From owner-freebsd-net@freebsd.org Sun Sep 23 13:43:39 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 77752108F0C5 for ; Sun, 23 Sep 2018 13:43:39 +0000 (UTC) (envelope-from john@saltant.com) Received: from twaddle.saltant.net (twaddle.saltant.net [IPv6:2001:470:8d6f:1001::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EE80776BF4 for ; Sun, 23 Sep 2018 13:43:38 +0000 (UTC) (envelope-from john@saltant.com) Received: from dither.saltant.net (dither.saltant.net [IPv6:2001:470:8d6f:1001::3]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by twaddle.saltant.net (Postfix) with ESMTPSA id D6E0BE955 for ; Sun, 23 Sep 2018 09:43:35 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=saltant.com; s=twaddle; t=1537710215; bh=jezTHxWcreq4NPXS8thk0h4V85amIMGr2Bgv1THMz6w=; h=To:From:Subject:Date; b=JJVvKSDeSYN3/E8+pi7ZkRJl6NxOsM0tsyti9xHqT7otlFh9nm+QQ2DBSKi3Qz9Rm NOn75tmfusNtjot0hYLq+2MI5vB+RBIg26u2CQ2HHt9GFo6ENzVVb7+Q2Ixbe13Ok9 UClG3eLSzjc5Lz9FKOD1kYr0rhos5OfpNe1cFy5DDilh/lDREBedCTo7Bo4R/XfZBP 87+KGHklK85uIw/OFKML4GEB/Q9PkdZsY0HhY7WfZs5icelP8VTFt2TZtaFnBlWP4m A5yT76X/lDNVAxM/twLl9+jKuPfL+jleONivP4cpjysmo04lCHN75vCgL8bHvNMXXE bAEu9V/cslUoQ== To: FreeBSD Net From: "John W. O'Brien" Subject: IPv6 fragment reassembly regression following FreeBSD-SA-18:10.ip Autocrypt: addr=john@saltant.com; prefer-encrypt=mutual; keydata= xsFNBFpcMG0BEACeAEQ0ZTUEH+6B8XIBid2H8g1yY+niHxVphqz8JwnQtYX+bS+Kl3vr783F HH81DEbfPtYgHY53NF9FjSzCyj13lXVnEGQOdxXzZVKsN1nyuXCN2hDOFH7Yc5yQ8h85T4Hv sqPIGIXOztu4MX14iUAcTgLhfibNQBeKDeNI+BBeaE9lPuNVeiM+xsI4JYcjmDbjFzAHRpBo ull0koUFh6RZAKE7u17yLej1pTIQQVjQpWdK37BAq4hdkLwjGDY8mDGo3ZwGdNibxIAxv/wi KU6u2DfUg8+kLHIhOqk/+kFQ/uK5YA1azsyD5eIbNAs4W7LglA6SkiGBglTwkP0VCrkPdD14 6sx3U7uFgexDWbVuhLIkcPQ0SRmnjgUKHgk7px/jMvAPKSKoL0JQNdP/+pnO9CDLGmoHx9gE 5kVr5dQK8c/WauEfimAdE9qLuN6vb0Iei73q3e3OOHAUusR5wC5SwXt4iilbaK4r04NKXyfb SB3+qWST07F9cmMscfEStSBhpez3awB+1jz8gr40tkEGsFZGvD2KKAgZdKpoxv6IrZepclWz HpqHF01SRFORYMsd1d83XlEu/S1/Z9YJ87RoCdZuYCkjnoRPtpTi9d+JD/u3ZiQFwLUz/Ne3 VqiGKvY66EGcO3tvANMg6GWD9sqlnBDp9Lls0ChEY3dgDYd6DQARAQABzSJKb2huIFcuIE8n QnJpZW4gPGpvaG5Ac2FsdGFudC5jb20+wsGUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMB Ah4BAheAFiEENPkbBr3zmPAVSH2HM8TWS4ldvzsFAlpcMTMFCQX2qcYACgkQM8TWS4ldvztT xQ//eHb1mgd40Z0fN2GnJti6/9uJ771IO6slFQ02GZcXZI+FIQo8Yd1dHe0e0Codu78qvJNr ggUtqdxH6SVp7K1AWHeLH5S0PF6iG5B+YUux080wEv/Mr8PPMgAD8gS3wiPDDgB/kUXO52bn DC3Fc0dUrFE/JAOByVEEDL5nLF6SQNpAtIUnaAIIuhKxi0d40LMcLUwuJ6jExynw8Iu7OVtu