From owner-freebsd-net@freebsd.org Mon Dec 21 15:57:08 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B100DA4E8F2 for ; Mon, 21 Dec 2015 15:57:08 +0000 (UTC) (envelope-from pradosh.datta@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 973101E87 for ; Mon, 21 Dec 2015 15:57:08 +0000 (UTC) (envelope-from pradosh.datta@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 94780A4E8F1; Mon, 21 Dec 2015 15:57:08 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7A1D3A4E8F0 for ; Mon, 21 Dec 2015 15:57:08 +0000 (UTC) (envelope-from pradosh.datta@gmail.com) Received: from mail-oi0-x234.google.com (mail-oi0-x234.google.com [IPv6:2607:f8b0:4003:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 44CFA1E86 for ; Mon, 21 Dec 2015 15:57:08 +0000 (UTC) (envelope-from pradosh.datta@gmail.com) Received: by mail-oi0-x234.google.com with SMTP id o124so93786949oia.1 for ; Mon, 21 Dec 2015 07:57:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=v3uRldngIPOz7sxAEsTM9kWIwhVFPRH/rHRnY45KjuM=; b=GhPG1ncZXWAjKt6D/GHMII/n6X/TRLFnQ4gR0AIzt0CbxrUajB9F9itoTKDB/vJe6c LUqUWqKpiGGrMCzkAEgum+3hY/BrCJLG/ZYnm/sR/+hBUYZZy1r6f4a+5vljhyCCc3ET vMo/2xxcCqHacFIl0ck4vrD5v9t2jHWwkbLVytLFtAzP9BPw21n3ZtaokQgwHecxUE9m we+7MwjTGbHNDdy/5+nC28jjH3vF6s5/coavRCKjmpxHNgtkinVilcpAGEv2qZhyjK1K eWHVxTTsKFnJF+nlSfdiGpnY1TYkwrUpzvW90O2sWq4uqCDHK7T25LsMaLI/vWsTtHlo 9rlg== MIME-Version: 1.0 X-Received: by 10.202.178.135 with SMTP id b129mr6646106oif.86.1450713427404; Mon, 21 Dec 2015 07:57:07 -0800 (PST) Received: by 10.76.177.162 with HTTP; Mon, 21 Dec 2015 07:57:07 -0800 (PST) In-Reply-To: References: Date: Mon, 21 Dec 2015 21:27:07 +0530 Message-ID: Subject: Re: Netmap with VMWare From: Pradosh Datta To: Luigi Rizzo Cc: "freebsd-net@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Dec 2015 15:57:08 -0000 Hi Luigi, Thank you for your response and the reference to the paper. After receiving your comment, for the time being, I shifted my focus to PCI-Passthrough because without modifying the host, it will not be possible to achieve line rate between guest-to-guest. With PCI-Passthrough enabled in ESXi, I am able to test with ixgbe (device: 82599) with netmap. But here again I am reaching maximum of ~5.5Gbps (with 64byte pkt, single CPU 2666.761MHz), the pkt-gen is using ~73%. I looked into another paper related to ptnetmap, but that again needs hypervisor change (and I do not want to go into that). I played with different values with 'ethtool --coalesce rx-usecs' - nothing is helping. The flow-control is also disabled. Are there any specific CONFIG(s) I need to enable/disable while compiling the linux-kernel (3.10 x86_64), or compiling the ixgbe driver (I am using 3.13.10)? Also, the sections 3.X in the paper (Speeding Up Packet I/O in Virtual Machines - Our Works) describes many ways of improvement - are those need to be taken care in case of PCI-Passthrough as well? If you are already aware of any experiment, is it possible to achieve line rate using PCI-Passthrough with netmap? Again thanks for your time and help. Best Regards, Pradosh (NB: one typo correction in my last mail, with e1000 ...throughput is _not_ close to line rate) On Fri, Dec 18, 2015 at 10:04 PM, Luigi Rizzo wrote: > On Fri, Dec 18, 2015 at 5:14 AM, Pradosh Datta > wrote: > > Hi, > > I am trying to use the netmap on vmware in CentOS guests, I am able to > use > > netmap with the e1000 driver on vmware (though the throughput is close to > > line speed). > > > > But is there any way to use the netmap with vmxnet3? Is there any patch > > available to support that? Or any suggestion on how can I achieve > > high-packet-rate between vm-to-vm using netmap? > > The vm-to-vm bottleneck is typically in the hypervisor (vmware) and the > switch (in this case it may be the linux bridge in centos). > > I am afraid just using netmap in the guest won't help you much in this > respect. > See our ANCS'13 paper > http://info.iet.unipi.it/~luigi/papers/20130903-rizzo-ancs.pdf > for what you can expect (look at the unmodified hypervisor/linux bridge > case). > > This said, you can always use netmap (in emulated mode) on any network > interface > in the guest. > > cheers > luigi > > > > > Best Regards, > > Pradosh > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > > -- > -----------------------------------------+------------------------------- > Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione > http://www.iet.unipi.it/~luigi/ . Universita` di Pisa > TEL +39-050-2217533 . via Diotisalvi 2 > Mobile +39-338-6809875 . 