2001:xxxx:x:x::x:2, length 32 via: https://github.com/opnsense/src/issues/217 --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Thu Aug 22 10:57:27 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WqKsh1r8Wz5Sg2f for ; Thu, 22 Aug 2024 10:57:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WqKsg6c75z4QkJ for ; Thu, 22 Aug 2024 10:57:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724324247; a=rsa-sha256; cv=none; b=WkiLEAP4SKOH4mxdYyVkOXyFM2QQH4rqI3tLHZXmUJ9ztdcpga4RX4rXq78QAQgsYdivhO S2WlC4c1XFXapWGHFUcM/7LuV0hh0l9ok1fV00NFth59V1zcSIuw0fVnJZcZqcHVKJL/H7 KF4oOaj2RcgA9Hfx5pVFtxWr0UzCEQg198AGX/q1Dx1FwJxywPLouXML+em48DBaVlPicK IUqC+PLLX1TmaiyKsZE7njKFrWmSlbT4S2OhNdHWWWsa0bglmmByD0ZfXAxcBnW6b/u85C HWm50l6+vaVgzmYqQAnIZuc/OHpnWp0bjBQteXNLgQYCd8OUdel/kwY0tSW3UA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724324247; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5qk4clVSmOLw0a2XOrpo/iC20b7Et16A4vJ0ZBE8T/M=; b=F7eHiysLAQs1UlMsLFUDjB2/76mGyHosiCpGLCuApFpX6O4ALZtqKe2oS8bvqiVxmVZYTN OitMziObTlMZnbqlwGWPAxejKVIzbf1QUryUzNxc8RXgTo2x5X2R++7gV0tKsdyF3dJoxi OwMx8RMfaQYv4gspX9KzbTAClQOjQ89nv6RVUZidoM6Cy6a0Ds7KeFmyCQ+8JmkO8EgXNQ 9slWO0qb7jjytnbd7RuNuXdH/ies0wGwNyVqolrmldzIU35w7J9SbT0Rwm0Fzskml6Xy8s ZRTQ+y8Sy9XZYYeIU0NP5sY6Ui44Zucrd+C5Rpk9eqPLGIuq53CCXnN9zhaWvg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WqKsg651KzPhf for ; Thu, 22 Aug 2024 10:57:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47MAvRCk077752 for ; Thu, 22 Aug 2024 10:57:27 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47MAvRnT077751 for net@FreeBSD.org; Thu, 22 Aug 2024 10:57:27 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 279245] igc(4) I226 (and I225) TX hangups Date: Thu, 22 Aug 2024 10:57:27 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.2-RELEASE X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: freebsd_email@congenio.de X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279245 --- Comment #5 from Dr. Uwe Meyer-Gruhl --- As it turns out, I could fix my specific problem by disabling ASPM support = in the BIOS. No more hangups since then. So there is an alternative fix, at least for me. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Thu Aug 22 15:43:50 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WqSD70V8Rz5T8dw for ; Thu, 22 Aug 2024 15:43:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WqSD65F8Vz4vmT for ; Thu, 22 Aug 2024 15:43:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724341430; a=rsa-sha256; cv=none; b=gBDKPd5iswcz8gJSzU+y9JlI/W7y5TLukJNBGQyhC8VFrEl5VmI4osS5duqmrO8llGoxaj cad3Q0+Sx+3cwV4zxhPiFtIswHFJaZnFX9wJ1kHh7u1V5c8Igacqt7V2knHUynJ6+8K5xN wdaQLLM/Lri8OlaDVOKOtL6t5wJeZ2gKaETaGJbQwlKUbNWJoTne5SO/Gq3Gcxl0AtjKQp N60CEGJJJH9SrpK9T3jRqLwe+Nlu7mkQKZVCwdKX7q/BYs8JmlUuCy9wOSIuXK4m7iQLuo oxqA4ZnZMm7TMnHDQ/hfQSn9uF10h2DJCl1puw2Wi607d4vuBDfjlgIJWK3J4g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724341430; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bfka7bHFQlODcIVweNcam//Zxi2WyH9bFEA/DF8Z4QM=; b=SSt/W6Vqh90BorhgkJ19o27MFjJkcftauyWo6eorNVpwe88EmRGpxMdNdtnKXNnbFYBlf7 RIrytQ7zA6XzFHUsHDagOIptRRVpri/eaRKYl54UZgVveTgYhLLN3qJ3MLq5ki6WRF6qyd TIfZFbYyc/I593LKxTvsNO+DuhjBeZulIbD97HzdDzL3XNlDWjD9uo3WDZwNBGOsGVBQuq 2oz8V1RblCASKICHAYGhvjA81zgDGBSuMzWKC923htdK9nH0/4PuAAVo+oS52QRSHTOmvP Tq3W2C3eoQ+y51wGygHLMm4ytG1Tv/LOXVDKiPWK6WTVhTKVdaNeiwbqNw31sQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WqSD64mk2zZ29 for ; Thu, 22 Aug 2024 15:43:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47MFhorP045488 for ; Thu, 22 Aug 2024 15:43:50 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47MFhoT4045477 for net@FreeBSD.org; Thu, 22 Aug 2024 15:43:50 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Thu, 22 Aug 2024 15:43:50 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: franco@opnsense.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #32 from Franco Fichtner --- Another user notes via https://github.com/opnsense/core/issues/7804 that the following counters seem to be rising while NDs are ignored: # pfctl -vvsInterfaces | grep -e '^[a-z]' -e Out6/Block LAN/WAN on my end with the current patching applied: igb0 Out6/Block: [ Packets: 28 Bytes: 2032 = ] igb1 Out6/Block: [ Packets: 674 Bytes: 54907 = ] I'm going to retest with a full revert to see how these counters differ in = this particular environment here. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Thu Aug 22 19:23:39 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WqY5p355Hz5TVLq for ; Thu, 22 Aug 2024 19:23:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WqY5p1lZxz4NQ7 for ; Thu, 22 Aug 2024 19:23:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724354622; a=rsa-sha256; cv=none; b=huvqF1C9ZsenRNrOsa0au+2AEXp6z0/EG6eqKXkyjc7DV0j11V18Hwtk5NN7asOocM/fwC 9f0uURmXVlKhGwejFYoiMvmV9CaesJmnN1hGiB0Y0CVpLyTUSFYu+qMMbPqJ5vPWiaX6V2 rWBlQowW2k+hS6MCxkjih0+M58hYFHUSX+tBjrnwZacDxOXU3EtGZImw/BPo5Y8vqDV0ol 8Gvvf3ZUJ0/jTgtTOrQMyF8YxSGP1sO/QeBeYbaDcCZipBv70B0YuQJ2DGy/GUTt/Kn0gp +pbK598ONOHYPDRLKYEtBnQzyIx2iasV3MDFryYkK58Y+IN5w+/Y6O26t4iT9A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724354622; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gym5ByPOX79bGEpUXF3kZMxzOHZXuIGdOnTRXTyPXu8=; b=y14axncanfOz5yY5bn2XHbL/+6RTMM5rMi4wcFEdlp3etBRCst1c10k1WH7uGPA6rI/GJm U8be2+YDkyBzPTt+CkHtSMO4isFqLC95ah+ajnU4RihTAgZ78txzDBIZQGSeRr9+EuzGjk ryWzqDk8zMbNauvUVdc9LSBQLRa73XTw8NN78rAGxt9VuoCuNFG8/NpmY6cbQRe5xYMWKP vxLiThRnDKZyeLw9MXGJtsN1nYy7+mQG7a95idGohJ31GsuFttofM899mAf21czM7Bo6FK JCOq4RUKr6h+NhfihyC9dJBvK1K/rEgDfQtnTaQjERPtrrvffi1nM/8rpa00MQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WqY5p1Lytzgld for ; Thu, 22 Aug 2024 19:23:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47MJNgc5055578 for ; Thu, 22 Aug 2024 19:23:42 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47MJNgc4055577 for net@FreeBSD.org; Thu, 22 Aug 2024 19:23:42 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Thu, 22 Aug 2024 19:23:39 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: franco@opnsense.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #33 from Franco Fichtner --- There is no significant change with the reverted changes: igb0 Out6/Block: [ Packets: 11 Bytes: 896 = ] igb1 Out6/Block: [ Packets: 286 Bytes: 19938 = ] The only clue that it's pf is that "pfctl -d" brings it back to normal on t= he patched versions as mentioned earlier. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Thu Aug 22 20:31:58 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WqZcl6T43z5Tbmr for ; Thu, 22 Aug 2024 20:32:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WqZcl5Phwz4Wpn for ; Thu, 22 Aug 2024 20:32:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724358727; a=rsa-sha256; cv=none; b=FkAW8WjmaXUYLIU4ocwOtI381qWgqYOP1uo/CB/XWYjFms4lFzAZ1H10enoXIARazVC+Hc ff+7ibOVyvgrtPfelAvvns8huUUf7rW1d7l5wxgfvFa1Pd3Jwqe3aR6ye1RXpsLROI2AiE NMoz1IgQ0eRZfAddGCIqrJKshvKsf+w1gS5mC3LfAyeELcDg8+4wyagP0Gr3x9QlMqnj6z t0ydv46pPTiOWo1S88Df++7TqfuncuH5IJZ4dtvxPTm1I6ygqhmH7iv/hI9WLlo0Y8opwI b/Qu6HBZ+TlwoNLP6bM+T7np6acKG+e8zGNIVZVLL52zFJjtLDGjz+4a+WZwvQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724358727; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=E5l7WOGDbN1AnJ7I/hthJZaSm/MgTZjkFEBqS9BegmQ=; b=xLtUmrGecqvfHtMcgH9sMel+nXhSasW5+oh5Z7v4TfXeQZS6sHQVJh/2bs1cubWquQdR9+ S7R3L8XG1U+/kjzQJYA6LCpwambhSbueWDbK4DU8lbsBl6DdHWHv66I3UVg4NPAB3lN6cA LR0GI/06dEzOIM+t2RBYuTyw+oWhQp+Wk8XLZXTZCt7Iz/0jsgIm8L6Onp8N9PElL4RaVX syB+aD3CMuaogvpkVhpNI3vI3FSXqpzjx//aKoGVrJC7O4Vir1NQQDPzcdJtvhHkyoeuQb v3RHZkFyINNcelUKby4KClHqJWW62U4P3uB4rB948x/P+0FG45qIdOjGV+mpBw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WqZcl4bBRzj4Q for ; Thu, 22 Aug 2024 20:32:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47MKW7Hb048606 for ; Thu, 22 Aug 2024 20:32:07 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47MKW7Pl048604 for net@FreeBSD.org; Thu, 22 Aug 2024 20:32:07 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 166724] if_re(4): watchdog timeout Date: Thu, 22 Aug 2024 20:31:58 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: needs-patch, needs-qa X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: dgilbert@eicat.ca X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable13? X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D166724 dgilbert@eicat.ca changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dgilbert@eicat.ca --- Comment #117 from dgilbert@eicat.ca --- I can trigger this on 14.1-p3. Reliably. To replicate: - mount an NFS share from a relatively fast machine; - extract a multigigabyte compressed archive. On 15-CURRENT, I was replicating it, but I no longer have that test. It wo= uld finish a poudriere run (if restarted enough) but it would consistently fail= the last bit --- I believe it's signing the packages as that point (counting up= for many minutes in %). I have triggered it with "7z x .." and I have triggered it by using plasma's file browser, right clicking and choosing "extract here" on an NFS share. The hardware is a levono Neo 30a 24 Gen 3. pciconf says (of the re0): re0@pci0:2:0:0: class=3D0x020000 rev=3D0x15 hdr=3D0x00 vendor=3D0x10ec devi= ce=3D0x8168 subvendor=3D0x17aa subdevice=3D0x375a vendor =3D 'Realtek Semiconductor Co., Ltd.' device =3D 'RTL8111/8168/8211/8411 PCI Express Gigabit Ethernet Controller' class =3D network subclass =3D ethernet When I trigger it, console says: re0: watchdog timeout re0: link state changed to DOWN re0: link state changed to UP When I trigger it, a running ping says: root@strike:/home/dgilbert # ping 192.168.221.1 PING 192.168.221.1 (192.168.221.1): 56 data bytes ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host 64 bytes from 192.168.221.1: icmp_seq=3D22 ttl=3D64 time=3D7490.585 ms 64 bytes from 192.168.221.1: icmp_seq=3D23 ttl=3D64 time=3D6472.741 ms 64 bytes from 192.168.221.1: icmp_seq=3D24 ttl=3D64 time=3D5445.312 ms 64 bytes from 192.168.221.1: icmp_seq=3D25 ttl=3D64 time=3D4444.340 ms 64 bytes from 192.168.221.1: icmp_seq=3D30 ttl=3D64 time=3D0.173 ms 64 bytes from 192.168.221.1: icmp_seq=3D31 ttl=3D64 time=3D0.457 ms 64 bytes from 192.168.221.1: icmp_seq=3D32 ttl=3D64 time=3D0.374 ms 64 bytes from 192.168.221.1: icmp_seq=3D33 ttl=3D64 time=3D0.377 ms 64 bytes from 192.168.221.1: icmp_seq=3D34 ttl=3D64 time=3D0.321 ms The topology: NFS server: FreeBSD 14.1-p3, 140T comprised of 4*4T disks and 2T of nvme ca= che. 128G RAM. Threadripper. 