Date: Fri, 21 Jun 2024 11:14:28 +0200 From: Gerrit =?UTF-8?B?S8O8aG4=?= <gerrit.kuehn@aei.mpg.de> To: Dag-Erling =?UTF-8?B?U23DuHJncmF2?= <des@FreeBSD.org> Cc: Matthew Grooms <mgrooms@shrew.net>, stable@freebsd.org Subject: Re: possible regression handling packet fragmentation in 14.0 with tftp/pxe Message-ID: <20240621111428.15955458@arc.aei.uni-hannover.de> In-Reply-To: <864jbq7bt4.fsf@ltc.des.dev> References: <20240419153951.5a23ce5f@arc.aei.uni-hannover.de> <86y1999wwe.fsf@ltc.des.dev> <20240422075948.5bb856ac@arc.aei.uni-hannover.de> <86o7a18ppl.fsf@ltc.des.dev> <20240423071923.52b90652@arc.aei.uni-hannover.de> <922446cd-4511-4132-8e8f-9c9144a7f9b1@shrew.net> <20240424075417.6640e97f@arc.aei.uni-hannover.de> <864jbq7bt4.fsf@ltc.des.dev>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
Am Wed, 24 Apr 2024 22:20:07 +0200
schrieb Dag-Erling Smørgrav <des@FreeBSD.org>:
Hello,
I'd like to share my experiences after updating my first router to FreeBSD
14.1:
After updating, the tftp transfers still didn't work. I tried all possible
settings of
set reassemble yes
set reassemble yes no-df
scrub in all
scrub in all fragment reassemble
scrub in all fragment reassemble no-df
Nothing worked. The only thing that did help was disabling larger packet
sizes than 512 bytes by disabling tftp option extensions on the server side
(adding the "-o" option to tftpd), but this is rather a work-around than a
proper fix, of course.
Only after re-reading the release notes of 14.0 I found that I had
completely missed another important change:
---
Layer 3 filtering on if_bridge(4) will do surprising things which aren’t
fail-safe, so net.link.bridge.pfil_member and net.link.bridge.pfil_bridge
now default to zero.
---
As my tinc setup involves bridging one of the routers physical interfaces
with the virtual tap device of the vpn, this change obviously caused pf to
keep its fingers off all filtering (I wonder a bit what kind of surprises
are meant here - I have been using this kind of setup since at least
FreeBSD 7 and cannot remember any).
Anyway, after setting both values back to the old default (1), I can
confirm that both
"scrub in all"
and
"set reassemble yes"
make the tftp transfer work again now as expected. Hooray!
As moving on to the never pf.conf settings is probably a good thing, I
wonder if the two lines are mutually exchangable, i.e., does "scrub in
all" do anything beyond what "set reassemble yes" does?
In any case, special thanks again to DES and Matthew for pointing me into
the right direction.
cu
Gerrit
> Gerrit Kühn <gerrit.kuehn@aei.mpg.de> writes:
> > Is there an easy way to find out where this commit ends up, i.e.,
> > whether it is merged into 14.0, 14.1 or so?
>
> I will make sure it gets into 14.1.
>
> DES
[-- Attachment #2 --]
0 *H
010
`He�0 *H
��0200
*H
�0{1
0 UGB10U
Greater Manchester10U
Salford10U
Comodo CA Limited1!0 U
AAA Certificate Services0
040101000000Z
281231235959Z0{1
0 UGB10U
Greater Manchester10U
Salford10U
Comodo CA Limited1!0 U
AAA Certificate Services0"0
*H
��0
�@nv
MEDFȃ* ]P1
p"I-Tc̶nhF
SL$rNT
z3`ډU"XOhF'v5,^deHav PfxbV1
8'2Xok+c_s8x6Qx:B
/I-߬tMG)b&{>%ݝ5h Ä
^/�00
U
#>)00U
0U
00{U
t0r08642http://crl.comodoca.com/AAACertificateServices.crl06420http://crl.comodo.net/AAACertificateServices.crl0
*H
��V{DO�X̦Ihv]`֍PO&N氥tTAOZ``J¿Ĺt-}kF/j4,}Z
/\:l7U S@lXen<ZƞYH0!el!s7Χ,,&"`^tԢShnlhV+8: k-?cb,j�AP96n00i9rD:"Ql150
*H
�0{1
0 UGB10U
Greater Manchester10U
Salford10U
Comodo CA Limited1!0 U
AAA Certificate Services0
190312000000Z
281231235959Z01
0 UUS10U
New Jersey10U
Jersey City1
0
U
The USERTRUST Network1.0,U%USERTrust RSA Certification Authority0"0
*H
��0
�e6ЬW
v'LPa M -d Ή=ӱ{7(+G9Ƽ:_}cBv;+o >tbdj"<{ QgFQˆT?3~lQ5frg!fԛxP:ܼL5 WZ=,T:ML\ ="4~;hfDNFS3`S7sC2S۪tNik`
2̓;Qxg=V
i%&k3mnGsC~f)|2cU
T0}7]:l5\AکI
bf%̈́?9L|k^̸g[L[s#;-�5Ut IIX6Q&}
MC&пA_@DDWP WT>tc/Pe XB.CL%GY
&FJPxgW
cb_U.\(%9+L
?
