From owner-freebsd-net@freebsd.org Sun Mar 15 21:00:04 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 55B25278219 for ; Sun, 15 Mar 2020 21:00:04 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 48gWz80RfDz3JDj for ; Sun, 15 Mar 2020 21:00:04 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.nyi.freebsd.org (Postfix) id AA31B278214; Sun, 15 Mar 2020 21:00:03 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A9D29278213 for ; Sun, 15 Mar 2020 21:00:03 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48gWz70ddwz3JCT for ; Sun, 15 Mar 2020 21:00:03 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A56B3D962 for ; Sun, 15 Mar 2020 21:00:02 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02FL02lj023289 for ; Sun, 15 Mar 2020 21:00:02 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02FL02vP023288 for net@FreeBSD.org; Sun, 15 Mar 2020 21:00:02 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <202003152100.02FL02vP023288@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: net@FreeBSD.org Subject: Problem reports for net@FreeBSD.org that need special attention Date: Sun, 15 Mar 2020 21:00:02 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Mar 2020 21:00:04 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- In Progress | 221146 | [ixgbe] Problem with second laggport In Progress | 235700 | oce(4) driver causes fatal trap 12 on boot with e New | 204438 | setsockopt() handling of kern.ipc.maxsockbuf limi New | 205592 | TCP processing in IPSec causes kernel panic New | 213410 | [carp] service netif restart causes hang only whe Open | 7556 | ppp: sl_compress_init() will fail if called anyth Open | 187835 | ngctl(8) strange behavior when adding more than 5 Open | 193452 | Dell PowerEdge 210 II -- Kernel panic bce (broadc Open | 194453 | dummynet(4): pipe config bw parameter limited to Open | 200319 | Bridge+CARP crashes/freezes Open | 202510 | [CARP] advertisements sourced from CARP IP cause Open | 207261 | netmap: Doesn't do TX sync with kqueue Open | 210726 | tcp connect() can return invalid EADDRINUSE (Eg: Open | 222273 | igb(4): Kernel panic (fatal trap 12) due to netwo Open | 225438 | panic in6_unlink_ifa() due to race Open | 225792 | ECMP is broken since tryforward() Open | 227720 | Kernel panic in ppp server Open | 230807 | if_alc(4): Driver not working for Killer Networki Open | 235524 | igb(4): Ethernet interface loses active link stat Open | 236888 | ppp daemon: Allow MTU to be overridden for PPPoE Open | 236983 | bnxt(4) VLAN not operational unless explicit "ifc Open | 237072 | netgraph(4): performance issue [on HardenedBSD]? Open | 237391 | route get returns no result for network addresses Open | 237840 | Removed dummynet dependency on ipfw Open | 238324 | Add XG-C100C/AQtion AQC107 10GbE NIC driver Open | 240530 | netgraph/ng_source: Allow ng_source to inject int Open | 240608 | if_vmx(4): iflib - Panic with INVARIANTS: Memory Open | 240944 | em(4): Crash with Intel 82571EB NIC with AMD Pile Open | 240969 | netinet6: Neighbour reachability detection broken Open | 241106 | tun/ppp: panic: vm_fault: fault on nofault entry Open | 241162 | Panic in closefp() triggered by nginx (uwsgi with Open | 241191 | route flush panic with RADIX_MPATH Open | 244066 | divert: Add sysctls for divert socket send and re Open | 118111 | rc: network.subr Add MAC address based interface 34 problems total for which you should take action. From owner-freebsd-net@freebsd.org Sun Mar 15 21:31:27 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AFD68279885 for ; Sun, 15 Mar 2020 21:31:27 +0000 (UTC) (envelope-from jbe-mlist@magnetkern.de) Received: from sapphire.magnetkern.de (sapphire.magnetkern.de [185.228.139.199]) by mx1.freebsd.org (Postfix) with ESMTP id 48gXgK6rn6z3x6N for ; Sun, 15 Mar 2020 21:31:25 +0000 (UTC) (envelope-from jbe-mlist@magnetkern.de) Received: from titanium (p5DD45F4F.dip0.t-ipconnect.de [93.212.95.79]) by sapphire.magnetkern.de (Postfix) with ESMTPSA id 0097C4107 for ; Sun, 15 Mar 2020 21:31:13 +0000 (UTC) Date: Sun, 15 Mar 2020 22:31:13 +0100 From: Jan Behrens To: freebsd-net@freebsd.org Subject: Re: ifconfig prefer_source and IPv6 privacy extensions Message-Id: <20200315223113.d93045f587faa995795b4bae@magnetkern.de> In-Reply-To: <20200313233752.43d6fc44f51a60acbe4a9bb8@magnetkern.de> References: <20200313202833.cbbe8d1679ac0fd7a80788e1@magnetkern.de> <20200314.045143.1650553685773092770.hrs@FreeBSD.org> <20200313233752.43d6fc44f51a60acbe4a9bb8@magnetkern.de> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48gXgK6rn6z3x6N X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of jbe-mlist@magnetkern.de designates 185.228.139.199 as permitted sender) smtp.mailfrom=jbe-mlist@magnetkern.de X-Spamd-Result: default: False [2.80 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; NEURAL_SPAM_MEDIUM(0.98)[0.980,0]; RCPT_COUNT_ONE(0.00)[1]; DMARC_NA(0.00)[magnetkern.de]; MV_CASE(0.50)[]; NEURAL_SPAM_LONG(0.97)[0.975,0]; IP_SCORE(0.54)[ipnet: 185.228.136.0/22(3.34), asn: 197540(-0.60), country: DE(-0.02)]; RCVD_NO_TLS_LAST(0.10)[]; RECEIVED_SPAMHAUS_PBL(0.00)[79.95.212.93.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:197540, ipnet:185.228.136.0/22, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Mar 2020 21:31:27 -0000 On Fri, 13 Mar 2020 23:37:52 +0100 Jan Behrens wrote: > On Sat, 14 Mar 2020 04:51:43 +0900 (JST) > Hiroki Sato wrote: > > > Jan Behrens wrote > > in <20200313202833.cbbe8d1679ac0fd7a80788e1@magnetkern.de>: > > > > jb> Is it intended that "net.inet6.ip6.prefer_tempaddr" takes precedence > > jb> over "prefer_source"? If yes, why? > > > > Yes, and the reason is that RFC 6724 specifies that behavior. > > [...] > > > If prefer_source takes precedence, the tempaddr will nerver be used. > > That depends on how "prefer_source" competes with other rules for > source address selection. > > [...] > > Moreover, preferring temporary addresses over addresses marked with > "prefer_source" doesn't seem to make much sense (even if the RFC would > demand it). This is because it doesn't seem to make much sense to mark > a temporary address as preferred. Does anyone know a (real life) example where "prefer_source" has any useful effect (given FreeBSD's current behavior) if privacy extensions are enabled? > That assumed, the current behavior of FreeBSD effectivly renders > "prefer_source" useless if net.inet6.ip6.prefer_tempaddr=1. I would propose to set "prefer_source"'s precedence just one level higher than net.inet6.ip6.prefer_tempaddr. -- Jan > > > > > -- Hiroki > > Regards, > Jan Behrens From owner-freebsd-net@freebsd.org Sun Mar 15 22:26:41 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5A68827A8B4 for ; Sun, 15 Mar 2020 22:26:41 +0000 (UTC) (envelope-from email@email.com) Received: from mail.gipermarket.kg (mail.gipermarket.kg [212.112.116.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48gYv426Qhz3xyx for ; Sun, 15 Mar 2020 22:26:40 +0000 (UTC) (envelope-from email@email.com) Received: from localhost (localhost [127.0.0.1]) by mail.gipermarket.kg (Postfix) with ESMTP id 7F58B7295F8B8 for ; Mon, 16 Mar 2020 04:20:09 +0600 (+06) Received: from mail.gipermarket.kg ([127.0.0.1]) by localhost (mail.gipermarket.kg [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 7acvOsLbTfNn for ; Mon, 16 Mar 2020 04:20:09 +0600 (+06) Received: from localhost (localhost [127.0.0.1]) by mail.gipermarket.kg (Postfix) with ESMTP id C71FE86326E7C for ; Mon, 16 Mar 2020 04:10:54 +0600 (+06) X-Virus-Scanned: amavisd-new at mail.gipermarket.kg Received: from mail.gipermarket.kg ([127.0.0.1]) by localhost (mail.gipermarket.kg [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id qUSiy2NQA9US for ; Mon, 16 Mar 2020 04:10:54 +0600 (+06) Received: from email.com (unknown [108.62.118.161]) by mail.gipermarket.kg (Postfix) with ESMTPA id ED40E822F0599 for ; Mon, 16 Mar 2020 04:04:44 +0600 (+06) From: freebsd.org To: freebsd-net@freebsd.org Subject: You failed email deliveries Date: 15 Mar 2020 15:04:42 -0700 Message-ID: <20200315150441.A46A2BCC953D496C@email.com> X-Rspamd-Queue-Id: 48gYv426Qhz3xyx X-Spamd-Bar: +++++++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=fail (mx1.freebsd.org: domain of email@email.com does not designate 212.112.116.229 as permitted sender) smtp.mailfrom=email@email.com X-Spamd-Result: default: False [9.80 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEMAIL_FROM(0.00)[email.com]; TO_DN_NONE(0.00)[]; PHISHED_PHISHTANK(2.10)[hp http://www.phishtank.com/phish_detail.php?phish_id=6442871]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:~]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[email.com]; ASN(0.00)[asn:12764, ipnet:212.112.116.0/24, country:KG]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; R_SPF_FAIL(1.00)[-all:c]; RCVD_COUNT_FIVE(0.00)[6]; RSPAMD_URIBL(4.50)[firebasestorage.googleapis.com]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE_FREEMAIL(0.00)[]; IP_SCORE(0.00)[asn: 12764(2.18), country: KG(0.08)]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; NEURAL_SPAM_MEDIUM(1.00)[0.998,0]; RCPT_COUNT_ONE(0.00)[1]; DMARC_NA(0.00)[email.com]; NEURAL_SPAM_LONG(1.00)[1.000,0]; RCVD_IN_DNSWL_NONE(0.00)[229.116.112.212.list.dnswl.org : 127.0.10.0]; MIME_HTML_ONLY(0.20)[]; RCVD_TLS_LAST(0.00)[]; GREYLIST(0.00)[pass,body] X-Spam: Yes MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Mar 2020 22:26:41 -0000 From owner-freebsd-net@freebsd.org Mon Mar 16 11:11:54 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DAE29262E9D for ; Mon, 16 Mar 2020 11:11:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 48gtt24ZcYz3xMF for ; Mon, 16 Mar 2020 11:11:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 5B948262E9A; Mon, 16 Mar 2020 11:11:54 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5A9C7262E99 for ; Mon, 16 Mar 2020 11:11:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48gtt20qbRz3xL0 for ; Mon, 16 Mar 2020 11:11:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EFE5B1F9F7 for ; Mon, 16 Mar 2020 11:11:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02GBBr7i073977 for ; Mon, 16 Mar 2020 11:11:53 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02GBBrO9073973 for net@FreeBSD.org; Mon, 16 Mar 2020 11:11:53 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 243126] iflib: Assertion fl->ifl_cidx == cidx failed at /usr/src/sys/net/iflib.c:2531 with if_vmx(4) Date: Mon, 16 Mar 2020 11:11:53 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: crash, needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: julien@perdition.city X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? X-Bugzilla-Changed-Fields: cc flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Mar 2020 11:11:55 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243126 Julien Cigar changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |julien@perdition.city Flags| |mfc-stable12? --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Mar 16 13:43:47 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 37BB2266C1F for ; Mon, 16 Mar 2020 13:43:47 +0000 (UTC) (envelope-from jjasen@gmail.com) Received: from mail-qk1-x72d.google.com (mail-qk1-x72d.google.com [IPv6:2607:f8b0:4864:20::72d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48gyFD6YYlz3H9P for ; Mon, 16 Mar 2020 13:43:44 +0000 (UTC) (envelope-from jjasen@gmail.com) Received: by mail-qk1-x72d.google.com with SMTP id x18so6031330qki.10 for ; Mon, 16 Mar 2020 06:43:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=C32sAqSeReOuhuKeVrvAfa4D5nlvE0qR+p5iBHvBs24=; b=OB2ir4/I7nSFWm+GRRl8HXiZUxNTpvJl8fQdqCfjx10MZ+IwxBW5l2ELxni86vA8Wv CebTOYzNbuY3ehYLNEqR6TnfNulD/UtRGr0Mo2OUxLzhIMseLzYjlReVWQjdCvt+8Ucd T4628Ex9cnwq+L1TSiwFKV2iXew5sQ5QRxunvdg8vuZeiAI/LsHMt6p+PH4CK32KBZaI L2SzGJFC6QDw8NJdcQqNnWn2OtsLLMHkywKPBq9+qB9Zcsjnv6ahdHtrSmwqZFI6v8lE XXEPafnZQEAjHv4sLPXOnHdYpzO/ntx5Q3XVnBoW6HJuEO9U9GfHm3kTmi8cP7q2/Jrk nfKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=C32sAqSeReOuhuKeVrvAfa4D5nlvE0qR+p5iBHvBs24=; b=Cj0MSfXVqiUfHTN3dm8LIY2YF70gE8ZPqZJwHefofdRsSOafa3U86evQrKxvYm7Xo7 KAxz/MT0ry3VYuLti6GXT4fuqdneYZkJgkdrEBPuv/MAajBISsH5RpRUZLZg2JR4IDuc 0YMxXooe4Lwb1NJi8JOrXBW3AXx93hcR2OZiox49abesu+pcrV4gACPqVVcefmqgvvPV N0p/8KIzVa+3b+w0zKth52QYD36TYgvSdi6jzHOIalR6QVhyqpnWeJR3VKnYIrCEmbJ2 ozjUUlMwx3M9DMm68//aEv7EfJJTPicvnTZeAOuaWaxgeQ2t3ymCVB2NORMZdEk8gTm6 x1BA== X-Gm-Message-State: ANhLgQ0YISRDNaWOT98TpqeST5hgoiLpb7QQv+n2Vvxx/4LuUqEAb68m wDp8rcjuMJMT0D1ddUcEMASVkfw3QrkzD7kVqAjZp/7+pD8= X-Google-Smtp-Source: ADFU+vvJliaWBBMtveIsSXc4CcD1dWxJFtuKLRGBLM4EHHsMePF7W5ZhcF3M1Qr39Lmg1wZRMLXXHeKRYn0DozV8E7k= X-Received: by 2002:ae9:e70d:: with SMTP id m13mr11972327qka.451.1584366223495; Mon, 16 Mar 2020 06:43:43 -0700 (PDT) MIME-Version: 1.0 From: John Jasen Date: Mon, 16 Mar 2020 09:43:32 -0400 Message-ID: Subject: FreeBSD 11.3: Chelsio t5nex encountered fatal error To: FreeBSD Net X-Rspamd-Queue-Id: 48gyFD6YYlz3H9P X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=OB2ir4/I; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of jjasen@gmail.com designates 2607:f8b0:4864:20::72d as permitted sender) smtp.mailfrom=jjasen@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(0.00)[ip: (-9.24), ipnet: 2607:f8b0::/32(-1.85), asn: 15169(-1.65), country: US(-0.05)]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[d.2.