10GE network. NFS client: This crappy free-to-me all-in-one. 1GE network. --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From nobody Fri Aug 23 07:13:25 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wqrrv2NVbz5VSCx for ; Fri, 23 Aug 2024 07:13:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wqrrt3KCgz4HDq for ; Fri, 23 Aug 2024 07:13:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724397214; a=rsa-sha256; cv=none; b=MEskGxn8T4qiJJyh1ZHcagiM+DiCZhmOPvDZuJh/cm/oHaToyDOnAH94f1q03kuNUFiGcc YZdzEOhpdDKgdYai7zY9Fv5NwRjIFEgNZRGgUlgnH+ZbQAMFtpQN/xZLpfirCW6isLmMnA fY6sbAUyPwZLZZmcigHkAlRAfRuaz9QuQTzOrK7pONw5ihHAHv5XJgCA6ym0qHhFq3uL4r HbdEUSmM62MwMDF9hUWK3TVRsKQGO5hfQ86grw65a4xlkwg6QRACnSwDgGpO2Jen4dcBS+ hKFZcng0w0qX0UVB9gx/d2ir0rcQ2OmQ+D2LF6sc0/SBQooUMbzjtgzKFZ2Bcw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724397214; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NsTLMSHvdyOKm6xbQ96ji8fkbkDDzfzS0zu0a32kIRg=; b=hoRiGLmtQYcozL1ZTgZNYt6JOTg8FIfd5BULFEa5jCtivIR82ru2jD0dzT7u3e3AYf2Hnb y9ssZ5zqz7IBEeq1CnxyfT4lOhlsro/NLYsLbpfST5YQL7qH8TdD3dzG1N+FGDBMGUuVQr Wk2hG+bAwfSRAybnhNwzbNTLlcE9eK/pPBBpAYOoGzwkHKPt9VS305Ms/kDlpQ9CDAkDp5 XIpNdvv7AwITid3e7IbwxSumtxFToxupxvdlE+HDm1/5SlNU+3Mnyv8Xzvv0Zg/q2sAb2J AOXEdresw7lGyHmc/IGtd3SA7fkU5j3jdezlJTFa9Dx85sMcyLQwK4WeiVGwdg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wqrrt2wkGz11cv for ; Fri, 23 Aug 2024 07:13:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47N7DYfL032672 for ; Fri, 23 Aug 2024 07:13:34 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47N7DYjF032660 for net@FreeBSD.org; Fri, 23 Aug 2024 07:13:34 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 166724] if_re(4): watchdog timeout Date: Fri, 23 Aug 2024 07:13:25 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: needs-patch, needs-qa X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: michaelo@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable13? X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D166724 Michael Osipov changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |michaelo@FreeBSD.org --- Comment #118 from Michael Osipov --- This behavior sounds very very similar to Bug 213751. --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From nobody Fri Aug 23 07:43:06 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WqsVz2l1xz5VVg1 for ; Fri, 23 Aug 2024 07:43:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WqsVz1kgNz4KRX for ; Fri, 23 Aug 2024 07:43:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724398987; a=rsa-sha256; cv=none; b=tmj8459MerbQoMrlpGNdCa729wGvV7rria9nGQOgyyERg8+3r5E1e53Z4IKs2cpQ2RTPnW S2hxOmBhYE9wm1gnpJFpQqTe8+/O6kzDj4qrTpgx2v5K79rZGokfwCQ/0gy9AMtLxSgRA9 gW1dbqtiwU9clgme5FJmdjC3WbgLhC/5/bUC06Z2vQdOKnbQhrBCWvEKVRurBJU2u8AMlm k86nZCtwwY/ai2l04WX4wvPB9ABLT+BI9p//43ZUXWwjEyJL+PXmJPKmnW+lTwmxpQJ5SH 4E/TkLB5fQBLjuB1yT55BYRS7wjq8RxEaqrCFNaYImxU66MdYYK939MFbQyPrg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724398987; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sD32yyTTvwmqcUsqvHVoVC1k5N6DaopHsEORkyCqyyk=; b=Si4etj7c5jR16pBnSwQROFyFG4EwbK97LlnyWJC/LepfXOOjWbAIAiQQNsCAdkaRN6vAjn DUzivp7n45//IPAI2xqpMmF9E8b02fouqmCL8qE1/q2ICVF6f/AREG6rXWPh+zXMRsVX+O IoTM9PqikNa6aBWlgfSdGUFI/u68bze56NS/ZlUgX5xna/Ez2kYpGe+LlmWSEQ9d2iCSpv LvDibFXWnwnoId1GAkahlPYHkkF3DlNmyTB6AHU1j285eXsWV/jdz5NQucbO/F3MKwd8pj 6ZioWa0S1MvfoduJ4Qw2tg4t3oYVJjnaAYVLs7Mndxz86E35dJuUHy8Iexjh1A== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WqsVz1Ll3z131C for ; Fri, 23 Aug 2024 07:43:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47N7h7nk058288 for ; Fri, 23 Aug 2024 07:43:07 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47N7h71u058287 for net@FreeBSD.org; Fri, 23 Aug 2024 07:43:07 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Fri, 23 Aug 2024 07:43:06 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: philip@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 Philip Paeps changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |In Progress --- Comment #34 from Philip Paeps --- This seems fixed in FreeBSD. I'll pick up the patches that landed in the stable/X branches and work on a revised advisory. Not sure what to make of the opnsense counters, but I suspect that's a downstream issue. Kristof: okay to mark this one as closed/fixed? --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Aug 23 07:46:57 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WqsbR0P6wz5VVnN for ; Fri, 23 Aug 2024 07:46:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WqsbQ6NYHz4LFT for ; Fri, 23 Aug 2024 07:46:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724399218; a=rsa-sha256; cv=none; b=pENcvmzjXOf+QqV7G3G+R82uGViRuAWlqXd5AKekSELHFZMS5pV/qoXB9oHkmm7K1Zkmih lYx9lMGlBKs8yQF/dr1IGlHYGqyulDbQNi4K5QpUc9MGhXpJwVTiTu41ubw49Cma0a3dqU apSD2/vT+cXveeRYSqrlYRdPosxVAO1wkNwjSmr4z5WnXp8WzmX9Hhk8wJ4Fvr0SXWfnok X/75xefQn0q91722xgnTfyWp0t0IzXFel2VSruRGJVDQRbb1sZMTh9QejN2lTcz1lUVBsn 8hPfIGqar5BzLZwd7JlmDW+D5getSwvvFRccc0fEV1FQr7E/ZdWX8TZDB+x6Jg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724399218; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NHoZrCGmCfYRmgYvvDqplCtbo8WFWilyC22sL4b7x4A=; b=BAtJlQfwpBqzMFNPy2SxU8TDeXcDNl5MvUHJg2eMXHP8IqMV8QoaDdL9vgsXhwxzZ/hSvz vwNYRgqtt1Qf2Xu66tcgVElDNL5RdzcO7YL/5WG8NklJZJ21GTx2IYAyruiQfM6NHdS6wH PR9MYKAMr65iz/fAOu3HzVsOGkxCPZp7jFjsVrr+0wUbBv1SiEgrM0gPE+Uov09bxNUZ7v Yn5hyQLRaWem1COH78mVRtIA45+qvlfebp0wBNSStJAFvML5IfX2kRgJXqlh8uxVwm2qmE OtgYneRWlkuRIRZOueAtS3DeHTmt8ywT4z8QIuO67JFG73pOCna8ffRHTTTcFA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WqsbQ5zg0z12q8 for ; Fri, 23 Aug 2024 07:46:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47N7kwvY070493 for ; Fri, 23 Aug 2024 07:46:58 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47N7kwbq070492 for net@FreeBSD.org; Fri, 23 Aug 2024 07:46:58 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Fri, 23 Aug 2024 07:46:57 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 Kristof Provost changed: What |Removed |Added ---------------------------------------------------------------------------- Status|In Progress |Closed Resolution|--- |FIXED --- Comment #35 from Kristof Provost --- (In reply to Philip Paeps from comment #34) > Kristof: okay to mark this one as closed/fixed? Yes, I'm not aware of any remaining issues. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Aug 23 08:08:06 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wqt3r3NPGz5VWx3 for ; Fri, 23 Aug 2024 08:08:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wqt3r2KCxz4Mrf for ; Fri, 23 Aug 2024 08:08:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724400488; a=rsa-sha256; cv=none; b=xVpPUr+tY1mfGS5tDIHe1eQBv0/AVZ2t5sCzuePo48oR9Xh0fX7heWrZvBvNj4cQmuWhxU U2MknKk2tGoUznzmwBrh6LbyOeXUaIiRYUJhs3eCjAbr6uuP5lnyrxn2JFu+GZQz9Ps+U5 Sxv3/g4ppcBgJ0SLYib03WuKDOdvVa6hOJf7E0kvAgZ1JG606LBPoWJuVLMZt3cImDR2Jn lMNoZrN4ikX6SFja33kk9mFUFgQR0R3EN6MHO+BkHiWjMtADiuuHlxbLBk+xeotVwEUfrR BZ1EM56n4Eho+TO8eujOfgRoRd84awPr61aDoTshVZInSTBE62hd1D5/T11/OQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724400488; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=t/cAkwyBC0Eyzt290ZDVgkSBUDzuWpRWDW47uELhkvY=; b=hM9IjvJcx7u96VJ8atAUOmxqz1WokFsk0A6+TOArmBPVr1cdn7tX5WvJkQb9G6Fn5EOq9m YjJ9PwP1hhLGTOB6iD4nEmWDUOKIhZhfW1YBpwPfoYhQPThjWylpCcYTl9/6NvPOfxbuon vujuhz/fiaYTPuIcpUQxElqhKoY+W0EUgOO1+NRjhw+dGIvcDZVJdxCQLqCsmjrmKJEjmp lKqJ13mGpRsdZ/iO/nucpnKNESnoueC/Wzth7c0y0BrP7isfc1luct2+7ktHcULPjqsib5 5mx+Prk5HeC2+2bInQwQf1AAf0TNy586wCKXJSnZTky0YP08Xt7Nm7hrJMYmgw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wqt3r1wlpz12rc for ; Fri, 23 Aug 2024 08:08:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47N888p5061792 for ; Fri, 23 Aug 2024 08:08:08 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47N888Hc061791 for net@FreeBSD.org; Fri, 23 Aug 2024 08:08:08 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Fri, 23 Aug 2024 08:08:06 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: freebsd_email@congenio.de X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #36 from Dr. Uwe Meyer-Gruhl --- Just wanted to note that I see the delayed ND answers and rising counters as well on OpnSense. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Aug 23 08:35:14 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wqtg91CJwz5VYqq for ; Fri, 23 Aug 2024 08:35:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wqtg8035Tz4PmN for ; Fri, 23 Aug 2024 08:35:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724402116; a=rsa-sha256; cv=none; b=GwxcBnP9qHHTcRQkN+EkziIwXSrBza9FgHcmI06UGE8J2OoZe0FGbPZew48i8iDQ75D4TY ErXkcJKXsSyefm18r0H2TlXLkXzYcBA2pacVw4xfl58P0EYrzN7CdSHo5/4RU92OgeRQap 0+vdecdk8C5n2SvJ4qR/y7vpMFocmaUExGP+4l/RJuY9LberCaTlaPQ7o7gERcP8udp6YK C+NvEQmBIVKS7pdlJG0TaaeKy/mNEyS8iDT+SHoqC0LpmR1B3qHBGToADzc+SPAhHoQ6me ex4Zu/8ckZ4E0IBBW1TX5JYSG7k1t4boYEQ91ZzW3rUJ8PxikJg/gIsAP/PUdQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724402116; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=v/BPdg1dDIZNKnpHJRD4PfXyDRZj+7ByY0Ci813UmqA=; b=RMR1awlqyVBubay23Xd/g0TtpXE271g4bDFAasQDmPRkuJfpuXZWmTDS55h1T+cHaIwpWz XCAuoJLR/AKKcV4QLAEJpUZMAT9QKVPV1sw5gX7RfxZo27koQV3kruBzU0B3cKuZhCyJo+ 6GSJw+7jhJurY8sRLzxUNBlafyby8FkqqpzGmrCQnsnRG7rFEB2ipKA/0WNQVixnnpiY21 pfikJYqcYX1OruumMLs5/VvcYfO7y6DAV1rzeVO5+Dr9gf5okHjUKfSgttkSJm2CWYCZca 7ZlKXkjRgtqCvHVdZt/v+nF+ww/Xz6ThST1DtuF4Kx7sLIP2JDpulhl6X/+oWg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wqtg76lnYz146L for ; Fri, 23 Aug 2024 08:35:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47N8ZFcU081592 for ; Fri, 23 Aug 2024 08:35:15 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47N8ZF2Q081591 for net@FreeBSD.org; Fri, 23 Aug 2024 08:35:15 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Fri, 23 Aug 2024 08:35:14 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: franco@opnsense.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #37 from Franco Fichtner --- I suspect it's a behavioural change in ICMPv6 state handling introduced WRT= the ND discard observed which is not overly practical in production, downstream-related or not. I don't think closing this now is the greatest = idea given that the test coverage didn't account for any this to begin with. Cheers, Franco --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Aug 23 08:45:21 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wqttr6QB7z5VZXN for ; Fri, 23 Aug 2024 08:45:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wqttr5HVbz4QZg for ; Fri, 23 Aug 2024 08:45:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724402724; a=rsa-sha256; cv=none; b=eNHEjVlPHDOQY4tIbMlSlgBCjy1oIZXYXbtfUGXQLcSSbmQcgxGaDd7W3g+6UCVE6XH/NJ 4P8oRYznXBsUddtexFtGsFFr0+p1n43Nbk2OqDPN5vCFgDvd/LGbPEL8vG3NzdrxTYSZmv 8jrSynupoz4AczoO9KzxKWbsdQQQ7ZV4uRaKZht08cvGEpipOR/8fdrwzBEnoRldf5fJ6z dmd12+nU3RoSOPZfKAHSZc+RgpnLOEZ0IEq5YXqxtPkknLCbTEOP2jsivvHkcIR8jwQt9m WfYcfwSxOnz9nj4sVBrNGnHulHNRJ5Uk9qCorXzq249acYg/fB00XuKKpFcvkg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724402724; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LI3eKQ6T2mrQnEdWY9RNBcHjwWKjH6AUmMZAyI4V9oo=; b=ucnzsBBK+06Ar/HwnZx+lyDcUVszPyiEPRV5qGvvbK46QGbHPU/3Kt5VafFo8S1nPANHeN YD9Ideqa3BKTBW5dlg4gUU9hEdOZJJRU2W3Gc4Oh7m8gWar0Cr6S1afn3KRK38ZKn6CCBB geUMYmpOVwBqgpodoNspKD9CnDS43HPchQbMg/GyjTuV6w4CfCvEhfuNLqvMxRV5Pf3AMx 4XtwEDEKvCV90ZAwyWhNr42YDAnlG0+m2e/cg7jeq/8HURxrv5k/p69q99XNL/lM5/hniD CaIbp1DJ6IXXm5IK+p3anjL047amb3PYM22n7VzcZek6777YTe5dJlOX3AOBEQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wqttr4sZCz13tX for ; Fri, 23 Aug 2024 08:45:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47N8jOm5025540 for ; Fri, 23 Aug 2024 08:45:24 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47N8jOK0025533 for net@FreeBSD.org; Fri, 23 Aug 2024 08:45:24 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Fri, 23 Aug 2024 08:45:21 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: philip@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #38 from Philip Paeps --- What concrete evidence do you have that the neighbour discovery behaviour y= ou are observing on opnsense is related to this regression on FreeBSD? Counte= rs are not helpful here. Please submit a test case that reproduces the problem you are seeing on Fre= eBSD and run it on FreeBSD pre-SA-24:05 and on FreeBSD post-SA-24:05+corrections. Unless the test case reproduces the problem on FreeBSD, it should not hold = up FreeBSD publishing a corrected advisory. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Aug 23 08:52:01 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wqv2V43hyz5VZtn for ; Fri, 23 Aug 2024 08:52:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wqv2V2lxlz4Rn7 for ; Fri, 23 Aug 2024 08:52:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724403122; a=rsa-sha256; cv=none; b=JyArhJwDvjQZH4tmSbK1QR7pkqWljTm6OEtb0Miorqwmaz3UOK2KkueExySJFan7l9kJO0 9NGyrrV7DfgTT0J8CQt2VX15yTNDf31Ecdi3rru02EyrJ9PAkfioBWbtD5QZ49WCTfNIPB OGqWPJKbB62T5dJYjBHPTbgcaI1rdzxtzZDhnrcFdrcBG990lw2L2WccYX6D/MsxWIEjtj L9OCmXDcvWQlKyVPlFGKkX+dFYzYxpb8Wv4NGcu+y1B9XPwcOVeS89TDw2ZmT6dM7yHR6z w1KRTU9Sv63QrgaqWbXm+BhTPHvqntzUvsjqO5lIllXxC+iEQlr86sdMpipETw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724403122; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KIOhd9s4CfR+V/d30XMdwOF9MMHR9yuHBFpN0Tk82Os=; b=dxguS/rKmifw7QU66ZPSOKFJ5WYGEcNIqFV2koIqN3AtzkFxkTTcdqBum+GRdd1Z+xjc3f 6WUI4p4UwWy31K8klZ0HFE1McccmuqeRmL4grNLcgWjXatc47Nc6JtaXGXIBygOPHF/fDQ yWvCLgrPDrwBJWZ3bv7XMliVZul4pPxgt63e9AjlVcFq5UTtrmcYCS2yHk65yAyzSWIoHy /Wm3Y2fOLDxEMIGql+Rg05usWov27iJINYsScLnva47k4gieEMAVbWZnUAL65Tn/30komQ hkQluJHGSTYGt7BRJ25s3nRCBFvo26FUUq/JxwNJ1ksHXO6ShBJLcew4r7wmcQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wqv2V29dCz1476 for ; Fri, 23 Aug 2024 08:52:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47N8q2B6050958 for ; Fri, 23 Aug 2024 08:52:02 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47N8q2BY050957 for net@FreeBSD.org; Fri, 23 Aug 2024 08:52:02 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Fri, 23 Aug 2024 08:52:01 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: franco@opnsense.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #39 from Franco Fichtner --- The evidence is the original SA patch series which spans hundreds of lines = of code changes and a lack of actual test coverage. The lack of benefit of dou= bt is strange in my opinion. I can revert only these patches and the problem disappears. Do you want to = know which exact commit is responsible? I can offer you this information. The further evidence is that pfctl -d fixes missing ND responses immediatel= y on affected systems. You wouldn't see these issues unless you used pf heavily coupled with IPv6 connectivity. These things are not prevalent in FreeBSD users, but they wi= ll certainly manifest in pfSense quite soon as well. I can see that with other patch submissions I have done over the past few weeks for FreeBSD 14.1 none= of which have been wilfully been looked at by the relevant authors of bugs in FreeBSD 14.0 and 14.1. I guess we can continue this hide and seek, but I wo= uld rather have it that we work together to fix issues within FreeBSD production releases together? Cheers, Franco --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Aug 23 09:09:06 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WqvQB6chPz5St0C for ; Fri, 23 Aug 2024 09:09:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WqvQB5PM5z4TRD for ; Fri, 23 Aug 2024 09:09:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724404146; a=rsa-sha256; cv=none; b=E1gWERisWcf2Rm3mjMWHbbJMEXEIalBR98burIvLfExp+wMnOy29QHNwxVGsvcgOHE21DH s2DYawzW0MrtepCXu7+AXn6GWjtmivpZxrHPjx8luaVY624srlLqDxeN6N03C2qDD1yA20 1vdvA5UsLSRYh5eixyWlwDekiFdOwY/iLdlzMUAzVW8lrCLmja3phrr7i1weo5UTB2Yy4f pobONabtWWqiJQ6/twqrGKU7yxOYIyVQ20obCk+/uS+a4oekwvKdj4zqepAGbQRnBnj2Gc LSkAl725C0gRZ8lqe3dcgFxwVAIbNjJovOyAYivs4K79t3O83mT2IcjuuHj8Kw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724404146; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=abAu9oecA8eJd29IRNRrH+yLKV1/Xlkb6nWtIeZyg2I=; b=or8I6jjUy95PeGxw/Mu79Izzc5u8p9JXqci+sukSuPj92QlbcvzhFDuq3ng9SbRlr/7fcb iOal590RmE4Cmob5zVFk/+SmJDbE+5WMTKTUFR4vzY0t9+V2kR5bLTk7gkgprMCHtEwXkm 8xfkNiFE+OGmoEv+cgMecJTiIskSS6BAiKgNhVwu4S6IzQcZKnZmyb2LdwTVZ6/OHiPEm4 km+3BKSQvFAcdukEJBv/1U1pZrTrA7nxilu40HDm9xeO3FO5A3YqJQPma6e9pUSLZzZek5 pYe4cSkjOXWEeD1dpghh8WfaOIjdexXAB4H5YoUE3Iw6Dn90Ek5naQHCyJPoXQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WqvQB51dQz14cf for ; Fri, 23 Aug 2024 09:09:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47N9960l019538 for ; Fri, 23 Aug 2024 09:09:06 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47N996dF019537 for net@FreeBSD.org; Fri, 23 Aug 2024 09:09:06 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Fri, 23 Aug 2024 09:09:06 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: doktornotor@mailinator.com X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #40 from doktornotor --- Ok, so... let's recap this: What original SA deals with - let me quote: "When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation (NS) can trigger an Echo Reply." This is "fixed" by a series of patches which cause the regression described here, among others.=20 Even after fixing the regression by another series of patches, people still report that this caused yet more regressions, which directly match the area touched by the original "issue" described in the SA. That is, breaks ND/NS = (see Comment #31 and following). Additionally, people report that ONLY reverting all the patches to the state before this "pressing" "security" issue of responding to ping - unnoticed by anyone from 2009 at least, let alone exploited (for what exactly?) - gets things back to working state without regressions. The response here - downstream issue, lets close it. Between the breakage caused here and responding to pings, it's everyone's g= uess what users prefer. The original "security" "issue" has caused zero problems= for 15+ years. Something's not responding to pings - yeah, there's a box with a firewall in place blocking ping. If there was no computer with given address connected, the evil attacker crafting the packets as per the SA would get I= CMP Destination Unreachable (ICMP Type 3) with one of the codes (such as 0 - net unreachable, 1 - host unreachable ... etc). Blocking pings actually confirms the computer is there, up and running. The only thing blocking responses to ping does - make basic networking diagnostics / troubleshooting a PITA. How's this whole thing a security issue deserving an SA and urgent patching causing the above regressions which are impacting real network operation and many users, goes beyond me, sorry.=20 Once upon a time, common sense was in used, as documented by http://www.faqs.org/rfcs/rfc1122.html - 3.2.2.6. Back to the drawing board. Sigh. Have a nice day. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Aug 23 09:14:02 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WqvWw4tlyz5SthP for ; Fri, 23 Aug 2024 09:14:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WqvWw2R4kz4VXj for ; Fri, 23 Aug 2024 09:14:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724404444; a=rsa-sha256; cv=none; b=rWP560kfK3lbuJSA5mfTCxYsJxrx/nauImE3gnoKdi00TFoofgEPHUjeV7xlBR2/nAHlhi Cu/5QhsirBM3A+DbUP5Jo6+rwqFBYZnozr0kHQbFk8mvsMLu988IpT/UDbaD+RbHIlRN/3 qv/CJiVna5o5d8LCqEI+vISEJecFjY01na+j2I9eknTYJuRdq+3t6QtKU+miNcwLLcrPvX V069+kbZpqGbT3jOsV5XrBZRrD2jTbiTW7uEgqY2Yrn4XJo87/PmUNA/9TAbOpN5dkwF8H s86BxE6yNwDbcsvM2rsl3yhOhcnlTq8O0meAHrSTxtZSBgv0rCVe0iJpPPvEFg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724404444; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Su7Rfa5VzsNN43vBrcMTImD+h4QDRrwrC5KZ55wmHlo=; b=aK+iBeWSXzPym5NcWIb5tLtdAf2334CIVvjX9GkNPiLSyrDltYzO8umeOgZieRWXi+mciS XlDk6VGjTFHohCwoAVYEyaFWx6ub+QGfhh177Ql1zxz7V42ptei4hWAo3S0TAuQ7qZlwjw fszA7aP+dXhuRQeBSwVbiLR0dkCg39NYmNo1c1foIWEzXoQA5LiYCATYp2sVwuXAfufUU5 ozjJnFDPobFRzJYbrF3pCBFIErS3jiObZTCRWqFdMqL7NaYBsxlY7Ag4YjOhb3UcIDEV42 pBet+D4d+fa9rZwODnD2oiF9tDiAn/sL4pbtPMnccYpRo6/BZL93NsccTJGSCQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WqvWw20SXz14q5 for ; Fri, 23 Aug 2024 09:14:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47N9E4ea047424 for ; Fri, 23 Aug 2024 09:14:04 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47N9E4OE047422 for net@FreeBSD.org; Fri, 23 Aug 2024 09:14:04 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Fri, 23 Aug 2024 09:14:02 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: philip@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #41 from Philip Paeps --- Problems with how FreeBSD code behaves when merged into a downstream product are beyond the scope of this bug tracker. As far as FreeBSD is concerned, = an issue is resolved when it no longer manifests on FreeBSD. It is up to our downstreams to ensure that they do not introduce bugs in th= eir products when merging code from FreeBSD. Unless a test case materialises that shows there is still a regression on FreeBSD, we can proceed with a corrected security advisory for FreeBSD SA-24:05.pf. For what it's worth: FreeBSD.org firewalls run pf. Can you quantify the "heavily coupled with IPv6 connectivity" required for the issue to manifest? Again: is there any evidence that this problem still manifests on FreeBSD? --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Aug 23 09:19:13 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wqvds5cMVz5Stxs for ; Fri, 23 Aug 2024 09:19:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wqvds4b0gz4WJZ for ; Fri, 23 Aug 2024 09:19:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724404753; a=rsa-sha256; cv=none; b=ibHeQSC5i2aBVK9MnziE4bNQZnY7fxTxvDDvh3YX2sfiecToC+o1hRSs7stqwmcf2zaWE0 q9YyotYLw2aX0Ix6RL6l87ZGD5kbTtb6gmjilZRWujErl3WjiYEpSyQg33I5pD5R8ICpID fVA091AAXLDN7kAK8YrBX9hwiWpDsrBlCwDg8rTkIQBvZW/x+tGzWcU+pclj+KS682iaHY kVD2V9djKe4tt8aaheA4bNYCREtXhIkA1bQg8+z2SPOyqgRr2YyEkgGqghvLAOhvPoEiJT c/xODoo1gKI/Rihej4HURmkOQJ081MW+AImdCuMI+kw1O5GQuihszZEzGttyNA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724404753; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zgSNcGJttzwTAbV1JsTx/P5qL0QbKS7+TFagkstAxpE=; b=CEL248DKLDxDjZect01/PP6V5VKzRjMHL6L6f5PxA0+tWaaamDO/+ZsagDvIWozaEDJbMK yBep5TEJiWvY2lH+mUi9y0ubjlQPyh0/x9FI1wYho5+tU+yE+xYd0tMcBY9JGYwmlgYlUv YiLIC5YS0pdt4JKfdFb7iwVMIi5NvmJmH4d0sKfqcnjqj0tw4YqU+Y1GfX2GxKILXjtCfX DjOKCR9/C/p2aBqu5ZPXFBV3iq/GzBNOW4HXAVqIu+FwboJEE/C5C3vWDndUgz4Fgv87oZ G+KFiy0mH8NOnbLOpoO4QurQR+xffIRbHWU2NV5dtEcMGoiKhm/H5y4YYS1v+g== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wqvds459gz14yp for ; Fri, 23 Aug 2024 09:19:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47N9JDwn062705 for ; Fri, 23 Aug 2024 09:19:13 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47N9JD6G062704 for net@FreeBSD.org; Fri, 23 Aug 2024 09:19:13 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Fri, 23 Aug 2024 09:19:13 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: freebsd_email@congenio.de X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #42 from Dr. Uwe Meyer-Gruhl --- Sigh, Franco, would a plain vanilla FreeBSD kernel like FreeBSD post-SA-24:05+corrections underneath OpnSense be feasible? If the ND problems persisted with that kernel (and I am sure they do, becau= se the problems go away when the "security" patch has been fully reverted (this has been established before)), maybe the maintainers realize that the band-= aid fixes only part of the problem. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Aug 23 09:24:20 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wqvln0wlQz5Sv4l for ; Fri, 23 Aug 2024 09:24:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wqvlm4xVKz4Wm2 for ; Fri, 23 Aug 2024 09:24:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724405060; a=rsa-sha256; cv=none; b=R14owpgvmI++GLCs620syvhYopfPq5m62wR523D3P3rQX0ptG7EJN/ZnP+uExKtHlg1VC9 iCOb7lun2Wo2X+mOE49aaPz2ytBG3ymFWrKcNWClf1rIekVelu2ntHBqmx7A30HNJJuXo+ Fk/MWtfzLTHipYU5T4MljKMU4ZgisSwIhteIGAzevbbMqEh5h6zRIEdh9y8EnQxiRrDEqa ITiFMNd/1lO9q7MJa4Dj8PzLc13604pOx6c4IbfbZ2jwizQsHaIlyhYT+WgF2WIMX9LR0d q6LIDj8XLCXwLhrU7TUO43x7qNMoAk5ors0SdHyS0ZQqWCvr6Uk5fM5ohvkr+A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724405060; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pyu8Re9nKKuCu12txzX0L00sNA2gysMA934K5KpbEeI=; b=Sv/k021WukDA0jGNHaBwQCYX+ukgdv1Lcn3xl8netIsGVKh6qgaou/2aHUrd1f5rTl8i3X Mw2hgBZ13P1GaFkQkg+ryyXdBl4Dm0CLXkO83skJZpZrr6FNkvAMKI/cRdv9QNR+C+fPzh 8sJYU9PBDShBAliillwMkPd7kmdgs3AOQG96QN7rgaqEJD/yGCYAbJgpBWsAJ0ocBgixy3 teL8VwqtUePWANNeZL2Xfa5iB5B7yvu09qDmyfLwren/TzXcCilWg2shDYc/Lqbr9eAllZ EfKNXY7h2iVGxQ0XtSnSqWIfS7m5pGRpacjgqh0Um4qvbgaic3oSlKOkkpyDpw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wqvlm4GvDz15LJ for ; Fri, 23 Aug 2024 09:24:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47N9OKvA089483 for ; Fri, 23 Aug 2024 09:24:20 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47N9OKF1089482 for net@FreeBSD.org; Fri, 23 Aug 2024 09:24:20 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Fri, 23 Aug 2024 09:24:20 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: franco@opnsense.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #43 from Franco Fichtner --- > Again: is there any evidence that this problem still manifests on FreeBSD? Is there any evidence it wouldn't given a single FreeBSD commit? I think wh= at you are implying is that someone else should do that work, paid or unpaid, = to get to the bottom of this either with a test case, regression test improvem= ent or an actual code fix. >From the last year alone I can tell you that none of these things which can cost a lot of time and effort and eventually money are well received by Fre= eBSD with patches and bug reports being ignored for exactly the reasoning that y= ou are going with here. I've actually talked to release engineering about this and the response tha= t I got I will quote here for effect: > FreeBSD is a volunteer project. If you don't like what you get, contribu= te. This was actually while contributing. You know what happened since then?=20 Nobody cared to even look at the patches and my concerns for things broken = in FreeBSD 14.0 and 14.1 so much so that I went from Phabricator to GitHub: https://github.com/freebsd/freebsd-src/pull/1390 https://github.com/freebsd/freebsd-src/pull/1391 For me the top of the irony is that the people directly involved in these problems either say it's not a FreeBSD issue or outright ignore reports and effort and their own patches making production FreeBSD releases less good t= han they could be. This is a tangent that ties back right to the handling of this report and w= hat you actually expect of FreeBSD users when eventually nobody takes user repo= rts seriously or bothers to merge their own patches to stable/14. releng/14.1 breakage is really just the icing on this particular cake. You want involvement? Please, do. I have absolutely no reason to distrust OPNsense users on their reports and positive feedback on the fixes that I h= ave submitted so far. The same goes for bug reports I'm trying to help with without doing work that is going to be shrugged off anyway. Please fix your policies. Cheers, Franco --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Aug 23 13:32:11 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wr1Fl3J8vz5THTM for ; Fri, 23 Aug 2024 13:32:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wr1Fl1fb7z4rJY for ; Fri, 23 Aug 2024 13:32:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724419931; a=rsa-sha256; cv=none; b=gVOAos1t/yAXLlQ3v7QHeoAT5/9QbIDbAl7JbzX6X8kNZ5tZ2s/5tq2RUF4kyJjftCy/cm Syp2zyL3XOtAf2F5G13+1wmMsjDqdfrqHu7MJUYKpz+DEsu2HdvSaIj1ZvVFAcsaZGxUND Th3snWMSx5GtrSkj3p/iW8tbnO9csDZ+mLk2q7kDQKcOteDGFPPvCW0n4k+xKE05dp3RQ4 HkHEuOCaVVvfDVXAbq0Znby5jBQf3qx+ORklUNazP3Yo740aq4togpLI0+r5Ou6aop0v7+ Pi/LF9kjL5a6fTv6hjvhPuZez95x7St5n2BOPfnsNIchpJxE/2CMt/9c8r6MaA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724419931; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lCLdf/IaGNl4ZjHpQCyGPZteJ7z4r19mKrsBTi3Blsk=; b=mpq3UEsKrO60o4hlXo0YzKeNhWtT837OBBmMnPI1WAJ/IygDVq3murLyBwnBRkne+NpUZG B0nwxbULv6xrHGaTN0ucGeLI/ee9WO2nOZjo560SrcPAdsUxgmjHVedrL6fEdmJMMrz8DY K3yk2MQy7MMgJJfDQFh/mXZPZ3zNEg5Z1CBXaJ0UGVhNhCaVB63Mwdmk03/Ba5Hpdb6RA9 D7yfE5T/AFAqxsPruHpWl/JKxbaNHyhA2HnbR4k73VWkLXYUoL0Pc1mAALxfERUPSXYT5Z +dVTXeqDzugErEkT/pQaK7/rN75C9m8q22G+iZ9bRHjVf9Of/6ZcZWccZGF8Sg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wr1Fl1FGnz1CKL for ; Fri, 23 Aug 2024 13:32:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47NDWBMW027750 for ; Fri, 23 Aug 2024 13:32:11 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47NDWBd1027747 for net@FreeBSD.org; Fri, 23 Aug 2024 13:32:11 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280599] net/aquantia-atlantic-kmod: No ethernet on common workstation targets using aquantia-atlantic-kmod Date: Fri, 23 Aug 2024 13:32:11 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: 14.1-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: yuripv@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280599 --- Comment #7 from Yuri Pankov --- Just for the note: unfortunately the aq NIC that I have is 5Gbps and the on= ly other high-speed NIC that I have at the moment is bnxt which only negotiate= s to 10Gbase-T and 1000baseT, so the only results I can provide is (almost) saturating the 1Gbps link without any drops/retries using iperf3: [SUM] 0.00-300.00 sec 32.9 GBytes 941 Mbits/sec 0 sender [SUM] 0.00-300.08 sec 32.9 GBytes 941 Mbits/sec recei= ver CPU Utilization: local/sender 8.1% (0.0%u/8.0%s), remote/receiver 33.1% (1.7%u/31.4%s) I will look more into this (IPv6?) as time permits. --=20 You are receiving this mail because: You are on the CC list for the bug.