FreeBSD Mail Archives

Date:      Mon, 22 Apr 2024 07:59:48 +0200
From:      Gerrit =?UTF-8?B?S8O8aG4=?= <gerrit.kuehn@aei.mpg.de>
To:        Dag-Erling =?UTF-8?B?U23DuHJncmF2?= <des@FreeBSD.org>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: possible regression handling packet fragmentation in 14.0 with tftp/pxe
Message-ID:  <20240422075948.5bb856ac@arc.aei.uni-hannover.de>
In-Reply-To: <86y1999wwe.fsf@ltc.des.dev>
References:  <20240419153951.5a23ce5f@arc.aei.uni-hannover.de> <86y1999wwe.fsf@ltc.des.dev>

index | next in thread | previous in thread | raw e-mail


[-- Attachment #1 --]
Am Fri, 19 Apr 2024 17:48:01 +0200
schrieb Dag-Erling Smørgrav <des@FreeBSD.org>:

> Since you control the routers and endpoints, I would suggest running
> tcpdump at various points to see what is the tunnel and pf are doing to
> the UDP packets.  They are presumably getting fragmented at some point,
> and hopefully reassembled somewhere else.

Yes, I can acces all tap, bridge, and ethernet interfaces along the way
(well, apart from what the pxe client actually receives, this is hidden
in its firmware).
However, I already did that last week but was not able to spot the
culprit (the packet being sent back to the pxe client machine is 1460
bytes, so it looks complete to me but is obviously not accepted on the
client's end). I'll probably have to read up more on tcpdump and
fragmentation handling first to get a better understanding of what I am
actually looking for.
Any idea what the "bad length 1460 > 1392" message on the 13.3 system
means (and why everything is still working)?

> Meanwhile you can also set the net.inet.udp.maxdgram sysctl to 1425 on
> the NFS server, as tftpd will cap the blocksize to that value.

That's an interesting hint I didn't see before. thanks. As the server is
used by a bunch of systems and the "-o" option works around the issue for
me right now, I will probably refrain from toying with the setting on the
production system and see if I can come up with a separate test setup
instead.
I am working on a new server machine that will come with a migration from
syslinux/mbr to ipxe/uefi and thus reduce the usage of tftp (it will only
be used for the first ipxe firmware/bootloader step then - bootmenu,
kernel and initramfs will be transferred over http). This might give me a
good test environment where I can try things without breaking the
production system.

As this appears to be different behaviour on 13.3 and 14.0, I had hoped
this might already be sufficient to ring a bell for someone here reading
this (like "oh, yes, there were changes in pf that cause different
handling of fragmented udp packets"). I hope I can soon dig up more
information.