56122 PISA (Italy) > -----------------------------------------+------------------------------- > From owner-freebsd-net@freebsd.org Mon Dec 21 23:06:32 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BA072A4F654 for ; Mon, 21 Dec 2015 23:06:32 +0000 (UTC) (envelope-from h.rezaee@ideatech.io) Received: from mail.ideatech.io (mail.ideatech.io [104.131.120.36]) by mx1.freebsd.org (Postfix) with ESMTP id 96ED319F5 for ; Mon, 21 Dec 2015 23:06:32 +0000 (UTC) (envelope-from h.rezaee@ideatech.io) Received: from hadi-pc.my.domain (unknown [83.123.15.86]) by mail.ideatech.io (Postfix) with ESMTPSA id 177001125B2 for ; Mon, 21 Dec 2015 18:01:15 -0500 (EST) Subject: Re: problem with tcpdump/netmap To: freebsd-net@freebsd.org References: <5669D94A.6010505@ideatech.io> From: Hadi Rezaee Message-ID: <567884B6.80004@ideatech.io> Date: Tue, 22 Dec 2015 02:31:10 +0330 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <5669D94A.6010505@ideatech.io> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Dec 2015 23:06:32 -0000 Well, it seems the netmap integration with libpcap is only available for FreeBSD-11-CURRENT ? is that correct ? Thanks, On 12/10/2015 23:28, Hadi Rezaee wrote: > Hey there, > > I rebuild my box (FreeBSD 10.2R amd64) with netmap support. > Just to check if everything going well, I connected my laptop to another > machine in same ip range. > The problem is when I issue "tcpdump -i netmap:re0" command to capture > packets, I see different results but all of them will fail eventually .. > for example: > 1) the capturing will start successfully , I'll see some output on > screen and after seconds capturing will stop and the interface will lose > the IP address! > 2) the capturing will start successfully , nothing will printed on > screen ... but the interface keep the IP address along with NETMAP flag > and at the end the stat will be: > 0 packets captured > 1904 packets received by filter > 0 packets dropped by kernel > > > please note than when i use tcpdump normally (without netmap), the > capturing process just run successfully ... > > Thanks, > Hadi > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- Hadi Rezaee +98 912 1403571 IdeaTech.io From owner-freebsd-net@freebsd.org Tue Dec 22 15:09:16 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BA9E7A4F095 for ; Tue, 22 Dec 2015 15:09:16 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (bird.sbone.de [46.4.1.90]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 7BB1D1806 for ; Tue, 22 Dec 2015 15:09:15 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 6436925D37D1 for ; Tue, 22 Dec 2015 15:09:12 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id AA8E7C77033 for ; Tue, 22 Dec 2015 15:09:11 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id I43hHKOxz9tS for ; Tue, 22 Dec 2015 15:09:10 +0000 (UTC) Received: from [IPv6:fde9:577b:c1a9:4410:54b3:cc18:4b02:167e] (unknown [IPv6:fde9:577b:c1a9:4410:54b3:cc18:4b02:167e]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 2FCE7C76FFB for ; Tue, 22 Dec 2015 15:09:10 +0000 (UTC) From: "Bjoern A. Zeeb" Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: IPv6/UDP locking improvement (can you review? test?) Message-Id: Date: Tue, 22 Dec 2015 15:08:50 +0000 To: FreeBSD Net Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) X-Mailer: Apple Mail (2.2104) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Dec 2015 15:09:16 -0000 Hi, I have had a patch in review https://reviews.freebsd.org/D3721 for a = while which improves IPv6/UDP packets per second rates. It=E2=80=99s modelled after the IPv4 version done a few years back. In case anyone wants to or can review or test it, any feedback will be = welcome. I plan to commit it before the end of the year. /bz= From owner-freebsd-net@freebsd.org Tue Dec 22 17:05:14 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 62F54A4E8D3; Tue, 22 Dec 2015 17:05:14 +0000 (UTC) (envelope-from wollman@hergotha.csail.mit.edu) Received: from hergotha.csail.mit.edu (wollman-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:ccb::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 126A41770; Tue, 22 Dec 2015 17:05:13 +0000 (UTC) (envelope-from wollman@hergotha.csail.mit.edu) Received: from hergotha.csail.mit.edu (localhost [127.0.0.1]) by hergotha.csail.mit.edu (8.14.9/8.14.9) with ESMTP id tBMH57IP097108; Tue, 22 Dec 2015 12:05:07 -0500 (EST) (envelope-from wollman@hergotha.csail.mit.edu) Received: (from wollman@localhost) by hergotha.csail.mit.edu (8.14.9/8.14.4/Submit) id tBMH57h1097105; Tue, 22 Dec 2015 12:05:07 -0500 (EST) (envelope-from wollman) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <22137.33475.645324.203196@hergotha.csail.mit.edu> Date: Tue, 22 Dec 2015 12:05:07 -0500 From: Garrett Wollman To: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Subject: Have I got this VIMAGE setup correct? X-Mailer: VM 7.17 under 21.4 (patch 22) "Instant Classic" XEmacs Lucid X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (hergotha.csail.mit.edu [127.0.0.1]); Tue, 22 Dec 2015 12:05:07 -0500 (EST) X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED, HEADER_FROM_DIFFERENT_DOMAINS autolearn=disabled version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hergotha.csail.mit.edu X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Dec 2015 17:05:14 -0000 The consensus when I asked seemed to be that VIMAGE+jail was the right combination to give every container its own private loopback interface, so I tried to build that. I noticed a few things: 1) The kernel prints out a warning message at boot time that VIMAGE is "highly experimental". Should I be concerned about running this in production? 2) Stopping jails with virtual network stacks generates warnings from UMA about memory being leaked. 3) It wasn't clear (or documented anywhere that I could see) how to get the host network set up properly. Obviously I'm not going to have a vlan for every single jail, so it seemed like what most people were doing was "bridge" along with a bunch of "epair" interfaces. I ended up with the following: network_interfaces="lo0 bridge0 bce0" autobridge_interfaces="bridge0" autobridge_bridge0="bce0 epair0a epair1a" cloned_interfaces="bridge0 epair0 epair1" ifconfig_bridge0="inet [deleted] netmask 0xffffff00" ifconfig_bridge0_ipv6="inet6 [deleted] prefixlen 64 accept_rtadv" ifconfig_bce0="up" ifconfig_epair0a="up" ifconfig_epair1a="up" The net.link.bridge.inherit_mac sysctl, which is documented in bridge(4), doesn't appear to work; I haven't yet verified that I can create a /etc/start_if.bridge0 to set the MAC address manually without breaking something else. The IPv6 stack regularly prints "in6_if2idlen: unknown link type (209)" to the console, which is annoying, and IPv6 on the host doesn't entirely work -- it accepts router advertisements but then gives [ENETUNREACH] trying to actually send packets to the default gateway. (IPv6 to the jails *does* work!) In each of the jails I have to manually configure a MAC address using /etc/start_if.epairNb to ensure that it's globally unique, but then everything seems to work. Does this match up with what other people have been doing? Anything I've missed? Any patches I should pull up to make this setup more reliable before I roll it out in production? -GAWollman From owner-freebsd-net@freebsd.org Wed Dec 23 01:20:40 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D02ADA4EDAD; Wed, 23 Dec 2015 01:20:40 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 92C491A0E; Wed, 23 Dec 2015 01:20:40 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (ppp121-45-234-233.lns20.per1.internode.on.net [121.45.234.233]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id tBN1KIwN028503 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 22 Dec 2015 17:20:21 -0800 (PST) (envelope-from julian@freebsd.org) Subject: Re: Have I got this VIMAGE setup correct? To: Garrett Wollman , freebsd-net@freebsd.org, freebsd-stable@freebsd.org References: <22137.33475.645324.203196@hergotha.csail.mit.edu> From: Julian Elischer Message-ID: <5679F6CD.6020105@freebsd.org> Date: Wed, 23 Dec 2015 09:20:13 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <22137.33475.645324.203196@hergotha.csail.mit.edu> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Dec 2015 01:20:40 -0000 On 23/12/2015 1:05 AM, Garrett Wollman wrote: > The consensus when I asked seemed to be that VIMAGE+jail was the right > combination to give every container its own private loopback > interface, so I tried to build that. I noticed a few things: > > 1) The kernel prints out a warning message at boot time that VIMAGE is > "highly experimental". Should I be concerned about running this in > production? CYA only If you are not doing much that is super unusual you should be fine. > > 2) Stopping jails with virtual network stacks generates warnings from > UMA about memory being leaked. I haven't any information about that. > > 3) It wasn't clear (or documented anywhere that I could see) how to > get the host network set up properly. Obviously I'm not going to have > a vlan for every single jail, so it seemed like what most people were > doing was "bridge" along with a bunch of "epair" interfaces. I ended > up with the following: there are exapmples in /usr/share/examples/netgraph for some things.. I've never used the build in configuration stuff,, always handcoded it.. It's probably improved a lot since then. > network_interfaces="lo0 bridge0 bce0" > autobridge_interfaces="bridge0" > autobridge_bridge0="bce0 epair0a epair1a" > cloned_interfaces="bridge0 epair0 epair1" > ifconfig_bridge0="inet [deleted] netmask 0xffffff00" > ifconfig_bridge0_ipv6="inet6 [deleted] prefixlen 64 accept_rtadv" > ifconfig_bce0="up" > ifconfig_epair0a="up" > ifconfig_epair1a="up" > > The net.link.bridge.inherit_mac sysctl, which is documented in > bridge(4), doesn't appear to work; I haven't yet verified that I can > create a /etc/start_if.bridge0 to set the MAC address manually without > breaking something else. The IPv6 stack regularly prints > "in6_if2idlen: unknown link type (209)" to the console, which is > annoying, and IPv6 on the host doesn't entirely work -- it accepts > router advertisements but then gives [ENETUNREACH] trying to actually > send packets to the default gateway. (IPv6 to the jails *does* work!) > > In each of the jails I have to manually configure a MAC address using > /etc/start_if.epairNb to ensure that it's globally unique, but then > everything seems to work. > > Does this match up with what other people have been doing? Anything > I've missed? Any patches I should pull up to make this setup more > reliable before I roll it out in production? I haven't used it for a couple of years.. I know others are, so I'll let them pipe up. > > -GAWollman > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@freebsd.org Wed Dec 23 04:42:36 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6A33CA4F81C; Wed, 23 Dec 2015 04:42:36 +0000 (UTC) (envelope-from fullermd@over-yonder.net) Received: from mail.infocus-llc.com (mail.infocus-llc.com [199.15.120.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 462AC108B; Wed, 23 Dec 2015 04:42:35 +0000 (UTC) (envelope-from fullermd@over-yonder.net) Received: from draco.over-yonder.net (c-75-65-60-66.hsd1.ms.comcast.net [75.65.60.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.tarragon.infocus-llc.com (Postfix) with ESMTPSA id 3pQMMt0f0LzTB; Tue, 22 Dec 2015 22:42:34 -0600 (CST) Received: by draco.over-yonder.net (Postfix, from userid 100) id 3pQMMs2JqkzqZ; Tue, 22 Dec 2015 22:42:33 -0600 (CST) Date: Tue, 22 Dec 2015 22:42:33 -0600 From: "Matthew D. Fuller" To: Garrett Wollman Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Subject: Re: Have I got this VIMAGE setup correct? Message-ID: <20151223044233.GM33115@over-yonder.net> References: <22137.33475.645324.203196@hergotha.csail.mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <22137.33475.645324.203196@hergotha.csail.mit.edu> X-Editor: vi X-OS: FreeBSD X-Virus-Scanned: clamav-milter 0.99 at mail.tarragon.infocus-llc.com X-Virus-Status: Clean User-Agent: Mutt/1.5.24-fullermd.4 (2015-08-30) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Dec 2015 04:42:36 -0000 On Tue, Dec 22, 2015 at 12:05:07PM -0500 I heard the voice of Garrett Wollman, and lo! it spake thus: > > The consensus when I asked seemed to be that VIMAGE+jail was the > right combination to give every container its own private loopback > interface, so I tried to build that. I noticed a few things: I've got a server running a dozen or so VIMAGE jails, so I can at least chime in a little... > 1) The kernel prints out a warning message at boot time that VIMAGE > is "highly experimental". Should I be concerned about running this > in production? It hasn't blown up anything for me yet. > 2) Stopping jails with virtual network stacks generates warnings from > UMA about memory being leaked. I'm given to understand that's Known, and presumably Not Quite Trivial To Fix. Since I'm not starting/stopping jails repeatedly as a normal runtime thing, I'm ignoring it. If you were spinning jails up and down dynamically dozens of times a day, I'd want to look more closely at just what is leaking and why... > 3) It wasn't clear (or documented anywhere that I could see) how to > get the host network set up properly. Obviously I'm not going to > have a vlan for every single jail, so it seemed like what most > people were doing was "bridge" along with a bunch of "epair" > interfaces. I ended up with the following: Is what I'm doing, though I'm creating the epair's and adding them to the bridges in the setup script rather than rc.conf (exec.prestart in jail.conf), because that makes it a more manageable IME, and since I'm already doing a bunch of setup in the script anyway... > In each of the jails I have to manually configure a MAC address > using /etc/start_if.epairNb to ensure that it's globally unique, but > then everything seems to work. I hardcode (well, dynamically generated hardcoded) MAC addresses on the epair's in the setup script, since bit me hard when I was first setting it up. -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ On the Internet, nobody can hear you scream. From owner-freebsd-net@freebsd.org Wed Dec 23 06:17:39 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 47149A4F15D; Wed, 23 Dec 2015 06:17:39 +0000 (UTC) (envelope-from crodr001@gmail.com) Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 187811E4D; Wed, 23 Dec 2015 06:17:39 +0000 (UTC) (envelope-from crodr001@gmail.com) Received: by mail-io0-x234.google.com with SMTP id 186so210387612iow.0; Tue, 22 Dec 2015 22:17:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=VUijpA3o8XIlNxyZyhB2c0gpBfltIX/MysBh5xhmCKg=; b=tPpF5Mg22f70/1Fd0NiKapRcqw7qbkzqZiULzYWG/f5jQwkA/ZbpQ00W9SPG7K3zPz YGQihn2bC6aIFUCYeejgBhAiUGbZ7RR7AgeWTQEll6ifr6tqkH1LIdrOBCJ2vbWHNbiM ZJW0X+1jWRFAW5UmWYoHT1riWFwG2REKAAKY6bl10ujrxy1JXr/rQaxGm4X/jwn8yqb5 I5Vtu4aL7ylTFFDn2KijGYi5+u0Ut5Ho77dIFnCAgAiMeUNhcp/vwO4b5Qa+Ix5dMMKa 17owlaQxvzTnI/d84EG4AC82vi+pZqKHbTpA3RLy1mvqcyVqLS3j310diUnHIPh5teNw UuRA== MIME-Version: 1.0 X-Received: by 10.107.156.21 with SMTP id f21mr24400183ioe.54.1450851458307; Tue, 22 Dec 2015 22:17:38 -0800 (PST) Sender: crodr001@gmail.com Received: by 10.50.152.69 with HTTP; Tue, 22 Dec 2015 22:17:38 -0800 (PST) In-Reply-To: <22137.33475.645324.203196@hergotha.csail.mit.edu> References: <22137.33475.645324.203196@hergotha.csail.mit.edu> Date: Tue, 22 Dec 2015 22:17:38 -0800 X-Google-Sender-Auth: JckGZPGLWt-UwqQuMWEyaufoA_M Message-ID: Subject: Re: Have I got this VIMAGE setup correct? From: Craig Rodrigues To: Garrett Wollman Cc: FreeBSD Net , FreeBSD stable Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Dec 2015 06:17:39 -0000 On Tue, Dec 22, 2015 at 9:05 AM, Garrett Wollman wrote: > Any patches I should pull up to make this setup more > reliable before I roll it out in production? > > If you