= From nobody Fri Aug 23 21:48:49 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WrDGq63Bpz5TWRN for ; Fri, 23 Aug 2024 21:48:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WrDGq50fkz4cy7 for ; Fri, 23 Aug 2024 21:48:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724449731; a=rsa-sha256; cv=none; b=lFobfhRTyHB6utneETlyKgl8sBaHH7L/pRRfeRnDAaiwjLoB0BzJeFsJjIWWoZhzhsnCgg eXogi4Qw9vMu3plZxSpfln21aUnoz0MdrB+ftq5TrXcI+oO1mGuBkqeHAybCCdyRMbZyON cPl9y4Hy833b/H67GlalqmGL2aTXrNtz2oaAcYv1g4P6VCOJImCXnGcASMwieVCpGiheH+ sna38vy2Lm65ZMBYIsrZoU7M6i+81v+vKRWRFa2zLqgu4LiJ3cuiN+sjvaFfbjQyeIpUWq 3tkboUo+HpLP5bzOnVOHbZB0sIPtUgoAg6/dbqLBkPRYEDNW/QoZ2fvzxuFWEQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724449731; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UKxoabTEDnJM2sojNB2T4RpFYRWvDFY99+JSsM8PsbY=; b=qh30cm/Juz9rYjAeLGadaK8xHpGzNUjpVLA5P8LxnFX9aNcROx5tQo5A0BGsTV0FhE/OoB TRERxv1s6yLlbGiDKB34w0VPRKnv84AScl2AdickgJ6VUAViFunJvhmcXNzVLD0dJc+NMu O5tHkuW1QFTRgho/9PzKMSfxI1hfZg2D7+Pj+5ZXFpff3AHLLuxAMF56K33+JnjnV4i6t9 ENpZ63Wx/zH1GeLkrZWTUhPqr7U+zCec+G2fhfgDtHLdlhlypaSzDsSVzNzLfaP8NpPKbP wsX0ELGQuY9gGNoItmn1jLIMcUXBf5wRgW1CdmrEzuEMcqfqHvPTQqyVQQiEiA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WrDGq4ZK4zSTx for ; Fri, 23 Aug 2024 21:48:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47NLmptY063364 for ; Fri, 23 Aug 2024 21:48:51 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47NLmpEi063363 for net@FreeBSD.org; Fri, 23 Aug 2024 21:48:51 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Fri, 23 Aug 2024 21:48:49 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: gordon@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 Gordon Tetlow changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gordon@FreeBSD.org --- Comment #44 from Gordon Tetlow --- (In reply to Franco Fichtner from comment #43) Franco, from our testing and practical experience, we are not seeing this i= ssue manifest itself in the stock FreeBSD kernel once the fixes are applied. All= of the continued reports appear to only affect OpnSense kernels. If there is a reliable report this is continuing to be a problem with stock FreeBSD kerne= ls, we would be happy to look at it. Unfortunately, the evidence is "this is a problem with OpnSense." As Dr. Uwe Meyer-Gruhl states in comment #42, if t= his can be reproduced with a plain vanilla FreeBSD kernel, we would love the opportunity to see the details to ferret out the issues. If such testing do= es occur, please let us know and we'll be happy to reopen this issue. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Aug 24 03:01:36 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WrMCj0V9Lz5V0HV for ; Sat, 24 Aug 2024 03:01:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WrMCh5DrBz47TF for ; Sat, 24 Aug 2024 03:01:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724468496; a=rsa-sha256; cv=none; b=x1P+TCbvnp6aSo2OG5quMbFcABaip2yZgzBxyb3e/EbzOssmd+P/mnvn85lm17If0UWI8T kdsqDM/spXNZnJ8AXjdguDpvVriUb3S7R7A99VI3Rv12U/UDHZrMxGqa7ACJ1srTiKl/+G zJopgJwKcb4WR5i+dSNYoF6Z4Y7quAcjmQWOOvUIjm21eTDu/SfEk0SyEZyjNpKcZZF3kp +wdLEHgKwWtcNpSbxsoSueDymM8QqPDD+0hA2OTZjO3qI7Yj4YTyOH6q34krppdQAL7g+7 kIbyIp8QKazG/FCURA0XQK2TMS6VRmE4ZQ42z1FA5i/HJSGIh5MK8xMODBllQg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724468496; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QjC3TWaOCgZz3iob0zbPGzTL22s91rj4tKY6YMHQE1A=; b=MzSQ7FlJhk/7rG7jOuhEXxx1n3u1Y1PpEUM0mD7PTjrnQ/V/W+sBFKSK2cJl3Lpv8PigMa Rj+H2mda+2NsUb6JKxj4oGbq3B4B9XJ2X2/IFRNvEy+xtnIVlfXfv2ho/xyVAlLzrtmA0t nWrjzYg0KXaxGUlVNQc0lhqlBk9j+85NpJr8RezSFsP9CL0A3aM5K59GppOFLgIeiKE/Vf wJTX/kUuP2tdMhTFjEFI0ZZE15jgAU5S4ejLx2/YVuIzo4aWJ+86PzjMPFymYWs7TAVlFi gPXwunvL0QfPXiSPcAUqi/sI0uR4qxbBIyF1bW3PxwiifBjYdXHzrVKdUDhX5w== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WrMCh4s5PzdbS for ; Sat, 24 Aug 2024 03:01:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47O31aiZ051112 for ; Sat, 24 Aug 2024 03:01:36 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47O31aF1051110 for net@FreeBSD.org; Sat, 24 Aug 2024 03:01:36 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Sat, 24 Aug 2024 03:01:36 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: franco@opnsense.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #45 from Franco Fichtner --- > we are not seeing this issue manifest itself in the stock FreeBSD kernel = once the fixes are applied I appreciate the whole of FreeBSD insiders sticking together on this. Though I'd like to verify what you said: Is this a statement based on observation main, stable/14, releng/14.1, releng/13.3? One, all? And are you talking about traceroute not working as initially suggested or neighbor discoveries being ignored intermittently specifically as found out later? Or both? I agree that traceroute seems fixed. This isn't in dispute. The evidence for the neighbor discovery suggests otherwise as we tested each commit in the original SA in an controlled environment that has no other changes at all. This is specifically with code from releng/14.1 although I don't see how a commit within the scope of any applicable FreeBSD branch (or downstream prjects) coupled with a relevant user side ruleset for pf would = not be affected in this case. I'm reading hereby FreeBSD doesn't see a neighbor discovery problem. Whethe= r or not this is because it all works as expected is covered by test cases or pu= rely by evidence with existing machines by developers is left to be guessed. I'm seeing intermittent IPv6 connectivity drops as well now. We have daily = user reports regarding this now. It's hard to pin it down which is likely where = the boldness in believing this doesn't apply to FreeBSD comes from. Fine, I understand why this message is being put out. I'm refraining from posting more links to our crowdsourced test methods for lack of enthusiasm from this end in the meantime and report back when we ha= ve proper evidence. I just don't want anyone to be surprised after the fact. Cheers, Franco --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Aug 24 04:41:17 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WrPQp1s7Fz5V6sH for ; Sat, 24 Aug 2024 04:41:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WrPQn6chDz4KLh for ; Sat, 24 Aug 2024 04:41:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724474481; a=rsa-sha256; cv=none; b=N+S09LePnQQA1fXgf0ZFs1NzNUgzMe8rMs4v8jYuHV3SToZlgFvyvwiQz4ysOZVpR/tg8I PlXfy93J8ZUVpx5lNnYsPPGZftNW/Dfdkuc1etTW2R+4O0cnAtfk3svHUUqi2P94tlObrE ruYsGDmkfbsU1/r943falCJVjqa/IdL7p8kwK58MLBmakPcLXJIPBRwkyQzpoedL8H1Rdr KLfDgP49KsPkcKc17kUbL2EBpzftztjE9w8hpMFq5oWjz77DkMHcEe/f50OHQEZTl452Zd gfwNnd8cvuEG+L7VQGhxsVqIRNxU7IANcX5gdXFQQkhs60GLNQJqOXQOB7vmKg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724474481; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=p87nSP+MQ63CvW04aM56DQNqmV+gImhQInQ3UJP3lN0=; b=EWG4+AL/SkdBoEffH5dsefXIcmQbFckxGMZbM18NqZtRxHAj+bQOnCw4il5MNkKlxzOK2p P2ZwiefX36w7b98WtNigz5J3X5T7dca3BFSLOBDHJv+aDfXj2wXweURA/YoB0AUzMjwAPZ Fy0hNtVQQqzuHhDnSheyzburmtrYBUV0Y1fTUEdZ68rTJTK1a4ToWMkDn0UFI/rMbPo7CZ rztA2VgeU3otVE+++qHaOuOMV9VVfcw3z9xe54YCt/Ue65XSn8NG5yOTZRlYtAqBYIw6x4 lMRyntnh9rax29k2UMZjN0Ad731C5udbh5jbBS1xHZUvlC3Ho55MkM37ORnjzQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WrPQn5qQfzgY1 for ; Sat, 24 Aug 2024 04:41:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47O4fLEM055804 for ; Sat, 24 Aug 2024 04:41:21 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47O4fLag055803 for net@FreeBSD.org; Sat, 24 Aug 2024 04:41:21 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Sat, 24 Aug 2024 04:41:17 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: franco@opnsense.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #46 from Franco Fichtner --- Ok here we go: https://cgit.freebsd.org/src/commit/?id=3D534ee17e61 This first SA commit adds state tracking to ND_NEIGHBOR_SOLICIT/ND_NEIGHBOR_ADVERT that wasn't there before. From packet captures you can see solicit being unanswered for a while with that commit applied (or all other SA related commits). As a stopgap I disabled state tracking via: https://github.com/opnsense/src/commit/ee7b012c54 This brings the solicit/advertise back to the state before the SA was introduced. All solicits are immediately answered. No solicits are repeated= by the external router. These are to relevant commits from OpenBSD regarding the matter https://github.com/openbsd/src/commit/2633ae8c4c8a https://github.com/openbsd/src/commit/49f39043a02d You can see that the second commit also disables state tracking for solicit messages like the stopgap patch. Since solicit is the one that is not being answered by a system running the SA I am fairly certain that this is the sa= me problem scope. Anyone got a thought why this could not be relevant to FreeBSD? Cheers, Franco --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Aug 24 04:51:34 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WrPfb0zf0z5V7Kc for ; Sat, 24 Aug 2024 04:51:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WrPfZ6ZQsz4KwB for ; Sat, 24 Aug 2024 04:51:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724475094; a=rsa-sha256; cv=none; b=guqY58D8H7Intk9m2zBy1x95dRBYybCLP3ENZjmtvfEAsXZ7+NY/YpdYso9n/aB8cK77Yq w5bLjJiJYR39wOKMKzD8YuhpzpAKv4V7vblnuZjR88LHrLiWN7czU1wSMUI7rNtLcXPgNb krdCTt6EvMxKRujnErzgHIswts1n9bI49JmIuF+tPfM3ltRKHpQd3PvDAvZ07s5fz+K8L7 NothkYANCJbGKgGtq+ovKQmxrsTm6hE7HXwxs8Z+zbm+HSBDlLtQ+r3CxbQZ53CQ/boegp 4SJ1RaPAsSBes3tMS9hWyY4uGrGqIj/w1P54qyp1Poypk4J1zMxWN5JCR8p2vw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724475094; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2eRSdnFmeRNSdulUHUZDKISO7+Ds7/GXugXxfZYniJY=; b=X56KxZFqsAElhERQGHKGVvUhJofqH5v19Cusbva3VGV8sXHjOKkvSNJyF6U0WT9aTkFRvJ GWJ03WKTkVHTCwBCbQ88a0EWAczLwG1H1DWh0E4cRrEj6HpPVZuv0L5fOGpo7cEIb48TsP aDtFg7If1UPSelIBmmcCw2UJbVpmfAgq/LZSa5bl07upp+f1y17ItrHM/70NYHweeGVOvb 7Rn5hi04qRl3d8j48ss7pgNwkUVvCn5GX35GbqvzUdAV1q59qS90xVHvKZ3ISNjrPp1ibb LMoF7JqPv4e0Ro/JVt60fgEhAl1hrhcoZvOCemUhdHAF59tHuFsd6lsVcpQxhg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WrPfZ5XnjzhPM for ; Sat, 24 Aug 2024 04:51:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47O4pYdX096095 for ; Sat, 24 Aug 2024 04:51:34 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47O4pYha096094 for net@FreeBSD.org; Sat, 24 Aug 2024 04:51:34 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Sat, 24 Aug 2024 04:51:34 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: franco@opnsense.