cu
  Gerrit

[-- Attachment #2 --]
0�	*�H��
��0�10
	`�He0�	*�H��
���0�20��0
	*�H��
0{10	UGB10UGreater Manchester10USalford10U
Comodo CA Limited1!0UAAA Certificate Services0
040101000000Z
281231235959Z0{10	UGB10UGreater Manchester10USalford10U
Comodo CA Limited1!0UAAA Certificate Services0�"0
	*�H��
�0�
��@��n��v�MED��Fȃ��*�����]P�1���p"�I-Tc̶nhFS��L$��rN����T�
�z�3`�ډU�"X�������O�h�F�'�v���5,�^de��H����a�v P���f��xbV���1����8��'2Xo�k��+�����c_s����8��x6Q���x:���B��/��I�-߬tM��G��)����b����&{>�%��ݝ�5h �����Ä�
^�/����0��0U�
#>����)�0��0U�0U�0�0{Ut0r08�6�4�2http://crl.comodoca.com/AAACertificateServices.crl06�4�2�0http://crl.comodo.net/AAACertificateServices.crl0
	*�H��
�V�������{�D��O���X̦��Ihv���]�`֍PO&N�氥tTA�����OZ�``�J���¿Ĺt��-}k���F�/��j��4,}��Z��
����/�\:�l7U	��S@lX����en��<�Zƞ��YH0!el��!s���7�����Χ,�,��&�"�`��^tԢ�S��h�n��l�����h�V���+8:	��k�׾-�?��c��b,��jAP�9����6��n0��0�i�9rD:�"�Q��l�15�0
	*�H��
0{10	UGB10UGreater Manchester10USalford10U
Comodo CA Limited1!0UAAA Certificate Services0
190312000000Z
281231235959Z0��10	UUS10U
New Jersey10UJersey City10U
The USERTRUST Network1.0,U%USERTrust RSA Certification Authority0�"0
	*�H��
�0�
��e6���ЬW
v��'�L�P�a� M	-d	�Ή��=�������ӱ�{7(+G�9Ƽ:�_��}��cB�v�;+���o�� �	>��t����bd���j�"<����{�����Q�gFQˆT?�3�~l����Q�5��f�rg�!f�ԛx�P:���ܼ�L���5WZ����=�,��T���:M�L��\��� =�"4�~;hfD�NFS�3`���S7�sC�2�S�۪�tNi�k�`������2�̓;Qx�g��=V��i�%&k3m�nG�sC�~�f�)|2�cU��
��T0��}7��]:l5\�A�کI�؀�	�b��f�%�̈́��?�9���L�|�k�^�̸g����[��L��[���s�#;-�5Ut	I�IX�6�Q��&}M���C&пA_@�DD���W��PWT�>�tc/�Pe	�XB.CL��%GY���&FJP��޾x��g��W�c��b��_U.�\�(%9�+��L�?
R���/����0��0U#0��
#>����)�0��0USy�Z�+J�T��؛���f�0U��0U�0�0U 
00U 0CU<0:08�6�4�2http://crl.comodoca.com/AAACertificateServices.crl04+(0&0$+0�http://ocsp.comodoca.com0
	*�H��
��Q�t!=���'�3�.�����^�"o�u��r�������-�J~��or<C;�?��\��Ʈ����{C��6|����?�޸�����Cd~����}}��B+�X����fv��N�΢M�2����q�[�A�
"���͒7�;��:��E&u����?{w;���=�\9�?{
E͓��/]�YO?Q��E?�J��at#�
Ps'DG]�*k�1��jL��jxϸ�vr���ב��_�0��0�Π1p�5��$��V���I0
	*�H��
0��10	UUS10U
New Jersey10UJersey City10U
The USERTRUST Network1.0,U%USERTrust RSA Certification Authority0
200218000000Z
330501235959Z0F10	UNL10U
GEANT Vereniging10UGEANT Personal CA 40�"0
	*�H��
�0�
��J�"^'[�[52 ���1@��P��Dʯ�Ja-��b�3j-�Bʖ<�p=�h��x�n<����0d[��I��e�p^¾r���{�D$8U�ӡ};���'��Q܌�=32�0Ѭg���Gx�& �5ꄪi�7��t���b�L��d�jK�2�����@�v7�*!즃���ɽZD�3'�6�Q_�*Y�R�4�o>��D���At|ز��?u�i+���􉮺Pg��lw�i���3��PeV"����J�D���"���<�"K��ښoKv�+�1u#8���!��͋���G��1��ߛ������f"Qi>�g���%NY�.��^�r��ax�1ym�"�x�~T���i�/���
��]r���n��Y�H���ϴ�,,q5����;}�&~��Wmf*�r|������:ؖ�8��ŧjraC��3�j��f|��k���X���o�+��V)25��nE�!�u�;-/����
�%�l�>v&��L3��(���;�pog��S���`Ӹ�>/���0��0U#0�Sy�Z�+J�T��؛���f�0Ui��!X��� �
ݧQ���0U��0U�0�0U%0++08U 10/0-U 0%0#+https://sectigo.com/CPS0PUI0G0E�C�A�?http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v+j0h0?+0�3http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%+0�http://ocsp.usertrust.com0
	*�H��
�
N{
�9�o�b�������x�?G�]tC�@`�JϐD�W#������k�z9Q�Ҟ�,�=1t���3��?�S
< 7D��5(/Mn�7j�\����y|�؀�A�̵/�k>��5	���C�1C1�X�E�O�	4s��jq�#(61�Y�m��������A<�K_~4J��5Pf�7VG�l����i�/�+5��O���7�f�|P��k�������޳���D�!Uk�4��O��dye�p��@W�o[+0k/5�֬HM�{ْY6�G`�������4��3d�
��Ԧ�nV0[<�U��R��O\��^<ɵ���(�(�o��w������"��*u���5����1]�+��m�0��	��3Ă�VM�b��FNb�@ڱɛ����{���~␘�&j��Y�z�p�tYB
���-:E�j#dD��ݧ�/c�BtFԼ3=�\�]�;62h�Pj��)���l�/��T���#6��"8����$�2�x]��si�0�K0�3����&V��)�vQ�Z�0
	*�H��
0F10	UNL10U
GEANT Vereniging10UGEANT Personal CA 40
230815000000Z
260814235959Z0��10U805391G0EU
>Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V.10U	Hofgartenstraße 810
UBayern10	UDE10UGerrit Kuehn1&0$	*�H��
	gerrit.kuehn@aei.mpg.de0�"0
	*�H��
�0�
���~�D-!!�&��t/�ʍDp����~��Ο�r}V��kr�y{���{��%E]i��ZU+;�UH88>6�i�B�W�(R��?���cHh��c���{}'4V>����5��6��T~x@��e�ঊRԪo���+"k�tuK@��0&�O�I�%��m��������g�l2��b����60������~��Y���0;�cI��;�s.
~i�7R��UPQR�C�}��>�BkȻN���(Il9��������@p�bNX�^�E��l�d�~ ~¦�^�t�Q�
���ھ��V/��p��&-t�)o��,l�����~��(5�zK �9�r�%�����ǳe�G�vGs�V�+��>n�8uY�`�@�=e�N�K]Q�x��-S�~o	=�e���M��U	R5yѩv�����S�	(a������{
Q��غ`�:�m}R�O��g�tWVd���<O����%!V�
rL|��#_�g�{��g\�/�RE���c�e�+�����0��0U#0�i��!X��� �
ݧQ���0U�p�̴%���c�?�����0U��0U�00U%0++0?U 80604+�1O0%0#+https://sectigo.com/CPS0BU;0907�5�3�1http://GEANT.crl.sectigo.com/GEANTPersonalCA4.crl0x+l0j0=+0�1http://GEANT.crt.sectigo.com/GEANTPersonalCA4.crt0)+0�http://GEANT.ocsp.sectigo.com0"U0�gerrit.kuehn@aei.mpg.de0
	*�H��
�m@{�k�g�/�{��:gl
J�O[��X��[:��F9F&OFM:;_�9�Ih�uȘ��X�sJ!饈$C5U�bW8�S�F�7��hA����=e<�0���A��Lhƺ���O�����T����(]�9ˌ,�釻]�B�U��1��\F���l4m>������P��1�c��
o�/VE�l9���YF�`�x�I�Q�j�ũ���%�;����3,#Ӊ�*x��ŵ�~���R��L����E�ADUY�u�����̣Ɨ|󋴶(J��/�yz��P��%���%��LB�h4����f*�~��
����$�T���1��=]�Dnϧ��~ѱ��Z"��Y����U*�q*�`_��@�G�ֽo�
�1&X|�����c�?�V�*36�ؖ7=���j
�l�Y����.|8��$��7ZEϪY��|@9�D�6i����IF�R/�N�2�n�����"��l��ȭ����9��,RFi؄/ySݷa���-Ds� ��п�1�,0�(0[0F10	UNL10U
GEANT Vereniging10UGEANT Personal CA 4���&V��)�vQ�Z�0
	`�He���0	*�H��
	1	*�H��
0	*�H��
	1
240422055948Z0(	*�H��
	100	`�He0
*�H��
0?	*�H��
	120�J��n)����[�5�7%vnVPՑ�M�-��5����nq|]Ԅ
��M��0
	*�H��
����
d����\�[W'�R�%�f{?iz�n��W�pa5	n�tyٜն�+�x_��fG-�E\VIs�7�o�w�Td಄v��{���:i��!W\��o�G�4S�!41drT�8+�b�o(�#�w��a�ބ�i��HU����^�)A�H��TM	����u�$y�T����c�t7eF0e�m�ܑ�z�G���`^�/}X����D���Ө+��Ǿ��P\�9o��.xۜ�]�i��"y�'��	B>�!�2��uw���O��8��?O�L���5�݇���
�u]��JIa����1F���,���2H�D~fZM$�j��Q����W&�Ur0���
a���'Y��������̳g�δ��xJ�8ճ���d�a-�a���`xa��'�F�&�+̄y����!��Fp�cJ�i�[���)]Ah3����l.��b�c|�M�կ@���ң�+~G�7��	d��ܱ��H� nc���kfu
%l��$Y

help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20240422075948.5bb856ac>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation