From nobody Tue Aug 27 11:42:26 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WtQdH3p4Mz5Vb5M for ; Tue, 27 Aug 2024 11:42:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WtQdH2mYnz4q5j for ; Tue, 27 Aug 2024 11:42:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724758947; a=rsa-sha256; cv=none; b=szzpcq2L7ji238S1qDGZkV4Ft+Qh7AevJco8219hhg4NIUwHPbJJxaHWth26AgU+9DfXLF 7RVtiwUwwByo447u8vUjwUY1i4wFG/p7gmpcy24iEj39oPOXKjoFsDV3qBzUal5DyUHNvC 5SDCB2tvpp1afl9QjWFRLwyvpxgCh7sSzDf8oRbwmJ23bj7EBQk64t+OD128DbKc7G1Z59 rZSpFNp/kk330D1o8y8kDaTRkUAm2QaWgIUCxdMxpVrF4R9GHUNftI7P/e7j0woXOUlulY drg+ee6Tl1Wai8JaAGTOHjZklMrrpsWZc/kBEJXEEw4n06smh6y21v+G30bMsA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724758947; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CYykLDnxCEIqzanPLtNicZerLTZUG0XBdum4rD17pTA=; b=ZKlWMcD6SHpATiEhxKDhNqp9/JFnrApTGjQTz/rQtglihmOjz0Sct7MgLupwpRf3GhfNKs ewdLLqHScAdenoBbYGCiTRBTLuw7ptqEiCd2ucRn1yRxahlVbFe8WmxdkhOdS9EY8kOP4y g5V5sgLNUIxC/ePRHFBmaQ6yQts8SC0Ato2bY/wTXqM3+3CUxMd400HCOeLqb5vc/Ufs8I TMO8JkC4HITO8oUQhNo9lZi4gr28vVzmMJFeKy6z6z5AiTC8iqWDk864/IpcAhbLVN+uty WeAzivgo0eORJcMB3JNFIaGQ6fEjRQMFBh7OMwRsae5tUxNafp//gV/3xtkuWg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WtQdH2Lwbzph5 for ; Tue, 27 Aug 2024 11:42:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47RBgRp8068437 for ; Tue, 27 Aug 2024 11:42:27 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47RBgRLG068436 for net@FreeBSD.org; Tue, 27 Aug 2024 11:42:27 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Tue, 27 Aug 2024 11:42:26 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: franco@opnsense.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #58 from Franco Fichtner --- I found these inconsistencies in the ported patches from OpenBSD: diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index ef488bad26d..c9180e877d5 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -1878,7 +1878,7 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, */ *icmp_dir =3D PF_IN; *virtual_type =3D MLD_LISTENER_QUERY; - *virtual_id =3D 0; + *virtual_id =3D 0; /* XXX missing fake id */ break; } case MLD_MTRACE: @@ -1892,7 +1892,8 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, *icmp_dir =3D PF_IN; case ND_NEIGHBOR_ADVERT: { *virtual_type =3D ND_NEIGHBOR_SOLICIT; - *virtual_id =3D 0; + *multi =3D PF_ICMP_MULTI_SOLICITED; + *virtual_id =3D 0; /* XXX missing fake id */ break; } >From early testing, however, it's not working any better with plugging back PF_ICMP_MULTI_SOLICITED only. I'm unsure about the mock id effect. But wh= at I can say is that it's better to skip dealing with PF_ICMP_MULTI_SOLICITED as OpenBSD did in 2012 too: https://github.com/openbsd/src/commit/2633ae8c4c8a64 Another patch from 2023 is relevant as well as it disables half the state tracking for unsolicited advertise cases: https://github.com/openbsd/src/commit/49f39043a02d6 --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Wed Aug 28 08:21:12 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wty6k61msz5PZxk for ; Wed, 28 Aug 2024 08:21:18 +0000 (UTC) (envelope-from yann.masson@thehomecave.fr) Received: from smtp-42a9.mail.infomaniak.ch (smtp-42a9.mail.infomaniak.ch [84.16.66.169]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "relay.mail.infomaniak.ch", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wty6h363Qz4kqS for ; Wed, 28 Aug 2024 08:21:16 +0000 (UTC) (envelope-from yann.masson@thehomecave.fr) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=thehomecave.fr header.s=20230803 header.b=U8DcHKEi; dmarc=none; spf=pass (mx1.freebsd.org: domain of yann.masson@thehomecave.fr designates 84.16.66.169 as permitted sender) smtp.mailfrom=yann.masson@thehomecave.fr Received: from smtp-3-0001.mail.infomaniak.ch (smtp-3-0001.mail.infomaniak.ch [10.4.36.108]) by smtp-4-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4Wty6d51sdzGrb for ; Wed, 28 Aug 2024 10:21:13 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thehomecave.fr; s=20230803; t=1724833273; bh=Yksu7+bOpEO6OFa1miR4yv4/QF7zQ4wXWCvaNoccik0=; h=Date:To:From:Subject:From; b=U8DcHKEiqMp8MYtLR2m25tOKdhtdXGxBPD0ivgCv/IEy4C/VxkGPDRZwRu+pJmk9b qbVGIJFdl+q0t4RYB2QIlPYqmy4AtRPerJa32Ke5HQrfsQk/XrudyS0ej68tuDRgEg +xPFDtz5bwBH25j4ho4boPig8p3XNM5cyTM1Lwvl8SIWYZHScReq3n9BYupmZbdCZA 8hH5iKbxCGg6nAY2kU3uwLspxdpyC5Mqnn9PyjDWEHF3Y4EG1tQYdcZJSay5U12lI7 QcLU0WTxvkZLnRzG4WEb8J+8ObX9HihTC9ZHme97EYXY3h/gpQ6yzaFExWSzz04oW8 4i3c+XmCQQiDw== Received: from unknown by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4Wty6d2HmDzLp9 for ; Wed, 28 Aug 2024 10:21:13 +0200 (CEST) Content-Type: multipart/alternative; boundary="------------CXebCWEHadZeMXLtr0MEWi1X" Message-ID: Date: Wed, 28 Aug 2024 10:21:12 +0200 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: freebsd-net@freebsd.org From: "yann.masson@thehomecave.fr" Subject: wait link up before route configuration X-Infomaniak-Routing: alpha X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.67 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_DN_EQ_ADDR(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.98)[-0.981]; R_DKIM_ALLOW(-0.20)[thehomecave.fr:s=20230803]; R_SPF_ALLOW(-0.20)[+ip4:84.16.66.168/29]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_IN_DNSWL_LOW(-0.10)[84.16.66.169:from]; RWL_MAILSPIKE_GOOD(-0.10)[84.16.66.169:from]; XM_UA_NO_VERSION(0.01)[]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:29222, ipnet:84.16.64.0/19, country:CH]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; DMARC_NA(0.00)[thehomecave.fr]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-net@freebsd.org]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; RCVD_TLS_LAST(0.00)[]; DKIM_TRACE(0.00)[thehomecave.fr:+] X-Rspamd-Queue-Id: 4Wty6h363Qz4kqS This is a multi-part message in MIME format. --------------CXebCWEHadZeMXLtr0MEWi1X Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi After configuring interfaces and routes, and triggering a 'service netif restart && service routing restart' is there a way to wait for the 'carrier up' of the interface before route reconfiguration? My use case is a server with 2 Mellanox and a Lagg. The 2 mce interfaces are UP in milliseconds but the lagg interface takes a few seconds to be UP, and the routing service says 'Network unreachable'. The subnet is a /32 and the gateway need a static route like: # /etc/rc.conf.d/netif cloned_interfaces="lagg0" ifconfig_mce0="up" ifconfig_mce1="up" ifconfig_lagg0="laggproto lacp laggport mce0 laggport mce1 198.51.100.1 netmask 255.255.255.255 mtu 1500" # /etc/rc.conf.d/routing route_defaultgw="-host 203.0.113.1 -link -interface lagg0" defaultrouter="203.0.113.1" static_routes="defaultgw" If I run 'service netif restart && sleep 5 && service routing restart', everything is ok. I didn't find any options for that, and was thinking about a patch in the routing script. Thanks --------------CXebCWEHadZeMXLtr0MEWi1X Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Hi After configuring interfaces and routes, and triggering a 'service netif restart && service routing restart' is there a way to wait for the 'carrier up' of the interface before route reconfiguration? My use case is a server with 2 Mellanox and a Lagg. The 2 mce interfaces are UP in milliseconds but the lagg interface takes a few seconds to be UP, and the routing service says 'Network unreachable'. The subnet is a /32 and the gateway need a static route like: # /etc/rc.conf.d/netif cloned_interfaces="lagg0" ifconfig_mce0="up" ifconfig_mce1="up" ifconfig_lagg0="laggproto lacp laggport mce0 laggport mce1 198.51.100.1 netmask 255.255.255.255 mtu 1500" # /etc/rc.conf.d/routing route_defaultgw="-host 203.0.113.1 -link -interface lagg0" defaultrouter="203.0.113.1" static_routes="defaultgw" If I run 'service netif restart && sleep 5 && service routing restart', everything is ok. I didn't find any options for that, and was thinking about a patch in the routing script. Thanks

--------------CXebCWEHadZeMXLtr0MEWi1X-- From nobody Wed Aug 28 13:14:12 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wv4cm4Ldjz5TDtH for ; Wed, 28 Aug 2024 13:14:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wv4cm3K07z4DQL for ; Wed, 28 Aug 2024 13:14:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724850856; a=rsa-sha256; cv=none; b=MHrj9basz0PPVACjAiv/zO15AGrRr27Tla+E5gN3TkSQJsBvKTMCb74VCK4gWi8JSva+eI 5xTW7gURweVs9H/pi4pOobOx7B3cqnWchKF3yKO37Ln2NMQL4NGWaS6KMeZbc8MmoPagoE CJLJPuayHQ7Mgoq9hmgBcsKS0eko7n3bWh8SqAxu98PrfJMksfIwSJe0LsFI3RwoFz4Qsu TC9o5NUqEzVK7EV53mSQCK4OANtfnBT3M2Cfzox4RrBjNBjFcIIc8FevVaRn4QRWGIO9wG iuqCk/PlJcAFjt2BPg9vLCLoVB8GShEkuCsQ3NAlqh1HMrs7XTFFIBa/mAxFeA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724850856; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0EqZthHGZfWQpnQDOO5cVnrY2uJbjAUhnvKRD9ylgcI=; b=mooBgdbAqiO7S/3xYdDvXzkMIX646tsUVU6HfBBdzdnZ4KVDOlTQBV2sOXG29GovRMEueq dQVEWSnFjWR7dXAc6ZhkXjyHHzHbZH/zAmmicVnVDsCfCIf3+xR7TY6sNROk3H7jMrbZyl nizOEL2VPFcDS4/R+H6fOHIYpyRSj54rZNcNK0PwgFM9Vy7cYFsL5XtG4iFHqqlgd0cRS4 ZVt1ME9QGTO796wmsM7wpskQiP8rFVaVbi9J4y2tZszlIaDkGwEdREGdx8odaRgzNJ26TZ /jucrqGTCUODLzNY5jAyjndI3NnUslBKvw4ydQ2ppfCB5l0wtg82u7Xf/8dm2Q== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wv4cm2tfjzZdQ for ; Wed, 28 Aug 2024 13:14:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47SDEGs7085038 for ; Wed, 28 Aug 2024 13:14:16 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47SDEGhG085037 for net@FreeBSD.org; Wed, 28 Aug 2024 13:14:16 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Wed, 28 Aug 2024 13:14:12 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: natalino.picone@nozominetworks.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 Natalino Picone changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |natalino.picone@nozominetwo | |rks.com --- Comment #59 from Natalino Picone -= -- Should this fix also be applied to releng/13.3 branch? --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Wed Aug 28 15:40:38 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wv7sv65Fmz52TXL for ; Wed, 28 Aug 2024 15:40:51 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from mail-yb1-xb33.google.com (mail-yb1-xb33.google.com [IPv6:2607:f8b0:4864:20::b33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wv7st5fpQz4Vfp for ; Wed, 28 Aug 2024 15:40:50 +0000 (UTC) (envelope-from fjwcash@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-yb1-xb33.google.com with SMTP id 3f1490d57ef6-e02c4983bfaso7353191276.2 for ; Wed, 28 Aug 2024 08:40:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1724859650; x=1725464450; darn=freebsd.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=cX+68ZFV7yrRDEPh5FMGemWqKdOoMov9i5M/klioCMQ=; b=U2boO1a5oAvHBUCEKJfz1Qo9lTzFVH6bwnziCXYoZjHsYSFe5FqME1H2pbjHsDZNyI BbLW5vuZTERPsdtIsWuVuGVbpavqhzncUUZlJaYL8cSwc4mR1LMODIOHgl5WJT/y+roZ QCx6wjc+VtRJNBfrKRn+5GALIQZIdczpQ3K8NPCIx4P4xXdG2vE2taFzRP4TV9iLK01Z JtQ1HkjdRq1TmYwu0WL3UD2Kthpw5rfqXI1Ht7TQllpHgW8DMs9MVQ0Y+SPDejK7p3lZ KlyElsYNd3ZnPUnamvG5NK9omYtxTIw7an6BzX8CDVSOxTXQsxPmFcZJFgQappiSx5tF UxEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724859650; x=1725464450; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=cX+68ZFV7yrRDEPh5FMGemWqKdOoMov9i5M/klioCMQ=; b=Y44fheUHaT0X+ekanNN8oZ4kKmpOHjjZRXrnH8fMSLkTTmMIBxpT/tuPiSnUN51u50 O5dAiksrjlTMlTyMg4CkxmX9LaERRYMF0uxVm9idOzOAe9oRBYBLE1+RVncJqg8cGVFi mMPY7+XQvm9yffZyem5xncNZsJOACHpZHIYfc7LGFeyFTqSdiijXAhJaIu65PASYB8HO Nz3ZGh4n/utV2isMZS3pqlBHXtkI8BcH6AIcxwkSr51Kn1EfKawmti/7V24Qa7ZJbUPO b9onWuX4fw4ETDqmH7kldRSrtsvlWaVRiP+znAw2nqVI93ntKd8NtrtfzI1f14rxRxjz OtpQ== X-Gm-Message-State: AOJu0YzUFMI5qgojPlGnFwrmGEtWrtEkoP+EZXAe56v9Vb0jWfmKhT2k Tm24/mqs8CK8OQn7+dOuNuJmhb9QB+ezvfY/nAahnH0Gel2Lmmz5E9g3bErITNwV+AwBo931Y4E vf0JRm1q5o5mqVuHpGjOyAO+rnAeYqQ== X-Google-Smtp-Source: AGHT+IHozlCgL+/Lb0T1LIve3k+opmGf9jK5EXoxdztl1zke1+6wwHZOePPW03qdI549TCRUMgc/FgLQ0EVjqT3HWi8= X-Received: by 2002:a05:6902:1703:b0:e11:7b16:9484 with SMTP id 3f1490d57ef6-e17a83bd00bmr20264543276.2.1724859649667; Wed, 28 Aug 2024 08:40:49 -0700 (PDT) List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 References: In-Reply-To: From: Freddie Cash Date: Wed, 28 Aug 2024 08:40:38 -0700 Message-ID: Subject: Re: wait link up before route configuration To: "yann.masson@thehomecave.fr" Cc: freebsd-net@freebsd.org Content-Type: multipart/alternative; boundary="000000000000b4bb1a0620c02e48" X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4Wv7st5fpQz4Vfp --000000000000b4bb1a0620c02e48 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Aug 28, 2024 at 1:21=E2=80=AFAM yann.masson@thehomecave.fr < yann.masson@thehomecave.fr> wrote: > After configuring interfaces and routes, and triggering a 'service netif > restart && service routing restart' is there a way to wait for the 'carri= er > up' of the interface before route reconfiguration? My use case is a serve= r > with 2 Mellanox and a Lagg. The 2 mce interfaces are UP in milliseconds b= ut > the lagg interface takes a few seconds to be UP, and the routing service > says 'Network unreachable'. The subnet is a /32 and the gateway need a > static route like: # /etc/rc.conf.d/netif cloned_interfaces=3D"lagg0" > ifconfig_mce0=3D"up" ifconfig_mce1=3D"up" ifconfig_lagg0=3D"laggproto lac= p > laggport mce0 laggport mce1 198.51.100.1 netmask 255.255.255.255 mtu 1500= " > # /etc/rc.conf.d/routing route_defaultgw=3D"-host 203.0.113.1 -link > -interface lagg0" defaultrouter=3D"203.0.113.1" static_routes=3D"defaultg= w" If > I run 'service netif restart && sleep 5 && service routing restart', > everything is ok. I didn't find any options for that, and was thinking > about a patch in the routing script. Thanks > Read through the comments in /etc/rc.d/netwait as that should do what you're looking for (wait until the interface is active or wait until you get a ping response from an IP before continuing with network configuration). --=20 Freddie Cash fjwcash@gmail.com --000000000000b4bb1a0620c02e48 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Wed, Aug 28, 2024 at 1:21=E2=80=AFAM <= a href=3D"mailto:yann.masson@thehomecave.fr">yann.masson@thehomecave.fr= <yann.masson@thehomecave.= fr> wrote:
=20 =20 =20

After configuring interfaces and routes, and triggering a 'service = netif restart && service routing restart' is there a way to wait for the 'carrier up' of the interface before= route reconfiguration? My use case is a server with 2 Mellanox and a Lagg. The 2 mce interfaces ar= e UP in milliseconds but the lagg interface takes a few seconds to be UP, and the routing service sa= ys 'Network unreachable'. The subnet is a /32 and the gateway need a static route like: # /etc/rc.conf.d/netif cloned_interfaces=3D"lagg0" ifconfig_mce0=3D"up" ifconfig_mce1=3D"up" ifconfig_lagg0=3D"laggproto lacp laggport mce0 laggport mce1 198.51.10= 0.1 netmask 255.255.255.255 mtu 1500" # /etc/rc.conf.d/routing route_defaultgw=3D"-host 203.0.113.1 -link -interface lagg0" defaultrouter=3D"203.0.113.1" static_routes=3D"defaultgw" If I run 'service netif restart && sleep 5 && service r= outing restart', everything is ok. I didn't find any options for that, and was thinking about a patch in t= he routing script. Thanks

Read through the comments in /etc/rc.d/netwait as that s= hould do what you're looking for (wait until the interface is active or= wait until you get a ping response from an IP before continuing with netwo= rk configuration).

--
Fre= ddie Cash
fjwcash= @gmail.com
--000000000000b4bb1a0620c02e48-- From nobody Wed Aug 28 16:33:23 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wv92g71ZZz52YSJ for ; Wed, 28 Aug 2024 16:33:31 +0000 (UTC) (envelope-from yann.masson@thehomecave.fr) Received: from smtp-190e.mail.infomaniak.ch (smtp-190e.mail.infomaniak.ch [IPv6:2001:1600:4:17::190e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "relay.mail.infomaniak.ch", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wv92g4n5vz4ZdM for ; Wed, 28 Aug 2024 16:33:31 +0000 (UTC) (envelope-from yann.masson@thehomecave.fr) Authentication-Results: mx1.freebsd.org; none Received: from smtp-3-0001.mail.infomaniak.ch (smtp-3-0001.mail.infomaniak.ch [10.4.36.108]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4Wv92W74VYzj7y; Wed, 28 Aug 2024 18:33:23 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thehomecave.fr; s=20230803; t=1724862803; bh=/+e9/chtkfLBwI/Y1pyymBFzH2t45MiajepsoLvoy6o=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=kJ9J+TNU1+pZqkRBNZGJYcaeo6TZuC+mxvZkqZxoEl2gwUgtHoYWgmdU65gXWKgyV mQ+pBHa4W5vIw7KlOM2rY/pltWQRkltZYPu/3EKGX3GKJXMGc4YC9yfn6qzDnytZne vt7MFrC4+AIt+EsENb0z9HIvffkByyP1yPl0OuwI7Q95IMW817S+aaMeKtUDK9PRru u3aWuHaT4WeaIALYk7MJ7l7SXuQuOZQ7csmdJ+XidJV6gotLeVJuOjbsYOCALgsqJy 0SC9jXzKjxniIfI9bPv2iBzlfABF7Ii2sH6rd+PzGyLVhVSrkKcdxNwQDTKk/0j+N3 mFRp7dOxyce3g== Received: from unknown by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4Wv92W4Qyzz5N1; Wed, 28 Aug 2024 18:33:23 +0200 (CEST) Content-Type: multipart/alternative; boundary="------------0qB0u0yPc0p76cb4o3xmB0uH" Message-ID: <203f3066-af9e-40f9-bef3-89dd7b636dc7@thehomecave.fr> Date: Wed, 28 Aug 2024 18:33:23 +0200 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: wait link up before route configuration To: Freddie Cash Cc: freebsd-net@freebsd.org References: Content-Language: en-US From: "yann.masson@thehomecave.fr" In-Reply-To: X-Infomaniak-Routing: alpha X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:29222, ipnet:2001:1600::/32, country:CH] X-Rspamd-Queue-Id: 4Wv92g4n5vz4ZdM This is a multi-part message in MIME format. --------------0qB0u0yPc0p76cb4o3xmB0uH Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit /etc/rc.d/netwait dependencies are # PROVIDE: netwait # REQUIRE: devd ipfw pf routing [truncated] rcorder -p /etc/rc.d/* /etc/rc.d/netif /etc/rc.d/routing /etc/rc.d/netwait I've tested netwait. It doesn't work If i configure routing like that: # /etc/rc.conf.d/routing route_defaultgw="-host 203.0.113.1 -link -interface lagg0" route_default="-net 0.0.0.0/0 -interface lagg0 203.0.113.1" static_routes="defaultgw default" It works, but the routing table went from # netstat -rn Routing tables Internet: Destination Gateway Flags Netif Expire default 203.0.113.1 UGS lagg0 198.51.100.1 link#10 UH lo0 203.0.113.1 link#10 UHS lagg0 127.0.0.1 link#3 UHS lo0 to Internet: Destination Gateway Flags Netif Expire default link#10 US lagg0 198.51.100.1 link#10 UH lo0 203.0.113.1 link#10 UHS lagg0 127.0.0.1 link#3 UHS lo0 I don't know if it's good or not. On 8/28/24 17:40, Freddie Cash wrote: > On Wed, Aug 28, 2024 at 1:21 AM yann.masson@thehomecave.fr > wrote: > > After configuring interfaces and routes, and triggering a 'service > netif restart && service routing restart' is there a way to wait > for the 'carrier up' of the interface before route > reconfiguration? My use case is a server with 2 Mellanox and a > Lagg. The 2 mce interfaces are UP in milliseconds but the lagg > interface takes a few seconds to be UP, and the routing service > says 'Network unreachable'. The subnet is a /32 and the gateway > need a static route like: # /etc/rc.conf.d/netif > cloned_interfaces="lagg0" ifconfig_mce0="up" ifconfig_mce1="up" > ifconfig_lagg0="laggproto lacp laggport mce0 laggport mce1 > 198.51.100.1 netmask 255.255.255.255 mtu 1500" # > /etc/rc.conf.d/routing route_defaultgw="-host 203.0.113.1 -link > -interface lagg0" defaultrouter="203.0.113.1" > static_routes="defaultgw" If I run 'service netif restart && sleep > 5 && service routing restart', everything is ok. I didn't find any > options for that, and was thinking about a patch in the routing > script. Thanks > > Read through the comments in /etc/rc.d/netwait as that should do what > you're looking for (wait until the interface is active or wait until > you get a ping response from an IP before continuing with network > configuration). > > -- > Freddie Cash > fjwcash@gmail.com --------------0qB0u0yPc0p76cb4o3xmB0uH Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit

/etc/rc.d/netwait dependencies are
# PROVIDE: netwait
# REQUIRE: devd ipfw pf routing

[truncated] rcorder -p /etc/rc.d/*
/etc/rc.d/netif
/etc/rc.d/routing
/etc/rc.d/netwait

I've tested netwait. It doesn't work


If i configure routing like that:
# /etc/rc.conf.d/routing route_defaultgw="-host 203.0.113.1 -link -interface lagg0" route_default="-net 0.0.0.0/0 -interface lagg0 203.0.113.1" static_routes="defaultgw default"

It works, but the routing table went from
# netstat -rn Routing tables Internet: Destination Gateway Flags Netif Expire default 203.0.113.1 UGS lagg0 198.51.100.1 link#10 UH lo0 203.0.113.1 link#10 UHS lagg0 127.0.0.1 link#3 UHS lo0

to
Internet: Destination Gateway Flags Netif Expire default link#10 US lagg0 198.51.100.1 link#10 UH lo0 203.0.113.1 link#10 UHS lagg0 127.0.0.1 link#3 UHS lo0

I don't know if it's good or not.



On 8/28/24 17:40, Freddie Cash wrote:
On Wed, Aug 28, 2024 at 1:21 AM yann.masson@thehomecave.fr <yann.masson@thehomecave.fr> wrote:

After configuring interfaces and routes, and triggering a 'service netif restart && service routing restart' is there a way to wait for the 'carrier up' of the interface before route reconfiguration? My use case is a server with 2 Mellanox and a Lagg. The 2 mce interfaces are UP in milliseconds but the lagg interface takes a few seconds to be UP, and the routing service says 'Network unreachable'. The subnet is a /32 and the gateway need a static route like: # /etc/rc.conf.d/netif cloned_interfaces="lagg0" ifconfig_mce0="up" ifconfig_mce1="up" ifconfig_lagg0="laggproto lacp laggport mce0 laggport mce1 198.51.100.1 netmask 255.255.255.255 mtu 1500" # /etc/rc.conf.d/routing route_defaultgw="-host 203.0.113.1 -link -interface lagg0" defaultrouter="203.0.113.1" static_routes="defaultgw" If I run 'service netif restart && sleep 5 && service routing restart', everything is ok. I didn't find any options for that, and was thinking about a patch in the routing script. Thanks

Read through the comments in /etc/rc.d/netwait as that should do what you're looking for (wait until the interface is active or wait until you get a ping response from an IP before continuing with network configuration).