R/�00 U
#0
#>)00
U
SyZ+JT؛f0U
0U
00U
00U
�0CU
<0:08642http://crl.comodoca.com/AAACertificateServices.crl04+(0&0$+0http://ocsp.comodoca.com0
*H
��Qt!='3.^"our -J~or<C;?\Ʈ{C6|?Cd~}}B+XfvN
M2q[A
�
"
͒7;:E&u?{w;=�\9?{
E͓/]YO?QE?Jat#
Ps'DG]*k1jLjxϸvr
ב_00Π1p5$VI0
*H
�01
0 UUS10U
New Jersey10U
Jersey City1
0
U
The USERTRUST Network1.0,U%USERTrust RSA Certification Authority0
200218000000Z
330501235959Z0F1
0 UNL10U
GEANT Vereniging1
0UGEANT Personal CA 40"0
*H
��0
�J"^'[[52 1@P
DʯJa-b3j-Bʖ<p=hxn<0d[Iep^¾r{D$8Uӡ};'
Q܌=32�0ѬgGx&
5ꄪi7tbLdjK2@v7�*!즃ɽZD3'6Q_*YR4o>DAt|ز?ui+Pglwi3PeV"JD"<"KښoKv+1u#8!͋G1ߛf"Qi>
g%NY.^rax1ym"x~Ti/
]r
nY
Hϴ,,q5;}&~Wmf*r|�:ؖ8ŧjraC3jf|kXo+V)25nE!u;-/
%l>v&L3 (;pogS`Ӹ>/�00 U
#0SyZ+JT؛f0
U
i�!X
ݧQ0U
0U
0�0
U
%0++08U
10/0-U
�0%0#+https://sectigo.com/CPS0PU
I0G0ECA?http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v+j0h0?+03http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%+0http://ocsp.usertrust.com0
*H
��
N{
9�obx?G]tC@�`JϐDW#
kz9QҞ,=1t3?S
< 7D5(/Mn7j\y|A̵/k>5 C1C1XEO
4sjq#(61Ym
A<K_~4J5Pf7VG
li/+5O7f|Pk
D!Uk4Odyep@W
o[+0k/5֬HM{ْY6G`43d
ԦnV0[<URO\^<ɵ((o
w"*u
51]+m0
3ĂVMbFNb@ڱɛ{~␘&jYzptYB
-:Ej#dDݧ/cBtFԼ3=\];62hPj)l/T#6
" 8$2x]si0K03�&V)
vQZ0
*H
�0F1
0 UNL10U
GEANT Vereniging1
0UGEANT Personal CA 40
230815000000Z
260814235959Z010
U805391G0EU
>Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V.10U
Hofgartenstraße 810
UBayern1
0 UDE10U
Gerrit Kuehn1&0$ *H
gerrit.kuehn@aei.mpg.de0"0
*H
��0
�~D-!!&t/ʍDp~
Οr}Vkry{{%E]iZU+;UH88>6iBW(R?cHhc{}'4V>56T~x@eঊRԪo+"ktuK@0&OI%mgl2b60~Y0;cI��;s.
~i7RUPQRC
}>BkȻN(Il9@pbNX^El
d~ ~¦^t
Q
ھV/p&-t
)o,l~(5zK 9r%dzeGvGsV+>n8uY`@=eNK]Qx-S~o =eMU R5yѩv
S (a{
Qغ`:m}ROgtWVd<O%!V
rL|#_g{g\/REce+�00 U
#0i�!X
ݧQ0
U
p̴%c?
0U
0
U
0�0
U
%0++0?U
80604
+1O0%0#+https://sectigo.com/CPS0BU
;0907531http://GEANT.crl.sectigo.com/GEANTPersonalCA4.crl0x+l0j0=+01http://GEANT.crt.sectigo.com/GEANTPersonalCA4.crt0)+0
http://GEANT.ocsp.sectigo.com0"U
0gerrit.kuehn@aei.mpg.de0
*H
��m@{kg/{:gl
JO[X[:
F9F&OFM:;_ 9IhuȘXsJ!饈$C5UbW8SF
7
hA
=e<0
ALhƺO
T(]9 ˌ,
釻]
BU1\Fl4m>
P1c
o/VE�l9YF�`xIQjũ%;3,#Ӊ*xŵ~RLEADUYụƗ|(J/yzP%%LBh4f*~
$T
1=]Dnϧ~ѱZ"YU *q*`_@Gֽo
1&X|
c?V*36ؖ7=j
lY
.|8$7ZEϪY|@9D6i
IFR/N2n"lȭ9,RFi/ySݷa-Ds п19050[0F1
0 UNL10U
GEANT Vereniging1
0UGEANT Personal CA 4�&V)
vQZ0
`He�0 *H
1
*H
0
*H
1
240621091428Z05 *H
1(0&0
`He*0
`He0
*H
0? *H
120#Ĕc#nAȖYǦO&9-"lEDVEq0
*H
��Se1R
Itg3/.5"Ց:0}DL#
K
v:2BGoȣz-M~0ԕn>E&C1F|p7w.W
˸ZS%8Wa©"t7tp<x
davOϬ9.mw6
3sȷnǭ}մׇP]MUҧ^ׄ)%?8R~`4?{pKnIr4]+bz"
N'!YSkO=O,e)(
fwZ&lV1(9|o2f+3):o
BIo"(kkЋeY
[_>T#!TAٱ&9{
kY'.;zRP+9U"jAaǎ~GG3]}Tn)ԒhZ'!N=T+jf]hՓ)^LL
OXv~sTئlHv}������
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20240621111428.15955458>