loook at CURRENT, bz@ has committed a few VIMAGE related fixes this week which you might want to look at. -- Craig From owner-freebsd-net@freebsd.org Wed Dec 23 09:47:07 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A974EA4999C for ; Wed, 23 Dec 2015 09:47:07 +0000 (UTC) (envelope-from daemon-user@freebsd.org) Received: from phabric-backend.rbsd.freebsd.org (unknown [IPv6:2607:fc50:2000:101::1bb:73]) by mx1.freebsd.org (Postfix) with ESMTP id 957561A53 for ; Wed, 23 Dec 2015 09:47:07 +0000 (UTC) (envelope-from daemon-user@freebsd.org) Received: by phabric-backend.rbsd.freebsd.org (Postfix, from userid 1346) id 915EF1001C; Wed, 23 Dec 2015 09:47:07 +0000 (UTC) Date: Wed, 23 Dec 2015 09:47:07 +0000 To: freebsd-net@freebsd.org From: "robak (Bartek Rutkowski)" Reply-to: D1944+325+8925873bdc96dfc2@reviews.freebsd.org Subject: [Differential] [Commented On] D1944: PF and VIMAGE fixes Message-ID: <7cf76132b1a58915c6664c3e6f56365f@localhost.localdomain> X-Priority: 3 X-Phabricator-Sent-This-Message: Yes X-Mail-Transport-Agent: MetaMTA X-Auto-Response-Suppress: All X-Phabricator-Mail-Tags: Thread-Topic: D1944: PF and VIMAGE fixes X-Herald-Rules: none X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: Precedence: bulk In-Reply-To: References: Thread-Index: NDc2NzM0MzY4OTdiYThiNTU1MjY2ZDZmMTJiIFZ6bZs= MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Dec 2015 09:47:07 -0000 robak added a comment. Any news on that review? REVISION DETAIL https://reviews.freebsd.org/D1944 EMAIL PREFERENCES https://reviews.freebsd.org/settings/panel/emailpreferences/ To: nvass-gmx.com, bz, trociny, kristof, gnn, zec, rodrigc, glebius, eri Cc: mmoll, javier_ovi_yahoo.com, farrokhi, julian, robak, freebsd-virtualization-list, freebsd-pf-list, freebsd-net-list From owner-freebsd-net@freebsd.org Thu Dec 24 06:39:17 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2E7DCA50055 for ; Thu, 24 Dec 2015 06:39:17 +0000 (UTC) (envelope-from yongmincho82@gmail.com) Received: from mail-pf0-x232.google.com (mail-pf0-x232.google.com [IPv6:2607:f8b0:400e:c00::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 07F131DE7 for ; Thu, 24 Dec 2015 06:39:17 +0000 (UTC) (envelope-from yongmincho82@gmail.com) Received: by mail-pf0-x232.google.com with SMTP id q63so28140790pfb.0 for ; Wed, 23 Dec 2015 22:39:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:mime-version:content-type :content-disposition:user-agent; bh=F2YrWgWd/62HB+hm6YJ5/oCSXO/5sRqBMVHuNNdbOpk=; b=nUSlHOJq1JmE7xvM2kccAi7h3ee9MKZqmdfES2j3qAmpFBI9VV6kPcmpTfkXoRF9v6 IkAEv6EqJ1drZbm+tVGqwRdiyr5mWW3ZXJLIqa/RyVC5frUOlIEJMqJ35CSWfOSGVEMr IyDCnXV91uFoorBtsJaK20rBdKDEcaw3tBGWJWbR1PL758+cez6z56Wqbj8hIEB1Sd8m 6jAlxhrgCuEa5V6R5oy/Bxa+5398Nr0gD2gTRiiJj8OeACfmlZumYs7omumdjvWplDri crECTeqhRfcBrMie9E5G6F3Ax86E/8tfvC/a49kiMTpvAfbcgc5Emk/ltsgWm2jbPUku L3xg== X-Received: by 10.98.76.24 with SMTP id z24mr28615441pfa.148.1450939156562; Wed, 23 Dec 2015 22:39:16 -0800 (PST) Received: from yongmincho-All-Series ([106.247.248.2]) by smtp.gmail.com with ESMTPSA id zu6sm39322863pac.8.2015.12.23.22.39.15 for (version=TLS1_2 cipher=AES128-SHA bits=128/128); Wed, 23 Dec 2015 22:39:15 -0800 (PST) Date: Thu, 24 Dec 2015 15:39:34 +0900 From: Yongmin Cho To: freebsd-net@freebsd.org Subject: tcp keep-alive message sent without timestamp option Message-ID: <20151224063933.GB10898@yongmincho-All-Series> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="gj572EiMnwbLXET9" Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Dec 2015 06:39:17 -0000 --gj572EiMnwbLXET9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, all. I have checked tcp keep-alive in freebsd head. According to RFC7323, tcp timestamp option must be sent with keep-alive packet after timestamp option has been negotiated. So I have tested this on linux-3.13.0. tcp keep-alive message is sent with timestamp option on linux-3.13.0. But on freebsd head, tcp keep-alive packet is sent without timestamp option after negotiated. So I made patch file based on freebsd head. Please check this patch file. any feedback will be welcome. Thank you in advance for your answers! According in RFC7323: Once TSopt has been successfully negotiated, that is both and contain TSopt, the TSopt MUST be sent in every non- segment for the duration of the connection, and SHOULD be sent in an segment (see Section 5.2 for details). The TCP SHOULD remember this state by setting a flag, referred to as Snd.TS.OK, to one. If a non- segment is received without a TSopt, a TCP SHOULD silently drop the segment. A TCP MUST NOT abort a TCP connection because any segment lacks an expected TSopt. --gj572EiMnwbLXET9 Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="tcp_subr.diff" Index: sys/netinet/tcp_subr.c =================================================================== --- sys/netinet/tcp_subr.c (revision 292681) +++ sys/netinet/tcp_subr.c (working copy) @@ -835,7 +835,7 @@ void tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m, tcp_seq ack, tcp_seq seq, int flags) { - int tlen; + int tlen, optlen = 0; int win = 0; struct ip *ip; struct tcphdr *nth; @@ -845,6 +845,7 