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #47 from Franco Fichtner --- Also why was this excluded during the port from OpenBSD? Same for MLD_LISTENER_* BTW. https://github.com/openbsd/src/blob/master/sys/net/pf.c#L2699-L2704 --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Aug 24 05:20:50 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WrQJN6NLfz5V90m for ; Sat, 24 Aug 2024 05:20:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WrQJN57xGz4NmZ for ; Sat, 24 Aug 2024 05:20:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724476852; a=rsa-sha256; cv=none; b=iG9r3iN006eiVgeuBzf8D353yYghdjYS6eEn5HSBksBz2OGQaanyJi7zanMI6eanua156x cXGQhfdGzpFOA+fYnu6+Od/jQUnk6bcqFITO50LAB/c6hJHT6Pfw5PnxNFjxEK7bPD/LPD 18hy/JWiuUWKBdp9N800Un4LROYTmHbzPi/rbUyhbP9KDkYjDLPjMRnEfx0H4lpjjdIzel 5njM0/pAp2ldJy9dcbhMiCkEtrq4X34E6rNvkQ7jLjub7BDSD9uyGUV0OssTstONh9bgsY Ot6oKNyo9UeILucjrfKOhH2LXSfq+GZ829ipub1jvT+k9D0k3CpTaXYdiEYPZw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724476852; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ynXWytSa/nKk/0mVmZosDXWBh0PCXyHFyF9cPQ/rX9w=; b=Xl5J72JBj+XG2pY2qOt6YgTn7wNK2XD+mks3WjJec+Fc7ceBwbPRMbXEY2grGpVQG+juyD VyyBbdSVPSNFU4rEyn0VazK/IwdbOTmHXE6IedXYaj2jcXfILy++bRXurCypCqtXBasCFD 0v3iALa63thKtiI5ey7gvwvMu3HiR3vhGSBpoqT0DqPgYyGjXwQMX0s6FqgicrfUtx4IGU diafc1JtuzcEUD0hjSdiam8wKdjZnsDiZ2Vh9gApnBvOe7ish9ekV2eAR6uRp06A8W4vDD 4vS4jEXLRsJs3KfiF44EL4NKRXBjDObCTfEWqY6fNvCDzFuqB/g0xRL2smGckA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WrQJN4ZjlzhcD for ; Sat, 24 Aug 2024 05:20:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47O5Kq8A015455 for ; Sat, 24 Aug 2024 05:20:52 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47O5Kqei015454 for net@FreeBSD.org; Sat, 24 Aug 2024 05:20:52 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Sat, 24 Aug 2024 05:20:50 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: gordon@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: resolution bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 Gordon Tetlow changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |--- Status|Closed |Open --- Comment #48 from Gordon Tetlow --- Franco, thanks for the additional detail! I'm reopening to get further eyes= on the issue based on the pointers provided. kp, does the analysis in comment = 46 indicate an issue that needs further review? --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Aug 24 08:05:23 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WrTyH2CGJz5VNGn for ; Sat, 24 Aug 2024 08:05:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WrTyH0pvnz4dKY for ; Sat, 24 Aug 2024 08:05:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724486727; a=rsa-sha256; cv=none; b=hYCVn/A+lAg3M8M699M8H07ASJKyOjai/Ym/lRQQL1rcO1WOA6v9GYIgBfUfh3w3lA23Oj RWGT56fLoTYN/guR3v1ni5y6ycoMCS36pFBNtmbDtfpm+rbwxnhaLE8m5HFynQ4WMFhjmT JCSEHspyiPOlQK0aAlYM0k7k/4yJtHAEgOYX7CqYWHuqgz4EG6S1sjJ5rTVUlYrCBu1u+B SxsTBaB8EQ7PqXR29zkseF+xxWXXeFdHChKbhllngz0tFT2/DYuhPIe4byO/EK23M92PIl 3FdCTyAGp2S+UNb3LcP2WfdKkdXx9WWW4dAZpojvm5U1BEJkGe1vTlOSlqisig== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724486727; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Z6j0e1lDETmi9zFoFTPEjf0LzCVZWrAsEQMDi/fPBfw=; b=YDfAc0rsMM3o+o52hP1YvflCVI88RxaMb+Ql6sbcVYSX9xKVNyP++rV3W3uUipnKq8KmKt p7wHqiBTkifKqS0HSn1xpj6F13VrMY3/VQ7eOthWyWDCdxzTyDSknOVbXc4LshkYSSrSjh jE+FGCCaHA05SBaZZ5DTpgLjVzzhaigJavAcZirelGT98rn8wUcMqLVpJkjozbAD9GpSCe 7lMw8tm7d/96tIiaOVtTPN+A+bamfBwfKqhQTSuXCqAvJW7DQll7LojSCyLLqQnvt/hmCN pg46or5n5NmtximacCMLBTT7JatDAo3oc+13nIGDi8x1yfnCgPSVkFpvF3f+Hg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WrTyH0RDQzn1p for ; Sat, 24 Aug 2024 08:05:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47O85Qtg085055 for ; Sat, 24 Aug 2024 08:05:26 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47O85Q42085054 for net@FreeBSD.org; Sat, 24 Aug 2024 08:05:26 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Sat, 24 Aug 2024 08:05:23 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #49 from Kristof Provost --- (In reply to Gordon Tetlow from comment #48) > kp, does the analysis in comment 46 indicate an issue that needs further = review? What issue? There's been a lot of conspiracy theorising, but no actual bug report beyond "opnsense is broken". I genuinely don't know what's supposed to be broken. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Aug 24 08:12:07 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WrV613PyXz5VNgV for ; Sat, 24 Aug 2024 08:12:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WrV612NN6z4fVC for ; Sat, 24 Aug 2024 08:12:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724487129; a=rsa-sha256; cv=none; b=OJwUT8ZhcCwFkxx1IFOgb2xXF6nWh1cXZdSSPMMIR9zH2XCtsZCc4cmaJFFx+TVeiUzMRV 8eDy5hO8Imq85FV2B5Ggaibsl4lvYl/OvJtX930AV3Jx9Xt4AD135jXlJ6NJ/bpsWJTooN 2qe7N6V9fJnP7n6Qrk+jULwxyUcr8AbzmPV4+IyWGSeZydSEKr0ZAf8zVbzov4HcJ42IWM 0J8z0IyAMWuv2dKhP83/yYO4fc0kSxr/ZtjqRNgvFz/6RhkmLgSJw+mbbuA31kaubxijPV M3HW81oEyAKi0qbc6Cj9wiLjb9ayrL/rdBzjN1RJ6f0e+k/J+bdJ8JeLb9owXA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724487129; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=U38PHb6q9K+zaQzKo8bixUytEWk/3JyAY6LHS2JGZU4=; b=HEchg+mJ0p8b9Txxkkk4fSgbrOFI9CGtErc8eMF9fc2myvVZbtlpq8aHuAUIQWRh1dpHuI uO7ez4ONQHX6qRVWjwjqSKJFHZ9Fj78tgwbAygtsa8bWhyMRGsql+re1f7ITuQ4AZDDHTp mmzLT5xeVamGKvT/pW7qr6jhadujnlja4beeICxFjjJwUcCXqefbYOjCLMAIDWj9wTb4Wm PjgNtF1TUNlEmUg0dvDcjO3Nr7wsF2l3HjF+hP5C5oZgMvj/acm6iJKPy042+3TchUuieE 9kYbNc3ANOopxxcA08SO38c9xPXqBQo5yD4IJQC+yZB90s+abig+uNbpUUDnmg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WrV611zywznBZ for ; Sat, 24 Aug 2024 08:12:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47O8C9IR021228 for ; Sat, 24 Aug 2024 08:12:09 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47O8C9kP021227 for net@FreeBSD.org; Sat, 24 Aug 2024 08:12:09 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Sat, 24 Aug 2024 08:12:07 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: franco@opnsense.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #50 from Franco Fichtner --- I don't know why this keeps happening, Kristof. If you don't think it's wo= rth investigating please don't shrug it off in the name of external entities / = bug reporters. If you don't want bug reports you can say that, too. Cheers, Franco --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Aug 24 08:20:41 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WrVHv020Dz5VPMC for ; Sat, 24 Aug 2024 08:20:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WrVHt1YYMz4g5X for ; Sat, 24 Aug 2024 08:20:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724487642; a=rsa-sha256; cv=none; b=glDtfwDPEqaVKFr8YiKbKWBBHwyYFsKVD2GR8u6sRYHKI417JpGJsbgwnF6BivXKGH4y4h 2ILk8OK7KN5xeZSjmq0ao1WVrEwOEXlT9f63L7fMdGKIGrjb+/lQAto5DmSBCzDWqECkCE lno2gQo01Stz9I8DcxoyIhrQb43/5HiYERdfetqVDxIkJENKgBm2bDZsrVOGdKcokrD06s 4g/ktANtxMg6j3XAC4ARD6usvqR9Mzxo3wTUD8kvBvtthipUVCOdZVdF2cyN/3gzXxSYUI 0Q+xUhgzZtuw4wIXCTOkANUDoTSevicdSxW2tzI7P4YFnxZSvx7pLAIIugXXXA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724487642; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Xhg3LwPd9moRTImtjFnsJI3113eE+uIlFcAJYNoO798=; b=MR+Nc6A82WYvyqJpMfxUevUglxq0dkREtna+tNFT9Tu/xJJxrQwXr2ncQU86tt9ysXOpZU HWMCSsFdGDLiIsgpdcXk5LO4GHo1eHA+MWhREl0ViucNj09Fc1VOCzhPdaGRmVRB2/WoLB O9zBrHvr2X3KldxVwwRJcpUXzhLNbt08dUrycg1gjA+SAWhbcNMWqtkE+6tcyoBOIysoq2 CJfRJv1Mr/aDDkhZqV7gyWaMj5EiSiYUL4yY8kAYzOqN6azlupDApN5zGid4f4ro+WluqO X3Q+BfFweQ4qKalsQ06Ya6C7ekvEu020M0gj+j87n2Gu8AsqpbynF9jCub06fA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WrVHs6GDXznBf for ; Sat, 24 Aug 2024 08:20:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47O8KfZ5047742 for ; Sat, 24 Aug 2024 08:20:41 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47O8KfNO047740 for net@FreeBSD.org; Sat, 24 Aug 2024 08:20:41 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Sat, 24 Aug 2024 08:20:41 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: doktornotor@mailinator.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #51 from doktornotor --- (In reply to Kristof Provost from comment #49) Sir, as I already hinted in Comment #11 - your port of code from 2009 is *incomplete* and buggy. ND states behaviour is broken. Many people took the= ir time to pinpoint the missing bits. You are wasting everyone's time here and causing harm to FreeBSD users and the project. Sigh. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Aug 24 08:25:05 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WrVNy1Sdxz5VPQ6 for ; Sat, 24 Aug 2024 08:25:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WrVNy0FJ3z4gvV for ; Sat, 24 Aug 2024 08:25:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724487906; a=rsa-sha256; cv=none; b=YrWO+g1D/6mWGkDkH5AG/03PZFKdvmHSrD/IzAI5VKQbFhHRYbE5EOJwSrnrUHCrZvnFDM EkfUfAhYcJROJvnIkr42uPTCUzX2LBYG5hlZplFVmW7fl8s5qk5C0FjXtZX6wxJt87s+TK JMo1s8bZiDSJs2dHSz0vP19xP89emIBezpltKxkedyfZn7SV4RJi1FSI8E+BgjuX/SMKcq ExkYbB2WFnjlPTkMbAEIksT8PqyD/3cJjOrt3qJrVal935HmaZIdTfMvzhqYMa7C4xOR5Y muSUusLm53nQjwPstiJJR/eVr6mFy85ilVRoErjeM3TjCreh8/nQ+y+kgruk+w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724487906; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kIXEGwhtkn4AU7XtQ8JRF+iGxcD75Q+3TtDbM2pPOXw=; b=a2xDIHcXH+SzohVcSPEP7gCr+a5OLrZz+HXv4ztzyFeqTEMBlAA2SsVL6FGtvWSuaEwfni hG7RNyAI75as4aRLdbUe/w4BMfxufFNOT33XGm7KR6upMYzF2q6oPdhK3KwbDLNqoDj9wY G6e+PdgMkArEpVfPRreVzHdA7CsOaTHFxmqLLbjn0cP66U120lw1ZQcZX9h42vN3HU2ayP hAsJf+wQoqWRPuj1vRi8x47v3Rj8cFbNFYv6dUrp9XLDOwethsakdaWAaa4e9vD7enBnVZ VsEaPVxCdYJ+jM4oHueK9p0Zc2S60h1Ewg87fNRLZyJai78XoKx1T31ERlPC+w== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WrVNx6tZZznV7 for ; Sat, 24 Aug 2024 08:25:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47O8P5EN069578 for ; Sat, 24 Aug 2024 08:25:05 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47O8P5m1069577 for net@FreeBSD.org; Sat, 24 Aug 2024 08:25:05 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Sat, 24 Aug 2024 08:25:05 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: freebsd_email@congenio.de X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #52 from Dr. Uwe Meyer-Gruhl --- If you do not understand and / or believe what is left broken, read the rep= orts of how ND fails even after applying the patches contained here. If you want to construct a test setup to cover this, try directing the following command from another machine to a potentially affected FreeBSD machine and look at the results: while : do ndisc6 -m -n -r 1 fe80::1111:2222:3333:4444 eth0 done Of course, fill in the target's EUI-64 instead of 1111:2222:3333:4444 and u= se the correct interface instead of eth0. You will find that even after the current commits, a machine with the SA applied does not always respond in due time to these requests and the reque= sts time out, whereas a machine without the SA always answers correctly. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Aug 24 08:46:30 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WrVsh6Cgdz5VR97 for ; Sat, 24 Aug 2024 08:46:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WrVsh590yz4kcB for ; Sat, 24 Aug 2024 08:46:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724489192; a=rsa-sha256; cv=none; b=FZI6v+H/GQLser+KD5/WWG58TNylQWnLd/nncvzyhj19n+EYnhQMPLiOogeyUMuYXzLmXh /tay4HEd44XqvziClP+khF1e6uczYJE8ywqp3Fr7MODsRr3567yqmEZyqGVyLfbMHcjiPU Sz/9KanFg+EJbalhDuOspli8tiTA/WcZkrbhmY3dq83c56GJFS5eonDEt7ukXA7jHGSL9e 9e99DXdtzUbUG0w6fSewTqq/5WCJrP4GIuiMaKPb928YWQeX8J1wOnKjIFgkZOCG5QgEuY Yy1uAQKxvjCrqaLLIQ3ypy4tmxCa+vrED6crZjmnIECxqeCyB5GuKlwBautj9Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724489192; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=44+/apXE6yd+8C81JtiO8T4HRU+35xqcG0N1iR1+VcE=; b=xspVaH9F76v4X4czECFK+BELVUWyWfpu+Mm8J1PIXMb2gjZUi/mgGd8TAG/UiPhFUhu82h D/gephFBly+WvxZF4JCoH0iLZz7N+37p+zDkPq+QBg/GYtdTBWJxY0npBT9lU80zxmc0QI LBIdtJawYyAxP0FEYHF01pb3d0Fyv0kRkpoYjd8hlztQ0P41cbQbbusBgLbFYYnGpkmqh7 Awgbd2PKdTLk3zvla5SRodNt0obI7a8pGjWYPB+grGk8NzSfOcTHZNLZjhtHf8j3DqB+g2 702OTNqZis/cS9RbtdCmJEYrRbsnwDg6hlM4MMZtlPlTQrbg5X4qm2qzqUkCPQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WrVsh4gcczp9M for ; Sat, 24 Aug 2024 08:46:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47O8kW1s056093 for ; Sat, 24 Aug 2024 08:46:32 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47O8kWwp056092 for net@FreeBSD.org; Sat, 24 Aug 2024 08:46:32 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Sat, 24 Aug 2024 08:46:30 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: doktornotor@mailinator.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #53 from doktornotor --- And since it already got to this point, @Kristof - perhaps reviewing Sectio= n 13 of the Committer's Guide [1] would benefit you, others contributors and - f= irst of all - FreeBSD. (Seems last updated in 2022, so I assume that is still applicable to the FreeBSD project.)=20 The one bit that comes to mind: "Argue your position from its merits." What= you are doing here (and what's going on repeatedly elsewhere) is not based on merits but on your personal dislike and perhaps conflict of interests with another downstream project based on FreeBSD. [1] https://docs.freebsd.org/en/articles/committers-guide/ --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Aug 24 09:57:55 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WrXS31WdZz5VWt5 for ; Sat, 24 Aug 2024 09:57:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WrXS26rjQz4qC0 for ; Sat, 24 Aug 2024 09:57:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724493475; a=rsa-sha256; cv=none; b=Ik+gCzobQ8odt57Wg/0E39/RH1CVhz7sMLjA/SjyKAcG4gDbX8OGU3EHna7kqwWkpQnhpq jbjnmPrE/JWsH+fNr+k/Ul5rl/S6YfYNQoOiNR18S+ViIbN3ORQKFX+3fac2Z4szSi2/69 c6SzKfJM4w5ynH16l/5eUnTMnwcqjiX1j8Mf7XEqGCbx3kuWNNObvdtFeCqMgU19I03RJn JE6THWhfnGUhWLydESSpdOn4T0aPfjmh6tk2DUzndEwiT3FdjI8c0X4WEG0yxW2azH2ugN 120IHjwZJVZqnzCXx/tjF1MHONeF2UJiu8kEcIBuKIKui0WgwXB+vuEXRgu60A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724493475; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EHq6QuTMzAdjXYrOIjjYjO6pQISbWhFCE0x6i2UGlE0=; b=mc7pu1uOifLWDZ/O1j/YJK5P2LU3yVkh3WG447W3AGUDsTkuo3qOVLca8dtXEX7er4GzI1 I1Mqb7c+W9Ziu+jny4xVs7JXjFyonQeOp4WbVLIOv6LgEwF82NxYNwE6xEwZeNEYQd+ngK qqr4xIbmF6+/YOFEO0bgIxc/e4D2gJFr743HUytQL076/9T9RLCb1FDgsM/6vctQfZOaop Wn1RvClWAIxG+XfclGg1W2hkw9h9Q1uQCKb2GFtB88LsDSXTgFkdZOk8Lvjym/pfOurrgf k4E4M7DdG+fvdI+/9gzFpQTETGzeIf/bu4jeQgFeHpy0/J423wDoM4CfXOnpHw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WrXS26JGszqyv for ; Sat, 24 Aug 2024 09:57:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47O9vsbE033175 for ; Sat, 24 Aug 2024 09:57:54 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47O9vsin033174 for net@FreeBSD.org; Sat, 24 Aug 2024 09:57:54 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Sat, 24 Aug 2024 09:57:55 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #54 from Kristof Provost --- (In reply to Dr. Uwe Meyer-Gruhl from comment #52) Oh hey, an actionable bit of information! That's nice. I'll try that on Monday. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Aug 24 10:12:44 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WrXnC36LNz5VXgV for ; Sat, 24 Aug 2024 10:12:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WrXnB70sjz4st2 for ; Sat, 24 Aug 2024 10:12:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724494367; a=rsa-sha256; cv=none; b=L56Zu74GPEGVCsuoTAFQUVsvj1VlbBzq/Q9dDgmf+EuWzo0Ar4EmTEZQcvkt2DI5BoP0gO gJ8BlZuaJL3fvKTu79q8UGPdMstKobfL06NmNUSeuT5QhfiMoTHKeWhBH55sJEPqZS/nST 5iKp6eqOJ7qKw0JYqXg5sA7/D9hsYIvrcxD748dR6yVejVVAJ99yetnzomEUK0C/lFH3Kr p+YuRPdhasswP3e9+NbRc/3AchFMeGvksbW2Tko1xUKZDci76a5rf2quwrK3Fr6NRS3X4Y 5mt/JwGeoT3q1RuYZDX8HdgcEv9TbfnqkeIswzEHIT9/PxOmpWoZikaOdr5Q4A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724494367; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+aKCe+cLFpAIvxlBsxXat9VmEMXjIQbl/dNuwWQfpPo=; b=xtH5XZ06xEHpscFrG3a2AGerUnq8KJceTUwxRhscdekdPVX5F43HslI/ZhtMnck0wKJS9h JlVzX5wLu6FSGtcWVp8Y9pvHH3+Ub4kGcY+fjYmchTCB5ifGZCYngc6T3ruhTnrR1OYYXY dEskOiwmkfdAk1JbujJilvHb84hLEyhJ815i3K//Q2RLofRXl/z5kTLglCf6XKEE486L1D 8c6q30GkOAsUP2A2SR0o8pCViNxfYpy/MnW5WiJoePLIk/U3kaKXyrG9Ia3RzftVPmGqlh l+ycw6YInk9ZNEfE4ZEU77v8vX/ASd3n1jX8D+A/yY11mqClB1zeFBwxKhfEpg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WrXnB0vHMzrHn for ; Sat, 24 Aug 2024 10:12:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47OACkeL005896 for ; Sat, 24 Aug 2024 10:12:46 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47OACkUA005895 for net@FreeBSD.org; Sat, 24 Aug 2024 10:12:46 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Sat, 24 Aug 2024 10:12:44 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: doktornotor@mailinator.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #55 from doktornotor --- (In reply to Kristof Provost from comment #54) Yes, that's the same information what's been posted in Comment #31. That's = also something that should be covered by the testcases but clearly is not. I am very sure the code and other contributions by Netgate are very welcome= by FreeBSD and its users. Also, I am very sure that your attitude towards developers of OPNsense and the user base of that project is appreciated by noone but Netgate. This needs to end.=20 Noone here cares about your historical disagreements. People want broken co= de fixed and working for everyone, vanilla FreeBSD or downstream projects that= use that code. (Which includes your upcoming pfSense Plus release, BTW.) Yet, apparently this hostility is still going on. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sun Aug 25 17:15:14 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WsL6G5QQ0z5T9nh for ; Sun, 25 Aug 2024 17:15:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WsL6G4MkWz3y5d for ; Sun, 25 Aug 2024 17:15:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724606118; a=rsa-sha256; cv=none; b=yCQRNpvm4WD6O1vAB6ISc/uLVdzXnZeWdgSvtZyDiVCmDcgNZlxAx5nb+C56Oq62fjMmla yE8lZST1m+22K+tkBNG4PxLEX6QAusd7LzBHjsv6cfttNwxJZla6l2AkFoqIaGiV8h9DjH m+woImKnFy5vstexFmt5Ki5jLv9v83karTIX+z9Z/1ukoBTWGCQRuKCMiRAjb51R3mRI/z 7BDWD6K8Nz013HH9cxzjh/4m1168L8g7Bgiud+SFBng2d05Tq2UTsiK9jMtwq1O7S8RIBr TmZs0TMI2qM46PRK2IU8hhbYMIXZ6QT534YByRuljVB8GesjY7SB3VtSqeuNQg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724606118; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=r5fknGfu9cdIwxBJBoLWwQ9jvRAL7fN4MFbV5qtabS0=; b=oYhFleq+wBk82rWHob4WoMWzsHVOidLuwdRdnDIAYLP4aoE49DYY54gUtOIp1TweE4R8om xNtLIVXVS1VbaeGQ6VYhwYSRtpTpmI1z4XjvnqWhqzv4d95sXxtHRYS3QccHtCOxndnbQM hsmzgB/fouXCNgkDEfqS4z5yuOKpW+86yT8Y3T/ipMv+8lFs48wkCW0MoM+0TIE5xYRGkz s7zUlu68vx2M+wAtsIdwVLOXOzwcANqnQyChydITJutc1z3vT5akXl6cubZov2oRlykZj/ /PeRBzfresLsaLn4txRCACs3P2k2uRvg1lvXPcPuZ6jC8RCsA/BmxoP4jewn9Q== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WsL6G3zJGzXJH for ; Sun, 25 Aug 2024 17:15:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47PHFI2S096350 for ; Sun, 25 Aug 2024 17:15:18 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47PHFIXi096346 for net@FreeBSD.org; Sun, 25 Aug 2024 17:15:18 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Sun, 25 Aug 2024 17:15:14 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: doktornotor@mailinator.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #56 from doktornotor --- Created attachment 253088 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D253088&action= =3Dedit Packet loss / RTT times (Source: https://github.com/opnsense/src/issues/218) Perhaps pics work better than words. I am adding one documenting how badly broken the IPv6 experience is with this faulty series of patches applied for some users and what's the scope of the regressions.