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Mar 2020 13:43:47 -0000 We use FreeBSD on our firewalls, relying on Chelsio T5 and T6 series cards for high performance networking. Friday night, our backup firewall went offline -- apparently taking both network cards out. DMESG reported the following error: t5nex0: ! PL_PERR_CAUSE 0x19404 = 0x00000010, E 0x9fffe3ff, F 0xffffffff t5nex0: ! [0x00000010] MPS t5nex0: * PL_INT_CAUSE 0x1940c = 0x00000052, E 0x9fffff7d, F 0x00000000 t5nex0: * [0x00000040] PL t5nex0: * [0x00000010] MPS t5nex0: - [0x00000002] I2CM t5nex0: ! PL_PL_INT_CAUSE 0x19430 = 0x00000050, E 0x00000010, F 0x00000010 t5nex0: ! [0x00000010] Fatal parity error t5nex0: ? [0x00000040] t5nex0: ! MPS_RX_PERR_INT_CAUSE 0x11074 = 0x00008000, E 0x00ffffff, F 0x00ffffff t5nex0: ! [0x00008000] MPS Rx parity error t5nex0: encountered fatal error, adapter stopped. Is the card dying or dead, or something worse? Thanks! From owner-freebsd-net@freebsd.org Mon Mar 16 13:52:05 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 94328266F82 for ; Mon, 16 Mar 2020 13:52:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 48gyQr5B6dz4182 for ; Mon, 16 Mar 2020 13:52:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id A3D3C266F81; Mon, 16 Mar 2020 13:52:04 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A1C14266F80 for ; Mon, 16 Mar 2020 13:52:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48gyQp6Km9z416d for ; Mon, 16 Mar 2020 13:52:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B0A912173C for ; Mon, 16 Mar 2020 13:52:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02GDq2De014972 for ; Mon, 16 Mar 2020 13:52:02 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02GDq29l014971 for net@FreeBSD.org; Mon, 16 Mar 2020 13:52:02 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 240608] if_vmx(4): iflib - Panic with INVARIANTS: Memory modified after free (12.1-pre-QA) Date: Mon, 16 Mar 2020 13:52:02 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: crash, needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: pkelsey@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Mar 2020 13:52:05 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240608 --- Comment #16 from Patrick Kelsey --- The following commits address this bug (the commit hook missed them because there was a typo in the reference to this bug in their commit logs): Author: pkelsey Date: Sat Mar 14 19:43:44 UTC 2020 New revision: 358995 URL: https://svnweb.freebsd.org/changeset/base/358995 Log: Fix iflib freelist state corruption This fixes a bug in iflib freelist management that breaks the required correspondence between freelist indexes and driver ring slots. PR: 243126, 243392, 240628 Reported by: avg, alexandr.oleynikov@gmail.com, Harald Schmalzbauer Reviewed by: avg, gallatin MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D23943 Changes: head/sys/net/iflib.c Author: pkelsey Date: Sat Mar 14 19:55:06 UTC 2020 New revision: 358997 URL: https://svnweb.freebsd.org/changeset/base/358997 Log: Remove freelist contiguous-indexes assertion from rxd_frag_to_sd() The vmx driver is an example of an iflib driver that might report packets using non-contiguous descriptors (with unused descriptors either between received packets or between the fragments of a received packet), so this assertion needs to be removed. For such drivers, the freelist producer and consumer indexes don't relate directly to driver ring slots (the driver deals directly with freelist buffer indexes supplied by iflib during refill, and reports them with each fragment during packet reception), but do continue to be used by iflib for accounting, such as determining the number of ring slots that are refillable. PR: 243126, 243392, 240628 Reported by: avg, alexandr.oleynikov@gmail.com, Harald Schmalzbauer Reviewed by: gallatin MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D23946 Changes: head/sys/net/iflib.c Author: pkelsey Date: Sat Mar 14 20:08:05 UTC 2020 New revision: 359000 URL: https://svnweb.freebsd.org/changeset/base/359000 Log: Fix if_vmx receive checksum offload bug and harden against the device skipping receive descriptors This fixes a bug where the checksum offload status of received packets was being taken from the first descriptor instead of the last, which affected LRO packets. The driver has been hardened against the device skipping receive descriptors, although it is not believed that this can occur given the way this implementation configures the receive rings. Additionally, for packets received with the error indicator set, the driver now forces the length of all fragments in that packet to zero prior to passing it to iflib. Such packets should wind up being discarded at some point in the stack anyway, but this removes any questions by killing them in the driver. Counters have been added (and exposed via sysctls) for skipped receive descriptors, zero-length packets received, and packets received with the error indicator set so that these conditions can be easily observed in the field. PR: 243126, 243392, 240628 Reported by: avg, alexandr.oleynikov@gmail.com, Harald Schmalzbauer Reviewed by: gallatin MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D23949 Changes: head/sys/dev/vmware/vmxnet3/if_vmx.c head/sys/dev/vmware/vmxnet3/if_vmxvar.h --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Wed Mar 18 04:31:21 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 722C427BE6D for ; Wed, 18 Mar 2020 04:31:21 +0000 (UTC) (envelope-from neel@neelc.org) Received: from rainpuddle.neelc.org (rainpuddle.neelc.org [66.42.69.219]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48hxtv150vz4dp6 for ; Wed, 18 Mar 2020 04:31:18 +0000 (UTC) (envelope-from neel@neelc.org) Received: from mail.neelc.org (rainpuddle.neelc.org [IPv6:2001:19f0:8001:fed:5400:2ff:fe73:c622]) by rainpuddle.neelc.org (Postfix) with ESMTPSA id D8ACBB1EFE for ; Tue, 17 Mar 2020 21:31:10 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Tue, 17 Mar 2020 21:31:10 -0700 From: Neel Chauhan To: freebsd-net@freebsd.org Subject: IPFW In-Kernel NAT vs PF NAT Performance User-Agent: Roundcube Webmail/1.4.1 Message-ID: X-Sender: neel@neelc.org X-Rspamd-Queue-Id: 48hxtv150vz4dp6 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=neelc.org; spf=pass (mx1.freebsd.org: domain of neel@neelc.org designates 66.42.69.219 as permitted sender) smtp.mailfrom=neel@neelc.org X-Spamd-Result: default: False [-6.03 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.89)[-0.893,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-0.998,0]; IP_SCORE(-3.34)[ip: (-9.81), ipnet: 66.42.64.0/20(-4.91), asn: 20473(-1.91), country: US(-0.05)]; DMARC_POLICY_ALLOW(-0.50)[neelc.org,none]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:20473, ipnet:66.42.64.0/20, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2020 04:31:21 -0000 Hi freebsd-net@ mailing list, Right now, my firewall is a HP T730 thin client (with a Dell Broadcom 5720 PCIe NIC) running FreeBSD 12.1 and IPFW's In-Kernel NAT. My ISP is "Wave G" in the Seattle area, and I have the Gigabit plan. Speedtests usually give me 700 Mbps down/900 Mbps up, and 250-400 Mbps down/800 Mbps up during the Coronavirus crisis. However, I'm having problems with an application (Tor relays) where I am not able to use a lot of bandwidth for Tor, Coronavirus-related telecommuting or not. My Tor server is separate from my firewall. Which firewall gives better performance, IPFW's In-Kernel NAT or PF NAT? I am dealing with 1000s of concurrent connections but browsing-level-bandwidth at once with Tor. Also, I hope you all stay safe and healthy during the Coronavirus crisis. -Neel === https://www.neelc.org/ From owner-freebsd-net@freebsd.org Wed Mar 18 06:17:21 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E67C727DC18 for ; Wed, 18 Mar 2020 06:17:21 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48j0FF4mCrz4bdb; Wed, 18 Mar 2020 06:17:21 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [5.9.86.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.codepro.be", Issuer "Let's Encrypt Authority X3" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id 4B49E8185; Wed, 18 Mar 2020 06:17:21 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from [10.67.165.197] (unknown [5.35.166.165]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id 1733344876; Wed, 18 Mar 2020 07:17:18 +0100 (CET) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Kristof Provost Mime-Version: 1.0 (1.0) Subject: Re: IPFW In-Kernel NAT vs PF NAT Performance Date: Wed, 18 Mar 2020 15:17:12 +0900 Message-Id: References: Cc: freebsd-net@freebsd.org In-Reply-To: To: Neel Chauhan X-Mailer: iPhone Mail (17D50) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2020 06:17:22 -0000 > On 18 Mar 2020, at 13:31, Neel Chauhan wrote: >=20 > =EF=BB=BFHi freebsd-net@ mailing list, >=20 > Right now, my firewall is a HP T730 thin client (with a Dell Broadcom 5720= PCIe NIC) running FreeBSD 12.1 and IPFW's In-Kernel NAT. My ISP is "Wave G"= in the Seattle area, and I have the Gigabit plan. >=20 > Speedtests usually give me 700 Mbps down/900 Mbps up, and 250-400 Mbps dow= n/800 Mbps up during the Coronavirus crisis. However, I'm having problems wi= th an application (Tor relays) where I am not able to use a lot of bandwidth= for Tor, Coronavirus-related telecommuting or not. My Tor server is separat= e from my firewall. >=20 > Which firewall gives better performance, IPFW's In-Kernel NAT or PF NAT? I= am dealing with 1000s of concurrent connections but browsing-level-bandwidt= h at once with Tor. >=20 I=E2=80=99d expect both ipfw and pf to happily saturate gigabit links with N= AT, even on quite modest hardware. Are you sure the NAT code is the bottleneck? Regards, Kristof From owner-freebsd-net@freebsd.org Wed Mar 18 14:25:36 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 86167261948 for ; Wed, 18 Mar 2020 14:25:36 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jC4c27Ncz46vX; Wed, 18 Mar 2020 14:25:36 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from onlyone.not-for.work (onlyone.not-for.work [IPv6:2a01:4f8:201:6350::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: lev/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id CBC63BBE3; Wed, 18 Mar 2020 14:25:35 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from [192.168.23.230] (unknown [89.113.128.32]) (Authenticated sender: lev@serebryakov.spb.ru) by onlyone.not-for.work (Postfix) with ESMTPSA id 48DA143E6; Wed, 18 Mar 2020 17:25:33 +0300 (MSK) Reply-To: lev@FreeBSD.org Subject: Re: IPFW In-Kernel NAT vs PF NAT Performance To: Kristof Provost , Neel Chauhan Cc: freebsd-net@freebsd.org References: From: Lev Serebryakov Autocrypt: addr=lev@FreeBSD.org; prefer-encrypt=mutual; keydata= xsFNBFKbGksBEADeguVs+XyJc3mL3iiOBqDd16wSk97YTJYOi4VsHsINzJr09oFvNDiaDBIi fLn2p8XcJvehcsF2GSgrfXfw+uK4O1jyNIKJmiYA0EtE+ZbRtvDrrE0w6Q8+SDeKA21SWh3Y vSQ0DJUontbgW55ER2CbEiIUTIn34uQ0kmESAaw/v5p/9ue8yPTmURvv130FqPFz8VPzltqL NxyGt54TxPfKAzAHEIwxlEZ63JOwzloKh1UDBExcsf9nJO08/TAVgR5UZ5njFBPzaaquhRoP qPJLEQQDqxPIlvMNtHKf7iIebE4BHeqgCdJA0BoiR6gpa0wlsZtdrTPK3n4wYSphLvGbhfOZ YW/hbcu7HYS/FImkVxB3iY17kcC1UTnx4ZaYeASPBGOOPbXky1lLfmDGWIFT//70yx+G17qD OZzF1SvJJhGvh6ilFYaWMX7T+nIp6Mcafc4D7AakXM+XdubNXOMlCJhzPcZ0skgAEnYV587w V7em5fDVwQccwvtfezzqKeJAU5TGiywBHSR5Svzk2FwRNf6M//hWkpq0SRR63iOhkHGOAEBi 69GfEIwH2/w24rLxP0E+Hqq8n+EWNkPatw1Mhcl5PKkdvGCjJUaGNMkpBffjyYo254JXRscR eEnwdIkJt4ErDvjb2/UrOFq31wWMOiLzJeVchAgvTHBMRfP9aQARAQABzShMZXYgU2VyZWJy eWFrb3YgPGxldkBzZXJlYnJ5YWtvdi5zcGIucnU+wsGwBBMBCABDAhsDBwsJCAcDAgEGFQgC CQoLBBYCAwECHgECF4ACGQEWIQT5bRygtfQxi2dLMwrqsDxYv9xHjwUCW/03kQUJDwW3xgAh CRDqsDxYv9xHjxYhBPltHKC19DGLZ0szCuqwPFi/3EePHxkP+wWNrAyks2fQctY/Gl7TMh+Y Q9uX0hAuZ2Vvi0LswBl/R85SsS7IvI9b3ogOWA8CAlHAxkvgH6sWrwRTNcCPS1MzulYxS914 0CSkdwwbv1JyDOOWYU6s8PfT9+BZr+9eNXStmEdEL5XcA1k2YncQtlR3m+oLkqlAOtteZWti pitMIX9BGYIVKyl0t0RnIx+m/QPVGU9gu02j0I3NSRnKQPyFxZqYK0nPBu+FKaEhIAqdKPOv GL4/ijansdiWO3mXy18G0Mkr8yYRSidpGgXGY6lmGzQ3R6ZS30bLI8DkskOOvfErwhZv5dH5 w4+JH5sQ7bIL5HEXs//ZU9UzMdQwcURMjcFfKGyfL0hSLRqzP8m7SL1k9ZL161OQ6C5zVO/M bSCmeeLkbfOj1NW1ZIv6UjVVWE/LS4+gqg/04C+Y24vj+7vMpBVEevdwmIEdmVciFudklcnN omuocb29GKbquRZRDGiE+mhqkwmp5e59AnePp3+AvkewSCsXlR1sfjEP/Tn5OsYerJ7eAAOj DjxO374TAqJG5ftW4BA/nVmx9FGKV1/A9Yc1UuH6LdQfLf7pmTck1Cxg4kdH+3qKGD63sAR0 Wh27XDjnBKXJUN7J+nctWMZJMvw4OhTXdTyVhWt6USKEzw8M5plY4sFqxBEAe8igQXlq1Xjd ISV7wYhT4l3FzsFNBFKbGksBEAC0a9wfjo2P3JyT7Lc+QlbFVshGbSbazb4ma7QYG5IZZD5v fLBFkePoG6cnrn3WCXp4A43hszAynCwe4eXyAkv4+gPF3ZSeNE5Wz3zYG+jh2nm2iGCkyaVy kfbA+2chor2DKH5tHpuNMBlF+wSJHZKJmlo/sFIktAnV1NBVg4/cL+9/hIpvl82cl3hYCD7/ e7/qRE+w38CpAAzn65FvbODn7xlY3fsJt+cHPBJ4EBM9KnTwcce+F+72RQMZQEl7vIAwSRmL dgZHN0MFC533l62SVoKjT0eaOOIBrvesmojhWjfwugibXr+WRF/tGcW77Bxwe2eQLbEVESqW eMORxRxocx7Q7aACoHmf4G4U1Vzx7zUEfNfHjfjZeQVfAURf/MoUelZSW/BmMIfKCg3lRlWA t+Pq2h2UADPVqAZze45beE/c8z8LZsOZiGoRhYL8NSg6+ziLTdmYLWdtFGAuZhqOtNp5h6tG j21OksBotcaIa5YjbCmmnImIjGlSBkUKvIhq/RXth5b2gNwaQdu+Yv4AlZVHRsuVywL/skDF L5+We11bDK6MQ5PzvmntRJcgbyoisn1hiV04OV1LpJJMkJn1j8VlBqDQNT/z+BjB0ru/0anv +5uLj7v0ck06rEo4yiXT/ZAcBM76j7V7FaGbkoba6bUUCQ2H5YYBOKpikjCnpwARAQABwsGT BBgBCAAmAhsMFiEE+W0coLX0MYtnSzMK6rA8WL/cR48FAlv9N7IFCQ8Ft+cAIQkQ6rA8WL/c R48WIQT5bRygtfQxi2dLMwrqsDxYv9xHj3CnD/9btCtkcphRYRUe08tUyVwzV/syDCdiUhF7 8jqDKTC+3zuyrFJi7t4fF9follHYz1Ri5RixxJHnuDFcq7ZTOprPYqO8QhckLAJOy5dmORDX 2guEA+y5zDYBwwjpio9dtnuE7QyHyMx4nMPq8O/HfO+6dDEZChkrGvcG9FTI7s0JhsDs3xxw jcROZ2OP0lNu2571ZpR4YuzMUOIhOaQBIF2wrTvLjKUsAnNQYK9gsFTeDHRsE4HZLxJvEdiZ CWN7COi9un4xtP4Khc3Fmn6ANEyh0bIgx1Eii2RGINuA2XRVYhPRJLUZRSVQcrND9k9S+m+T oaqz9JgFLusFA1KhdeYnE1bojpq1U1bsmEicLW2QfEGVumKTgUrTsno0cVPH73KDILFvHA0D 8t4UaQveRTRUVdHZ02IBVt655Q8Xq1TkHJ7l+2Ckso5IBujWD74QpSRzzffn/ihhEExwYSTj FSs0C/OgU+EDZbcq2SWu4n1OGsW337/80HnJKVWBPAZYy4EmiyQSY05MG/fj9RA9Qi4TjFLD LrIf6dFAmiiIwWjlAKiyyUk+XDJXrc1L2VhcHqfdBY4I/qwV1YAI1QI4W/i6TstB1j0GwKa3 ZORwu4eahL5+9R6xBedhXZpCL0dyKuI8iPaC8npaOCJoL8+l4+KXR/PKt8b8kzIcvSpyCZii PQ== Organization: FreeBSD Message-ID: Date: Wed, 18 Mar 2020 17:25:25 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Yc5aUcvycYav8R41du61NdBPnoNoh6wES" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2020 14:25:36 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Yc5aUcvycYav8R41du61NdBPnoNoh6wES Content-Type: multipart/mixed; boundary="3MOFVab7iNuahX5g7fu9YLLar4FXGkxqa" --3MOFVab7iNuahX5g7fu9YLLar4FXGkxqa Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 18.03.2020 9:17, Kristof Provost wrote: >> Which firewall gives better performance, IPFW's In-Kernel NAT or PF NA= T? I am dealing with 1000s of concurrent connections but browsing-level-b= andwidth at once with Tor. >> > I=E2=80=99d expect both ipfw and pf to happily saturate gigabit links w= ith NAT, even on quite modest hardware. > Are you sure the NAT code is the bottleneck? ipfw nat is very slow, really. There are many reasons, and one of them (easy fixable, but you need patch sources and rebuild kernel/module) is that `libalias` uses only 4096 buckets in state hashtable by default. So it could saturate 1GBps link if you have 10 TCP connections, but it could not saturate 100Mbit if your have, say, 100K UDP streams. I don't know about pf nat. --=20 // Lev Serebryakov --3MOFVab7iNuahX5g7fu9YLLar4FXGkxqa-- --Yc5aUcvycYav8R41du61NdBPnoNoh6wES Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE+W0coLX0MYtnSzMK6rA8WL/cR48FAl5yL1xfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEY5 NkQxQ0EwQjVGNDMxOEI2NzRCMzMwQUVBQjAzQzU4QkZEQzQ3OEYACgkQ6rA8WL/c R4/VEQ/+JxL7hDg68yqRxHzowCkKM9kv4GP0r2JASfMxtjba/Nl6I/lHt7Qsj4wA uodSSEiqWlN9cxSHwZK4IPac7bmow0VaDLmAfTZfpg7CIGFlqZM0QwNHHEW01z4T gpe7riFhkkPrDNeYwsFvC9WQq22AXZS1nX92BWNhfWsIENC8X4nMi5cRGdZxWDxo ogSYKhsHXkBUPRMqk2phSpzVB1XDht5mwtlZYq1Oq5+c9JCjRtpg/1EnqgMAQARr H3L4p8hCRLBrbcYUMEdf+ijyGPaXQ1Z8386ski30g+N2R1VgFFevVoz33JO8H9FB jg74MkGumOtb1LzHtWSNBUlcXbsZk9v9hNrHV1w3myFDIY6WxOX/jLHLt+/QO2KL ss2vLLwTvzlT8z1hkqH554f5a+DXoaFLXFEKHgYxdHNDQD3T+IoTjEdCU+GNlrpu DyYfUYxwQP7qXlyBEp3cjcCIY6a1OJNrLrxj3DY1h9Zba9CxpcjnzLW15O/+zLjH s2Q2+jokDa6JXsF/G8hXvQTZ+5dCEKZJkRXhk3SZi7f0xp3BOlVokjn6a1hIa9kU izgDrjb1Tzw+qmDAvBdIANTXuzoGpDoRMTVWpIM1SxWXc5STuaTnmH5L1eRUgrJq aB9LiCoKL2AnItH4vhkfwo0n84iWRPgLx/QlrE/mMw39kGZwSLU= =VVoY -----END PGP SIGNATURE----- --Yc5aUcvycYav8R41du61NdBPnoNoh6wES-- From owner-freebsd-net@freebsd.org Wed Mar 18 15:16:05 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 89C9A262E5B; Wed, 18 Mar 2020 15:16:05 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48jDBr1ry7z43S7; Wed, 18 Mar 2020 15:16:03 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=Message-ID:Subject:To:From:Date:In-Reply-To; bh=dTL+STWUqyF7B3+ZmowC4TSkj/rpTevJ4yccOsO6cOA=; b=PnFR1LasAfca90HgDnUBMicTEl jD2CcRFKCPq3Rdw7tjNsHP61QBkjErsTbZMUt7VyowT4JFZdLlH0G1ei2hd7pr99kwBG/bHevcDnj KH+Ub1zkd9XOWVTlmDlca4cNU5fH6b/1FBFqTQRDKMqd2RSN82FqA5dL9IzJeKBwTyuA=; Received: from vas by admin.sibptus.ru with local (Exim 4.93.0.4 (FreeBSD)) (envelope-from ) id 1jEaQG-000Gz4-EM; Wed, 18 Mar 2020 22:15:56 +0700 Date: Wed, 18 Mar 2020 22:15:56 +0700 From: Victor Sudakov To: freebsd-questions@freebsd.org Cc: freebsd-net@freebsd.org Subject: IPv6 in jails Message-ID: <20200318151556.GA64871@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gKMricLos+KVdGMg" Content-Disposition: inline X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 48jDBr1ry7z43S7 X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=PnFR1Las; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.44 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.979,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE(-3.36)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.91), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2020 15:16:05 -0000 --gKMricLos+KVdGMg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Dear Colleagues, Is IPv6 in jails supposed to work? Does not work for me, what am I doing wrong? Here is a test jail: test4 {=20 path =3D /d02/jails/test4 ; mount.devfs; ip4 =3D new; ip6 =3D new; ip4.addr =3D 192.168.4.204/24; ip6.addr =3D 2001:470:ecba:3::4/64; host.hostname =3D test4.vas.sibptus.ru ; interface =3D re1 ; allow.raw_sockets =3D true ; exec.start =3D "/bin/sh /etc/rc"; exec.stop =3D "/bin/sh /etc/rc.shutdown"; } However when I look from inside the jail, I see the daemons listening only on IPv4: root@test4:/ # sockstat -l USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS = =20 root sendmail 17178 3 tcp4 192.168.4.204:25 *:* root sshd 17175 3 tcp4 192.168.4.204:22 *:* root syslogd 17110 5 udp4 192.168.4.204:514 *:* If I "ssh 2001:470:ecba:3::4" from outside, I get into the host instead of the jail (because 2001:470:ecba:3::4 *is* assigned to re1, but not available inside the jail). --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --gKMricLos+KVdGMg Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJecjssAAoJEA2k8lmbXsY00J4H+wdUu662JaOYQBHyt1d6ioDE QRjKaBQPJXP0OEvZhH1PfyShiPSCYTpLyi1QTTE9xAbd8WoZ4Crn7VSjZIgY2+/y 4eR6eR8hlXLOS+ZwqSqJhlTdwhKoZrR2DLmD7N54vZOCZbEqp+LHSl4O3YvTPyx9 TzUioH93sNxNFRODV+3C5ibJbaNIvpPDV866tqLCL+uZQJe513vugsjUEY+gVcdE qGNCoTcMLMxjqTLOVXN0bCjGDERNej5gW1q/TawVpk7PTIEIJrHqvKCqRNlomEot XvjQoCwiwDr2cn3skBktvAwqfV+PgObgoZOG1L9sOU1QSx6uochA+m7OFaVPEZo= =V3cQ -----END PGP SIGNATURE----- --gKMricLos+KVdGMg-- From owner-freebsd-net@freebsd.org Wed Mar 18 15:24:56 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A725B263344; Wed, 18 Mar 2020 15:24:56 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:13b:39f::9f:25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jDP25SM2z4PQM; Wed, 18 Mar 2020 15:24:54 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 6961D8D4A165; Wed, 18 Mar 2020 15:24:46 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id D862AE707FE; Wed, 18 Mar 2020 15:24:46 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id ctVEeAPK4ABZ; Wed, 18 Mar 2020 15:24:45 +0000 (UTC) Received: from [169.254.231.217] (unknown [IPv6:fde9:577b:c1a9:4902:d1ed:d97:f150:a4e5]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id F10ABE707C6; Wed, 18 Mar 2020 15:24:44 +0000 (UTC) From: "Bjoern A. Zeeb" To: "Victor Sudakov" Cc: freebsd-questions@freebsd.org, freebsd-net@freebsd.org Subject: Re: IPv6 in jails Date: Wed, 18 Mar 2020 15:24:42 +0000 X-Mailer: MailMate (2.0BETAr6146) Message-ID: <069AA173-29F1-4F9F-B7D6-31BF2C559C17@lists.zabbadoz.net> In-Reply-To: <20200318151556.GA64871@admin.sibptus.ru> References: <20200318151556.GA64871@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: text/plain; format=flowed X-Rspamd-Queue-Id: 48jDP25SM2z4PQM X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of bzeeb-lists@lists.zabbadoz.net designates 2a01:4f8:13b:39f::9f:25 as permitted sender) smtp.mailfrom=bzeeb-lists@lists.zabbadoz.net X-Spamd-Result: default: False [-4.75 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; NEURAL_HAM_MEDIUM(-0.91)[-0.909,0]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a01:4f8:13b:39f::9f:25]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[zabbadoz.net]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_SCORE(-2.55)[ip: (-8.58), ipnet: 2a01:4f8::/29(-2.57), asn: 24940(-1.56), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2020 15:24:56 -0000 On 18 Mar 2020, at 15:15, Victor Sudakov wrote: > Dear Colleagues, > > Is IPv6 in jails supposed to work? Does not work for me, what am I > doing > wrong? > > Here is a test jail: > > test4 { > path = /d02/jails/test4 ; > mount.devfs; > ip4 = new; > ip6 = new; > ip4.addr = 192.168.4.204/24; > ip6.addr = 2001:470:ecba:3::4/64; I usually do something like this: ip6.addr += "lo0|2001:db8:1234:5678::ef/128"; to add the single address out of a /64 to the loopback interface on the host and then pass it through to the jail. The /64 however is actually routed to my host so might not work if you have the /64 on the physical interface. Given it is a jail without vnet you cannot assign a /64 to the jail, you want to just specify the address usually (plainly or as /128). > host.hostname = test4.vas.sibptus.ru ; > interface = re1 ; > allow.raw_sockets = true ; > exec.start = "/bin/sh /etc/rc"; > exec.stop = "/bin/sh /etc/rc.shutdown"; > } > > However when I look from inside the jail, I see the daemons listening > only on IPv4: > > root@test4:/ # sockstat -l > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN > ADDRESS > root sendmail 17178 3 tcp4 192.168.4.204:25 *:* > root sshd 17175 3 tcp4 192.168.4.204:22 *:* > root syslogd 17110 5 udp4 192.168.4.204:514 *:* > > If I "ssh 2001:470:ecba:3::4" from outside, I get into the host > instead > of the jail (because 2001:470:ecba:3::4 *is* assigned to re1, but not > available inside the jail). One thing to check first is ifconfig inside the jail does see the address? /bz From owner-freebsd-net@freebsd.org Wed Mar 18 15:35:47 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 18B9526375A for ; Wed, 18 Mar 2020 15:35:47 +0000 (UTC) (envelope-from 4250.82.1d4c0000077af6f.1ea509d72ed5b568b156d10f219e11c5@email-od.com) Received: from s1-b0c6.socketlabs.email-od.com (s1-b0c6.socketlabs.email-od.com [142.0.176.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48jDdZ13g8z3PTK for ; Wed, 18 Mar 2020 15:35:45 +0000 (UTC) (envelope-from 4250.82.1d4c0000077af6f.1ea509d72ed5b568b156d10f219e11c5@email-od.com) DKIM-Signature: v=1; a=rsa-sha256; d=email-od.com;i=@email-od.com;s=dkim; c=relaxed/relaxed; q=dns/txt; t=1584545746; x=1587137746; h=content-transfer-encoding:content-type:mime-version:references:in-reply-to:message-id:subject:cc:to:from:date:x-thread-info; bh=tBgXcmyrB57JVVztcMEzo/Qug67y5lOLN+a3s/KAj8w=; b=r2jrqisk57fZ6VH7QJGDkrXDIkoTasG9mFXdfItQyI/VoZLpr+dUMsBcd1Qwawh2jbJFfBjWjKF7fDqGkcA/3WP8qelC6synZ87AOWmAntaj8uqZ2Nn8RtgacwBd2fxYc452ZADOz5ctHlP75hE6OBZqkF5083DjTq3mmuMlJxk= X-Thread-Info: NDI1MC45Mi4xZDRjMDAwMDA3N2FmNmYuZnJlZWJzZC1uZXQ9ZnJlZWJzZC5vcmc= Received: from r3.sg.in.socketlabs.com (r3.sg.in.socketlabs.com [142.0.179.13]) by mxsg2.email-od.com with ESMTP; Wed, 18 Mar 2020 11:35:38 -0400 Received: from smtp.lan.sohara.org (EMTPY [185.202.17.215]) by r3.sg.in.socketlabs.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Wed, 18 Mar 2020 11:35:37 -0400 Received: from [192.168.63.1] (helo=steve.lan.sohara.org) by smtp.lan.sohara.org with smtp (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1jEajH-000Frf-OB; Wed, 18 Mar 2020 15:35:35 +0000 Date: Wed, 18 Mar 2020 15:35:35 +0000 From: Steve O'Hara-Smith To: Victor Sudakov Cc: freebsd-questions@freebsd.org, freebsd-net@freebsd.org Subject: Re: IPv6 in jails Message-Id: <20200318153535.1a91d84f145e634594e6aca7@sohara.org> In-Reply-To: <20200318151556.GA64871@admin.sibptus.ru> References: <20200318151556.GA64871@admin.sibptus.ru> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0) X-Clacks-Overhead: "GNU Terry Pratchett" Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48jDdZ13g8z3PTK X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=pass header.d=email-od.com header.s=dkim header.b=r2jrqisk; dmarc=none; spf=pass (mx1.freebsd.org: domain of 4250.82.1d4c0000077af6f.1ea509d72ed5b568b156d10f219e11c5@email-od.com designates 142.0.176.198 as permitted sender) smtp.mailfrom=4250.82.1d4c0000077af6f.1ea509d72ed5b568b156d10f219e11c5@email-od.com X-Spamd-Result: default: False [1.79 / 15.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[email-od.com:s=dkim]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip4:142.0.176.0/20:c]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[sohara.org]; TO_DN_SOME(0.00)[]; NEURAL_SPAM_MEDIUM(0.87)[0.866,0]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[email-od.com:+]; NEURAL_SPAM_LONG(0.53)[0.528,0]; RCVD_IN_DNSWL_NONE(0.00)[198.176.0.142.list.dnswl.org : 127.0.15.0]; IP_SCORE(0.09)[ip: (-0.25), ipnet: 142.0.176.0/22(0.51), asn: 7381(0.26), country: US(-0.05)]; FORGED_SENDER(0.30)[steve@sohara.org,4250.82.1d4c0000077af6f.1ea509d72ed5b568b156d10f219e11c5@email-od.com]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:7381, ipnet:142.0.176.0/22, country:US]; FROM_NEQ_ENVFROM(0.00)[steve@sohara.org,4250.82.1d4c0000077af6f.1ea509d72ed5b568b156d10f219e11c5@email-od.com]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2020 15:35:47 -0000 On Wed, 18 Mar 2020 22:15:56 +0700 Victor Sudakov wrote: > If I "ssh 2001:470:ecba:3::4" from outside, I get into the host instead > of the jail (because 2001:470:ecba:3::4 *is* assigned to re1, but not > available inside the jail). Having the host listening on an address will stop any jails from being able to listen on that address. You need to stop the host services listening on the jail's IPv6 address. -- Steve O'Hara-Smith From owner-freebsd-net@freebsd.org Wed Mar 18 15:35:47 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9E158263764; Wed, 18 Mar 2020 15:35:47 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48jDdZ38xQz3PVM; Wed, 18 Mar 2020 15:35:46 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=D/4BCSUmmgSytvpw4imz6/5mp1g3nXUZsM0vJi0gB+w=; b=aYsubMipX9rBRtODWU9KowKBMv p+NkIUrKbAfIyp/0Kky1b2Bs3kKG6Ka/kG8SOREVKUZm+YkdNevwD8XDMi5Lnw5GXwYj5QkcaXsQq WXBG05msC7Ls0vTncOR2FxqRA6I4gMhYTxWk6DuiTJW8LK0i2t012x0kCIse+BLQs4Vc=; Received: from vas by admin.sibptus.ru with local (Exim 4.93.0.4 (FreeBSD)) (envelope-from ) id 1jEajQ-000H82-Um; Wed, 18 Mar 2020 22:35:44 +0700 Date: Wed, 18 Mar 2020 22:35:44 +0700 From: Victor Sudakov To: "Bjoern A. Zeeb" Cc: freebsd-questions@freebsd.org, freebsd-net@freebsd.org Subject: Re: IPv6 in jails Message-ID: <20200318153544.GA65497@admin.sibptus.ru> References: <20200318151556.GA64871@admin.sibptus.ru> <069AA173-29F1-4F9F-B7D6-31BF2C559C17@lists.zabbadoz.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="UlVJffcvxoiEqYs2" Content-Disposition: inline In-Reply-To: <069AA173-29F1-4F9F-B7D6-31BF2C559C17@lists.zabbadoz.net> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 48jDdZ38xQz3PVM X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=aYsubMip; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.43 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.976,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+mx:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; IP_SCORE(-3.36)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.91), country: US(-0.05)]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2020 15:35:47 -0000 --UlVJffcvxoiEqYs2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Bjoern A. Zeeb wrote: > >=20 > > Is IPv6 in jails supposed to work? Does not work for me, what am I doing > > wrong? > >=20 > > Here is a test jail: > >=20 > > test4 { > > path =3D /d02/jails/test4 ; > > mount.devfs; > > ip4 =3D new; > > ip6 =3D new; > > ip4.addr =3D 192.168.4.204/24; > > ip6.addr =3D 2001:470:ecba:3::4/64; >=20 > I usually do something like this: >=20 > ip6.addr +=3D "lo0|2001:db8:1234:5678::ef/128"; >=20 > to add the single address out of a /64 to the loopback interface on the h= ost > and then pass it through to the jail. The /64 however is actually routed= to > my host so might not work if you have the /64 on the physical interface. But the same syntax for IPv4 (192.168.4.204/24) works fine! The address 192.168.4.204 is successfully assigned to the jail. >=20 > Given it is a jail without vnet you cannot assign a /64 to the jail, you > want to just specify the address usually (plainly or as /128). Why is that? I can assign an IPv4 /24 to the jail but cannot assign an IPv6= /64 ? The prefix length should be irrelevant, as it is irrelevant in the IPv4 case. >=20 > > host.hostname =3D test4.vas.sibptus.ru ; > > interface =3D re1 ; > > allow.raw_sockets =3D true ; > > exec.start =3D "/bin/sh /etc/rc"; > > exec.stop =3D "/bin/sh /etc/rc.shutdown"; > > } > >=20 > > However when I look from inside the jail, I see the daemons listening > > only on IPv4: > >=20 > > root@test4:/ # sockstat -l > > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN > > ADDRESS > > root sendmail 17178 3 tcp4 192.168.4.204:25 *:* > > root sshd 17175 3 tcp4 192.168.4.204:22 *:* > > root syslogd 17110 5 udp4 192.168.4.204:514 *:* > >=20 > > If I "ssh 2001:470:ecba:3::4" from outside, I get into the host instead > > of the jail (because 2001:470:ecba:3::4 *is* assigned to re1, but not > > available inside the jail). >=20 > One thing to check first is ifconfig inside the jail does see the address? Yes, it does: root@test4:/ # ifconfig re1 re1: flags=3D8843 metric 0 mtu 1500 description: Inside options=3D8209b ether c4:12:f5:33:c9:7c inet 192.168.4.204/24 broadcast 192.168.4.255 inet6 2001:470:ecba:3::4/64 media: Ethernet autoselect (none) status: no carrier nd6 options=3D21 root@test4:/ #=20 --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --UlVJffcvxoiEqYs2 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJecj/QAAoJEA2k8lmbXsY0m8YH/ij3ft/MAARs0Mnl+MPCWAFu 9yPOQXoLTsyHVx9Pvfp7YXHFEUwjoHx8e3+9jLkKMCy3O1aLi95Ztn344YWISdl/ DTpQFiromtWflvkeIf8obzhHrVEzOMBEWnYX340rQ/UFDc+Z2ya++7MuIU9Czac7 0qRe+b6owGWR6Jfn/GgRXYPuEoKMvxT6cnQJSbdsTKRw6a1tfeVMNvKzIcz0AhBp DeJoX7f5CNKNoPlwEMsM2ZsrgAryAv9aT+tuLnZtsgt62FBtUxyb1Dp/4gEozW/Z f1ngQ7RI/sFVgG9IFrqKVZixWmSJHPeDeUBivRw1EfLooLblJ9drg2TSRBO8dAc= =O2Nl -----END PGP SIGNATURE----- --UlVJffcvxoiEqYs2-- From owner-freebsd-net@freebsd.org Wed Mar 18 15:37:52 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 328B0263B22; Wed, 18 Mar 2020 15:37:52 +0000 (UTC) (envelope-from SRS0=E3hR=5D=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48jDgx4V3Xz3yTM; Wed, 18 Mar 2020 15:37:49 +0000 (UTC) (envelope-from SRS0=E3hR=5D=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 6A9E82842B; Wed, 18 Mar 2020 16:37:46 +0100 (CET) Received: from illbsd.quip.test (ip-62-24-92-232.net.upcbroadband.cz [62.24.92.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 7323528416; Wed, 18 Mar 2020 16:37:45 +0100 (CET) Subject: Re: IPv6 in jails To: Victor Sudakov , freebsd-questions@freebsd.org Cc: freebsd-net@freebsd.org References: <20200318151556.GA64871@admin.sibptus.ru> From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: <2dd539ed-0ee3-079b-27b2-28126056c69a@quip.cz> Date: Wed, 18 Mar 2020 16:37:45 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.3 MIME-Version: 1.0 In-Reply-To: <20200318151556.GA64871@admin.sibptus.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48jDgx4V3Xz3yTM X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of SRS0=E3hR=5D=quip.cz=000.fbsd@elsa.codelab.cz has no SPF policy when checking 94.124.105.4) smtp.mailfrom=SRS0=E3hR=5D=quip.cz=000.fbsd@elsa.codelab.cz X-Spamd-Result: default: False [4.04 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; IP_SCORE(0.84)[ip: (0.30), ipnet: 94.124.104.0/21(0.15), asn: 42000(3.64), country: CZ(0.09)]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[quip.cz]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(1.00)[1.000,0]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(1.00)[1.000,0]; RCVD_IN_DNSWL_NONE(0.00)[4.105.124.94.list.dnswl.org : 127.0.10.0]; R_SPF_NA(0.00)[]; FORGED_SENDER(0.30)[000.fbsd@quip.cz,SRS0=E3hR=5D=quip.cz=000.fbsd@elsa.codelab.cz]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ]; FROM_NEQ_ENVFROM(0.00)[000.fbsd@quip.cz,SRS0=E3hR=5D=quip.cz=000.fbsd@elsa.codelab.cz]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2020 15:37:52 -0000 Victor Sudakov wrote on 2020/03/18 16:15: > Dear Colleagues, > > Is IPv6 in jails supposed to work? Does not work for me, what am I doing > wrong? > > Here is a test jail: > > test4 { > path = /d02/jails/test4 ; > mount.devfs; > ip4 = new; > ip6 = new; > ip4.addr = 192.168.4.204/24; > ip6.addr = 2001:470:ecba:3::4/64; > host.hostname = test4.vas.sibptus.ru ; > interface = re1 ; > allow.raw_sockets = true ; > exec.start = "/bin/sh /etc/rc"; > exec.stop = "/bin/sh /etc/rc.shutdown"; > } > > However when I look from inside the jail, I see the daemons listening > only on IPv4: > > root@test4:/ # sockstat -l > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS > root sendmail 17178 3 tcp4 192.168.4.204:25 *:* > root sshd 17175 3 tcp4 192.168.4.204:22 *:* > root syslogd 17110 5 udp4 192.168.4.204:514 *:* > > If I "ssh 2001:470:ecba:3::4" from outside, I get into the host instead > of the jail (because 2001:470:ecba:3::4 *is* assigned to re1, but not > available inside the jail). If sshd in the host is configured to listen on all available interfaces and addresses (the default) then it will catch your jails IP too. You must configure sshd in the host to listen only on hosts IP and then you will connect to the jails sshd. What is you sshd_config in the host and in the jail? Following the configuration directives must be set right. Port AddressFamily ListenAddress Miroslav Lachman From owner-freebsd-net@freebsd.org Wed Mar 18 15:40:53 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A5659263D01; Wed, 18 Mar 2020 15:40:53 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48jDlS0yPjz43gt; Wed, 18 Mar 2020 15:40:51 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=rfZSVsItrAEkKlI87KnkvASudWbhiGuiCRoGc1gKhT4=; b=iin3erXUyKGiC/vCCcYHSuBI/d Wh4AW2IHqNeom9ih3+wWoslSDwuqROQSEdxBQmSzmrgFOirWQLz8V+F2x8Be+hNbtQzDQZm74Q0Zj ahkLRNvwW8w2FDQE5yvKXJTTrBj/Le1pmiWl9h/qHszxIlxls9kIGeWBNH3VzMRIxkfM=; Received: from vas by admin.sibptus.ru with local (Exim 4.93.0.4 (FreeBSD)) (envelope-from ) id 1jEaoL-000HBR-L5; Wed, 18 Mar 2020 22:40:49 +0700 Date: Wed, 18 Mar 2020 22:40:49 +0700 From: Victor Sudakov To: Steve O'Hara-Smith Cc: freebsd-questions@freebsd.org, freebsd-net@freebsd.org Subject: Re: IPv6 in jails Message-ID: <20200318154049.GC65497@admin.sibptus.ru> References: <20200318151556.GA64871@admin.sibptus.ru> <20200318153535.1a91d84f145e634594e6aca7@sohara.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="iFRdW5/EC4oqxDHL" Content-Disposition: inline In-Reply-To: <20200318153535.1a91d84f145e634594e6aca7@sohara.org> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 48jDlS0yPjz43gt X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=iin3erXU; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.44 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.984,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+mx:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; IP_SCORE(-3.36)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.91), country: US(-0.05)]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2020 15:40:53 -0000 --iFRdW5/EC4oqxDHL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Steve O'Hara-Smith wrote: > On Wed, 18 Mar 2020 22:15:56 +0700 > Victor Sudakov wrote: >=20 > > If I "ssh 2001:470:ecba:3::4" from outside, I get into the host instead > > of the jail (because 2001:470:ecba:3::4 *is* assigned to re1, but not > > available inside the jail). >=20 > Having the host listening on an address will stop any jails from > being able to listen on that address. You need to stop the host services > listening on the jail's IPv6 address. I don't understand you. What's the difference between=20 "ip4.addr =3D 192.168.4.204/24" and "ip6.addr =3D 2001:470:ecba:3::4/64"=20 in this configuration? Should be none. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --iFRdW5/EC4oqxDHL Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeckEBAAoJEA2k8lmbXsY055QH/2TfM8i2ud8ThZMY/0FuJdoZ r2ccLrB8fgkH9m/T36uiZgTiw9Bk/L2EiRebrSdxdsoKFJ5KFOWg5/5GkJhDe48X aD+rYxTvmooE2xnoSs/e7EdPyKEeBhAMDkXEHnWj8dMKim1Aw2FZGMTvmg9gMNx3 FCl6KKo61ixPZ7A1RrtckXYeyJTPf4ReMgd0SA96h3eD5wujerIiLGD9AeYuQ7oL 787E1shMD2K4EX1kvHhdkYrHe9u7jcRM42N3fFfEU0z8x30vyL1QuR+y8rXUBV7Z nb59jh08oXJjwjq3BD5tABNAcXzVjAI07f7S1rYTNN9B7s0agE/EPTpgoqenkS4= =dL9q -----END PGP SIGNATURE----- --iFRdW5/EC4oqxDHL-- From owner-freebsd-net@freebsd.org Wed Mar 18 15:50:50 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F200D2642E0; Wed, 18 Mar 2020 15:50:50 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48jDyw489dz4SNp; Wed, 18 Mar 2020 15:50:48 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=VK/aCTDanYbNnlNriB/N6OeeLzdIBIgg1Ec7uBmvt1U=; b=Usad63Pdtaex73tIpDwX5cLSwl ZhmuXQ1DTf1E25crGPAZROEoF5ImRDGZZpenf20Vcp8mMj/W2A0BFJIjV6PGKC0iATuJPdl0bPGwD 5UjzArIbAAARBSv7aue2yS4CMtnWe8Siiw7fkfk/PkICQ4LliaJdyaKFavZQJVOg0EbQ=; Received: from vas by admin.sibptus.ru with local (Exim 4.93.0.4 (FreeBSD)) (envelope-from ) id 1jEaxy-000HGB-Rc; Wed, 18 Mar 2020 22:50:46 +0700 Date: Wed, 18 Mar 2020 22:50:46 +0700 From: Victor Sudakov To: Miroslav Lachman <000.fbsd@quip.cz> Cc: freebsd-questions@freebsd.org, freebsd-net@freebsd.org Subject: Re: IPv6 in jails Message-ID: <20200318155046.GD65497@admin.sibptus.ru> References: <20200318151556.GA64871@admin.sibptus.ru> <2dd539ed-0ee3-079b-27b2-28126056c69a@quip.cz> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="hoZxPH4CaxYzWscb" Content-Disposition: inline In-Reply-To: <2dd539ed-0ee3-079b-27b2-28126056c69a@quip.cz> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 48jDyw489dz4SNp X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=Usad63Pd; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.43 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.975,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+mx:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; IP_SCORE(-3.36)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.91), country: US(-0.05)]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2020 15:50:51 -0000 --hoZxPH4CaxYzWscb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Miroslav Lachman wrote: > Victor Sudakov wrote on 2020/03/18 16:15: > >=20 > > Is IPv6 in jails supposed to work? Does not work for me, what am I doing > > wrong? > >=20 > > Here is a test jail: > >=20 > > test4 { > > path =3D /d02/jails/test4 ; > > mount.devfs; > > ip4 =3D new; > > ip6 =3D new; > > ip4.addr =3D 192.168.4.204/24; > > ip6.addr =3D 2001:470:ecba:3::4/64; > > host.hostname =3D test4.vas.sibptus.ru ; > > interface =3D re1 ; > > allow.raw_sockets =3D true ; > > exec.start =3D "/bin/sh /etc/rc"; > > exec.stop =3D "/bin/sh /etc/rc.shutdown"; > > } > >=20 > > However when I look from inside the jail, I see the daemons listening > > only on IPv4: > >=20 > > root@test4:/ # sockstat -l > > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRE= SS > > root sendmail 17178 3 tcp4 192.168.4.204:25 *:* > > root sshd 17175 3 tcp4 192.168.4.204:22 *:* > > root syslogd 17110 5 udp4 192.168.4.204:514 *:* > >=20 > > If I "ssh 2001:470:ecba:3::4" from outside, I get into the host instead > > of the jail (because 2001:470:ecba:3::4 *is* assigned to re1, but not > > available inside the jail). >=20 > If sshd in the host is configured to listen on all available interfaces a= nd > addresses (the default) then it will catch your jails IP too. Why is it not catching the 192.168.4.204 address then?=20 > You must configure sshd in the host to listen only on hosts IP and then y= ou > will connect to the jails sshd. OK, I've stopped the sshd on the host entirely, and restarted the jails. Why am I still not seeing the jailed sshd listening on tcp6? root@test4:/ # sockstat -l USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root sendmail 17995 3 tcp4 192.168.4.204:25 *:* root sshd 17992 3 tcp4 192.168.4.204:22 *:* root syslogd 17927 5 udp4 192.168.4.204:514 *:* root syslogd 17927 6 dgram /var/run/log root syslogd 17927 7 dgram /var/run/logpriv root@test4:/ #=20 Your theory is probably incorrect. >=20 > What is you sshd_config in the host and in the jail?=20 The sshd on the host has been stopped now. The sshd_config in the jail is the FreeBSD default one. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --hoZxPH4CaxYzWscb Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeckNWAAoJEA2k8lmbXsY0GlcH/1w2bskTWY3duh53t9LvX93I +im9ZQI0Tj69tTFARZHID/moLOm5SaVfveMrWhOx63cljxOPmQ2ehwoteGLOPqBy lL30FEo0oLfFDP43Il287QlZMoqS/VrBwBLJrIYNqymjkY3Jc0OXtTqWRvSr5RT+ AUveXx5OOETjFHyeAKxsl4ALk+cgWPI2rdduTbaiKjmuVsyuskOIitnc/3SLhy3H nYt8iAYAdnt1qSGmjdjuH93N8fi1YCFuWve1FEuevT2VF13KvSYYFpJEAm1b9ZGe DQV7RJIH3TFCCa5/FuPZMs1yDhbEY1LqoJHNydGMUUa/sEu+/OiJ1+Z1ZDcW02g= =E7MI -----END PGP SIGNATURE----- --hoZxPH4CaxYzWscb-- From owner-freebsd-net@freebsd.org Wed Mar 18 15:58:46 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E4A8E2646EE; Wed, 18 Mar 2020 15:58:46 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48jF854Bbgz3J7P; Wed, 18 Mar 2020 15:58:45 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=KzBDw5YvZI5rrxObsxyC1efZh5x6afXl3mMmh60xiGI=; b=VrvNPUj9Gz3Rel5VjQCEt5AubE JuPVRqpPkmxe8P9FWaAkKEfJUbynBzRVyV7iiKyPZHGI3SdCF15hdE5NeMqItsjacQfLvKyP0lZRS VU6tFIZX+5x4t8qJuAQBXn2vaP5TUTJZVoM7RXa28ePsLgLl8sg1KXLRutjVl+9htqwc=; Received: from vas by admin.sibptus.ru with local (Exim 4.93.0.4 (FreeBSD)) (envelope-from ) id 1jEb5f-000HK6-OI; Wed, 18 Mar 2020 22:58:43 +0700 Date: Wed, 18 Mar 2020 22:58:43 +0700 From: Victor Sudakov To: "Bjoern A. Zeeb" Cc: freebsd-questions@freebsd.org, freebsd-net@freebsd.org Subject: Re: IPv6 in jails Message-ID: <20200318155843.GA66451@admin.sibptus.ru> References: <20200318151556.GA64871@admin.sibptus.ru> <069AA173-29F1-4F9F-B7D6-31BF2C559C17@lists.zabbadoz.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pWyiEgJYm5f9v55/" Content-Disposition: inline In-Reply-To: <069AA173-29F1-4F9F-B7D6-31BF2C559C17@lists.zabbadoz.net> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 48jF854Bbgz3J7P X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=VrvNPUj9; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.44 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.984,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+mx:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; IP_SCORE(-3.36)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.92), country: US(-0.05)]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2020 15:58:47 -0000 --pWyiEgJYm5f9v55/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Bjoern A. Zeeb wrote: > >=20 > > Is IPv6 in jails supposed to work? Does not work for me, what am I doing > > wrong? > >=20 > > Here is a test jail: > >=20 > > test4 { > > path =3D /d02/jails/test4 ; > > mount.devfs; > > ip4 =3D new; > > ip6 =3D new; > > ip4.addr =3D 192.168.4.204/24; > > ip6.addr =3D 2001:470:ecba:3::4/64; >=20 > I usually do something like this: >=20 > ip6.addr +=3D "lo0|2001:db8:1234:5678::ef/128"; >=20 > to add the single address out of a /64 to the loopback interface on the h= ost > and then pass it through to the jail. The /64 however is actually routed= to > my host so might not work if you have the /64 on the physical interface. >=20 > Given it is a jail without vnet you cannot assign a /64 to the jail, you > want to just specify the address usually (plainly or as /128). Bjoern, I've just changed "ip6.addr =3D 2001:470:ecba:3::4/64" to "ip6.addr =3D 2001:470:ecba:3::4/128" per your advice, and restarted the jails, without any visible result. The daemons inside still listen only on tcp4: root@test4:/ # sockstat -l USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS = =20 root sendmail 18711 3 tcp4 192.168.4.204:25 *:* root sshd 18708 3 tcp4 192.168.4.204:22 *:* root syslogd 18643 5 udp4 192.168.4.204:514 *:* root syslogd 18643 6 dgram /var/run/log root syslogd 18643 7 dgram /var/run/logpriv root@test4:/ #=20 >=20 > One thing to check first is ifconfig inside the jail does see the > address? Still does, but no use: root@test4:/ # ifconfig re1 re1: flags=3D8843 metric 0 mtu 1500 description: Inside options=3D8209b ether c4:12:f5:33:c9:7c inet 192.168.4.204/24 broadcast 192.168.4.255 inet6 2001:470:ecba:3::4/128 media: Ethernet autoselect (none) status: no carrier nd6 options=3D21 root@test4:/ #=20 --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --pWyiEgJYm5f9v55/ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeckUzAAoJEA2k8lmbXsY0P6gIAK+R6dUgrUEKSv8Jpx6PvOdG 8es9bieElW2jqt2XI0/uH8Rt2AtQuS/Jtq90AKxDETolFN+8PWS8u9kT3agrXi/Q qrp60W5LQ1rVmeSoKgRW8JU6fmiZGeLZd6+/ZkUvimwQ1rA1uLqNnLRFpGGqNlMk VMRjkvcUnh4A4CqJHm2QetfeDhvVrQW6Pmp+qzwFKbg0uL7MRzfaIcqx4L8RrI5t LF6W6udZF+zF9dl0B+pTdmv3rjqC4AUzLbQ5Zkdiu52xElBvGIL10XlL6R8RDB0k hrlvW7nbDvc49zL5huhyaeDQgoyxtvK1mHqiEN1hfaTjNG5Kz/E+Qdjp2sYZPcU= =QZ6h -----END PGP SIGNATURE----- --pWyiEgJYm5f9v55/-- From owner-freebsd-net@freebsd.org Wed Mar 18 16:48:43 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1F307265E71; Wed, 18 Mar 2020 16:48:43 +0000 (UTC) (envelope-from jacques+freebsd@foucry.net) Received: from boulangerie.foucry.net (boulangerie.foucry.net [62.210.131.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48jGFh6prMz4gKc; Wed, 18 Mar 2020 16:48:40 +0000 (UTC) (envelope-from jacques+freebsd@foucry.net) Received: from tamanoir.foucry.net (localhost [127.0.0.1]) by boulangerie.foucry.net (Postfix) with ESMTP id 221515C92F; Wed, 18 Mar 2020 17:48:39 +0100 (CET) X-Virus-Scanned: amavisd-new at foucry.net Received: from boulangerie.foucry.net ([127.0.0.1]) by tamanoir.foucry.net (mail.foucry.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OT9KKpTeW2Iq; Wed, 18 Mar 2020 17:48:38 +0100 (CET) Received: from mithril.localdomain (dontpanic.foucry.net [80.67.176.134]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by boulangerie.foucry.net (Postfix) with ESMTPSA id 0AB895C92E; Wed, 18 Mar 2020 17:48:38 +0100 (CET) Received: from foucry.net (mithril.foucry.net [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mithril.localdomain (Postfix) with ESMTPS id 919622045B; Wed, 18 Mar 2020 17:48:37 +0100 (CET) Date: Wed, 18 Mar 2020 17:48:36 +0100 From: Jacques Foucry To: Victor Sudakov Cc: freebsd-questions@freebsd.org, freebsd-net@freebsd.org Subject: Re: IPv6 in jails Message-ID: <20200318164836.GO25617@foucry.net> Mail-Followup-To: Victor Sudakov , freebsd-questions@freebsd.org, freebsd-net@freebsd.org References: <20200318151556.GA64871@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="WBsA/oQW3eTA3LlM" Content-Disposition: inline In-Reply-To: <20200318151556.GA64871@admin.sibptus.ru> X-Rspamd-Queue-Id: 48jGFh6prMz4gKc X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.54 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+mx]; IP_SCORE(-0.65)[ip: (-4.69), ipnet: 62.210.0.0/16(1.01), asn: 12876(0.41), country: FR(0.00)]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; RCVD_TLS_LAST(0.00)[]; NEURAL_HAM_LONG(-0.99)[-0.991,0]; TO_DN_SOME(0.00)[]; NEURAL_SPAM_MEDIUM(0.00)[0.002,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DMARC_POLICY_ALLOW(-0.50)[foucry.net,reject]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:12876, ipnet:62.210.0.0/16, country:FR]; TAGGED_FROM(0.00)[freebsd]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2020 16:48:43 -0000 --WBsA/oQW3eTA3LlM Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Le mercredi 18 mars 2020 =E0 22:15:56 (+0700), Victor Sudakov =E0 =E9crit: > Dear Colleagues, Hello Victor, >=20 > Is IPv6 in jails supposed to work? Does not work for me, what am I doing > wrong? Suppose to work, and work for me. >=20 > Here is a test jail: >=20 > test4 {=20 > path =3D /d02/jails/test4 ; > mount.devfs; > ip4 =3D new; > ip6 =3D new; > ip4.addr =3D 192.168.4.204/24; > ip6.addr =3D 2001:470:ecba:3::4/64; > host.hostname =3D test4.vas.sibptus.ru ; > interface =3D re1 ; > allow.raw_sockets =3D true ; > exec.start =3D "/bin/sh /etc/rc"; > exec.stop =3D "/bin/sh /etc/rc.shutdown"; > } Well there is a difference between your config and mine: ip6.addr=3D"em0|2a01:4f9:4a:1fd8::16/64"; In my config there is the interface to use (em0 in my case, re1 should be in yours) >=20 > However when I look from inside the jail, I see the daemons listening > only on IPv4: >=20 > root@test4:/ # sockstat -l > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS= =20 > root sendmail 17178 3 tcp4 192.168.4.204:25 *:* > root sshd 17175 3 tcp4 192.168.4.204:22 *:* > root syslogd 17110 5 udp4 192.168.4.204:514 *:* >=20 > If I "ssh 2001:470:ecba:3::4" from outside, I get into the host instead > of the jail (because 2001:470:ecba:3::4 *is* assigned to re1, but not > available inside the jail). Hope my small experience can help you. --=20 Jacques Foucry --WBsA/oQW3eTA3LlM Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEAREIAB0WIQRd29C9s3PtOgNIX2tkcaT/7DX1XwUCXnJQ5AAKCRBkcaT/7DX1 X3f9AQCW6HReI88HfgHdKpGHxZGJax+txDbgcmWJEzv+oaYn3gD+I9iaz7011d7z GSvQfy1AmpRrgAVF81AER+XphppPLJw= =VyTr -----END PGP SIGNATURE----- --WBsA/oQW3eTA3LlM-- From owner-freebsd-net@freebsd.org Wed Mar 18 16:51:46 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 24F582661EB; Wed, 18 Mar 2020 16:51:46 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (cross.sbone.de [195.201.62.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jGKD2kvGz3HcG; Wed, 18 Mar 2020 16:51:43 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id E5BDA8D4A165; Wed, 18 Mar 2020 16:51:35 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 6A8D5E707FE; Wed, 18 Mar 2020 16:51:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id 83VdzifvJAqm; Wed, 18 Mar 2020 16:51:35 +0000 (UTC) Received: from [169.254.231.217] (unknown [IPv6:fde9:577b:c1a9:4902:d1ed:d97:f150:a4e5]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id EAE6DE707C6; Wed, 18 Mar 2020 16:51:34 +0000 (UTC) From: "Bjoern A. Zeeb" To: "Victor Sudakov" Cc: "Miroslav Lachman" <000.fbsd@quip.cz>, freebsd-net@freebsd.org, freebsd-questions@freebsd.org Subject: Re: IPv6 in jails Date: Wed, 18 Mar 2020 16:51:32 +0000 X-Mailer: MailMate (2.0BETAr6146) Message-ID: <4CA69535-0F6C-40FC-83CF-5000FD728C2D@lists.zabbadoz.net> In-Reply-To: <20200318155046.GD65497@admin.sibptus.ru> References: <20200318151556.GA64871@admin.sibptus.ru> <2dd539ed-0ee3-079b-27b2-28126056c69a@quip.cz> <20200318155046.GD65497@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: text/plain; format=flowed X-Rspamd-Queue-Id: 48jGKD2kvGz3HcG X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of bzeeb-lists@lists.zabbadoz.net designates 195.201.62.131 as permitted sender) smtp.mailfrom=bzeeb-lists@lists.zabbadoz.net X-Spamd-Result: default: False [-4.82 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; NEURAL_HAM_MEDIUM(-0.80)[-0.803,0]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:195.201.62.131]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[zabbadoz.net]; NEURAL_HAM_LONG(-1.00)[-0.998,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_SCORE(-2.71)[ip: (-9.09), ipnet: 195.201.0.0/16(-2.91), asn: 24940(-1.56), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:195.201.0.0/16, country:DE]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2020 16:51:46 -0000 On 18 Mar 2020, at 15:50, Victor Sudakov wrote: >> If sshd in the host is configured to listen on all available >> interfaces and >> addresses (the default) then it will catch your jails IP too. > > Why is it not catching the 192.168.4.204 address then? > >> You must configure sshd in the host to listen only on hosts IP and >> then you >> will connect to the jails sshd. > > OK, I've stopped the sshd on the host entirely, and restarted the > jails. > Why am I still not seeing the jailed sshd listening on tcp6? Can you check the logfile inside the jail and see if it complains? Can you then do a jexec test4 and run service sshd restart and see if it starts working? If it does, can you add a exec.start += "sleep 2 "; to your config and see if your problem goes away? If it does, the reason is that you configure an IPv6 address to an interface and DUD has not yet completed by the time sshd or other daemons start. Giving it the 2 seconds avoids this problem and the address is usable at that time. > Your theory is probably incorrect. The theory is incorrect. The jail will always take precedence (at least since the multi-IP jail patches in 2008). /bz From owner-freebsd-net@freebsd.org Thu Mar 19 02:14:37 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0396327674F; Thu, 19 Mar 2020 02:14:37 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48jVpg34qBz42JP; Thu, 19 Mar 2020 02:14:34 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=gHSiFGKcwzszI4eF00LfrKbOwxu9nvmLjFbDvsnwa8c=; b=L+qh1LxAl46LjUW4LsDUvNZbXu Jfmy4y4N6a1+3IoaJV2bOdDoZ9OjUwkplsjgE4VSRsI+YqaBZb6XI1mhSf/892tzftq7jU9i7Om+m sXtE+5FhpOs7GKBwLhtez8SM5fl4hXIHORXq28A0Uav2ZvuZiQMfoqqAX4VN/1TF5pCM=; Received: from vas by admin.sibptus.ru with local (Exim 4.93.0.4 (FreeBSD)) (envelope-from ) id 1jEkhc-000L9l-GK; Thu, 19 Mar 2020 09:14:32 +0700 Date: Thu, 19 Mar 2020 09:14:32 +0700 From: Victor Sudakov To: "Bjoern A. Zeeb" Cc: Miroslav Lachman <000.fbsd@quip.cz>, freebsd-net@freebsd.org, freebsd-questions@freebsd.org Subject: Re: IPv6 in jails Message-ID: <20200319021432.GA80800@admin.sibptus.ru> References: <20200318151556.GA64871@admin.sibptus.ru> <2dd539ed-0ee3-079b-27b2-28126056c69a@quip.cz> <20200318155046.GD65497@admin.sibptus.ru> <4CA69535-0F6C-40FC-83CF-5000FD728C2D@lists.zabbadoz.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="vkogqOf2sHV7VnPd" Content-Disposition: inline In-Reply-To: <4CA69535-0F6C-40FC-83CF-5000FD728C2D@lists.zabbadoz.net> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 48jVpg34qBz42JP X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=L+qh1LxA; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.44 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.983,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; IP_SCORE(-3.36)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.92), country: US(-0.05)]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 02:14:37 -0000 --vkogqOf2sHV7VnPd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Bjoern A. Zeeb wrote: > On 18 Mar 2020, at 15:50, Victor Sudakov wrote: >=20 > > > If sshd in the host is configured to listen on all available > > > interfaces and > > > addresses (the default) then it will catch your jails IP too. > >=20 > > Why is it not catching the 192.168.4.204 address then? > >=20 > > > You must configure sshd in the host to listen only on hosts IP and > > > then you > > > will connect to the jails sshd. > >=20 > > OK, I've stopped the sshd on the host entirely, and restarted the jails. > > Why am I still not seeing the jailed sshd listening on tcp6? >=20 > Can you check the logfile inside the jail and see if it complains? It turns out it does: Mar 19 08:52:35 test4 sshd[27210]: error: Bind to port 22 on :: failed: Can= 't assign requested address. >=20 > Can you then do a jexec test4 and run service sshd restart and see if it > starts working? =20 It turns out it does: root@test4:/ # sockstat -l USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root sendmail 28249 3 tcp4 192.168.4.204:25 *:* root sshd 28246 3 tcp6 2001:470:ecba:3::4:22 *:* root sshd 28246 4 tcp4 192.168.4.204:22 *:* root syslogd 28181 5 udp4 192.168.4.204:514 *:* root syslogd 28181 6 dgram /var/run/log root syslogd 28181 7 dgram /var/run/logpriv same with other daemons: root@test4:/ # service syslogd restart Stopping syslogd. Waiting for PIDS: 28181. Starting syslogd. root@test4:/ # sockstat -l USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root syslogd 28678 5 udp6 2001:470:ecba:3::4:514 *:* root syslogd 28678 6 udp4 192.168.4.204:514 *:* root syslogd 28678 7 dgram /var/run/log root syslogd 28678 8 dgram /var/run/logpriv > If it does, can you add a >=20 > exec.start +=3D "sleep 2 "; >=20 > to your config=20 OK, I've added it to the configs of 3 experimental jails. > and see if your problem goes away? =20 It goes away partially (only for sshd in 2 of the 3 available jails), and not for syslogd in any of the 3 available jails. Restarting the daemons =66rom within the jail fixes the problem. An example from a problem jail: root@vas:~ # jexec test5 root@test5:/ # sockstat -l USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root sendmail 29495 3 tcp4 192.168.4.205:25 *:* root sshd 29492 3 tcp4 192.168.4.205:22 *:* root syslogd 29427 5 udp4 192.168.4.205:514 *:* root syslogd 29427 6 dgram /var/run/log root syslogd 29427 7 dgram /var/run/logpriv root@test5:/ # service sshd restart Performing sanity check on sshd configuration. Stopping sshd. Waiting for PIDS: 29492, 29492. Performing sanity check on sshd configuration. Starting sshd. root@test5:/ # sockstat -l USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root sshd 29838 3 tcp6 2001:470:ecba:3::5:22 *:* root sshd 29838 4 tcp4 192.168.4.205:22 *:* root sendmail 29495 3 tcp4 192.168.4.205:25 *:* root syslogd 29427 5 udp4 192.168.4.205:514 *:* root syslogd 29427 6 dgram /var/run/log root syslogd 29427 7 dgram /var/run/logpriv root@test5:/ # service syslogd restart Stopping syslogd. Waiting for PIDS: 29427. Starting syslogd. root@test5:/ # sockstat -l USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root syslogd 29858 5 udp6 2001:470:ecba:3::5:514 *:* root syslogd 29858 6 udp4 192.168.4.205:514 *:* root syslogd 29858 7 dgram /var/run/log root syslogd 29858 8 dgram /var/run/logpriv root sshd 29838 3 tcp6 2001:470:ecba:3::5:22 *:* root sshd 29838 4 tcp4 192.168.4.205:22 *:* root cron 29502 5 dgram (not connected) smmsp sendmail 29498 3 dgram (not connected) root sendmail 29495 3 tcp4 192.168.4.205:25 *:* root sendmail 29495 4 dgram (not connected) root@test5:/ # > If it does, the reason is > that you configure an IPv6 address to an interface and DUD has not yet > completed by the time sshd or other daemons start. Giving it the 2 secon= ds > avoids this problem and the address is usable at that time. There is obviously a race somewhere, but the 2 second sleep does not eliminate it entirely. Thank you for the hint in the right direction, what would you suggest further? --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --vkogqOf2sHV7VnPd Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJectWIAAoJEA2k8lmbXsY0LDMIALFPHZlhI4OfgmY1vHwL+H3P 0qV8xv1Am6a4+K0aQ4+UYWSv9ekrSPcQn2jp7X1war6rFkC04bX7oK55teLZgkBT nFVm9mW6QbmD8ePId8YLZ5Qi0eVdpZY5GG+eW0igZAT07rt7gLHe0xju/AKOmUAe BHl4QHIdF4jVSB45G+/bTqojEz1HPes8RK21hnEMQAqFJCiognfovHk+ugCYDgYq RLxq5XkqM+Ebw76TcX/PkVCkgTlKz6+8ho0yPdzBocuoWHgyQNIqJ3x+1GBpF55O 9eRdc+Fd0K6ef2c0kQG5eVqestvVYuyfxaWLi5vYWSqlIccl43prIcoka72z0Ec= =TdIl -----END PGP SIGNATURE----- --vkogqOf2sHV7VnPd-- From owner-freebsd-net@freebsd.org Thu Mar 19 02:22:27 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7D72A276F39; Thu, 19 Mar 2020 02:22:27 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48jVzk1M1Pz4JNh; Thu, 19 Mar 2020 02:22:25 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=gYCYPFEu70L00BJvO1P2TuH+rGnzUtih2OnRN+aWKbI=; b=UFIy+GtdScB+yXyvLlaBuX/Urw 4weLm+q24A9HTsabnhg7Nd8YZEswW9st7J19Zqh48OcI2OTO4aExr6Jp/v5K3m7F2P1bJLlkqF9VX fceXH9gY7x4sbsHtKHPN/Hsy2htazeEZr0c6MttdF4sBjtMavbQDV6sYzvJ51kekDY70=; Received: from vas by admin.sibptus.ru with local (Exim 4.93.0.4 (FreeBSD)) (envelope-from ) id 1jEkpE-000LBo-B7; Thu, 19 Mar 2020 09:22:24 +0700 Date: Thu, 19 Mar 2020 09:22:24 +0700 From: Victor Sudakov To: freebsd-questions@freebsd.org, freebsd-net@freebsd.org Subject: Re: IPv6 in jails Message-ID: <20200319022224.GB80800@admin.sibptus.ru> References: <20200318151556.GA64871@admin.sibptus.ru> <20200318164836.GO25617@foucry.