--
Freddie Cash
fjwcash@gmail.com
--------------0qB0u0yPc0p76cb4o3xmB0uH-- From nobody Wed Aug 28 18:32:52 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WvChQ5DNqz5MWMs for ; Wed, 28 Aug 2024 18:32:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WvChQ4CfWz4kCC for ; Wed, 28 Aug 2024 18:32:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724869974; a=rsa-sha256; cv=none; b=aLfP+VZZBehuG+a9LyXDsQQYGogvMlVQO0x13qQ9s+RCOzXm3BgJ0aSkCRStlRdL1Y6cEm JCkih07GCwNCMOpSYe92qVeK+Q7uDmPm7Jebkll9MGg8NdlU9vlOkLwid8W2exS14IuFo2 x8AUPKKaRLkwfW5bVq0yU6NpOFidIvXLoU+HnxCZxDWYnlCUwCrevMDmUZLkql9JsPDdG0 5NtpBCoOg1MYRCh2k54dkNutwCWNQ2OkLAE30thH9rSHpSlwVK6lWWBgpb1+YFRwYOK8zx yYxlK4cRYiejcJ6CEh4laBMxYFO1nx+P528AQsEav3otSUD8sbO7bbf+qPiq6g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724869974; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=w6PhtYQAwXmBNftdSAydx8lKgHmMycdFYXfl6JwAFSI=; b=WRuGiQxbZrJeMlQFU3kACj774K8+NzARddcr6sTLe20/qvJenqOLpQgNVoeHflkrVjgz5c ka8r2/FarE82YgF8xhU7qkTVeOE0NP8JXkFmYnJTHE3QL0Wjz9OHVLx40r8p0oZbaeCrsC m9hFmc+k4bsvOBvvWUzc7l8mkrUbCM6kRmBWMEcLsNIm7oEdiRwzqj5lC4+fB9wO64GT31 yldNV5yVrym+qo0eG68Or8SmR8F3oC4g4o/nt0OxKGUCaCEj4/ledE3Lx6+zCe2+MIvGlP VBpJydZQZP8WPZugQ4l5ctxXqPZ1vImfgRwhgMAZEVMX4OgE1G+8M5U3X5Tmzg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WvChQ3pzJzlXs for ; Wed, 28 Aug 2024 18:32:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47SIWsMp016781 for ; Wed, 28 Aug 2024 18:32:54 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47SIWsUI016780 for net@FreeBSD.org; Wed, 28 Aug 2024 18:32:54 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Wed, 28 Aug 2024 18:32:52 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: doktornotor@mailinator.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #60 from doktornotor --- (In reply to Natalino Picone from comment #59) Do you mean the patch posted in comment #58? You can apply that patch to whichever branch you wish, however it will not fix the regressions, as note= d in the same comment.=20 For regression-free experience, the solution is reverting to the state befo= re the FreeBSD-SA-24:05 patch. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Thu Aug 29 10:34:53 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wvd2T4YVHz5MjFd for ; Thu, 29 Aug 2024 10:34:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wvd2S4Z7vz4MSp for ; Thu, 29 Aug 2024 10:34:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724927696; a=rsa-sha256; cv=none; b=gX7a1Kpru5NHzy/VW5DANkHxvg/AONt70VOo8x3cz50hkJkpcNr5S8/S8FYjy3QnjhvhAj reeQM7FzlemdqeiWrG7Vq5t4hpKTmrt96/LmjYqVoYqKvIU8XtkrbSHHWDpXLTpIKBZtWV z3GAL7LBeINBU27m3WhxiHu/QRamg4twmY1JuZ3m8ELNc1NtyGofxaYKxoskR2mfzz3wP7 eN+wIO+eppdljSXCgK/jEjbMMPaW+PAubBXwXdEmFYRDNW2Ox9DkPH6moQeld8cyy7rSlg qORpCjyqTrIavX1GLlROXJPEpoww8YxVe4Y62+xpNHdlBniXLWak2ER2+0N6/g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724927696; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LM/yf7z1kdERofagrR3XaVd/KirnnhDS7jN9mwixvio=; b=UCk655q2MMT0jR9RfvSDq3h7IMCH63QMTk4AO0VVZZtGJHrGFX9UsGrm0dmsGMxtO5ADno ap3X0i+3BUXx3PhizTfNQCB79dySE4fWdTLCshKH56/PxVHYRBUcmaXEjAVNbUFhjUrMux Q7RFab2bbcqGdbWHhoYT/opAX0l/83KFr4GE+LgUwvRmAdCBqcS2ksK5Q7r+FfWhul92iS D3cAMznaLs01tX7T8i4gbackOTBDnVyQVEty8bfRzrX30bs9lXo5dV9xDLU0mIQKKmU2ec jGG9JPyrh4/jjSPDHUCEN16eDBMYjemtTunTpMeguJ4zuLJV0XUTSH1+bFKf5Q== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wvd2S4B1XzDqT for ; Thu, 29 Aug 2024 10:34:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47TAYuCI054543 for ; Thu, 29 Aug 2024 10:34:56 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47TAYuNT054542 for net@FreeBSD.org; Thu, 29 Aug 2024 10:34:56 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Thu, 29 Aug 2024 10:34:53 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: natalino.picone@nozominetworks.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #61 from Natalino Picone -= -- (In reply to doktornotor from comment #60) Sorry for the missing details. This is a very long thread, and it's unclear whether an official FreeBSD patch is now in the base or not to fix the issu= es caused by FreeBSD-SA-24:05. I'm focused on the releng/13.3 branch. FreeBSD-SA-24:05 was released at the beginning of August, so it's almost one month since a security patch (which usually should not be ignored) broke the standard FreeBSD base. Thanks --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Thu Aug 29 11:51:06 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WvfkL3PN6z5Mpsf for ; Thu, 29 Aug 2024 11:51:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WvfkL1sVYz4Tb8 for ; Thu, 29 Aug 2024 11:51:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724932266; a=rsa-sha256; cv=none; b=oZ54NvqfbQbetWRCnWvuyLgYJSy3KZW1pCG51UqfXljHdIj257KuVzUfAjir5oRhIMAtO1 lFeODy2bxveBS0vvPFeW1zUaFQT15cJpj2u3c9O/oOFsPIFTos360C7dd0Ngw651cXNe6M Yg34/HpUV/segnp8Wu10KTZ59pob+iXT6NnJMGdxaTVHTsuMowwkLloZwJ5eRUfuclwMCG J+Gu2JPRLrz1i4NrhXkV+bIQNkx1mrPCcToIswGh0e3dWeBZvXq81uMUb93M8bP8uOEUs1 LFODp7/1J9LBB2WDwRdUTSkknqh8YCha9TOvBLflk5FYKCjw7/FprlSKO74nkA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724932266; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TH+vfbI9w6lzJNdxk1Ojopuid1/8aHKJzBpz4OmoTjs=; b=B4LQKvMuLYEDOijvrq82MHf6Bz9zhsrHkKe301Kx4liE7HHmv39tjPmYc4jzRtEnV1Y3FU PPCemjgwiFYPXC9hfXy+VVDJaIfDPwZ/GAi3sUxJ3z1xILA0pJzWBNya4y66efZuLA87pE /3NYDTnbSMTwId7ynpBHQAGliiKu1hiHZXCGkugkO0B7FOrPOSfQI6ksqZGpL/pLaHule9 /329Al9DkNGZq9RaFAlkIT1QoUwC0lZ2qEdu3qsLvnt+PXOn9OfQpArN/EHrETXkGca4TR j+JHT3GtYlwGqMowJfBX7YmjWaZPT6KR3qNiiGLRcU2+sM4WmIXmsVgDj3tX1A== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WvfkL1TrkzG5y for ; Thu, 29 Aug 2024 11:51:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47TBp6xU056381 for ; Thu, 29 Aug 2024 11:51:06 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47TBp6ne056380 for net@FreeBSD.org; Thu, 29 Aug 2024 11:51:06 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 278306] service netif start doesn't bring up the wireless interface if /etc/wpa_supplicant.conf is missing Date: Thu, 29 Aug 2024 11:51:06 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: wireless X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: bz@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: rc@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D278306 Bjoern A. Zeeb changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |net@FreeBSD.org --=20 You are receiving this mail because: You are on the CC list for the bug.= From nobody Thu Aug 29 15:24:32 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WvlSd407vz5PcH4 for ; Thu, 29 Aug 2024 15:24:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WvlSc1cBXz4rWW for ; Thu, 29 Aug 2024 15:24:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724945072; a=rsa-sha256; cv=none; b=OmHh9ZEIMb4A0jyNTOIAF7oinIbFj+B0lemxhmv50R7HydqPPycKdkF34p7RUO6v0V1oPH nB4XyTiXFQQoVsY0nM4LxYSKOMFyl27xDx2CP8sl6g8tAb3Nzqz9bU+cbiVgG6via44RRt CaB1g9keusD/GQnWnYzOeb98MvlyDRJvVczbrFOKkhspn+5wUaKYUsfU26zOxLNFXiKkhH NgfXup08kIz5yrEq291P6W9QW1nhC/UkGVkpaFgiInOTWR7ejMFV4uNgNhK9Jf9Wfkf0Gx 8O4TwiZSsXQOBLtmZXWLZmuyabVQn39Rq3pPoHJ6OmmJ45uk7H6Z9HKido0BCA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724945072; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jcSh/SEhwgEf3d+FF7yJwgYFlZHkioYFS7rCUavlaV4=; b=uL6/4A+t4Szoec/2tLhG4egtOaX69xHbv0YNrSyzNLQMtyCHAtwkkyZBHC25JKNinkTWvT pYolxg10G10lRoUm53NMzVJbUW+QiC79NC6ANJbqgb61o+ieiqlKZ3+bmOwIl4P6y2YLIg ixq9OsF8tfrlyckWn2hZVY6RaDykskgldPuRktS4lMqEWBG3o2TiTT05Ecl0NjL+0Fn+zJ bmyHK/JifPblzvs/2pZmIaazfroMasgtfzDuOAhDjWJN+ER8oachogpvJ0tiC/k+pCVRe8 nJuWcfPi+rFZ3p1I1YfnsDxwY4l4RGaqichG3U5wU76EOUkUNRqRzZdGjX42WQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WvlSc1CtyzNCN for ; Thu, 29 Aug 2024 15:24:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47TFOWOK053373 for ; Thu, 29 Aug 2024 15:24:32 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47TFOWeR053371 for net@FreeBSD.org; Thu, 29 Aug 2024 15:24:32 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 278306] service netif start doesn't bring up the wireless interface if /etc/wpa_supplicant.conf is missing Date: Thu, 29 Aug 2024 15:24:32 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: wireless X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: portmaster@bsdforge.com X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: rc@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D278306 --- Comment #11 from Chris Hutchinson --- (In reply to Bjoern A. Zeeb from comment #10) I think you're on the right track, Bjoern. But as I examined this approach, I discovered what may be hints to the problem here: libexec/rc/netif @ 152 # netif_common routine # Common configuration subroutine for network interfaces. This # routine takes all the preparatory steps needed for configuriing # an interface and then calls $routine. ... @ 175 # Don't check that the interface(s) exist. We need to run # the down code even when the interface doesn't exist to # kill off wpa_supplicant. # XXXBED: is this really true or does wpa_supplicant die? # if so, we should get rid of the devd entry While I could fully unwind the routine(s) to confirm whether this, or your approach is correct. I don't have time slices available ATM. IOW I agree someone from rc@ or net@ is the best direction. Maybe a PHAB review would be even better? --=20 You are receiving this mail because: You are on the CC list for the bug.= From nobody Thu Aug 29 15:26:13 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WvlVb1w9Bz5PcrN for ; Thu, 29 Aug 2024 15:26:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WvlVb014xz4t8m for ; Thu, 29 Aug 2024 15:26:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724945175; a=rsa-sha256; cv=none; b=rLMyhgz7l3d5/mk+Jyw82c6csamWDFnUucgr4ZhPUkyA7RZiv14W1wiVSaXxn/u9TAv2SP Wd1GlqQRORQgDm+jE5N7VF6ZHiZT4xEjgCldq5WbqJz/IkQ5BJQQxn+6iVAL78vPtNc46m l9fuOEYcuVVcyrXy7X3HX0HeL1zH+jZC4jIxgJOr+NsjY4oi7K+AMbH3croSyppIhf0KWp yTy4fRQwauKDHMr33Ene4PnBZD783SxG74u56mrzAzcwwpkPlES8K28KuWAigx7vbP2OIJ xn2o7FcswvgU7GrRoNYzkcovBWGFvmfccyrvy1bSlBFwM0Xzyz/Z3mSkixK41A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724945175; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jkvYik7K3Ah04gmX+hEqL+myCBWKWYL+a2nctX34x+Y=; b=MBU2jPv71DZaVIrsKXrDXsuqvJH5ljRA55f6y0kuuDbfuvX5iMhlQCA0TvRMBuOqYcqGvh J5xZEdCTHDF0bIIJEDmXA4j1hFjffQvDzJ4cT2YjQT9/FKD3ZZr5PArLI81cdzCRkiTIe+ CLE+arqU52LqyuNQGm9IhMGcc8p5dVXVNtigFPW+niEJINeIz9wZRTCiab+XkSoJS7f2RH BNJcIxrrbFsc7ld3oyDlKALLCKt348pImbXrCs66GqktpFoRNoJvnt7sOec035JmGkyWDg JBMssuucoAJBOBuaMjbQCdNsArhDub1Y1GCZJYx/5aZFyvS5BCEHO9kQA/wKGQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WvlVZ6XjSzN79 for ; Thu, 29 Aug 2024 15:26:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47TFQE2s058701 for ; Thu, 29 Aug 2024 15:26:14 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47TFQEth058700 for net@FreeBSD.org; Thu, 29 Aug 2024 15:26:14 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 279245] igc(4) I226 (and I225) TX hangups Date: Thu, 29 Aug 2024 15:26:13 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.2-RELEASE X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: freebsdforums.lurch729@passmail.net X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279245 CrazyWolf13 changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |freebsdforums.lurch729@pass | |mail.net --- Comment #6 from CrazyWolf13 --- I just experienced the same issue, and it was a PAIN to find the real issue. https://forum.opnsense.org/index.php?topic=3D42368 TL:DR: Mini-PC by shuttle with Intel i228-LM 2.5GB Ports Under heady load, sometimes every 6h I needed to reboot my opnsense box. Network behaved really weird, devices became inaccessible, opnsense too. A reboot usually fixed the issue but only for several hours. Funnily enough a reboot of my switch also seemed to have fix it for the mom= ent. Luckily my OEM uploaded a new BIOS this month and it actually fixed my issu= es, no more reboots needed after the BIOS update. https://global.shuttle.com/products/productsDownload?pn=3DDL30N%20SERIES --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Thu Aug 29 15:32:33 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wvldt0Xk0z5PdFB for ; Thu, 29 Aug 2024 15:32:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wvlds6bSyz4tvC for ; Thu, 29 Aug 2024 15:32:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724945553; a=rsa-sha256; cv=none; b=cNQqCdiWFFLAvGMHVtOmacHNvDyAV92EOf38pFoMfnty1rLGEk43l8OEN5lLB9c/R519EI iKb5+s7sNOhkDwd4aFnZAde+GAyy+1nvTjLflL3Y7xqMiWe1AquCUyrRG75Bw/2EbQM7Ib xLc/Mim/BQbIxKdiqaygSYIaDsq6ggZwjc6XYI/ZWAnU5UC0wJF3WdnmhiNGMwliUfBNbh GPGlwwZya3tLVu3BDZtIzhrjzDwFoYv5+zapXHZnUgP4YiQ95+OLazxFkfk+HK86X/8Dou XM7AzwcI0mXgL/Pb4qj5CPU0zqNR/se2stF03gQhZqkKh/crA4w93Q9BKPvcMw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724945553; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lqJqZCub9Cp4EbTwrZVYsPKgnVa9Zz81E+bIoRNujMc=; b=lx7edVsDNfPuSLXCZjayBCbfKMS9M4uzXCedLa6LeIHxVjEzvSUyi3QeS35M0V2gdGXwUa Cigl4FwaYzOwDI2mhySRcUXD0Mh4Rl4R9E9ZA0TU5MT4on1XmXLeI2K9nmVLoEgf7fp6P+ M32RmiM+WjZgDwYVp21RjUYJNqLM7MJum+qqyg3p2oKldSoH6m2s/kQN3ZNUIlUtIjHfRT IcAd2tBgGTugUpPL4anotijuTH9Q5ab6XcKBvVJ2i90jRoatp/tMHompFVjv566dMoeetv g8tZ0MRj4T5vhVeKYbSdre7fiS87yKNKghPBkBl1QsOX8jJw22JcyPNrdTyDNA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wvlds6988zNLm for ; Thu, 29 Aug 2024 15:32:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47TFWXJr090659 for ; Thu, 29 Aug 2024 15:32:33 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47TFWXQ2090658 for net@FreeBSD.org; Thu, 29 Aug 2024 15:32:33 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 275001] if_wg: Missing radix unlock can cause deadlock Date: Thu, 29 Aug 2024 15:32:33 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: markj@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275001 Mark Johnston changed: What |Removed |Added ---------------------------------------------------------------------------- Status|In Progress |Closed Resolution|--- |FIXED --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Thu Aug 29 16:06:21 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WvmNx2ds1z5T8Kf for ; Thu, 29 Aug 2024 16:06:25 +0000 (UTC) (envelope-from bapt@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WvmNx0WRXz529c; Thu, 29 Aug 2024 16:06:25 +0000 (UTC) (envelope-from bapt@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724947585; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ajBGEfAUNqJ0uOaOBqUohsA5WnWKaRNutslcbJxmxws=; b=jrkekBcYA7M8Wk4ToQbVIIOmcgD5tSCQHqikOvTQLm0R7SZoWXRwZv1XsJNQVZS1fWxi7p cMA3WlSXBLq1RfHY7j1c6YM81iwPncKUwMZ2B1pqJObmgTR9tlu2doNhbBrch1CzdkHBCS EFf2EhWA7+c6QJA4ZXKw0FFy04LWrCbeIfZxlv7ywU3bJjjv/LmetlEUUv/Y0brYMKqDgF 7gqwsE4PZXRrmKnuBUUvfSWakR+xWhlqpVm7zx5923mymxFmvPXYFXii69bGrce0KZQRiY 3AD9tRQsA0NSgQ7rvmf4IE/hmUCI8wl0SW2SQXsIi0YvebLsxaPq6fl5utwZ+w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724947585; a=rsa-sha256; cv=none; b=ZHSB8BmYNXt00kYwd80dQvedlAPV9tOYSJ+WY/Dp0UQF7pt3+OjpljUymJw6c5ADC1PedN 56ev5r7rLREOpXpL0IXxoviyDRbcPwI4iqAMTSTfHpmwjdfQjPqzM4M9rOVdgSOD3u+ELz F6TrGrKG4tCZJ+HneOTfnBvi+lf37I/62AsIfCfSVgbf9hD9L6gD2tcpUHsUyTjgaQG2JB ZwOK3tVe2NPvKRcy5aj3PTpOqc2qxi8jeuQgP8SzrX+CMhZea1JdASdB1/NYv+zGYHIMku eQ3oUIiKNN6+FeEJGxIWjSdjdXZgNE065FHmM9pMXRZ9lIE8Rs4iF4ClfUgh/g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724947585; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ajBGEfAUNqJ0uOaOBqUohsA5WnWKaRNutslcbJxmxws=; b=hQvSdXE2g6HoShdqIA1/icEDkN21o1m3eicdde1SYzFPaX01ScS7gTfCKfb7cDzLqVGb06 Jon4nxTxuS9+ZwbO8Rpkfm59aNtfXsClfgkTribRXJ7+KfTkRCKIJCw9xaSFBtR3SxJcYQ nIEFXbYiDpV+cV6WKcYZUaayGbeIe4fw81McEFEi4uwd8saUYYj9Big/V1Ji/wXDgLbOMF cyvDxGRYCbZIlIzk84RaBqbgT/10IrdKBysXRLC8kY+WQXK9ZM9Ep3FCxgzYMP2rv92DU3 i/Ogoo8aB1nFe26g/3ynJtx6QrF19PgRTl3QKB3blB7IhtxvZqeCinyMAu97Sw== Received: from aniel.nours.eu (nours.eu [176.31.115.77]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: bapt) by smtp.freebsd.org (Postfix) with ESMTPSA id 4WvmNw6Xg0zPws; Thu, 29 Aug 2024 16:06:24 +0000 (UTC) (envelope-from bapt@freebsd.org) Received: by aniel.nours.eu (Postfix, from userid 1001) id B01CFFEFE5; Thu, 29 Aug 2024 18:06:21 +0200 (CEST) Date: Thu, 29 Aug 2024 18:06:21 +0200 From: Baptiste Daroussin To: Freddie Cash Cc: "yann.masson@thehomecave.fr" , freebsd-net@freebsd.org Subject: Re: wait link up before route configuration Message-ID: References: List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Wed 28 Aug 08:40, Freddie Cash wrote: > On Wed, Aug 28, 2024 at 1:21 AM yann.masson@thehomecave.fr < > yann.masson@thehomecave.fr> wrote: > > > After configuring interfaces and routes, and triggering a 'service netif > > restart && service routing restart' is there a way to wait for the 'carrier > > up' of the interface before route reconfiguration? My use case is a server > > with 2 Mellanox and a Lagg. The 2 mce interfaces are UP in milliseconds but > > the lagg interface takes a few seconds to be UP, and the routing service > > says 'Network unreachable'. The subnet is a /32 and the gateway need a > > static route like: # /etc/rc.conf.d/netif cloned_interfaces="lagg0" > > ifconfig_mce0="up" ifconfig_mce1="up" ifconfig_lagg0="laggproto lacp > > laggport mce0 laggport mce1 198.51.100.1 netmask 255.255.255.255 mtu 1500" > > # /etc/rc.conf.d/routing route_defaultgw="-host 203.0.113.1 -link > > -interface lagg0" defaultrouter="203.0.113.1" static_routes="defaultgw" If > > I run 'service netif restart && sleep 5 && service routing restart', > > everything is ok. I didn't find any options for that, and was thinking > > about a patch in the routing script. Thanks > > > Read through the comments in /etc/rc.d/netwait as that should do what > you're looking for (wait until the interface is active or wait until you > get a ping response from an IP before continuing with network > configuration). > The problem is the route (set by routing rc script) is not reachable until the lagg is ready/up but there is 0 mecanism in the routing script to to an equivalent of netwait. In my opinion we should implement in routing_netwait_if or routing_netwait_ip to make routing wait on some iface to be ready, it can be useful for cases like lagg, but could also be useful for cases like wireguard (when setup only via netif). But I am not sure we haven't missed something obvious. Best regards, Bapt From nobody Thu Aug 29 16:12:51 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WvmXN2VdJz5T8xr for ; Thu, 29 Aug 2024 16:12:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WvmXN1Vbzz53C9 for ; Thu, 29 Aug 2024 16:12:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724947972; a=rsa-sha256; cv=none; b=G1QLPMirhIzur8UML8hexOGT6mRNfeRgu6d6adPRn60MxmgmRXwg3vBodJEfB7tZoDNYbJ 5CbPXL/oOxwJ+zLLiEFydB4ahsQdz0JeSq6mBEoMJHJJ1419hECYSjJel7o+9boKJd/sO5 p/TavcI7xdgyPJ8QZ31TBcsfNVdaXAlE/1puhlt1DWZSDll4yIf1qSCq7JrLXNgqlzub5F Ji+jzU/abE+rS8jr6vE5YzjSoec7v+Yp3MlOqbH7RrzNMvisd3KbitBYlEZOWGoVGIvYh+ FaPQmGTPJKTy8Xfcg493MyIHcpvXBtkB5Ku/j3kd2SUxa9Q/Jjq2WqqFnTZX2Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724947972; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=z/JvzcRvBDQ8E6z+n9cbJ4lXeM+Cd1pDLWsFNGOqLkI=; b=knlLeqCsr6WR+Pd7Gjgm0yn1r3XFq0o7Qrdw+p7fxnXkxyRJaFKD5w6GIuGoF44De5V9ZM ziF2IWjMPgQBXJWmK+EqWNfZmwdiQFHtkD4Yv6GKcu9ydx3wyOHFcrnIwQmikUbZSdEBgR LApzaL1B8HFuU5/JF23uXhnZLENlgVx1NqFG6BB6/iB272y2xN2WXrQNnyTkjQpUQfcLqj 4s7OrZLFlBePXw2yhnBvUWio27Za1C7LHBmXg5UaTjykZ1ty3mflZVlsn7Y3CMofdBFyKR dzJortQJc+H/aOt2TIflJ5NvlKpdCAh5GHqriBtm4MwW6NOtNU0sCPlWneKIbQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WvmXN15T5zPhP for ; Thu, 29 Aug 2024 16:12:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47TGCquf064201 for ; Thu, 29 Aug 2024 16:12:52 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47TGCqxb064197 for net@FreeBSD.org; Thu, 29 Aug 2024 16:12:52 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 279245] igc(4) I226 (and I225) TX hangups Date: Thu, 29 Aug 2024 16:12:51 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.2-RELEASE X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: freebsd_email@congenio.de X-Bugzilla-Status: Closed X-Bugzilla-Resolution: Not A Bug X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279245 Dr. Uwe Meyer-Gruhl changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Closed Resolution|--- |Not A Bug --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Thu Aug 29 18:51:37 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wvr3p5Y29z52QW2 for ; Thu, 29 Aug 2024 18:51:50 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [IPv6:2607:f3e0:0:1::12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smarthost1.sentex.ca", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wvr3n6J5Fz458J for ; Thu, 29 Aug 2024 18:51:49 +0000 (UTC) (envelope-from mike@sentex.net) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mike@sentex.net designates 2607:f3e0:0:1::12 as permitted sender) smtp.mailfrom=mike@sentex.net Received: from pyroxene2a.sentex.ca (pyroxene19.sentex.ca [199.212.134.19]) by smarthost1.sentex.ca (8.18.1/8.18.1) with ESMTPS id 47TIpbHa042853 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=FAIL) for ; Thu, 29 Aug 2024 14:51:37 -0400 (EDT) (envelope-from mike@sentex.net) Received: from [IPV6:2607:f3e0:0:4:8428:6097:7a81:e591] ([IPv6:2607:f3e0:0:4:8428:6097:7a81:e591]) by pyroxene2a.sentex.ca (8.18.1/8.15.2) with ESMTPS id 47TIpake011192 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO) for ; Thu, 29 Aug 2024 14:51:36 -0400 (EDT) (envelope-from mike@sentex.net) Message-ID: <790fcb38-db6c-41ce-8222-8146be5dbe3b@sentex.net> Date: Thu, 29 Aug 2024 14:51:37 -0400 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: FreeBSD Net From: mike tancsa Subject: dropping udp fragments with ipfw Autocrypt: addr=mike@sentex.net; keydata= xsBNBFywzOMBCACoNFpwi5MeyEREiCeHtbm6pZJI/HnO+wXdCAWtZkS49weOoVyUj5BEXRZP xflV2ib2hflX4nXqhenaNiia4iaZ9ft3I1ebd7GEbGnsWCvAnob5MvDZyStDAuRxPJK1ya/s +6rOvr+eQiXYNVvfBhrCfrtR/esSkitBGxhUkBjOti8QwzD71JVF5YaOjBAs7jZUKyLGj0kW yDg4jUndudWU7G2yc9GwpHJ9aRSUN8e/mWdIogK0v+QBHfv/dsI6zVB7YuxCC9Fx8WPwfhDH VZC4kdYCQWKXrm7yb4TiVdBh5kgvlO9q3js1yYdfR1x8mjK2bH2RSv4bV3zkNmsDCIxjABEB AAHNHW1pa2UgdGFuY3NhIDxtaWtlQHNlbnRleC5uZXQ+wsCOBBMBCAA4FiEEmuvCXT0aY6hs 4SbWeVOEFl5WrMgFAl+pQfkCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQeVOEFl5W rMiN6ggAk3H5vk8QnbvGbb4sinxZt/wDetgk0AOR9NRmtTnPaW+sIJEfGBOz47Xih+f7uWJS j+uvc9Ewn2Z7n8z3ZHJlLAByLVLtcNXGoRIGJ27tevfOaNqgJHBPbFOcXCBBFTx4MYMM4iAZ cDT5vsBTSaM36JZFtHZBKkuFEItbA/N8ZQSHKdTYMIA7A3OCLGbJBqloQ8SlW4MkTzKX4u7R yefAYQ0h20x9IqC5Ju8IsYRFacVZconT16KS81IBceO42vXTN0VexbVF2rZIx3v/NT75r6Vw 0FlXVB1lXOHKydRA2NeleS4NEG2vWqy/9Boj0itMfNDlOhkrA/0DcCurMpnpbM7ATQRcsMzk AQgA1Dpo/xWS66MaOJLwA28sKNMwkEk1Yjs+okOXDOu1F+0qvgE8sVmrOOPvvWr4axtKRSG1 t2QUiZ/ZkW/x/+t0nrM39EANV1VncuQZ1ceIiwTJFqGZQ8kb0+BNkwuNVFHRgXm1qzAJweEt RdsCMohB+H7BL5LGCVG5JaU0lqFU9pFP40HxEbyzxjsZgSE8LwkI6wcu0BLv6K6cLm0EiHPO l5G8kgRi38PS7/6s3R8QDsEtbGsYy6O82k3zSLIjuDBwA9GRaeigGppTxzAHVjf5o9KKu4O7 gC2KKVHPegbXS+GK7DU0fjzX57H5bZ6komE5eY4p3oWT/CwVPSGfPs8jOwARAQABwsB2BBgB CAAgFiEEmuvCXT0aY6hs4SbWeVOEFl5WrMgFAl+pQfkCGwwACgkQeVOEFl5WrMiVqwf9GwU8 c6cylknZX8QwlsVudTC8xr/L17JA84wf03k3d4wxP7bqy5AYy7jboZMbgWXngAE/HPQU95NM aukysSnknzoIpC96XZJ0okLBXVS6Y0ylZQ+HrbIhMpuQPoDweoF5F9wKrsHRoDaUK1VR706X rwm4HUzh7Jk+auuMYfuCh0FVlFBEuiJWMLhg/5WCmcRfiuB6F59ZcUQrwLEZeNhF2XJV4KwB Tlg7HCWO/sy1foE5noaMyACjAtAQE9p5kGYaj+DuRhPdWUTsHNuqrhikzIZd2rrcMid+ktb0 NvtvswzMO059z1YGMtGSqQ4srCArju+XHIdTFdiIYbd7+jeehg== Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.86 X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.36 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.97)[-0.974]; R_SPF_ALLOW(-0.20)[+ip6:2607:f3e0::/32]; MIME_GOOD(-0.10)[text/plain]; RCVD_IN_DNSWL_LOW(-0.10)[199.212.134.19:received]; XM_UA_NO_VERSION(0.01)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FREEFALL_USER(0.00)[mike]; ASN(0.00)[asn:11647, ipnet:2607:f3e0::/32, country:CA]; MIME_TRACE(0.00)[0:+]; MID_RHS_MATCH_FROM(0.00)[]; R_DKIM_NA(0.00)[]; MLMMJ_DEST(0.00)[freebsd-net@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[sentex.net]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Queue-Id: 4Wvr3n6J5Fz458J I was working on some firewall rules to drop large UDP fragment attacks and noticed there is no easy way to drop fragments based on port ? e.g. if someone sends a UDP packet of 1400 bytes, I can drop it with TARGET=192.168.1.1 ipfw add 5 deny log udp from any 53 to $TARGET But if that packet is say 2000 bytes and is fragmented, the fragment passes through. I have to add a subsequent rule ipfw add 10 deny log udp from any to $TARGET fragment But this would kill all UDP fragments.  If the host has some other UDP application that needs to deal with fragmented packets, is there a way to get around that and only drop packets with a certain port in the first fragment ?     ---Mike From nobody Thu Aug 29 19:45:55 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WvsGS0xSrz52VtC for ; Thu, 29 Aug 2024 19:46:08 +0000 (UTC) (envelope-from olivier@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WvsGS0Qmnz49Vj for ; Thu, 29 Aug 2024 19:46:08 +0000 (UTC) (envelope-from olivier@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724960768; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=w8fKVVhxXlsOpeA/VzMgdoRV7oag7z/v/KAG0K3RffY=; b=ZGLKSNRvORJ93cNG3jya4Eph8PJYf/wWTR7fk+pxzhwF8WLAgqIIQkj6YZtvRjG7ruKbI2 8Tb+Uz6h+GLfZM9Gs+aqtr9thJS+BbM8PCnqN4IEE5tHSTV3wVPGXFK/CixL1coF/EwFvu a3jULs26G/QTBkS6V89iu0f3Wd/sQkv6Z++jstCQynEXnH45ea9uvjESvgJ0tcXHPnHWqh 1iSMfaSjJXFLtXxaobKR/japkLG9qTF5CBi+aL2oiM8uhnhyi/838Jkm88mo1mcXnnddir QTiJMJRJt/YJ7mzXONRrH+8bp+6BNcFkuxtMcHlvBpF8e8H3HAkx/EgG1MOWTw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724960768; a=rsa-sha256; cv=none; b=ScvsGYmWSAFnWNgm4rSreWPXfHWnNhW/7gh28I/Mxr2v8kq1C6Wvj2xmipqNpgspUzhfNd +CYm6FJ2aQ9UgRaEkgvONnOeByit7rkU30tUQdyAeSZuf+WQWxgTLgaJ2d0xzMYOrQDayH pdj+lDMydcToF8B9sLdKe6h6g48UaxqxuIuiOFeWwbmXNCUMF5XxbrSiXYXe0OCOr6o1yZ fs8KXUbTuDYdiUy1h0MTLLYdRCEzWw+4f2U/1RVf/kQRKLhYIYijTfnnmLUne6VV6Zy+qV 1Pzlfkt6ZXu6JhDWyy5+VLVZy2sluNWL8PC+/sjNGXYvyFCd+IWctIvQAbi8MA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724960768; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=w8fKVVhxXlsOpeA/VzMgdoRV7oag7z/v/KAG0K3RffY=; b=WZdiY34FCMQsryYYz6HBx6Brz6iXWgROmGLYVYbx8QKzHM5FM4Zgty1gmbuKVOcZ6QRfLp tSqZNjMX0djedznSIviQizs8+AfUN3NVJHEp6ZTvjMq2+EVpvx6gfx2adZFtcVd0T5qlg6 IizF+UBDc+6XnwEUjpMmFpDvoSA7wItVWXHrvjKOPbjdGmWPoVgtV1QKXmzx3hlni3K8qF p+icFtbo2TsFN5aMSmxnCKx7ycoUBVtnNhTs4C1xNPxJPgVKR3s/qi5G5c98z4glAoyMU9 XW5zaXCeJVVI2hlwViQYVm1Ppw4opYxHsAs0K7r/hlYET8MO57l8J4+BY/fckA== Received: from mail-qv1-f49.google.com (mail-qv1-f49.google.com [209.85.219.49]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) (Authenticated sender: olivier/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4WvsGR71CHzTQQ for ; Thu, 29 Aug 2024 19:46:07 +0000 (UTC) (envelope-from olivier@freebsd.org) Received: by mail-qv1-f49.google.com with SMTP id 6a1803df08f44-6bd6f2c9d52so5714876d6.3 for ; Thu, 29 Aug 2024 12:46:07 -0700 (PDT) X-Gm-Message-State: AOJu0YzokDR10kgCo/MbEpt/Bl1gJzJUIRm0FOPPsMfbi7ysIgPSpzZ6 WNhNwmr6iipNzIS+gml79PgLabJS/u/l/+OSTdbOPaoJ2L6NT2Q1ZqN5cVYsdYjGG5pn2CmSWgE gqOyM2JqYMgWCxbw/ajtnGyEdSHo= X-Google-Smtp-Source: AGHT+IGAcm/m8cwTiFiA1WpJhAakBtDv//YLFur4s9JdK9NEG3JESz+8cOnwYbW27VXwEpdam225p6DZDzh2Y9wfGjs= X-Received: by 2002:a05:6214:5d8d:b0:6bf:80e5:debd with SMTP id 6a1803df08f44-6c33e62d2b6mr44036726d6.29.1724960767552; Thu, 29 Aug 2024 12:46:07 -0700 (PDT) List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 References: <790fcb38-db6c-41ce-8222-8146be5dbe3b@sentex.net> In-Reply-To: <790fcb38-db6c-41ce-8222-8146be5dbe3b@sentex.net> From: =?UTF-8?Q?Olivier_Cochard=2DLabb=C3=A9?= Date: Thu, 29 Aug 2024 21:45:55 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: dropping udp fragments with ipfw To: mike tancsa Cc: FreeBSD Net Content-Type: multipart/alternative; boundary="000000000000cd3eba0620d7b9e8" --000000000000cd3eba0620d7b9e8 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Aug 29, 2024 at 8:52=E2=80=AFPM mike tancsa wrote= : > But this would kill all UDP fragments. If the host has some other UDP > application that needs to deal with fragmented packets, is there a way > to get around that and only drop packets with a certain port in the > first fragment ? > > When a packet is fragmented, only the IP header (not the UDP header that includes the port number) is copied for all subsequent fragmented packets. To fix this behavior, you can instruct the firewall to reassemble the packet before performing UDP/TCP port filtering. Refer to the ipfw(4) man page on the "reass" keyword, which provides the following example: ipfw add reass all from any to any in I hope this helps! --000000000000cd3eba0620d7b9e8 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