Y1PRAH5ESt6wYZq8ro8ukh4rMOxiWtT1yNEgHgnq3N4jKErVo87YJijHSSj80IKxUiKb/T6K tGTEBTKiSUV3OFj0ZoPxcbUmhIg2sBCNHaUCiI0KabqN1NyK2glKtcK6NpWy3JIHvtr3+VL1 /tvQTwlVUIacmsuxkGzm5vJPs/i2RtwsJXEXPmIRNgJ1EwZgpg5VqqEUDlmSyRLb48QcDrdv utKLA1MKLib1fD+0XmxZTbCMlFMlvJjAoBlVq60mvB/Jnv1TTnZ2eN6DKMWoxHKmPICh5F1q esmT/aJRIUoCiAgcChi4Ol4XmW3dM7ypjKCGHzyr6emCky5pjqSQZyFzg0RN5UjUQBISAGmJ E8hCFZIy7tf8meqIDbtkONh+JShN6u3t02JrnzSOQjZCh5WQW9Pnu7unJlIsYB10aZ6rvuAK YjghT8QLG8QVgJj/U9oeVG1Ag60fmLZdOFjRGmnOwU0EWlwwbQEQANebvidw1D5SKSmG3Ut8 p9vngBi5HjYe4FSYcfz0NgYa893RiScQ6yjOwuEf/fEoBgvpVnhcbu0JsaYvDNNzFGzPQcj0 CFhkr5s7REWNLGmmFCxCaGieTxIQdYsLxwn72mops8bsrL0a++8NDE+l7X4K3EUyp9GP7pIq 4l9jeIJ/RnX3yySRlXxcM3P+DV9ltXsnQ9pC/qEVVyK18C1zoiskhxmAY9cv9TJOaANHtA7R 7+hM5TyppIz7kqiwiCf6XfVFqKH0I0srdamb0KTnAZpmyx7iNKYl60PdIfEwkwck8fcGwOSA lwE9CLkHLwKMjx/gF3xRag5xjOdP/Out0cQ/pXv8DWnKblWbiGZheB4xUqhOT9Cj/8u/tKtC 51C9wID26hsrhtSAMJPUwQoo/SwLNEd1JpkqUP1njOdlV8FmM1EozHLPSvwlTm6oWwubkkY6 QkUHqXuO+2VdNhyDfx23fQhd0UPhQ0ceDRnjaSB9ycWqpktBP5iNQajYbx5Ktt8fC2Y+Ztjo u1KY7wJSUzqh7uZgR1TqIOVZp7bdPLBGHW5eNEf0Awq17utGe6d9i4hPmeNqELUz71hjmABm bIQJ+VgqYcQ0T/PrjwhzHv5g3jn67/ftW91nlTNpbhwm8suIdPA1hF6vgnZ3B4+JsevnevLG yU6YCb0OOKleP6pZABEBAAHCwXwEGAEIACYCGwwWIQQ0+RsGvfOY8BVIfYczxNZLiV2/OwUC WlwxTQUJBBV2YAAKCRAzxNZLiV2/O2PnD/wMKz/rzYbf0SaTvgae4jqryrcWRta56dcnVe7W KPuUu4Q/WBGhXKeCfPrlr399bILxZGw5TXuGMjS8gEoMd81PEMcWaMpgg3F569Cxd9GN6AZd LXXrZa0aM7dvZkz98ymILEnqHMpF74sLvZY2PrsOwo2gKXNqhtCJ2ph8OUKhG+NHvAomjMu9 lPQMkXJ4HRV0OljawqAe4y+IFu2K4abWwZw1mdniTCb5al8V2umzf26QL0DgeFp3banlfjYW Dn5cRuDBQqIoR/6cQaKdFKTJYiTVK3p3WRWiJQniYi39S8CR646w+zVi7ax1shSB0r0lxIFo CZu285HcMd7HsHH+T2ZI45ilayUoyoZvxPPlwhiRzyYZ6qqAAXKDihhda7uNApUqLwoSn5FW njmx6KdlVPF9ycCdf+in5k6nVlHWG15ogF/Y96K+/Q1Iuod9rzWqT4bz9a5olY8r++QE3V1b H3z803wXEUAJg+WGTkYXFNw7w6RhSSEhBRzupDoCROSkRhe3vQGy5FLG+BMV9n9nevhj5sBx CM1BbNBdB5H/2RcXh0wSb6zjewgs3UAbBvCQOdMAMo8XpYM5SLBqtaY7oalBElTxtFnwSNJm hMbahYE/wHbkmMqalrzGyQxbSUdrmE64CIX8xmv47fnjRoTZMzKim/02MRH+Ss1M+rLzpw== Organization: Saltant Solutions Message-ID: <38a2d322-eae9-ec3d-284c-af29aed10c03@saltant.com> Date: Sun, 23 Sep 2018 09:43:30 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="jObUZ66Y4pdkH6Dqi2fT6FquSGhNeagKV" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Sep 2018 13:43:39 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --jObUZ66Y4pdkH6Dqi2fT6FquSGhNeagKV Content-Type: multipart/mixed; boundary="kD8OwKAsqkz8wcMa5rY4fI3UIdZkrdSh3"; protected-headers="v1" From: "John W. O'Brien" To: FreeBSD Net Message-ID: <38a2d322-eae9-ec3d-284c-af29aed10c03@saltant.com> Subject: IPv6 fragment reassembly regression following FreeBSD-SA-18:10.ip --kD8OwKAsqkz8wcMa5rY4fI3UIdZkrdSh3 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable I'd like to check my understanding and then ask a procedural question. FreeBSD-SA-18:10.ip [0], released on 08/14, was resolved by r337828 [1]. That changeset, resulting in 11.1R-p13 and 11.2R-p2, included a patch to the way IPv6 fragment reassembly is handled [2] that was part of the merge to releng. In an ensuing thread [3] two weeks later, an implementation defect was identified, but not before that defect had shipped. The defect is now being tracked as a bug [4], as of 09/03 has been fixed in head and stable/11, and is registered as a blocker for 12.0= =2E I believe this defect is the cause of a problem I detected recently where postfix would query BIND on ::1 for the DNSSEC-signed AAAA of an MX, and never receive a response. I'm a little puzzled that lo0 is affected in spite of having a 16k MTU, but the other signs are there: the symptoms appeared after upgrading from 11.2R-p1 to -p3, and I can perform that query successfully on UDPv4 or TCPv6. What I have been unable so far to determine is, will another 11.2R patch be forthcoming to resolve this regression, and if so, when? I can limp along without UDPv6 for a little while, but not until 11.3. The only clear alternative is to downgrade to -p1. [0] https://www.freebsd.org/security/advisories/FreeBSD-SA-18:10.ip.asc [1] https://svnweb.freebsd.org/changeset/base/337828 [2] https://svnweb.freebsd.org/changeset/base/337776 [3] https://lists.freebsd.org/pipermail/svn-src-head/2018-August/117514.h= tml [4] https://bugs.freebsd.org/231045 --=20 John W. O'Brien OpenPGP keys: 0x33C4D64B895DBF3B --kD8OwKAsqkz8wcMa5rY4fI3UIdZkrdSh3-- --jObUZ66Y4pdkH6Dqi2fT6FquSGhNeagKV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEKpEHkkRoSDiIJkQOWPtK56pP/m4FAlunmIcACgkQWPtK56pP /m5qTwf+Or0r4U10CBrHMyam7UFww/eJ+bc70oDGAPKAwFw5d3LahIi5i0RQdFYf OI5JC/RAdVm36pbMMwRF7RwnDBc20S6gCnSVm3EXinwI/m8LKfiC504RnawwL7Fr 3Eqj4C2dZruFNn/pNkW0CLDPGmVJbEab6LilkSf19yA7Cui1Tr6eePKEFXrYim6k pES8IruHRJdM2nMnx6wy9baYHlhmV7u0iabp8XUwC7ghQeConukVUw5LpKB5asel E/00XcxuzNCtKE138ouP2tMXgt+yqglMQkbGMAVLiYkO11NLScagAIqqFXe4vxIm hNwPa1cTtdKb+gdBKbGVWp4qTwiFwA== =LGdU -----END PGP SIGNATURE----- --jObUZ66Y4pdkH6Dqi2fT6FquSGhNeagKV--