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct #endif /* INET6 */ int ipflags = 0; struct inpcb *inp; + struct tcpopt to; KASSERT(tp != NULL || m != NULL, ("tcp_respond: tp and m both NULL")); @@ -943,6 +944,17 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct ip->ip_off |= htons(IP_DF); } #endif + if (tp != NULL) { + to.to_flags = 0; + if ((tp->t_flags & (TF_REQ_TSTMP|TF_RCVD_TSTMP|TF_NOOPT)) == + (TF_REQ_TSTMP|TF_RCVD_TSTMP)) { + to.to_flags |= TOF_TS; + to.to_tsval = tcp_ts_getticks() + tp->ts_offset; + to.to_tsecr = tp->ts_recent; + tlen += optlen = tcp_addoptions(&to, + (u_char *)(nth + 1)); + } + } m->m_len = tlen; m->m_pkthdr.len = tlen; m->m_pkthdr.rcvif = NULL; @@ -965,7 +977,7 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct nth->th_seq = htonl(seq); nth->th_ack = htonl(ack); nth->th_x2 = 0; - nth->th_off = sizeof (struct tcphdr) >> 2; + nth->th_off = (sizeof (struct tcphdr) + optlen) >> 2; nth->th_flags = flags; if (tp != NULL) nth->th_win = htons((u_short) (win >> tp->rcv_scale)); --gj572EiMnwbLXET9-- From owner-freebsd-net@freebsd.org Thu Dec 24 08:23:47 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BC3DDA51285 for ; Thu, 24 Dec 2015 08:23:47 +0000 (UTC) (envelope-from woodsb02@gmail.com) Received: from mail-lf0-x236.google.com (mail-lf0-x236.google.com [IPv6:2a00:1450:4010:c07::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 509EF19FA for ; Thu, 24 Dec 2015 08:23:47 +0000 (UTC) (envelope-from woodsb02@gmail.com) Received: by mail-lf0-x236.google.com with SMTP id z124so154627822lfa.3 for ; Thu, 24 Dec 2015 00:23:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=eA4V1xSJdUw7Sgr9Z6OjILoJtiLo8fMSCEpuanF/Q2w=; b=Xvlt23e6uNPgXCTNKbegy+PK+Vgsz8zcE33QAzttPuIk+2J26/G3TAFvphxnthIfb/ bYdxeL2/OMXWWDp0xURqw61AvqvadZe2LKV+wkqrDlUZAIEa9vrqfGPMMy7kejVrUiNq XMBT5s4FYiBBsANT4Ec831FlCsXiQhtzDIZRfBCJklk37XbMqS0H3X57WzfZsfl1qwqb 71qE8EeToFVcZxFursoGhua2SSwSpracyjC9VFOVC/u+TAC9aa9OpjszPIBPllGvZcCX f/7I04uJ7OQJYLPKFsXkbTmkoFjQS5ZVy095009o40kay7H0l60KKmq1WJx9QVeeOtkT 6XDQ== MIME-Version: 1.0 X-Received: by 10.25.17.32 with SMTP id g32mr12554163lfi.38.1450945424842; Thu, 24 Dec 2015 00:23:44 -0800 (PST) Received: by 10.25.141.129 with HTTP; Thu, 24 Dec 2015 00:23:44 -0800 (PST) In-Reply-To: <20151224063933.GB10898@yongmincho-All-Series> References: <20151224063933.GB10898@yongmincho-All-Series> Date: Thu, 24 Dec 2015 09:23:44 +0100 Message-ID: Subject: Re: tcp keep-alive message sent without timestamp option From: Ben Woods To: Yongmin Cho Cc: "freebsd-net@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Dec 2015 08:23:47 -0000 On Thursday, 24 December 2015, Yongmin Cho wrote: > Hi, all. > > I have checked tcp keep-alive in freebsd head. > According to RFC7323, tcp timestamp option must be sent with > keep-alive packet after timestamp option has been negotiated. > So I have tested this on linux-3.13.0. > tcp keep-alive message is sent with timestamp option on linux-3.13.0. > But on freebsd head, tcp keep-alive packet is sent without timestamp option > after negotiated. So I made patch file based on freebsd head. > Please check this patch file. any feedback will be welcome. > > Thank you in advance for your answers! > > According in RFC7323: > Once TSopt has been successfully negotiated, that is both > and contain TSopt, the TSopt MUST be sent in every non- > segment for the duration of the connection, and SHOULD be sent in > an segment (see Section 5.2 for details). The TCP SHOULD > remember this state by setting a flag, referred to as Snd.TS.OK, > to one. If a non- segment is received without a TSopt, a TCP > SHOULD > silently drop the segment. A TCP MUST NOT abort a TCP connection > because any segment lacks an expected TSopt. > I recommend opening a bug report at https://bugs.freebsd.org/bugzilla/ with this explanation and attaching the patch, so that this issue can be discussed and doesn't get forgotten. Please also reply to this thread with the bug number once it is known. Regards, Ben -- -- From: Benjamin Woods woodsb02@gmail.com From owner-freebsd-net@freebsd.org Fri Dec 25 13:46:21 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C8BFCA5055C for ; Fri, 25 Dec 2015 13:46:21 +0000 (UTC) (envelope-from daemon-user@freebsd.org) Received: from phabric-backend.rbsd.freebsd.org (unknown [IPv6:2607:fc50:2000:101::1bb:73]) by mx1.freebsd.org (Postfix) with ESMTP id B47CA196A for ; Fri, 25 Dec 2015 13:46:21 +0000 (UTC) (envelope-from daemon-user@freebsd.org) Received: by phabric-backend.rbsd.freebsd.org (Postfix, from userid 1346) id B170A331E741; Fri, 25 Dec 2015 13:46:21 +0000 (UTC) Date: Fri, 25 Dec 2015 13:46:21 +0000 To: freebsd-net@freebsd.org From: "robak (Bartek Rutkowski)" Reply-to: D1944+325+8925873bdc96dfc2@reviews.freebsd.org Subject: [Differential] [Commented On] D1944: PF and VIMAGE fixes Message-ID: X-Priority: 3 X-Phabricator-Sent-This-Message: Yes X-Mail-Transport-Agent: MetaMTA X-Auto-Response-Suppress: All X-Phabricator-Mail-Tags: Thread-Topic: D1944: PF and VIMAGE fixes X-Herald-Rules: none X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: Precedence: bulk In-Reply-To: References: Thread-Index: NDc2NzM0MzY4OTdiYThiNTU1MjY2ZDZmMTJiIFZ9SK0= MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Dec 2015 13:46:21 -0000 robak added a comment. @bz: you've made some commits to VIMAGE code in past few days, how do they relate to this revision? Any chance you could review it and comment/commit on this? REVISION DETAIL https://reviews.freebsd.org/D1944 EMAIL PREFERENCES https://reviews.freebsd.org/settings/panel/emailpreferences/ To: nvass-gmx.com, bz, trociny, kristof, gnn, zec, rodrigc, glebius, eri Cc: mmoll, javier_ovi_yahoo.com, farrokhi, julian, robak, freebsd-virtualization-list, freebsd-pf-list, freebsd-net-list From owner-freebsd-net@freebsd.org Fri Dec 25 15:13:11 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 721DBA511AB for ; Fri, 25 Dec 2015 15:13:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 63BA81B4A for ; Fri, 25 Dec 2015 15:13:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBPFDBmJ087478 for ; Fri, 25 Dec 2015 15:13:11 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 193579] [axge] axge driver issue with tcp checksum offload with pf nat Date: Fri, 25 Dec 2015 15:13:11 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.0-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Dec 2015 15:13:11 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193579 --- Comment #6 from commit-hook@freebsd.org --- A commit references this bug: Author: kp Date: Fri Dec 25 15:12:12 UTC 2015 New revision: 292731 URL: https://svnweb.freebsd.org/changeset/base/292731 Log: pf: Fix TSO issues In certain configurations (mostly but not exclusively as a VM on Xen) pf produced packets with an invalid TCP checksum. The problem was that pf could only handle packets with a full checksum. The FreeBSD IP stack produces TCP packets with a pseudo-header checksum (only addresses, length and protocol). Certain network interfaces expect to see the pseudo-header checksum, so they end up producing packets with invalid checksums. To fix this stop calculating the full checksum and teach pf to only update TCP checksums if TSO is disabled or the change affects the pseudo-header checksum. PR: 154428, 193579, 198868 Sponsored by: RootBSD Changes: stable/9/sys/contrib/pf/net/pf.c stable/9/sys/contrib/pf/net/pf_ioctl.c stable/9/sys/contrib/pf/net/pf_norm.c stable/9/sys/contrib/pf/net/pfvar.h -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Fri Dec 25 15:52:34 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 28BFBA51D24 for ; Fri, 25 Dec 2015 15:52:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 19C741845 for ; Fri, 25 Dec 2015 15:52:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBPFqXQE074058 for ; Fri, 25 Dec 2015 15:52:33 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 193579] [axge] axge driver issue with tcp checksum offload with pf nat Date: Fri, 25 Dec 2015 15:52:34 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.0-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: markp@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9+ mfc-stable10+ X-Bugzilla-Changed-Fields: flagtypes.name bug_status cc assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Dec 2015 15:52:34 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193579 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |mfc-stable9+, mfc-stable10+ Status|New |In Progress CC| |freebsd-net@FreeBSD.org Assignee|freebsd-net@FreeBSD.org |markp@FreeBSD.org --- Comment #7 from Kubilay Kocak --- Assign to committer that's taking care of (resolving) this issue -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug. From owner-freebsd-net@freebsd.org Fri Dec 25 15:52:48 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A346EA51D41 for ; Fri, 25 Dec 2015 15:52:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 94AE118E9 for ; Fri, 25 Dec 2015 15:52:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBPFqmVn074375 for ; Fri, 25 Dec 2015 15:52:48 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 193579] [axge] axge driver issue with tcp checksum offload with pf nat Date: Fri, 25 Dec 2015 15:52:48 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.0-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: kp@freebsd.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9+ mfc-stable10+ X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Dec 2015 15:52:48 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193579 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|markp@FreeBSD.org |kp@freebsd.org --- Comment #8 from Kubilay Kocak --- Whoops, wrong one -- You are receiving this mail because: You are on the CC list for the bug. From owner-freebsd-net@freebsd.org Fri Dec 25 23:52:37 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 91D56A51EB3 for ; Fri, 25 Dec 2015 23:52:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 83B201F54 for ; Fri, 25 Dec 2015 23:52:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBPNqb5f071805 for ; Fri, 25 Dec 2015 23:52:37 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 205592] TCP processing in IPSec causes kernel panic Date: Fri, 25 Dec 2015 23:52:36 