On Thu, Aug 29, 2024 at 8= :52=E2=80=AFPM mike tancsa <mike@sent= ex.net> wrote:
Date: Thu, 29 Aug 2024 15:53:36 -0400 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: dropping udp fragments with ipfw To: =?UTF-8?Q?Olivier_Cochard-Labb=C3=A9?= Cc: FreeBSD Net References: <790fcb38-db6c-41ce-8222-8146be5dbe3b@sentex.net> Content-Language: en-US From: mike tancsa Autocrypt: addr=mike@sentex.net; keydata= xsBNBFywzOMBCACoNFpwi5MeyEREiCeHtbm6pZJI/HnO+wXdCAWtZkS49weOoVyUj5BEXRZP xflV2ib2hflX4nXqhenaNiia4iaZ9ft3I1ebd7GEbGnsWCvAnob5MvDZyStDAuRxPJK1ya/s +6rOvr+eQiXYNVvfBhrCfrtR/esSkitBGxhUkBjOti8QwzD71JVF5YaOjBAs7jZUKyLGj0kW yDg4jUndudWU7G2yc9GwpHJ9aRSUN8e/mWdIogK0v+QBHfv/dsI6zVB7YuxCC9Fx8WPwfhDH VZC4kdYCQWKXrm7yb4TiVdBh5kgvlO9q3js1yYdfR1x8mjK2bH2RSv4bV3zkNmsDCIxjABEB AAHNHW1pa2UgdGFuY3NhIDxtaWtlQHNlbnRleC5uZXQ+wsCOBBMBCAA4FiEEmuvCXT0aY6hs 4SbWeVOEFl5WrMgFAl+pQfkCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQeVOEFl5W rMiN6ggAk3H5vk8QnbvGbb4sinxZt/wDetgk0AOR9NRmtTnPaW+sIJEfGBOz47Xih+f7uWJS j+uvc9Ewn2Z7n8z3ZHJlLAByLVLtcNXGoRIGJ27tevfOaNqgJHBPbFOcXCBBFTx4MYMM4iAZ cDT5vsBTSaM36JZFtHZBKkuFEItbA/N8ZQSHKdTYMIA7A3OCLGbJBqloQ8SlW4MkTzKX4u7R yefAYQ0h20x9IqC5Ju8IsYRFacVZconT16KS81IBceO42vXTN0VexbVF2rZIx3v/NT75r6Vw 0FlXVB1lXOHKydRA2NeleS4NEG2vWqy/9Boj0itMfNDlOhkrA/0DcCurMpnpbM7ATQRcsMzk AQgA1Dpo/xWS66MaOJLwA28sKNMwkEk1Yjs+okOXDOu1F+0qvgE8sVmrOOPvvWr4axtKRSG1 t2QUiZ/ZkW/x/+t0nrM39EANV1VncuQZ1ceIiwTJFqGZQ8kb0+BNkwuNVFHRgXm1qzAJweEt RdsCMohB+H7BL5LGCVG5JaU0lqFU9pFP40HxEbyzxjsZgSE8LwkI6wcu0BLv6K6cLm0EiHPO l5G8kgRi38PS7/6s3R8QDsEtbGsYy6O82k3zSLIjuDBwA9GRaeigGppTxzAHVjf5o9KKu4O7 gC2KKVHPegbXS+GK7DU0fjzX57H5bZ6komE5eY4p3oWT/CwVPSGfPs8jOwARAQABwsB2BBgB CAAgFiEEmuvCXT0aY6hs4SbWeVOEFl5WrMgFAl+pQfkCGwwACgkQeVOEFl5WrMiVqwf9GwU8 c6cylknZX8QwlsVudTC8xr/L17JA84wf03k3d4wxP7bqy5AYy7jboZMbgWXngAE/HPQU95NM aukysSnknzoIpC96XZJ0okLBXVS6Y0ylZQ+HrbIhMpuQPoDweoF5F9wKrsHRoDaUK1VR706X rwm4HUzh7Jk+auuMYfuCh0FVlFBEuiJWMLhg/5WCmcRfiuB6F59ZcUQrwLEZeNhF2XJV4KwB Tlg7HCWO/sy1foE5noaMyACjAtAQE9p5kGYaj+DuRhPdWUTsHNuqrhikzIZd2rrcMid+ktb0 NvtvswzMO059z1YGMtGSqQ4srCArju+XHIdTFdiIYbd7+jeehg== In-Reply-To: X-Scanned-By: MIMEDefang 2.86 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:11647, ipnet:2607:f3e0::/32, country:CA] X-Rspamd-Queue-Id: 4WvsR84qtdz4DQv This is a multi-part message in MIME format. --------------K040u0YVLnYsANkqqx04x1zg Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 8/29/2024 3:45 PM, Olivier Cochard-Labbé wrote: > > On Thu, Aug 29, 2024 at 8:52 PM mike tancsa wrote: > > But this would kill all UDP fragments.  If the host has some other > UDP > application that needs to deal with fragmented packets, is there a > way > to get around that and only drop packets with a certain port in the > first fragment ? > > > When a packet is fragmented, only the IP header (not the UDP header > that includes the port number) is copied for all subsequent fragmented > packets. > To fix this behavior, you can instruct the firewall to reassemble the > packet before performing UDP/TCP port filtering. > Refer to the ipfw(4) man page on the "reass" keyword, which provides > the following example: > ipfw add reass all from any to any in > > I hope this helps! Thanks very much, it does!  Under DDoS attack, how "expensive" would this be I noticed there are some default queue limits that probably would be exhausted fairly quickly.  I might look instead for this use case to use the chelsio NIC rules (via cxgbetool) and just drop with something like this cxgbetool t5nex0 filter 10  sip  0.0.0.0/0 sport 53 dip 192.168.1.1/32 proto 17  action drop cxgbetool t5nex0 filter 11 sip 0.0.0.0/0 dip 192.168.1.1/32 proto 17 frag 1 action drop to protect the customer downstream and then get rid of rule 11 once the pps rate drops back to normal.     ---Mike --------------K040u0YVLnYsANkqqx04x1zg Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
On 8/29/2024 3:45 PM, Olivier Cochard-Labbé wrote:

On Thu, Aug 29, 2024 at 8:52 PM mike tancsa <mike@sentex.net> wrote:
But this would kill all UDP fragments.  If the host has some other UDP
application that needs to deal with fragmented packets, is there a way
to get around that and only drop packets with a certain port in the
first fragment ?


When a packet is fragmented, only the IP header (not the UDP header that includes the port number) is copied for all subsequent fragmented packets.
To fix this behavior, you can instruct the firewall to reassemble the packet before performing UDP/TCP port filtering.
Refer to the ipfw(4) man page on the "reass" keyword, which provides the following example:
ipfw add reass all from any to any in

I hope this helps!


Thanks very much, it does!  Under DDoS attack, how "expensive" would this be I noticed there are some default queue limits that probably would be exhausted fairly quickly.  I might look instead for this use case to use the chelsio NIC rules (via cxgbetool) and just drop with something like this

cxgbetool t5nex0 filter 10  sip  0.0.0.0/0 sport 53 dip 192.168.1.1/32 proto 17  action drop
cxgbetool t5nex0 filter 11 sip 0.0.0.0/0 dip 192.168.1.1/32 proto 17 frag 1 action drop

to protect the customer downstream and then get rid of rule 11 once the pps rate drops back to normal.

    ---Mike

--------------K040u0YVLnYsANkqqx04x1zg-- From nobody Thu Aug 29 19:59:12 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WvsYj5TYWz52X2H for ; Thu, 29 Aug 2024 19:59:21 +0000 (UTC) (envelope-from SRS0=jWsS=P4=klop.ws=ronald-lists@realworks.nl) Received: from smtp-relay-int.realworks.nl (smtp-relay-int.realworks.nl [194.109.157.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4WvsYj33M6z4FTZ for ; Thu, 29 Aug 2024 19:59:21 +0000 (UTC) (envelope-from SRS0=jWsS=P4=klop.ws=ronald-lists@realworks.nl) Authentication-Results: mx1.freebsd.org; none Date: Thu, 29 Aug 2024 21:59:12 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=klop.ws; s=rw2; t=1724961554; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=EniEv/KpCvFOI96WGrVv+G3lZrlN1S1UYvPdMZ0RDjg=; b=Rx+c5Hq9iJAoN/Sivh1/zjZKCllSWqX69XtYSckXby+y4rOZR+mZV1cbuaDCg/4kq2f/wk 3v8dEgwICFTNGMal20wQzeVaG5bmWrhNXWhnYee/UDHokmPSTszFVrlOIeiZ78Ibj7R6hP YlPyyyUtzwYITZ7DeijxG2ZtyhXCRrShuKkipOaYp0+FtiZqJodpeRSmuTv1ah94xgPaqk K6hA1+VfgQC9qCszb6h4XoLii81Lpfey1L5y5Rxsh6cAHyODyZ+4joye9RfA8Ei/ptcTLO jD0m6QZW/VXwZwOSfo7tHmkpmkJZG84/gi08aymDcwaSN1+7MF5nBT+E2rmYnw== From: Ronald Klop To: mike tancsa Cc: FreeBSD Net Message-ID: <844983132.8139.1724961552115@localhost> In-Reply-To: <790fcb38-db6c-41ce-8222-8146be5dbe3b@sentex.net> References: <790fcb38-db6c-41ce-8222-8146be5dbe3b@sentex.net> Subject: Re: dropping udp fragments with ipfw List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_8138_2135212535.1724961552047" X-Mailer: Realworks (718.41) Importance: Normal X-Priority: 3 (Normal) X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:3265, ipnet:194.109.0.0/16, country:NL] X-Rspamd-Queue-Id: 4WvsYj33M6z4FTZ ------=_Part_8138_2135212535.1724961552047 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Van: mike tancsa Datum: donderdag, 29 augustus 2024 20:51 Aan: FreeBSD Net Onderwerp: dropping udp fragments with ipfw > > I was working on some firewall rules to drop large UDP fragment attacks and noticed there is no easy way to drop fragments based on port ? e.g. if someone sends a UDP packet of 1400 bytes, I can drop it with > > TARGET=192.168.1.1 > > ipfw add 5 deny log udp from any 53 to $TARGET > > But if that packet is say 2000 bytes and is fragmented, the fragment passes through. I have to add a subsequent rule > > ipfw add 10 deny log udp from any to $TARGET fragment > > But this would kill all UDP fragments. If the host has some other UDP application that needs to deal with fragmented packets, is there a way to get around that and only drop packets with a certain port in the first fragment ? > > ---Mike > > > > > Fragmentation happens on IP level. As far as I know ipfw does not keep state of fragments. You can use "reass" to let the firewall reassemble the fragmented IP packet and only forward it when it is complete. The manual page of ipfw describes this. Another option I can think of, but which I didn't try is setting up dummynet rate limiting and directing the fragments through it. Regards, Ronald. ------=_Part_8138_2135212535.1724961552047 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit

Van: mike tancsa <mike@sentex.net>
Datum: donderdag, 29 augustus 2024 20:51
Aan: FreeBSD Net <freebsd-net@freebsd.org>
Onderwerp: dropping udp fragments with ipfw

I was working on some firewall rules to drop large UDP fragment attacks and noticed there is no easy way to drop fragments based on port ? e.g. if someone sends a UDP packet of 1400 bytes, I can drop it with

TARGET=192.168.1.1

ipfw add 5 deny log udp from any 53 to $TARGET

But if that packet is say 2000 bytes and is fragmented, the fragment passes through. I have to add a subsequent rule

ipfw add 10 deny log udp from any to $TARGET fragment

But this would kill all UDP fragments.  If the host has some other UDP application that needs to deal with fragmented packets, is there a way to get around that and only drop packets with a certain port in the first fragment ?

     ---Mike

 


Fragmentation happens on IP level. As far as I know ipfw does not keep state of fragments.
You can use "reass" to let the firewall reassemble the fragmented IP packet and only forward it when it is complete. The manual page of ipfw describes this.
Another option I can think of, but which I didn't try is setting up dummynet rate limiting and directing the fragments through it.

Regards,
Ronald.
  ------=_Part_8138_2135212535.1724961552047-- From nobody Thu Aug 29 21:43:54 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WvvtQ3TqFz5MTM4 for ; Thu, 29 Aug 2024 21:43:58 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-yw1-x1135.google.com (mail-yw1-x1135.google.com [IPv6:2607:f8b0:4864:20::1135]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WvvtP66DLz4WLV for ; Thu, 29 Aug 2024 21:43:57 +0000 (UTC) (envelope-from markjdb@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=BF4314Sv; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=freebsd.org (policy=none); spf=pass (mx1.freebsd.org: domain of markjdb@gmail.com designates 2607:f8b0:4864:20::1135 as permitted sender) smtp.mailfrom=markjdb@gmail.com Received: by mail-yw1-x1135.google.com with SMTP id 00721157ae682-6b8f13f28fbso10333047b3.1 for ; Thu, 29 Aug 2024 14:43:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1724967837; x=1725572637; darn=freebsd.org; h=content-disposition:mime-version:message-id:subject:to:from:date :sender:from:to:cc:subject:date:message-id:reply-to; bh=s/YUvzXoGaVC/T95vTvrj8oxpeRVNINkcvWHm4p17+A=; b=BF4314SvvN4vLmA/betTvl8bz7VNsQ3lp/01YP1eqRRkeAYu6byxuciWtplRNSkxlr kvqso0IDGrf+X5tZtTSrkjOwTFzLH+oLZSr25F0tSHEv+/b1tccA4zZPvsgWDz8PPRV/ gdOodivRgcwtbkrvgw9wTpDd0oA0lVeCII+HHnjWdZrTNsybgkXuZyLcwkn6vCtUG2LL /PxfHC0p57lOLbC2bVaHRf1Qc9D2DPjlqNFI9+/0wse78oYHV9s1tSoSaiw0aFbPh8DB fUCbA+RvZK9IFdbZNKQ1SUcX+jusNe/n6bkmXDGd1mzcVf3QCdE8vyGNGhhOpRL3lQub 2aqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724967837; x=1725572637; h=content-disposition:mime-version:message-id:subject:to:from:date :sender:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=s/YUvzXoGaVC/T95vTvrj8oxpeRVNINkcvWHm4p17+A=; b=aI3iP1cVa0p53wVJv2Gult7HMjNtW7bNy8U9y1DwmuhMD9IrAXUzyoB6ENRgxRCSd6 mKiC+X+8Yuw/Vbn0QmvyV0fl/h6040eaVK5ywbpfNgzF3Bq80zQcEgCNlIqC0vkVJu5d xZ6/a922lBgk7C/dCZYMVAHYSDuadYQOVpL+JkIK9Ai0Iqw7wr2kKzMG9xB/Fd+4S17w D7OO87Exa9bokjgefSkKE38Rxhs8BLeYytRqrB+xTTkIjnfwiu570T/j98yuGmbQbTcM GZCdXz/9YnVWWSbhO7z0X7m8HbZI9SlN6DuiiXSr4HXK1puVZ5fJCXY6iciC6w09yugg Az2A== X-Gm-Message-State: AOJu0Yya79KdOeI9xEN415SzPUvmN4VayoVkKegwI40DyYkr17VNpVTj zqDIP+1MOWkVdTSY+SXyqstygomkueFEWcH/hjiL1fywZs6AxhaPXKeIMw== X-Google-Smtp-Source: AGHT+IFFbn6N14IjVTZ88mFHpaON6LkIqjG6cN1b/md99+iOEFaov0hp727cQiiReYOtt+fQVDUV+A== X-Received: by 2002:a05:690c:60c7:b0:6af:eb0b:6544 with SMTP id 00721157ae682-6d277778e0emr48106157b3.35.1724967836993; Thu, 29 Aug 2024 14:43:56 -0700 (PDT) Received: from nuc (192-0-220-237.cpe.teksavvy.com. [192.0.220.237]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7a806d5e1e1sm87747885a.103.2024.08.29.14.43.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Aug 2024 14:43:56 -0700 (PDT) Date: Thu, 29 Aug 2024 17:43:54 -0400 From: Mark Johnston To: freebsd-net@freebsd.org Subject: SO_SPLICE implementation Message-ID: List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.58 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.98)[-0.978]; MID_RHS_NOT_FQDN(0.50)[]; FORGED_SENDER(0.30)[markj@freebsd.org,markjdb@gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; DMARC_POLICY_SOFTFAIL(0.10)[freebsd.org : SPF not aligned (relaxed), DKIM not aligned (relaxed),none]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MISSING_XM_UA(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; TO_DN_NONE(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_NEQ_ENVFROM(0.00)[markj@freebsd.org,markjdb@gmail.com]; DKIM_TRACE(0.00)[gmail.com:+]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DOM_EQ_FROM_DOM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-net@freebsd.org]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::1135:from] X-Rspamd-Queue-Id: 4WvvtP66DLz4WLV Hello, Drew Gallatin and I have been working on an implementation of SO_SPLICE, an interface which allows TCP connections to be spliced together. This is intended for use in proxy applications to reduce the overhead of copying data between connections. At the moment the interface isn't widely used, though I'll make sure that net/relayd can take advantage of it (which it already does on OpenBSD). If there are existing applications that might take advantage of it, especially in the FreeBSD base system, I'd be interested to hear suggestions. The code review is here if anyone's interested in looking at the implementation: https://reviews.freebsd.org/D46411 From nobody Thu Aug 29 22:45:06 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WvxDy3dLzz5MYXL for ; Thu, 29 Aug 2024 22:45:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WvxDy04CCz4ZvQ for ; Thu, 29 Aug 2024 22:45:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724971506; a=rsa-sha256; cv=none; b=gRFGgv+OFhCse1EphyzXA6HtgR++5KKHLl3LPLr8qYEAjmSRcVkavzUjrXbgVPxVsCR9tX lLHISbKP/gDKc3wl5svolqJ/+twaUUJRI/TnHrT7i2FpNusLgjppkUl6A57N+/vzVgHTFb MkJHtf5AqsByjFabvpxeOCK5gLGGOLmGFwgSwTE/uiR0/4vSHeweZ+bGJh0JqlQ0qvHPKH s764Bz4J7ylz+lHHj6sBgORYxxkXmfMXPrZGodfBGZDryLbymOEfm+DVVYVyl/vM6Yo6qh dLJv4PewBmCsxlJi8AvH9kt40us8fqAoL8PukCUidqWESJPMfJcgaooGmiS1zg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724971506; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vhzDOrxUZ65LGSNp8S07JKbMsKB3OC9l5qxuuMDlD1o=; b=p6VeDe2hjXsGCwG+B3XT8zFifEZ5TJUvriPYlWh9kpO8Nxef2hQF9BDsurygU9d1x/ikAT rVSAfjDRgmYZD4DlD6M22rIh7niab4FjxOg6utjxBdsY2X4BWztSnO5iINKiL8mtBDWmVs 8S2mFmMFgiMxU2aU4y3pFMyx5kkOvvYRsYp9oeG/hfaySoTJiEYAQvFwMXm3/uprqqRktn WovVDhjPaF04VmZdtagAIlYG0rOZjNDrM7QNDslwDAXy2vXu9GuRfEuZ6kHETFinWd3GFS LucxdbN8e7SQQFeMUvlUeGTLQoUbgTtQpxl8+7miHjfoRrHgBvyPScjTEky9rA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WvxDx6gPMzcYd for ; Thu, 29 Aug 2024 22:45:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47TMj5TD055321 for ; Thu, 29 Aug 2024 22:45:05 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47TMj5iD055320 for net@FreeBSD.org; Thu, 29 Aug 2024 22:45:05 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 281125] ixl: fix multicast filters handling regression Date: Thu, 29 Aug 2024 22:45:06 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.0-RELEASE X-Bugzilla-Keywords: IntelNetworking, regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D281125 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |net@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Aug 30 09:11:41 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WwC7x5bhyz52RHF for ; Fri, 30 Aug 2024 09:11:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WwC7x4SRXz4W4l for ; Fri, 30 Aug 2024 09:11:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725009101; a=rsa-sha256; cv=none; b=c+XG68QRDjheNheWc0eEunqYH1Yio36aFFeuYCzrmINmlgKPmVTXfkwRdML6LosWiCgka2 nt1IEtR4cECCYRa9wYcTwxIMWjK0RtDX3TLa5JxJHDijsi/PsRg96djJ5V7xaYNTEaDiQj iVebyiyKBxyIyiuuhHspPxVmQ9uvVQAUH2v2OOSgytbM4yahu+WtweU8ubP+Vi7QjCZP7r pu1x+DYcuoHYCESJv53/9fectgKkeI4x32LO9h591KO2bTzmDCW7BUXcWziCwZDACi7pXB UF6tELqXR2pOHfkpVYliqaKi1oY1r7CaITaOacCWszDGmLhYq6MARZug4lm41Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725009101; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ylPhfuOk88vOH3b/9Z/Pc3pmg8jKUfkdsq+d3o2y06M=; b=ONDlPdIA8pbXlun36d6EZXULaQ0x1M8o+yivNOjjsGrPk4hUjRFsl1qfbE8ogoxNDts0PO tuUOGiIBXruuJ2YO/ArOINDFhDHJD2VahqxPRQRtRbopsneHMltsem8g4B01K//A8hRv/I YUiEa76ahAfZDX1V1UrkhS67YjBQrbnqowHzn/FpAGPfhi7wenQjJA6b+tgAWcjtGQmmiY Ozr1apenO66zyjop9jhRQert9JREjwwh85WM4cDggn/gIS7kZSNubWhOoL/vmNonwpnCoE 1IJyVFQxGKogKd70goWK+nZTBPNJLMRl4WIAHxfChIWau8jqg6fwmv46nK9LuQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WwC7x43knzvyH for ; Fri, 30 Aug 2024 09:11:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47U9BfQf085190 for ; Fri, 30 Aug 2024 09:11:41 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47U9Bf5Y085189 for net@FreeBSD.org; Fri, 30 Aug 2024 09:11:41 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280036] Data corruption over if_ovpn (OpenVPN DCO) observed Date: Fri, 30 Aug 2024 09:11:41 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: zlei@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280036 --- Comment #4 from Zhenlei Huang --- (In reply to ss3bsd from comment #3) I guess a small file ( 1M bytes ) is enough to reproduce. Maybe require multiple rounds though. > # md5sum randomfile* This is good to check the corruption, but less useful to figure out how many bytes got corrupted. May you please also share the binary diff ? You can do that by: ``` # diff <( hexdump -x randomfile ) <( hexdump -x randomfile.return ) ``` --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Aug 30 14:37:58 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WwLNS3tDyz5MgsM for ; Fri, 30 Aug 2024 14:38:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WwLNS2q1Mz40WR for ; Fri, 30 Aug 2024 14:38:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725028680; a=rsa-sha256; cv=none; b=MIozKUHPrVndgO6SQe2LYAHwXuGSFQ+qtRj+NeAn/XLG7YN7yJZrbGZ1v2JrnurYhQRF/+ plIq/fFosnYN7r5At2Iwy8BDR7ghNPC5JvX/AbZfg+bA+Cg06EaJxW6M0YnZ9pttEq2T59 YVaiuEf+5vyXl+tqAYAWyb+eIG84hAlEeY94/sg6EC13wzXRS/wwkoRR1HlTB2Dpaq3TeB ZZph1fYu6CjeAZGj+WUYguxYm4BimgUyvKTOw6fE6eCtrQX1ccWkqhvpzAb9I7If03GUGu u1/gq8jDztL8x0ihPgmy2h/8nPFuYkgot/Rl33pYbs6kX0LnX/UuDlyHUJSt3g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725028680; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RHpsFsFbiVd7u00NDRJvTQ3dkkbMS7u8c/nwiULW8fc=; b=x5KZj4UBw/iCxblFukQt0c7JDYUey2I38nACjx38k5VDIX8ilGOf38R6Sun6xfEYFYEyBG puJ5YNUrOTbtntp0HWfCGsSjMS7J4CEyIlEoJll5SS6ojK75CZHW51L3PwRq6E7wQXjZod FDxLehfdWIGnm9r+eT8FkpCLZhbyIrsjGWmmGgMJjDX9KSolNYRsz4Ap0mu2SSYZtROL/O /Ue7MxCbYweymoVbHHXZDQUtejTE20rZdq05XA3S6EkEqLX77jx/CbS+FI3PNIBShntvP3 sU/YjG71AQinqzaYwz03vsVorfVR3ZJCaLsgQ8JplRCAjTo4cDML34l7EOCR5w== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WwLNS2Jv5z14QJ for ; Fri, 30 Aug 2024 14:38:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47UEc0AA023968 for ; Fri, 30 Aug 2024 14:38:00 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47UEc0sF023967 for net@FreeBSD.org; Fri, 30 Aug 2024 14:38:00 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 233683] IPv6 ND neighbor solicitation messages fail to arrive Date: Fri, 30 Aug 2024 14:37:58 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: markj@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233683 Mark Johnston changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |In Progress CC| |markj@FreeBSD.org --- Comment #23 from Mark Johnston --- Is there anything left to do for this bug? --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Aug 30 14:46:16 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WwLZ06c48z5Mhvn for ; Fri, 30 Aug 2024 14:46:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WwLZ048byz41RG for ; Fri, 30 Aug 2024 14:46:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725029176; a=rsa-sha256; cv=none; b=MUz1KKfR+LMfffdd3SRuJWZtZiDJBzWigPhk6nDEb2c204jXVl6IgiOQhqGvI4H5fhQgY5 r0/Dtf4zkMsvLYlFweruIsK3r6NMnm7dplKZ4TK+NTUOgtG3QRlnVVvF90nj9CyLKu6KW3 t3Mwj+0ZpjQb46/p82FzMWdH/+/o+MPxaCgWx+IsBd8D0A4L0Ea5iOEGCpMEr8JDf6InYz hNPkvWLisGbydXmTxc2PGNnt1H14ob90Tu6DdjD8YNCcQ/DAxYyAtFo47nVgMimP7zcuQF XaKJrXTLzSsQyvDdkxa7w3O5EDB4exnTJWOZOGIUpbsRGjPGUOd/qbvqow8eQw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725029176; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OpwU997ZjIGs6O+ayXJy6S2cnOIqiI6wxTy6ygZ1ds0=; b=cMC7wvtRuEoH/1cCb1WSKWP81X6nO2PC3hAv38+yz3ncAaWQYVZxiK+9XRKnoReIL6HA2U T6NaA4UpjlWSN6Rz4e4zZ2GoWrmQMa8kJKG41wUMHPNRK9uRRhhYY7jbU5BwKr0G+6g/Sy TMYBjxTQdmxyTL4x7M7u4ZJrIBmtQmxy7DuiMm633WbrcESREu4eGxAYX5moATfLel9rr1 G0K57+lXIhrjTEVaf6vrIHuTII6yBfu6g1xrDXFbZRHUDv/HpEZbdinE+XwE+iHG4UkJkf kpPeUo5I/MlRk41/+RyH8wmsyetMI94T69h/+NMvfF3XseeDE/VDPcty8axGtA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WwLZ03mV6z14x9 for ; Fri, 30 Aug 2024 14:46:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47UEkGp8059619 for ; Fri, 30 Aug 2024 14:46:16 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47UEkGfl059618 for net@FreeBSD.org; Fri, 30 Aug 2024 14:46:16 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 233683] IPv6 ND neighbor solicitation messages fail to arrive Date: Fri, 30 Aug 2024 14:46:16 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233683 --- Comment #24 from Kristof Provost --- (In reply to Mark Johnston from comment #23) Not as far as I know. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Aug 30 21:12:30 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WwW7g2YVRz5MTdX for ; Fri, 30 Aug 2024 21:12:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WwW7g1Pbzz4hdM for ; Fri, 30 Aug 2024 21:12:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725052351; a=rsa-sha256; cv=none; b=doRnTu3mVl7sq5Dq0SYTKqpkyo44Owk309QuCmto0a7CfyuNKxwmmtQJk9/u/7e1fHLxdf KyDgKkZShoV61dxKj4ctNMPwYHf7lBtTcpGgfKSQZF64F7fS8bDIXfj2Dc3covztGA2lTo 34B/6EFSB4yfJWEkcDw7tDbnpguTTIMIm0mJhLKI+IZaTvLRrw8F/dkBz1s5hZ9YM2vivO lVhp5mavQ+MLOuE8+s083trIfxnN1FidOWcjP2iJYbm7aSkhGzVFNAqAhAoNeLK4JRiXYY YeRaQnMjb210gt8brRnujovDHweYUC2+m3Fc/Fs77GnQNmaXozaDo3GEUJVpyQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725052351; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jOCDpKvzcDg/TKU1nQxDSlOPXjVdl9qeiDM1tZMLuaE=; b=J03Hj/LlmO456O2d7AseLx2nCgkLkhZGyZNWZIw9UPOYIfQgOtlS7JO+s1BQw6Ds8jNeSj LUFeF+/scb6WJjVIrmneZUGFT/Qv+3REuTO+Vp9DN0o3RNTPoO3PM7mPehYG3KSF+ngjds kbUd4vAf1P/LMfdVf5vCLgf71FW87pqn1qle8LikP4oVUe51g7yS3RbAaH03NwGTwBPoMF sgEOdUSeGkNSaCoX/m1EXrSU0lfjoBfl7MU8Fm+5gmbeKs5nF6eIbEy4Xrei73LNgAHHWV hXREX3Uo6JeizCTgCU3Fe0Db0pNZI/4eY5la9tQg5Lnn1HmFkkpjc84IHj0FDw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WwW7g11LqzGh2 for ; Fri, 30 Aug 2024 21:12:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47ULCVZN013778 for ; Fri, 30 Aug 2024 21:12:31 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47ULCV8j013777 for net@FreeBSD.org; Fri, 30 Aug 2024 21:12:31 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 276838] ovpn(4) - problems with large TCP segments over IPv6 tunnel when DCO module is used at both ends Date: Fri, 30 Aug 2024 21:12:30 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.0-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: zarychtam@plan-b.pwste.edu.pl X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: see_also Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276838 Marek Zarychta changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.freebsd.org/bu | |gzilla/show_bug.cgi?id=3D2= 800 | |36 --- Comment #6 from Marek Zarychta --- In bug 280036 the reporter complains about apparent data corruption which I= can easily reproduce.=20 Clearly, the FreeBSD implementation of OpenVPN --mssfix is broken in case ovpn(4) is deployed at both ends. Setting "tun-mtu 1400" on the OpenVPN ser= ver works as a workaround. --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From nobody Fri Aug 30 21:14:45 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WwWBH4nHZz5MV56 for ; Fri, 30 Aug 2024 21:14:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WwWBH3SDyz4jHV for ; Fri, 30 Aug 2024 21:14:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725052487; a=rsa-sha256; cv=none; b=uYII4B6qjQqnA/jFYhZgaxP+Gx0ZxrzxsM4Gj3McdXsa5aMNdey0mkKsCEBDU2BSSfjUqG CMqt6mDpQLkoQHsVRsH4dX1zLsSAxdjyZoTxIO2+cFVonvXb1x0fuMM+hDIjbJ7NWYgE9Q xO+ws3BG4IE3m9pWS2a1XE19OGUASxocWqZavRoyBVBcJ8JCBGcfWLlmGKBxjdI3lYaHfX IpReCrnNgrrREKWrbCE4BaIeHTEVD5bXnuQnc5LM3l0dyyCC9nwX9t/7Pqp8hTts0HdffU 6qAdheq5OQhTCf7FmsGm5UpYW2M5qZ1chvAdC/UoelbCVyAGAC3o7Lzx6jFMcg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725052487; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=W9AOHp2ByjayeQJexogBFcBTb+EXNyfYgumdPI9uQR0=; b=k4EjN1Ba0ZEOiY+F+Ugz3wEfJ4W61/yDw6oBU0GEN4pOawWRDqsdP97iILVvL7IxrD2waa hZ/2uCGpyQ4ERHVkj7SRFP1juRqP6AWcGqGeoj09bmiHR4joszFj1xWhLVGmEk8J2xr5g1 115PYkYAP4YFWTcIRCOZdKi0lXvrW2bjKjcKtpNp8PxS/tbUTz47x/Gsa5rQ7ixt7Gn8ol yipv0gH9SvABOkExDKyNgUGZf4zHXvlGGjpUCBrMLdZaYu8QooAtdI2Fk9Avt6hsUwndAl mgmd5c/1r/ckmZCwOJ9/caTgesH9Yn165RG5K+bWLBdrHJ8xK4G+DcHCHOW7xA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WwWBH3024zGh9 for ; Fri, 30 Aug 2024 21:14:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47ULElkS021471 for ; Fri, 30 Aug 2024 21:14:47 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47ULElT8021469 for net@FreeBSD.org; Fri, 30 Aug 2024 21:14:47 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280036] Data corruption over if_ovpn (OpenVPN DCO) observed Date: Fri, 30 Aug 2024 21:14:45 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: zarychtam@plan-b.pwste.edu.pl X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280036 Marek Zarychta changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zarychtam@plan-b.pwste.edu. | |pl --- Comment #5 from Marek Zarychta --- Setting "tun-mtu 1400" on the OpenVPN access server should work as a workaround. Please see bug 276838 for more details. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Aug 30 21:19:38 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WwWHv340Qz5MVHH for ; Fri, 30 Aug 2024 21:19:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WwWHv223Bz4jyB for ; Fri, 30 Aug 2024 21:19:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725052779; a=rsa-sha256; cv=none; b=hWDs7JiYzoLFLmkjIeNSYueAfa+KgmNhxRJ6XUALtzAbGi7nn5ispG9xxmwr8/a68Yfr3m OSC26MocQwcVl3XAjkB5jf+gsVj3gVBaIYo1qwazO997nkVSc+fu6Qr1yprgAWi++5IUpq CRSNuDdEk5v4fBnP1k7vBhS2vAQ9Cbzs4bSkG9vK5p5UrJa0I4089NliP7kb9hf0FQ0fWh da8HUech6q1IgsYqNijcbcUULKwkDgsqlID9ibED+E8356bQ8GPpsywKKSebAn+1xcdhz7 KjXjnfxpFBB5ks8K+tx9S1bGQIXhbGzeBr/aoIXsVR7T2eCCsYt21jCXQcytqQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725052779; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=I6uNuq9QOG01wUwJ/CDjUpR7C5moUxg1WMYmky84j2g=; b=u52C+yr4XFiea/d1jStnExsOmcXzstr2VbIaEH/OWvw44hoXBECKLpFtLqBNROa6nEk3ev WjCWtmAUB3F5jgcsepRdMlwuzj+VbySv58u1Fo6KT4vd1hIN/gjWnfw97PZyAyVhpHXEGF qN/Gr3UtifEdz3nu/r77oQqN1tXFDpo1lyKKOnKq3Avma7DUwQMrWNo4HX+kt/+TNyEqAo YTlZ/HUciyUuR0l5sCRFIDJNMFwRVAMQn54azcsQUUyjLhWneSyk78ajadqjRpqfztHNRq bko+nF/TP+8YgAUGpPiZWTatwTmLiz6smvukFIDJLnnA+bOyAhm5kskyZ4jq5Q== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WwWHv1f8VzGhC for ; Fri, 30 Aug 2024 21:19:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47ULJdZ8038351 for ; Fri, 30 Aug 2024 21:19:39 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47ULJdJn038350 for net@FreeBSD.org; Fri, 30 Aug 2024 21:19:39 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280036] Data corruption over if_ovpn (OpenVPN DCO) observed Date: Fri, 30 Aug 2024 21:19:38 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: zarychtam@plan-b.pwste.edu.pl X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280036 --- Comment #6 from Marek Zarychta --- FWIW: there is another mild flaw with the FreeBSD implementation of DCO: the ovpn(4) module doesn't support "multihome" option (more details in bug 2736= 64). --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Aug 30 21:41:59 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WwWnh01RPz5MXH6 for ; Fri, 30 Aug 2024 21:42:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WwWng3Tdjz4ltZ for ; Fri, 30 Aug 2024 21:41:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725054119; a=rsa-sha256; cv=none; b=My3/eUjDWsC4kyxh+ahmJnEV3NAUfsfhzflZT0Sz/cBJYZjVZPCjoomc8xxH9YomczxDzu QWC4TQhu04MDGhFwSpZCsfeW3WBwRj+6ghccym09ZSc4uUlY3QDi4rbbZd7LYN+kPzadgf xB0BqtRkjdpJTB8wlF4hJEXncTllv1CA1we3oJYMOGcMX6MqVLvPFOeSPpvRGuZOiJdz6d FAd538w3hUL6CbUyN1r0/DBD1HK9Q79tDaN4FvEur62D9IPv2SS8qgGM56BwOitqfRa20k 95bbwiYVwF4NixBbZ8YjcG/QMP2NmKscnGXEL7bziWsHirVsXEVbyF4EabEJLQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725054119; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vq5K8F4Mgxjuc+X8/w12Q+4jBS2bLUZVutrFYeGmCjQ=; b=r86r+vm8TP9+IQ4E8Hxg7YCEaIfryRUk/PM6mvZR8Hi0LNcjeXqAH0icbkba7IqjUVOta8 Keg8a1yWRUkLzMubw7MFXkBm/vrf2zf2+8ym12+2pEG5WhQLTogOOZPOaVWLFXo7aLpbwi l0FvLVFdXlrL2+X7lr5JYVqL/zzgymf6qk4csDoPSro23GotKLh9eyHA1pkWxqSDps7Heg fi9CG0pGA6iP7luqYU0jea+Y4qTFgy4PVTZ25ApUtEA/+2sdSP3D7ZmdWrNcBPbA95fZzH ytze7C3vKhOKbbjYhllgFd4cMojZHCyGBX4Qc/by4L96vcnbigrx0796PKmG3Q== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WwWng350PzHKf for ; Fri, 30 Aug 2024 21:41:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47ULfxKl042769 for ; Fri, 30 Aug 2024 21:41:59 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47ULfxtK042768 for net@FreeBSD.org; Fri, 30 Aug 2024 21:41:59 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 276838] ovpn(4) - problems with large TCP segments over IPv6 tunnel when DCO module is used at both ends Date: Fri, 30 Aug 2024 21:41:59 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.0-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: zarychtam@plan-b.pwste.edu.pl X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: see_also Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276838 Marek Zarychta changed: What |Removed |Added ---------------------------------------------------------------------------- See Also|https://bugs.freebsd.org/bu | |gzilla/show_bug.cgi?id=3D2800 | |36 | --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From nobody Fri Aug 30 22:00:13 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WwXBm42kSz5MYHX for ; Fri, 30 Aug 2024 22:00:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WwXBm30d2z4nf7 for ; Fri, 30 Aug 2024 22:00:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725055216; a=rsa-sha256; cv=none; b=YGey/x5U5Kw8+ZSjw1WncHZXQX90x/onqiqIorLVUUiDyjp94Daqq+8/XwwBkZ6B4RWCPk NGUbFMh4dZ3dGlw8h/pnj6498lBynBSkXxQN3EHbExlpDynGKoa+wST592t5Tg2RnmApsi dBjLhNQDlBBn0QWjCOjL0/H5e01zg373A60tXrBnqX5TiAd+p+r4zGsbPLVL8b/x76HtaM cMX1n/MTgLLNymhxc6lSRfWkkdwAqjhiMK3f8zV2MnlwnRh+Ax3cElVPRWJr/3AUkiANFy BQE8H6zFOpaaIKF6t+Pq29aSbYHqnlcn47Pv9/4Qb8UvHEAonnmXWu+1nR5hrQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725055216; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=q94HNFTanXXvXCP7lZdmEkKEjFU08jFEAuEz/lV13Wk=; b=W2Soxm9qGx1nprN1Zf30ISqYZz8MqtxgqF69L76AydEbd+aO+I6m1eJ65fqMaFSJjHBN2Y LOcHqKZlUvTC/zLeUbLDkTWdeqVbNA0e5VZQ59+pPYjpY2k4JDnl6cKlehSYAP49Jk+5tG KOmZaZJKEBvNEQi222xMimDRxMqJmlOOL3O3CHgJxrAOaKq/kfW6AQarg12oyTxHKYJ3VW I+0EyjlIVFU46fH4nKn14zlIoScPN3UPJ9QPGTCc/oMTKRI4c16yFTJ+ziMZNElvtYZ2Ph 2KCpGa/VWz5C29cESONgZHxBoW73DHhF4ucDlgeUTFrgAZmdUTaFJ4ochQ5TWg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WwXBm2WN2zHg2 for ; Fri, 30 Aug 2024 22:00:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47UM0GZU017010 for ; Fri, 30 Aug 2024 22:00:16 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47UM0Glk016999 for net@FreeBSD.org; Fri, 30 Aug 2024 22:00:16 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280036] Data corruption over if_ovpn (OpenVPN DCO) observed Date: Fri, 30 Aug 2024 22:00:13 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: zarychtam@plan-b.pwste.edu.pl X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280036 --- Comment #7 from Marek Zarychta --- Please let me apologise since I hastily connected this bug with another in comment #5 misleading the audience. These bugs seem to be unrelated to each other. To not hijack this PR but to give more insight into the problem let me add = some details: The bug described here is reproducible, but to narrow the scope I observed = that only data sent directly from OpenVPN DCO accelerated FreeBSD-driven access server to the FreeBSD client was corrupted. The corruption doesn't affect network packets transferred (routed) via OpenVPN DCO accelerated FreeBSD ac= cess server. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Aug 30 22:15:00 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WwXWq0glQz5MZbl for ; Fri, 30 Aug 2024 22:15:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WwXWp3YKMz4r9p for ; Fri, 30 Aug 2024 22:15:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725056102; a=rsa-sha256; cv=none; b=oUZwzXrM//ioPsPPiY/p0wH2Pjuf3HuTsNyQqxyOmgUoT3Hp5RDo7eZCo0yW7wEkSAOIHz sYd85S3TlnsF14vhQVvRRY51RycqtqdWI7GYHHDIA6BVEhXDoTDuylIHuPMmDaxNlttQzA Z9gB8wZjYPU1LiM1lZ61G64ouRiHCn8m4N6WTVMCe/wsFWisEOTrDHj1BLq40FxypuH7Oe gPBEuHH010kGf6NBA+7v8wH4i3o/ki152OWv9HkqXiMHeDNXrSg3rDSf1DVLOjXT0axAZY WqAkc+NrjxMAQWjFpIb9eHxOOYc9fqoSJkgEoJppnZtD5aj2M3rUuXoYcJnpSg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725056102; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5ZZwtKmsUjiZI8NBfhtqQnoKA2x1g4/oLv1Lg3UmMHQ=; b=Sm4nKuazmHwYKoBzO+443yI9k7M6aG3A7nGWiGAtAERkBOPYqjkWWdq4FCCjWmMpnRHhQ/ rfZMuAhW2Kr2s7GJfvtiYi9XKB7Cbr666s0kaBcY+mIASqfe18USok5sw/BlBOLx4ultyB JJq7T+Rh+zghvIRX34mj2FuenKvYViegxMYK29BnA6CUxe/AN/qwBR2by4MV8bO6pAMLcJ aYdtJweqv8/K5Ywc5IB3aPKHrRB3fJpoUEU1HOAQZ/Ra3pnOTApKMA0mAdBNRhXfXEGanx +EWMLbV1urqPkn0adkGICLDgguk/pcoy9flCVwlBYQKKoQswWAqfKUxAKHjEhA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WwXWp33bbzJgH for ; Fri, 30 Aug 2024 22:15:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47UMF2X2091096 for ; Fri, 30 Aug 2024 22:15:02 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47UMF2t9091095 for net@FreeBSD.org; Fri, 30 Aug 2024 22:15:02 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 276838] ovpn(4) - problems with large TCP segments over IPv6 tunnel when DCO module is used at both ends Date: Fri, 30 Aug 2024 22:15:00 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.0-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: zarychtam@plan-b.pwste.edu.pl X-Bugzilla-Status: Closed X-Bugzilla-Resolution: Not A Bug X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276838 Marek Zarychta changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Closed Resolution|--- |Not A Bug --- Comment #7 from Marek Zarychta --- I was wrong in comment #6 connecting two bugs, and since, presumably, what = was reported here wasn't a bug, but the issue with IPv6 fragmented packets, per= haps it's the right time to close this PR. --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From nobody Sat Aug 31 04:52:28 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WwjLN2mNPz5TZfS for ; Sat, 31 Aug 2024 04:52:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WwjLM6ZNhz4TqH for ; Sat, 31 Aug 2024 04:52:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725079947; a=rsa-sha256; cv=none; b=J5VEICdR8HgeQh0uQjDl5CAdcMLZartiU3xJatZth3kcVmQEXKJ8Spj5LAKg6rgAHlA33n BDRbClQ8iXpDSOHhxlw2rxETy5teIrB/yu3nb95Nnw4jxC2jj4kaWbzyl1Mzv7kGDcW0/M 6IZIVn2kZPXp211urpiyp7r3phKSa6XdDhVFVPGfs+LmUHCxCa9OD7QxfW8uvGzA+okMwa ZX0vd1D5jRanA3wzudeSv3GAwpeXMs5gycGRpp2EuabBYODlS+fonM8Qa+YmHa/KhABxWq vADpsxKhLIiT8IhEJJ27WC0ANfwLc/jJYhEERwCyd7mczGGZrFNy2oaLu5GT3g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725079947; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jKRwGJWQqjVx6obJ6feiXW62Dwtg4pYCmZ8X2luWdIo=; b=RIhDrV/t8VWQd3Db/IoFmGGN72lqWFa5tLO/y08IRc2uqqwP7QXvrWsyPlRZYgyi/eV4xu cKCgiqyR4xH+H3ZnnjHnl9exgBW1pcYQP31QtKWhIfYY0pSgUvZkmelfkUHr5JcI6ebmWG 4i5HYiIl1wiSUyaDDqn7r14NYeIRthwDsAXaw/8ZVx9lFZbcQBtJSD8i8WDWHfJN/Rbjqt F4wQ4Ae2jUhSEh1NTmVvgRbil2Jfzp+cVPjrSsE6fec84MusHsmDyjo36nmxzu2N+3HAwj 5DJDO9IuKpIJQgPFi79PhDS/eZw4/usll9agG1OZ6kdwi8KepZOSiG7/VLEWLA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WwjLM5v0CzXF5 for ; Sat, 31 Aug 2024 04:52:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47V4qRlF038578 for ; Sat, 31 Aug 2024 04:52:27 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47V4qRmR038576 for net@FreeBSD.org; Sat, 31 Aug 2024 04:52:27 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280036] Data corruption over if_ovpn (OpenVPN DCO) observed Date: Sat, 31 Aug 2024 04:52:28 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: 3226388001@jcom.home.ne.jp X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280036 --- Comment #8 from ss3bsd <3226388001@jcom.home.ne.jp> --- (In reply to Zhenlei Huang from comment #4) I guess the file is entirely corrupted. --- # md5sum randomfile* 4d1b051f8bdea93ddca5d8831a0a829c randomfile 4d1b051f8bdea93ddca5d8831a0a829c randomfile.returned1 dd8e4c1a9839976c9e812456ecf71b3a randomfile.returned2 de2d31f956a53a0a86e64058886eb1e9 randomfile.returned3 9432cd3c1ec5540e5251f657e18b93a8 randomfile.returned4 # hexdump -x randomfile > randomfile.hex # hexdump -x randomfile.returned2 > randomfile.returned2.hex # head randomfile.hex 0000000 0595 a291 c861 c7ee c67a 59ab 73ca 66e3 0000010 29ca 9d14 d874 fe71 2fe2 76ae 93b0 cb1a 0000020 df5b a72f 2256 1e88 337d d9a8 4a12 0923 0000030 5a72 56f6 64f8 647a 7a2c a33b 5f0b 87ec 0000040 e86e fe3e 62a3 e1f4 992a 3fc1 7535 c273 0000050 40f1 ce42 6895 cf20 e272 74b5 485a 8f9b 0000060 584e 3431 78bd f48c efd4 cfc8 cd19 8ca7 0000070 cf09 78b2 a189 3d08 4c4e 3acb 057d 3a20 0000080 06d9 2c22 a667 8b38 0aaa 7176 c86f 71b3 0000090 9dd8 6128 4a08 2475 674d f801 daf7 4fe9 # head randomfile.returned2.hex 0000000 9ae9 866b 3498 82ee aef9 abeb af8a 6ae4 0000010 ce04 3671 301d af4e fab0 f01d 890a a143 0000020 8635 7c19 982f 0dcf 34e3 c09e 9992 54ad 0000030 1a97 2a3b 78c4 b3a9 3230 3a67 3649 5f97 0000040 5944 7980 adde 5f02 1e35 73f0 4b7d 32ee 0000050 bd6d 514a 4065 9817 fe0d 6d74 7736 626e 0000060 ef27 d331 7f8b 2ebb 5568 9b92 7264 7846 0000070 606a 0132 d1c9 1a3e 230e 4061 3897 c873 0000080 78ea e2f7 6f54 38c2 ceb9 413d 557f 20ea 0000090 3ac1 3367 7f3b 01bf fc96 75bb 549a 5b3e # diff randomfile.hex randomfile.returned2.hex > randomfile.hex.diff # wc *.hex* 262145 2359297 18874376 randomfile.hex 524290 5242882 38797334 randomfile.hex.diff 262145 2359297 18874376 randomfile.returned2.hex 1048580 9961476 76546086 total --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Aug 31 05:19:29 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WwjxZ2Pgkz5TcYw for ; Sat, 31 Aug 2024 05:19:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WwjxY4xCFz4XCk for ; Sat, 31 Aug 2024 05:19:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725081569; a=rsa-sha256; cv=none; b=rfpuWuiqO8CbW/973u0XY9kA7xmGf2NaF/J6kjui+QOdZTOXoEDJIaKgRd5rscTE5Djna+ HsJ4YFNInU858oT5jrE/g0QUuSVQw/QfeJtCNDSMC2Zbp0B1R8oMmpANfZZOoFiZ9ga0OD u8JfFcfMw+POAFIBwRq8XCaqheDRFV+X2ieSDTgT1wXKLSvRf7WYaYpIp8pTtrOXpm8v/w 06LQ2YmqavuZ13eMeSiBg2fvs58ak8hAj5BTPiTCzrL0In9GAPyW7XWyubTmg4yIVpOb+c gMSsWjgYcJFbIWz3z4r4WJjmX4ZQS3PaXHw7t+LmF/rVvx3in9QrfULjuocQnw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725081569; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YaOH6WicXJqBSzDy/e7GtHI3SIdK1nQLgwRaM9roUw8=; b=shInWEBj9Wk2IGTlKFdGlRtcKRmu/2YZT+4DFtfVLomUN58g7QQKdTEeRYh8RFFqRTNcol CSb3kBYAvIpo1UvtQflTleodkD/ItutLedTEDfrG9WKWox8RCpJ2cy+YP0SuDckdJGkvuj dMRSleo2Lse+atqGcUdWa2qDq145SIt80O190WMJ0Xbs0foFrppbNiQAGUhR2WN3ARxs9D gRvlYM7XVAU6LvbRmbuKCHNUDLpEwx1xV0DpmOBBdKYmvQbBfmyVryfcpHri94+4tvD3pS nkbgVekm/VR5JC63VREImTusb2bC2+srWlIFraznRiAJzlfaaj98C/rYpqBA1w== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WwjxY47pBzXvx for ; Sat, 31 Aug 2024 05:19:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47V5JTdK061648 for ; Sat, 31 Aug 2024 05:19:29 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47V5JTkS061637 for net@FreeBSD.org; Sat, 31 Aug 2024 05:19:29 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280036] Data corruption over if_ovpn (OpenVPN DCO) observed Date: Sat, 31 Aug 2024 05:19:29 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: 3226388001@jcom.home.ne.jp X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280036 --- Comment #9 from ss3bsd <3226388001@jcom.home.ne.jp> --- (In reply to Marek Zarychta from comment #7) Hi. I had checked your PR before reporting this issue. Reducing MTU did not solve this, so I agree that your PR and mine are separ= ate issues. Thanks. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Aug 31 07:37:30 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wwn1H6X3Rz5Tn5w for ; Sat, 31 Aug 2024 07:37:55 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from fout5-smtp.messagingengine.com (fout5-smtp.messagingengine.com [103.168.172.148]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wwn1G3NMqz4l4C; Sat, 31 Aug 2024 07:37:54 +0000 (UTC) (envelope-from dch@skunkwerks.at) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=skunkwerks.at header.s=fm2 header.b=gFNeDTJP; dkim=pass header.d=messagingengine.com header.s=fm1 header.b="O uXlhwK"; dmarc=pass (policy=none) header.from=skunkwerks.at; spf=pass (mx1.freebsd.org: domain of dch@skunkwerks.at designates 103.168.172.148 as permitted sender) smtp.mailfrom=dch@skunkwerks.at Received: from phl-compute-04.internal (phl-compute-04.nyi.internal [10.202.2.44]) by mailfout.nyi.internal (Postfix) with ESMTP id CD4E213805F6; Sat, 31 Aug 2024 03:37:52 -0400 (EDT) Received: from phl-imap-02 ([10.202.2.81]) by phl-compute-04.internal (MEProxy); Sat, 31 Aug 2024 03:37:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:subject:subject:to:to; s=fm2; t=1725089872; x=1725176272; bh=RA3PqnpBHh8rDZl600zCIZ6FYWiz58KU YaSb91d/Ucw=; b=gFNeDTJPJLiwjs0pus4BpdpaTBzrnh16CftAqJ1CChdynJqA +r4H1snpfFXBawz5r7oU8mtjcsHkX2Q7MUmVfDkJaSPSGSc15VaSbbWxOV3fW8Ld fWJ84zEyciZf4eRRfX+u7GTXgRoJ6SpLFpzYyhSim8bc29U+MxzCfEpQ5Rjy3M1E S9Kie6JGTevcjYnSv2djp/PFXk6sJ5APiUELoDvTWb3nxT23sqsMuJEojCiiiO+u SamkdyYKqa9d4qljCYeop83uESlmDAj2+IiO+PMDAnuok3cyZYK3b4AuAjN3tKRy ZJ3xjSaIfROPyItu84MAmtKmLPE7HI48hugMYQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1725089872; x= 1725176272; bh=RA3PqnpBHh8rDZl600zCIZ6FYWiz58KUYaSb91d/Ucw=; b=O uXlhwKiXie1HHMO+rqI9NQ3mTcRQmEDvOR2ruuFNvIinvL4TaolN58ypFfsIUSeI 91pPlQ7w0EbO04xK+LgouG36VcXz/IQSzd05BTp89RQ9jRGZfK98anUpIadWYhuy oLl1ESRjWGatX4J8Ek6zItQuW1093+KzyH6ik54gF8sv0o4GjESBvXTBTFMcC8xt tr+Zwe2d1YHonJLMJJjpXK405mw1JNiXhFDrEk31txzmtnPUgWpzfLflVBjc3CPd GtIn1urKLrCwelGFwX/rG14/1utEf1JzslXfDJecEYlfVoR3fcKT5f1NndO7bpIk dXBoZ2Xlrx2duCX95Xf/Q== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrudefjedguddvudcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivg hnthhsucdlqddutddtmdenucfjughrpefoggffhffvvefkjghfufgtgfesthejredtredt tdenucfhrhhomhepfdffrghvvgcuvehothhtlhgvhhhusggvrhdfuceouggthhesshhkuh hnkhifvghrkhhsrdgrtheqnecuggftrfgrthhtvghrnhepueeulefhueekueefveefvedt ueekkedvgefgvddufffgfeeijefhudefteeuheelnecuffhomhgrihhnpehsuhhgghgvsh htihhonhhsrdhnvghtpdhhrghprhhogiihrdhorhhgpdhgihhthhhusgdrtghomhdpfhhr vggvsghsugdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih hlfhhrohhmpegutghhsehskhhunhhkfigvrhhkshdrrghtpdhnsggprhgtphhtthhopedv pdhmohguvgepshhmthhpohhuthdprhgtphhtthhopehfrhgvvggsshguqdhnvghtsehfrh gvvggsshgurdhorhhgpdhrtghpthhtohepmhgrrhhkjhesfhhrvggvsghsugdrohhrgh X-ME-Proxy: Feedback-ID: ic0e84090:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 6AE60B00066; Sat, 31 Aug 2024 03:37:52 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Date: Sat, 31 Aug 2024 07:37:30 +0000 From: "Dave Cottlehuber" To: "Mark Johnston" Cc: freebsd-net Message-Id: In-Reply-To: References: Subject: Re: SO_SPLICE implementation Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.26 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.97)[-0.965]; DMARC_POLICY_ALLOW(-0.50)[skunkwerks.at,none]; RWL_MAILSPIKE_VERYGOOD(-0.20)[103.168.172.148:from]; R_DKIM_ALLOW(-0.20)[skunkwerks.at:s=fm2,messagingengine.com:s=fm1]; R_SPF_ALLOW(-0.20)[+ip4:103.168.172.128/27]; RCVD_IN_DNSWL_LOW(-0.10)[103.168.172.148:from]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; FREEFALL_USER(0.00)[dch]; ASN(0.00)[asn:209242, ipnet:103.168.172.0/24, country:US]; DWL_DNSWL_NONE(0.00)[messagingengine.com:dkim]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; MLMMJ_DEST(0.00)[freebsd-net@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[skunkwerks.at:+,messagingengine.com:+] X-Rspamd-Queue-Id: 4Wwn1G3NMqz4l4C On Thu, 29 Aug 2024, at 21:43, Mark Johnston wrote: > Hello, > > Drew Gallatin and I have been working on an implementation of SO_SPLICE, > an interface which allows TCP connections to be spliced together. This > is intended for use in proxy applications to reduce the overhead of > copying data between connections. Awesome! > At the moment the interface isn't widely used, though I'll make sure > that net/relayd can take advantage of it (which it already does on > OpenBSD). If there are existing applications that might take advantage > of it, especially in the FreeBSD base system, I'd be interested to hear > suggestions. net/haproxy would be another good one. Currently it's enabled by option https://docs.haproxy.org/3.0/configuration.html#4.2-option splice-auto and AFAICT requires https://github.com/haproxy/haproxy/blob/master/Makefile#L30 preset in https://github.com/haproxy/haproxy/blob/master/Makefile#L416 > The code review is here if anyone's interested in looking at the > implementation: https://reviews.freebsd.org/D46411 A+ Dave From nobody Sun Sep 1 15:06:33 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WxZwW44Ktz5MQrg for ; Sun, 01 Sep 2024 15:06:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WxZwW2y4zz4ZXs for ; Sun, 1 Sep 2024 15:06:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725203195; a=rsa-sha256; cv=none; b=WYQRXDUjMyW38keve5fOsh27w+7AcfnPsNEyxhiECWm+ibeJP784l+uQt71D05/f6qhjCc V5kNtn1+A+RCksYgw5nNR/eqMrDgHgqmK7stpSPFZJvz4uuqXT/hOVH0vhhjFWy78qcXSb wK8og0Ys70QpvVB7TCfpwrRwbk/Llw1/lwwv3/WaFLXGKML49dfuwNRyX9e6tlGPGUSDfr V9hOKgYWzgGPi4f8T9hplAgtSEVlJKfqPVk34QgUOaFo396rJub0ETWUC6DczYSRwAbVcH jXFFG9Hasu4icm+WDZGoQ7zk7tgIecA/bw6HNRY4dgRtz6TQAWjW4An1mheesg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725203195; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=teice7cBWufYO7TCvneZhs6RppK4Bfg/3fTbICUYxgU=; b=XUw77vJ5JFTtui8czHOGmybOQT6gXlfYvxuFP641neBuFViH6gQChchm+oMwjO3nWQywLC Lz4J0zzXTWXDcaleV6s87rUsfzUDj4KXj8sp/Qz4gAww+2vqCOqRl0kW95XswNL8X+CWGi KrcVpMrL1hBg7q/MKpmFBg1T0z5FZbZbw76rUURymtdUvPKvJO7rQoDGJehGAUtXAUQneE YVg6eo6QTDhcWtOjTtvYr4tcz8/NFTyrKAa19/1lbXlMxu84YUAjjP5ECdGaGgfsa0kj/7 YJZ1MBquAse3awPXA+ntTwIVC3Op0A1LYMcdvEiGsRf8rg3NYq61twU3x3sYhQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WxZwW2VQxzZ62 for ; Sun, 1 Sep 2024 15:06:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 481F6Zx4076970 for ; Sun, 1 Sep 2024 15:06:35 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 481F6Zjq076965 for net@FreeBSD.org; Sun, 1 Sep 2024 15:06:35 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Sun, 01 Sep 2024 15:06:33 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #62 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D5ab1e5f7e5585558a73b723f07528977a= 82cee82 commit 5ab1e5f7e5585558a73b723f07528977a82cee82 Author: Kristof Provost AuthorDate: 2024-08-26 12:59:38 +0000 Commit: Kristof Provost CommitDate: 2024-09-01 15:05:28 +0000 pf: improve the ICMPv6 direction check Following bluhm's advice this changes the way we setup state keys and perform state lookups for ICMPv6 Neighbor Discovery packets: - replace the NS-dst with ND target address; - replace the NA-src with ND target address; - replace the NA-dst with unspecified address if it is a multicast. This allows pf to match Address Resolution, Neighbor Unreachability Detection and Duplicate Address Detection packets to the corresponding states without the need to create new ones or match unrelated ones. As a side effect we're doing now one state table lookup for ND packets instead of two. Fixes a bug uncovered by one of the previous commits that virtually breaks IPv6 connectivity after few minutes of use. ok stsp henning, with and ok bluhm PR: 280701 MFC after: 1 week Obtained from: OpenBSD, mikeb , 2633ae8c4c8a Sponsored by: Rubicon Communications, LLC ("Netgate") sys/net/pfvar.h | 4 +- sys/netpfil/pf/pf.c | 116 ++++++++++++++++++++++++++++++++++-----------= ---- sys/netpfil/pf/pf_lb.c | 2 +- 3 files changed, 85 insertions(+), 37 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sun Sep 1 21:01:20 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wxknr6L0Zz5PS1R for ; Sun, 01 Sep 2024 21:01:20 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wxknr3pycz49ws for ; Sun, 1 Sep 2024 21:01:20 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725224480; a=rsa-sha256; cv=none; b=OpDoliIsqKhkQP6dGiTNVTaxNdRRvLZb/tkQX4su41PkX/RX5KjQXYhtCBZe7JlzunST6T rp/yKPdRhFh4EJ+URxzqqduyA0iq+2uloV6oQGo4As3tCzSl9Pj8oQb+EQEM3iuSY3O3KN QV5Ey6fM7KzDshgoS+lqQNxGGlvysBnOdB3DBAq0+OAH/Lu1DqeIB9zzm6tjH+rFKPib41 7nCllw9qZ4pI75XD+OlcswWOU38J2V8uDDk2JYSFTPXesfP3IOyt7AfMLOOpDfyBo8fbIG A1rncb1tcVf/WohYkVDOnFW7vXfBOUR+bxWtnEX6zEW4g/wlbcfUGwu5nJzINg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725224480; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WPE7jjZpXsq7IJcFTX3AqDku9FS5AnQi4xLb+xPPgSI=; b=pT0SW5SJKyo86KRA+9cLuQYYtJ0CbAkJh3EgkwJ/mCMrXfBJnWE4y4NdWhqXUJS1TIzSf6 odHSTfErY4GeIR+FXa6I+DIsUL/cD90ui81iil5Bs7kJK4BnXJWq/ggG0M3cg3Kqwnb7Yc IOwJqhAZy8CRzgWo6Gw1Nlhjk4wQSEKNa6pHkOWZCOwOGTwfNIEkMC+NQRTP4DLs8V4X/d oEVac7bFvjKOoY4BdOfb31mSXR7BEvQAjTA2hWnlNT23HAZoaMgYXP798Embbj2LScHYEf DlVReiB5hcpyx2ue8lUUVeDMEbOtqxJAZ4GenQ+kcF7T9+nwNKMAwmCzNRSNPw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wxknr35zfzkpv for ; Sun, 1 Sep 2024 21:01:20 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 481L1KAO079098 for ; Sun, 1 Sep 2024 21:01:20 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 481L1KgL079091 for net@FreeBSD.org; Sun, 1 Sep 2024 21:01:20 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <202409012101.481L1KgL079091@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: net@FreeBSD.org Subject: Problem reports for net@FreeBSD.org that need special attention Date: Sun, 1 Sep 2024 21:01:20 +0000 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="17252244800.A0f0fD2f.69655" Content-Transfer-Encoding: 7bit --17252244800.A0f0fD2f.69655 Date: Sun, 1 Sep 2024 21:01:20 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- New | 254445 | cloned_interfaces="bridge0" does not respect net. Open | 166724 | if_re(4): watchdog timeout Open | 200836 | iovctl(8): Return descriptions in the returned sc Open | 223824 | Panic in ng_base.c (netgraph) Open | 232472 | ixgbe(4): SR-IOV passthru not working on Hyper-V Open | 234073 | ixl(4): Host X710-DA2 drops connect starting bhyv Open | 241106 | tun/ppp: panic: vm_fault: fault on nofault entry Open | 245981 | bnxt(4): BCM57414 / BCM57416 not initializing: bn Open | 257038 | em(4): Panic on HTTP traffic to or from jail thro Open | 257286 | gateway with `ping -6 -e` is ignored Open | 258623 | cxgbe(4): Slow routing performance: 2 numa domain Open | 258850 | lagg(4): interface vanishes when both member inte Open | 261866 | ixgbe(4): Resets media type -> autoselect after s Open | 262024 | em(4): iflib handles bad packets incorrectly Open | 262093 | ixl(4): RX packet errors on Intel X710 after 12.2 Open | 263568 | ix(4): SR-IOV connection lost after loading VM wi In Progress | 118111 | rc: network.subr Add MAC address based interface 17 problems total for which you should take action. --17252244800.A0f0fD2f.69655 Date: Sun, 1 Sep 2024 21:01:20 +0000 MIME-Version: 1.0 Content-Type: text/html; charset="UTF-8" 
The following is a listing of current problems submitted by FreeBSD users,
which need special attention. These represent problem reports covering
all versions including experimental development code and obsolete releases.

Status      |    Bug Id | Description
------------+-----------+---------------------------------------------------
New         |    254445 | cloned_interfaces="bridge0" does not respect net.
Open        |    166724 | if_re(4): watchdog timeout
Open        |    200836 | iovctl(8): Return descriptions in the returned sc
Open        |    223824 | Panic in ng_base.c (netgraph)
Open        |    232472 | ixgbe(4): SR-IOV passthru not working on Hyper-V 
Open        |    234073 | ixl(4): Host X710-DA2 drops connect starting bhyv
Open        |    241106 | tun/ppp: panic: vm_fault: fault on nofault entry 
Open        |    245981 | bnxt(4): BCM57414 / BCM57416 not initializing: bn
Open        |    257038 | em(4): Panic on HTTP traffic to or from jail thro
Open        |    257286 | gateway with `ping -6 -e` is ignored
Open        |    258623 | cxgbe(4): Slow routing performance: 2 numa domain
Open        |    258850 | lagg(4): interface vanishes when both member inte
Open        |    261866 | ixgbe(4): Resets media type -> autoselect after s
Open        |    262024 | em(4): iflib handles bad packets incorrectly
Open        |    262093 | ixl(4): RX packet errors on Intel X710 after 12.2
Open        |    263568 | ix(4): SR-IOV connection lost after loading VM wi
In Progress |    118111 | rc: network.subr Add MAC address based interface 

17 problems total for which you should take action.
--17252244800.A0f0fD2f.69655--