=20 I believe this is not the experience you want to force on FreeBSD users and blame downstream for that. The difference between broken and working states in those pictures? Well, i= t's already been mentioned in Comment #46. Hopefully these reports will be taken more seriously in the future. https://github.com/opnsense/src/issues/218 --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sun Aug 25 18:32:45 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WsMqd3wWWz5TJZk for ; Sun, 25 Aug 2024 18:32:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WsMqd24Shz473w for ; Sun, 25 Aug 2024 18:32:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724610765; a=rsa-sha256; cv=none; b=K6kFwyGr57uBSPTDaupRb3jX3WXjWofoAtRZO/Wz1PQAo4HwMJkC6HSVAT8hu0NlEzIY+D 36foZg2Fyawa/sHNj2bCA5rp+gBAHxi02trtc5IElaMMGJG8tWF/q4nykBVDNWzHkpcy8y TnXz3zIntjOZN0L+ssqAzOSCRED3at2Q7QL4iqoynWRzB+inuZFQjzQ+p3fNYCV1bK6szt OKJDdawrSq5bkBpqWr0E+wVRFHuG20WDVD5+xyjdDOMiT1XcjmeGgk9n+sbbWVSYc+bTme t1UvI0aiE6nYiXQbtbGq92368d7K9GTbvXryW3JaKe/zciIlDf6TQnG3TFXqoA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724610765; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Phr6cj8ej+J+bZXr9DNsh+XMBCRCKdbKTbQRIj7jqVo=; b=U4W+xFxgf1zAM0xZD5lQ79/4aIO0qPL69xZi12LiEVYyL3HMaRWKi8sgYpO4hxWc2rIqxO CMlcjxLcbrsUZcTezgMaW31FSopWzknjJOWDfGwq/sgCse0F+rnC8maifKrtYGogtdtXOo yCkEfulcjMxly/y5ewcr9rolx3zl4FFOK9tKXCsKzqUxuF+RJwzdklY4tRezBnW0HVG5Kv b2nHwypo3PeXrRNmadT4r5B0TxdvdDILw324PBLv7Kz+IyFj8QYnqGUkadOc/jcE0zEjju nfCgU+WhWOwEf16nCfDGJ44ZDrdXLgU5ae8yU/bfBQburpn+xYZxYy5BX9uE9A== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WsMqd1dfYzZqk for ; Sun, 25 Aug 2024 18:32:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47PIWjte026960 for ; Sun, 25 Aug 2024 18:32:45 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47PIWjUm026959 for net@FreeBSD.org; Sun, 25 Aug 2024 18:32:45 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Sun, 25 Aug 2024 18:32:45 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: franco@opnsense.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #57 from Franco Fichtner --- In closing I'd like to add a few things. It was made known that a proper bug report and steps to reproduce should be raised. I think that's only fair. This, however, requires the undesired behaviour to follow established rules which do not readily apply here. The core of the problem as we as OPNsense see it is that pf state tracking = was added to several ICMPv6 types that were not there before -- first and forem= ost ND_NEIGHBOR_SOLICIT/ND_NEIGHBOR_ADVERT. It can be said that the state trac= king is insufficient now in at least these two types of ICMPv6 communication whi= ch results in intermittent package drops. This also results in easily visible ping drops as neighbour discovery fails intermittently. The full scope of = this change is highly speculative and it has been hinted at in OPNsense and Open= BSD that further issues exist with other ICMPv6 types contained within this cha= nge. The way forward in FreeBSD releases now should be treated with the appropr= iate amount of foresight. If you want to ask for easily reproducible steps please also ask how easily reliable tests could have been added for this. Testing all of this is very difficult as I'm sure we all know now. I think we are all here to help avo= id and remedy problems together. It's not my place to question why adding state tracking to pf/ICMPv6 was a = good idea to everyone involved in bringing this to all FreeBSD releases immediat= ely so far. Someone should ask that question internally probably. A better ta= rget for this would be FreeBSD 15.0 in my very humble opinion. It would be beneficial now to have a real IPv6 expert inspect these state tracking attempts because I think so far that hasn't happened. OPNsense do= es a lot of IPv6 and does it quite well, but we are in now way experts. My first reaction to seeing the ICMP patches on stable/14 was to ignore them, but th= at was made impossible by pushing them to SA state in the way they were. Also to remind everyone what downstream does: we are trying to run projects based on FreeBSD and we mostly build integration for other software. Ideal= ly we do this on unmodified FreeBSD. Yet upstreaming patches is increasingly difficult and hostile. Our kernels only diverge because of: (1) Too strict errata policy on FreeBSD releases, and (2) upstreaming patches and stable turnaround times are too long. This causes friction with committers because they don't trust us or our capabilities or reports and think things like kernel patches are our own problems. All of it only leads to more divergence. I think that should be said here once for emphasis. And as a personal matter we should stop with the idea of "conspiracy theorising" and "downstream is broken". This will not advance FreeBSD in t= he way that it should. As far as this discussion goes I think FreeBSD has all the information that= it needs to progress this. As downstream we certainly will make a move based = on what we found out so far, too. Good luck. Cheers, Franco --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sun Aug 25 21:00:45 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WsR6Q4jV9z5TX0p for ; Sun, 25 Aug 2024 21:00:46 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WsR6P70FFz4P8p for ; Sun, 25 Aug 2024 21:00:45 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724619646; a=rsa-sha256; cv=none; b=oMFCLzAUzZ8AUhgiQJi8AihNdNocsS5x3CdDa/lfk1UF0wM3624HLtQvjbjie6OBXRQUW+ VJ9H44dSV6ByPa1+O2hwkFhTJfRvVmuqk2IH9uXqMi0m+UfQ6LvKY5vxeoYm4Vw8syeF6+ bpcPF21Cljpw61GCA44oW3YE8U1klSw2hC9PXe7uABX8hb2PTS4VQYb7KVxnoMdLm0wThD 9zOf7L59z1bGZAuY4+6kofvKHTN0veEAeOEPiA1r43cVt/Ekn9Tf6y0Y4XMgVTCfyrPFN9 XfbYvvbIDCCnKh5/XF/kDY9yBP18t2FHSbTtIV6cZ0HlYt01FYb86QHyx4wgkA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724619646; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=oZX7edkFtnSOk1Shqi57Gr0HDkVijIRafeDl+ey5TFM=; b=qVgsYJGP1mpWCBCgvGtJsF+YIVaeRLBmX9Y+B+cTdhTrQVYuGfb/cNRh7zuY+D7COfD53b TQOxpPOQPGh5y91dwU6fsWA3t3a3OMAINYsTfV6kEU2+2GIX453apS9vEqysFfaiF7r5hO YE/ZqjcVBvB/+KaWKYehohg4KTza0cmCSbuo/4yWwGyWH9i7SU+c3SK9t4MylUrZDTOLGF jKYarjVhJqgEtnDr5175nTtNsPYTxGLYsO2FZ4WNvLCIe3kVntmo49spODOM++Ke0H578F etsHuRKrjoiw1zufRv/hNsInX3NfoioLAImicK8ghKPysOScNv3SOSqi9lJu4g== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WsR6P6ZpGzf4Z for ; Sun, 25 Aug 2024 21:00:45 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47PL0jVf039791 for ; Sun, 25 Aug 2024 21:00:45 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47PL0jfm039790 for net@FreeBSD.org; Sun, 25 Aug 2024 21:00:45 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <202408252100.47PL0jfm039790@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: net@FreeBSD.org Subject: Problem reports for net@FreeBSD.org that need special attention Date: Sun, 25 Aug 2024 21:00:45 +0000 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="17246196454.18C3dF8A.33182" Content-Transfer-Encoding: 7bit --17246196454.18C3dF8A.33182 Date: Sun, 25 Aug 2024 21:00:45 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- New | 254445 | cloned_interfaces="bridge0" does not respect net. Open | 200836 | iovctl(8): Return descriptions in the returned sc Open | 223824 | Panic in ng_base.c (netgraph) Open | 232472 | ixgbe(4): SR-IOV passthru not working on Hyper-V Open | 234073 | ixl(4): Host X710-DA2 drops connect starting bhyv Open | 241106 | tun/ppp: panic: vm_fault: fault on nofault entry Open | 245981 | bnxt(4): BCM57414 / BCM57416 not initializing: bn Open | 257038 | em(4): Panic on HTTP traffic to or from jail thro Open | 257286 | gateway with `ping -6 -e` is ignored Open | 258623 | cxgbe(4): Slow routing performance: 2 numa domain Open | 258850 | lagg(4): interface vanishes when both member inte Open | 261866 | ixgbe(4): Resets media type -> autoselect after s Open | 262024 | em(4): iflib handles bad packets incorrectly Open | 262093 | ixl(4): RX packet errors on Intel X710 after 12.2 Open | 263568 | ix(4): SR-IOV connection lost after loading VM wi In Progress | 118111 | rc: network.subr Add MAC address based interface 16 problems total for which you should take action. --17246196454.18C3dF8A.33182 Date: Sun, 25 Aug 2024 21:00:45 +0000 MIME-Version: 1.0 Content-Type: text/html; charset="UTF-8" 
The following is a listing of current problems submitted by FreeBSD users,
which need special attention. These represent problem reports covering
all versions including experimental development code and obsolete releases.

Status      |    Bug Id | Description
------------+-----------+---------------------------------------------------
New         |    254445 | cloned_interfaces="bridge0" does not respect net.
Open        |    200836 | iovctl(8): Return descriptions in the returned sc
Open        |    223824 | Panic in ng_base.c (netgraph)
Open        |    232472 | ixgbe(4): SR-IOV passthru not working on Hyper-V 
Open        |    234073 | ixl(4): Host X710-DA2 drops connect starting bhyv
Open        |    241106 | tun/ppp: panic: vm_fault: fault on nofault entry 
Open        |    245981 | bnxt(4): BCM57414 / BCM57416 not initializing: bn
Open        |    257038 | em(4): Panic on HTTP traffic to or from jail thro
Open        |    257286 | gateway with `ping -6 -e` is ignored
Open        |    258623 | cxgbe(4): Slow routing performance: 2 numa domain
Open        |    258850 | lagg(4): interface vanishes when both member inte
Open        |    261866 | ixgbe(4): Resets media type -> autoselect after s
Open        |    262024 | em(4): iflib handles bad packets incorrectly
Open        |    262093 | ixl(4): RX packet errors on Intel X710 after 12.2
Open        |    263568 | ix(4): SR-IOV connection lost after loading VM wi
In Progress |    118111 | rc: network.subr Add MAC address based interface 

16 problems total for which you should take action.
--17246196454.18C3dF8A.33182--