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Dec 2015 23:52:37 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205592 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-net@FreeBSD.org -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Sat Dec 26 02:47:32 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 55C04A516DF for ; Sat, 26 Dec 2015 02:47:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46B121EB8 for ; Sat, 26 Dec 2015 02:47:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBQ2lWOq013848 for ; Sat, 26 Dec 2015 02:47:32 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 205592] TCP processing in IPSec causes kernel panic Date: Sat, 26 Dec 2015 02:47:31 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.2-RELEASE X-Bugzilla-Keywords: crash, needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: cc flagtypes.name keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Dec 2015 02:47:32 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205592 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gnn@FreeBSD.org Flags| |mfc-stable9?, mfc-stable10? Keywords| |crash, needs-qa -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Sat Dec 26 19:07:02 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 108CAA5264B for ; Sat, 26 Dec 2015 19:07:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 010951502 for ; Sat, 26 Dec 2015 19:07:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBQJ7173023363 for ; Sat, 26 Dec 2015 19:07:01 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 205592] TCP processing in IPSec causes kernel panic Date: Sat, 26 Dec 2015 19:07:02 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.2-RELEASE X-Bugzilla-Keywords: crash, needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: andrew@rinet.ru X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: mfc-stable9? mfc-stable10? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Dec 2015 19:07:02 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205592 --- Comment #2 from andrew@rinet.ru --- Additional experiments shown that such a panic does not actually connected with particular protocol, but with packet size. According to my measures, 'ping -s 146' yet works, but 'ping -s 147' causes kernel panic. As these figures have no connection with any kernel structures' size (at least known to me), I'm in doubt that they can clarify anything. My kernel has been built with WITNESS and INVARIANTS, but there are no diagnostic messages at all. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-net@freebsd.org Sat Dec 26 20:24:44 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4F35CA53B47; Sat, 26 Dec 2015 20:24:44 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net [87.98.149.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2269D174E; Sat, 26 Dec 2015 20:24:43 +0000 (UTC) (envelope-from trashcan@ellael.org) From: Michael Grimm Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: ipsec tunnel and vnet jails: routing, howto? Message-Id: Date: Sat, 26 Dec 2015 21:24:34 +0100 To: freebsd-jail@freebsd.org, freebsd-net@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) X-Mailer: Apple Mail (2.2104) X-Virus-Scanned: clamav-milter 0.99 at mail X-Virus-Status: Clean X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Dec 2015 20:24:44 -0000 Hi, I am currently stuck, somehow, and I do need your input. Thus, let me = explain, what I do want to achieve: I do have two servers connected via an ipsec/tunnel ... [A] dead:beef:1234:abcd::1 <=E2=80=94> dead:feed:abcd:1234::1 = [B] =E2=80=A6 which is sending all traffic destined for = dead:beef:1234:abcd::/64 and dead:feed:abcd:1234::/64 through the = tunnel, and vice versa. That did run perfectly well during the last years until I decided to = give VNET jails a try. Previously, some of my old fashioned jails got an = IPv6 address attached like dead:beef:1234:abcd:1:2::3, and I could reach = that address from the remote server without any routing/re-directing or = alike, necessary. Now, after having moved those jails to VNET jails = (having those addresses bound to their epairXXb interfaces), I cannot = reach those addresses within those jails any longer. =46rom my point of view and understanding this must have to do with lack = of proper routing, but I am not sure, if that is correct, thus my = questions to the experts: 1) Is my assumption correct, that my tunnel is "ending" after having = passed my firewalls at each server, *bevor* decrypting its ESP traffic = into its final destination (yes, I do have pf rules to allow for esp = traffic to pass my outer internet facing interface)? 2) If that is true, racoon has to decide where to deliver those packets, = finally? 3) If that is true, I do have an issue with routing that *cannot* be = solved by pf firewall rules, right? 4) If that is true, what do I have to look for? What am I missing? How = can I route incoming and finally decrypted traffic to its final = destination within a VNET jail? 5) Do I need to look for a completely different approach? Every hint is = highly welcome. Thanks in advance and with kind regards, Michael