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="lEGEL1/lMxI0MVQ2" Content-Disposition: inline In-Reply-To: <20200318164836.GO25617@foucry.net> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 48jVzk1M1Pz4JNh X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=UFIy+Gtd; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.44 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.977,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE(-3.36)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.92), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 02:22:27 -0000 --lEGEL1/lMxI0MVQ2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Jacques Foucry wrote: >=20 > >=20 > > Is IPv6 in jails supposed to work? Does not work for me, what am I doing > > wrong? >=20 > Suppose to work, and work for me. > >=20 > > Here is a test jail: > >=20 > > test4 {=20 > > path =3D /d02/jails/test4 ; > > mount.devfs; > > ip4 =3D new; > > ip6 =3D new; > > ip4.addr =3D 192.168.4.204/24; > > ip6.addr =3D 2001:470:ecba:3::4/64; > > host.hostname =3D test4.vas.sibptus.ru ; > > interface =3D re1 ; > > allow.raw_sockets =3D true ; > > exec.start =3D "/bin/sh /etc/rc"; > > exec.stop =3D "/bin/sh /etc/rc.shutdown"; > > } >=20 >=20 > Well there is a difference between your config and mine: >=20 > ip6.addr=3D"em0|2a01:4f9:4a:1fd8::16/64"; >=20 > In my config there is the interface to use (em0 in my case, re1 should be= in > yours) I have a more generic "interface =3D re1" statement, but replacing it with ip6.addr =3D "re1|2001:470:ecba:3::4" did not produce any effect on the jailed daemons. Of course the IPv6 address is present on re1 in both cases (my syntax and your syntax). When the jail is stopped, the address goes away. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --lEGEL1/lMxI0MVQ2 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJectdgAAoJEA2k8lmbXsY0MrcIAIOFYa/VorAia25ilVXaQEWp dSnCcgznS0/UzmZoR1shW13u3M+t2LwZ8X7048IQspTb8tS8PhBN7Mg+/+PGM92P TyQkwZmkOsFYud/2Jt6Y+lvmWzikzdAw5ADPkirRELdTQ/BbWUfiRuGRYMEJY3iE WU1/H5NUfgFBRCOp6PUJtA2pbGImoZNh4f8/lPUBpeGRfIk5nejg6OeytFXUpGKb c4B+QwtPrSJowRcF1N2yMVU07FH0CfqReSEOSYDFWW78zUyZvZDyy6QWn/H+XkLD ZcBA+sfPTrpL9iUQKruTntdACvivQSRoMBwj4aEBGrpBada9HGqSfJSWLCWuWHw= =gMoW -----END PGP SIGNATURE----- --lEGEL1/lMxI0MVQ2-- From owner-freebsd-net@freebsd.org Thu Mar 19 03:42:52 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 240C427962D for ; Thu, 19 Mar 2020 03:42:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 48jXmW69MSz4RZb for ; Thu, 19 Mar 2020 03:42:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id B9C0727962C; Thu, 19 Mar 2020 03:42:51 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B980127962B for ; Thu, 19 Mar 2020 03:42:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jXmW39Nyz4RYb for ; Thu, 19 Mar 2020 03:42:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 383624DB9 for ; Thu, 19 Mar 2020 03:42:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02J3gpYV060666 for ; Thu, 19 Mar 2020 03:42:51 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02J3gpYe060665 for net@FreeBSD.org; Thu, 19 Mar 2020 03:42:51 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 240608] if_vmx(4): iflib - Panic with INVARIANTS: Memory modified after free (12.1-pre-QA) Date: Thu, 19 Mar 2020 03:42:49 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: crash X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pkelsey@freebsd.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: keywords bug_status assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 03:42:52 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240608 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs-qa | Status|Open |In Progress Assignee|net@FreeBSD.org |pkelsey@freebsd.org --- Comment #17 from Kubilay Kocak --- ^Triage: Assign to committer resolving, pending MFC. If this doesn't need t= o go to stable/11, set mfc-stable11 to - Thanks Patrick! --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Mar 19 03:44:20 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6EF632796EE for ; Thu, 19 Mar 2020 03:44:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 48jXpD1B55z4Vpl for ; Thu, 19 Mar 2020 03:44:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 20FF52796EA; Thu, 19 Mar 2020 03:44:20 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 208AB2796E9 for ; Thu, 19 Mar 2020 03:44:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jXpC008jz4VmH for ; Thu, 19 Mar 2020 03:44:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6C5954DCB for ; Thu, 19 Mar 2020 03:44:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02J3iIjH063777 for ; Thu, 19 Mar 2020 03:44:18 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02J3iI4u063776 for net@FreeBSD.org; Thu, 19 Mar 2020 03:44:18 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 243126] if_vmx(4): iflib: Assertion fl->ifl_cidx == cidx failed at /usr/src/sys/net/iflib.c:2531 Date: Thu, 19 Mar 2020 03:44:17 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: crash X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pkelsey@freebsd.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: assigned_to keywords short_desc flagtypes.name bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 03:44:20 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243126 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|net@FreeBSD.org |pkelsey@freebsd.org Keywords|needs-qa | Summary|iflib: Assertion |if_vmx(4): iflib: Assertion |fl->ifl_cidx =3D=3D cidx failed |fl->ifl_cidx =3D=3D ci= dx failed |at |at |/usr/src/sys/net/iflib.c:25 |/usr/src/sys/net/iflib.c:25 |31 with if_vmx(4) |31 Flags| |mfc-stable11? Status|Open |In Progress --- Comment #12 from Kubilay Kocak --- ^Triage: Assign to committer resolving, pending MFC. If this doesn't need t= o go to stable/11, set mfc-stable11 to - Thanks Patrick! --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Thu Mar 19 03:45:06 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 470BC279782 for ; Thu, 19 Mar 2020 03:45:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 48jXq52kKqz4XR9 for ; Thu, 19 Mar 2020 03:45:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 3F737279781; Thu, 19 Mar 2020 03:45:05 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3F2D8279780 for ; Thu, 19 Mar 2020 03:45:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jXq46Y2Cz4XQJ for ; Thu, 19 Mar 2020 03:45:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CC22D4DD1 for ; Thu, 19 Mar 2020 03:45:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02J3j4ZD065166 for ; Thu, 19 Mar 2020 03:45:04 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02J3j4ou065165 for net@FreeBSD.org; Thu, 19 Mar 2020 03:45:04 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 243392] if_vmx(4): Input buffer corruption Date: Thu, 19 Mar 2020 03:45:03 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pkelsey@freebsd.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: flagtypes.name bug_status cc keywords assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 03:45:06 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243392 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |mfc-stable11? Status|Open |In Progress CC| |net@FreeBSD.org Keywords|needs-qa | Assignee|net@FreeBSD.org |pkelsey@freebsd.org --- Comment #15 from Kubilay Kocak --- ^Triage: Assign to committer resolving, pending MFC. If this doesn't need t= o go to stable/11, set mfc-stable11 to - Thanks Patrick! --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Mar 19 04:14:56 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2C5D927A109 for ; Thu, 19 Mar 2020 04:14:56 +0000 (UTC) (envelope-from neel@neelc.org) Received: from rainpuddle.neelc.org (rainpuddle.neelc.org [IPv6:2001:19f0:8001:fed:5400:2ff:fe73:c622]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48jYTV2crtz4fS8; Thu, 19 Mar 2020 04:14:54 +0000 (UTC) (envelope-from neel@neelc.org) Received: from mail.neelc.org (rainpuddle.neelc.org [IPv6:2001:19f0:8001:fed:5400:2ff:fe73:c622]) by rainpuddle.neelc.org (Postfix) with ESMTPSA id 09347B1F5C; Wed, 18 Mar 2020 21:14:46 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Wed, 18 Mar 2020 21:14:45 -0700 From: Neel Chauhan To: lev@freebsd.org Cc: Kristof Provost , freebsd-net@freebsd.org Subject: Re: IPFW In-Kernel NAT vs PF NAT Performance In-Reply-To: References: User-Agent: Roundcube Webmail/1.4.1 Message-ID: <55dbea1fe75777780be166756c7641e8@neelc.org> X-Sender: neel@neelc.org X-Rspamd-Queue-Id: 48jYTV2crtz4fS8 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=neelc.org; spf=pass (mx1.freebsd.org: domain of neel@neelc.org designates 2001:19f0:8001:fed:5400:2ff:fe73:c622 as permitted sender) smtp.mailfrom=neel@neelc.org X-Spamd-Result: default: False [-5.78 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.74)[-0.740,0]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; IP_SCORE(-3.34)[ip: (-9.82), ipnet: 2001:19f0:8000::/38(-4.91), asn: 20473(-1.92), country: US(-0.05)]; DMARC_POLICY_ALLOW(-0.50)[neelc.org,none]; RCVD_COUNT_ONE(0.00)[1]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:20473, ipnet:2001:19f0:8000::/38, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; ONCE_RECEIVED(0.10)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 04:14:56 -0000 Thanks for telling me this. I switched to PF and it performs better. However, if you know, where in the code does libalias use only 4096 buckets? I want to know incase I want/have to switch back to IPFW. -Neel On 2020-03-18 07:25, Lev Serebryakov wrote: > On 18.03.2020 9:17, Kristof Provost wrote: > >>> Which firewall gives better performance, IPFW's In-Kernel NAT or PF >>> NAT? I am dealing with 1000s of concurrent connections but >>> browsing-level-bandwidth at once with Tor. >>> >> I’d expect both ipfw and pf to happily saturate gigabit links with >> NAT, even on quite modest hardware. >> Are you sure the NAT code is the bottleneck? > ipfw nat is very slow, really. There are many reasons, and one of them > (easy fixable, but you need patch sources and rebuild kernel/module) is > that `libalias` uses only 4096 buckets in state hashtable by default. > So > it could saturate 1GBps link if you have 10 TCP connections, but it > could not saturate 100Mbit if your have, say, 100K UDP streams. > > I don't know about pf nat. From owner-freebsd-net@freebsd.org Thu Mar 19 06:42:30 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 169A227CE9F for ; Thu, 19 Mar 2020 06:42:30 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jclm4BX6z4Cb9; Thu, 19 Mar 2020 06:42:28 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 02J6gBjm054827 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 Mar 2020 06:42:15 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: lev@FreeBSD.org Received: from [10.58.0.10] (dadvw [10.58.0.10]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id 02J6g9dK002737 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 19 Mar 2020 13:42:09 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: IPFW In-Kernel NAT vs PF NAT Performance To: lev@FreeBSD.org, Kristof Provost , Neel Chauhan References: Cc: freebsd-net@freebsd.org From: Eugene Grosbein Message-ID: Date: Thu, 19 Mar 2020 13:42:01 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.0 SPF_PASS SPF: sender matches SPF record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 48jclm4BX6z4Cb9 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-3.57 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.62)[-0.623,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-0.997,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(-1.85)[ip: (-5.12), ipnet: 2a01:4f8::/29(-2.56), asn: 24940(-1.55), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 06:42:30 -0000 18.03.2020 21:25, Lev Serebryakov wrote: > On 18.03.2020 9:17, Kristof Provost wrote: > >>> Which firewall gives better performance, IPFW's In-Kernel NAT or PF NAT? I am dealing with 1000s of concurrent connections but browsing-level-bandwidth at once with Tor. >>> >> I’d expect both ipfw and pf to happily saturate gigabit links with NAT, even on quite modest hardware. >> Are you sure the NAT code is the bottleneck? > ipfw nat is very slow, really. There are many reasons, and one of them > (easy fixable, but you need patch sources and rebuild kernel/module) is > that `libalias` uses only 4096 buckets in state hashtable by default. So > it could saturate 1GBps link if you have 10 TCP connections, but it > could not saturate 100Mbit if your have, say, 100K UDP streams. It's really 4001 that is (and sould be) prime number. Don't you think that now as ipfw nat builds libalias in kernel context, it could scale with maxusers (sys/systm.h) ? Something like (4001 + (maxusers-32)*8) so it grows with amount of physical memory and is kept small for low-memory systems. From owner-freebsd-net@freebsd.org Thu Mar 19 07:01:11 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A52DF27D3A9; Thu, 19 Mar 2020 07:01:11 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48jd9L19XCz3yCk; Thu, 19 Mar 2020 07:01:09 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=SrrWQ/adiIMbShlh5jcsTiA/DPdG9GQeWNdp3olMuOc=; b=Z8CkS4fEqIDPmD3Mcd+nFYVthz jPFWAvqAWMxKatYpXrk9ObkvnTV2ZW5dZ4h8stHtawYE5J+uRzPGAYTnz8DfGKToeOM2NCu28adVW 7i1mch9AWClAuWXi9aPDMpKyziYYuuduF+vtiGm+SDRxk7wDg9pWdqL8fx4NenRcvnUQ=; Received: from vas by admin.sibptus.ru with local (Exim 4.93.0.4 (FreeBSD)) (envelope-from ) id 1jEpAx-000MRZ-Nr; Thu, 19 Mar 2020 14:01:07 +0700 Date: Thu, 19 Mar 2020 14:01:07 +0700 From: Victor Sudakov To: Jacques Foucry Cc: freebsd-questions@freebsd.org, freebsd-net@freebsd.org Subject: Re: IPv6 in jails Message-ID: <20200319070107.GA86122@admin.sibptus.ru> References: <20200318151556.GA64871@admin.sibptus.ru> <20200318164836.GO25617@foucry.net> <20200319022224.GB80800@admin.sibptus.ru> <20200319065514.GQ25617@foucry.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="zhXaljGHf11kAtnf" Content-Disposition: inline In-Reply-To: <20200319065514.GQ25617@foucry.net> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 48jd9L19XCz3yCk X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=Z8CkS4fE; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.43 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.97)[-0.974,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[freebsd]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(-3.36)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.92), country: US(-0.05)] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 07:01:11 -0000 --zhXaljGHf11kAtnf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Jacques Foucry wrote: > > >=20 > > > >=20 > > > > Is IPv6 in jails supposed to work? Does not work for me, what am I = doing > > > > wrong? > > >=20 > > > Suppose to work, and work for me. > > > >=20 > > > > Here is a test jail: > > > >=20 > > > > test4 {=20 > > > > path =3D /d02/jails/test4 ; > > > > mount.devfs; > > > > ip4 =3D new; > > > > ip6 =3D new; > > > > ip4.addr =3D 192.168.4.204/24; > > > > ip6.addr =3D 2001:470:ecba:3::4/64; > > > > host.hostname =3D test4.vas.sibptus.ru ; > > > > interface =3D re1 ; > > > > allow.raw_sockets =3D true ; > > > > exec.start =3D "/bin/sh /etc/rc"; > > > > exec.stop =3D "/bin/sh /etc/rc.shutdown"; > > > > } > > >=20 > > >=20 > > > Well there is a difference between your config and mine: > > >=20 > > > ip6.addr=3D"em0|2a01:4f9:4a:1fd8::16/64"; > > >=20 > > > In my config there is the interface to use (em0 in my case, re1 shoul= d be in > > > yours) > >=20 > > I have a more generic "interface =3D re1" statement, but replacing it w= ith > > ip6.addr =3D "re1|2001:470:ecba:3::4" did not produce any effect on the > > jailed daemons. > >=20 > > Of course the IPv6 address is present on re1 in both cases (my > > syntax and your syntax). When the jail is stopped, the address goes > > away. >=20 > Did you try to declare the IPv6 as an alias in=20 > /etc/rc.conf file? >=20 > # Jail Mail > ifconfig_em0_alias4=3D"inet6 2a01:4f9:4a:1fd8::17 prefixlen 64" No, I'd prefer for these addresses to be handled by the jail infrastructure. That is, I want an address to appear when the corresponding jail goes up, and to disapper when the jail is shut down. >=20 > Restarting the network stack will make ip persistent and I hope usable by= your > jail. >=20 I don't want it persistent. If a jail is shut down but its address persists, it can have undesirable consequences of it suddenly pointing at the host system. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --zhXaljGHf11kAtnf Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJecxizAAoJEA2k8lmbXsY00xgH+gNZEBMynxv8LI+YTCqkzMbL 2tWPkoQyVrEnwBTKk6M51m0L8V/ZWhwOIGuNclZwpupFVaUZyeqzGm5y/1ib6ok5 dxNnGINsATz/ilule82e6TDzIFY04wDqo6b0ZfTpWiYLH0ixBF8hKWZzELt0eNuc 2WQYsHb8SgG3GJ4ro4jeXhK+rUxZXkn7VHl80BU0zqjdXWZuyM8Co9bKfXv8Dcj7 ah5na3//wS3uJfXs/3jU6qD77LUv2iMjZNi1C3vcxnoEuSvAnoxxwXGa88f9WsxJ 8mepSNdSQJMuXk0apQjs77c0iK7d96UQHfuIRABGPn1UYF1BAVkSW9B2hdyoEWc= =xZqU -----END PGP SIGNATURE----- --zhXaljGHf11kAtnf-- From owner-freebsd-net@freebsd.org Thu Mar 19 07:02:36 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C872327D70F for ; Thu, 19 Mar 2020 07:02:36 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jdC00FMRz40FB; Thu, 19 Mar 2020 07:02:35 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 02J72Tqm055133 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 Mar 2020 07:02:29 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: lev@FreeBSD.org Received: from [10.58.0.10] (dadvw [10.58.0.10]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id 02J72S86003220 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 19 Mar 2020 14:02:28 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: IPFW In-Kernel NAT vs PF NAT Performance To: lev@FreeBSD.org, Kristof Provost , Neel Chauhan References: Cc: freebsd-net@freebsd.org From: Eugene Grosbein Message-ID: Date: Thu, 19 Mar 2020 14:02:20 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.0 SPF_PASS SPF: sender matches SPF record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 48jdC00FMRz40FB X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-2.95 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.03)[-0.030,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-0.96)[-0.964,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(-1.85)[ip: (-5.13), ipnet: 2a01:4f8::/29(-2.56), asn: 24940(-1.55), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 07:02:36 -0000 19.03.2020 13:42, Eugene Grosbein wrote: > It's really 4001 that is (and sould be) prime number. If we decide to auto-tune this, here is small table of prime numbers to stick with: 4001 8011 12011 16001 24001 32003 48017 64007 From owner-freebsd-net@freebsd.org Thu Mar 19 09:07:33 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 83DDE25922D for ; Thu, 19 Mar 2020 09:07:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 48jgz82Lw8z4JL6 for ; Thu, 19 Mar 2020 09:07:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id DF6F625922A; Thu, 19 Mar 2020 09:07:31 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CDBB5259229 for ; Thu, 19 Mar 2020 09:07:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jgz71fXlz4JJr for ; Thu, 19 Mar 2020 09:07:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DC46F887D for ; Thu, 19 Mar 2020 09:07:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02J97U4x075256 for ; Thu, 19 Mar 2020 09:07:30 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02J97Uvh075246 for net@FreeBSD.org; Thu, 19 Mar 2020 09:07:30 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 230996] em/igb: Intel i210/i350: ifconfig: enabling "vlanhwtag" renders VLAN on i210/i350 NICs unusable Date: Thu, 19 Mar 2020 09:07:30 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: IntelNetworking, needs-qa, performance, regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? mfc-stable12? X-Bugzilla-Changed-Fields: priority Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 09:07:33 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230996 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|--- |Normal --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Thu Mar 19 11:20:08 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DF04D25C3F8 for ; Thu, 19 Mar 2020 11:20:08 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jkw83Rwhz4JKV; Thu, 19 Mar 2020 11:20:07 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from onlyone.not-for.work (onlyone.not-for.work [148.251.9.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: lev/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 3CE5B14FFD; Thu, 19 Mar 2020 11:20:07 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from [192.168.23.230] (unknown [89.113.128.32]) (Authenticated sender: lev@serebryakov.spb.ru) by onlyone.not-for.work (Postfix) with ESMTPSA id 3B1F14616; Thu, 19 Mar 2020 14:20:05 +0300 (MSK) Reply-To: lev@FreeBSD.org Subject: Re: IPFW In-Kernel NAT vs PF NAT Performance To: Eugene Grosbein , Kristof Provost , Neel Chauhan Cc: freebsd-net@freebsd.org References: From: Lev Serebryakov Autocrypt: addr=lev@FreeBSD.org; prefer-encrypt=mutual; keydata= xsFNBFKbGksBEADeguVs+XyJc3mL3iiOBqDd16wSk97YTJYOi4VsHsINzJr09oFvNDiaDBIi fLn2p8XcJvehcsF2GSgrfXfw+uK4O1jyNIKJmiYA0EtE+ZbRtvDrrE0w6Q8+SDeKA21SWh3Y vSQ0DJUontbgW55ER2CbEiIUTIn34uQ0kmESAaw/v5p/9ue8yPTmURvv130FqPFz8VPzltqL NxyGt54TxPfKAzAHEIwxlEZ63JOwzloKh1UDBExcsf9nJO08/TAVgR5UZ5njFBPzaaquhRoP qPJLEQQDqxPIlvMNtHKf7iIebE4BHeqgCdJA0BoiR6gpa0wlsZtdrTPK3n4wYSphLvGbhfOZ YW/hbcu7HYS/FImkVxB3iY17kcC1UTnx4ZaYeASPBGOOPbXky1lLfmDGWIFT//70yx+G17qD OZzF1SvJJhGvh6ilFYaWMX7T+nIp6Mcafc4D7AakXM+XdubNXOMlCJhzPcZ0skgAEnYV587w V7em5fDVwQccwvtfezzqKeJAU5TGiywBHSR5Svzk2FwRNf6M//hWkpq0SRR63iOhkHGOAEBi 69GfEIwH2/w24rLxP0E+Hqq8n+EWNkPatw1Mhcl5PKkdvGCjJUaGNMkpBffjyYo254JXRscR eEnwdIkJt4ErDvjb2/UrOFq31wWMOiLzJeVchAgvTHBMRfP9aQARAQABzShMZXYgU2VyZWJy eWFrb3YgPGxldkBzZXJlYnJ5YWtvdi5zcGIucnU+wsGwBBMBCABDAhsDBwsJCAcDAgEGFQgC CQoLBBYCAwECHgECF4ACGQEWIQT5bRygtfQxi2dLMwrqsDxYv9xHjwUCW/03kQUJDwW3xgAh CRDqsDxYv9xHjxYhBPltHKC19DGLZ0szCuqwPFi/3EePHxkP+wWNrAyks2fQctY/Gl7TMh+Y Q9uX0hAuZ2Vvi0LswBl/R85SsS7IvI9b3ogOWA8CAlHAxkvgH6sWrwRTNcCPS1MzulYxS914 0CSkdwwbv1JyDOOWYU6s8PfT9+BZr+9eNXStmEdEL5XcA1k2YncQtlR3m+oLkqlAOtteZWti pitMIX9BGYIVKyl0t0RnIx+m/QPVGU9gu02j0I3NSRnKQPyFxZqYK0nPBu+FKaEhIAqdKPOv GL4/ijansdiWO3mXy18G0Mkr8yYRSidpGgXGY6lmGzQ3R6ZS30bLI8DkskOOvfErwhZv5dH5 w4+JH5sQ7bIL5HEXs//ZU9UzMdQwcURMjcFfKGyfL0hSLRqzP8m7SL1k9ZL161OQ6C5zVO/M bSCmeeLkbfOj1NW1ZIv6UjVVWE/LS4+gqg/04C+Y24vj+7vMpBVEevdwmIEdmVciFudklcnN omuocb29GKbquRZRDGiE+mhqkwmp5e59AnePp3+AvkewSCsXlR1sfjEP/Tn5OsYerJ7eAAOj DjxO374TAqJG5ftW4BA/nVmx9FGKV1/A9Yc1UuH6LdQfLf7pmTck1Cxg4kdH+3qKGD63sAR0 Wh27XDjnBKXJUN7J+nctWMZJMvw4OhTXdTyVhWt6USKEzw8M5plY4sFqxBEAe8igQXlq1Xjd ISV7wYhT4l3FzsFNBFKbGksBEAC0a9wfjo2P3JyT7Lc+QlbFVshGbSbazb4ma7QYG5IZZD5v fLBFkePoG6cnrn3WCXp4A43hszAynCwe4eXyAkv4+gPF3ZSeNE5Wz3zYG+jh2nm2iGCkyaVy kfbA+2chor2DKH5tHpuNMBlF+wSJHZKJmlo/sFIktAnV1NBVg4/cL+9/hIpvl82cl3hYCD7/ e7/qRE+w38CpAAzn65FvbODn7xlY3fsJt+cHPBJ4EBM9KnTwcce+F+72RQMZQEl7vIAwSRmL dgZHN0MFC533l62SVoKjT0eaOOIBrvesmojhWjfwugibXr+WRF/tGcW77Bxwe2eQLbEVESqW eMORxRxocx7Q7aACoHmf4G4U1Vzx7zUEfNfHjfjZeQVfAURf/MoUelZSW/BmMIfKCg3lRlWA t+Pq2h2UADPVqAZze45beE/c8z8LZsOZiGoRhYL8NSg6+ziLTdmYLWdtFGAuZhqOtNp5h6tG j21OksBotcaIa5YjbCmmnImIjGlSBkUKvIhq/RXth5b2gNwaQdu+Yv4AlZVHRsuVywL/skDF L5+We11bDK6MQ5PzvmntRJcgbyoisn1hiV04OV1LpJJMkJn1j8VlBqDQNT/z+BjB0ru/0anv +5uLj7v0ck06rEo4yiXT/ZAcBM76j7V7FaGbkoba6bUUCQ2H5YYBOKpikjCnpwARAQABwsGT BBgBCAAmAhsMFiEE+W0coLX0MYtnSzMK6rA8WL/cR48FAlv9N7IFCQ8Ft+cAIQkQ6rA8WL/c R48WIQT5bRygtfQxi2dLMwrqsDxYv9xHj3CnD/9btCtkcphRYRUe08tUyVwzV/syDCdiUhF7 8jqDKTC+3zuyrFJi7t4fF9follHYz1Ri5RixxJHnuDFcq7ZTOprPYqO8QhckLAJOy5dmORDX 2guEA+y5zDYBwwjpio9dtnuE7QyHyMx4nMPq8O/HfO+6dDEZChkrGvcG9FTI7s0JhsDs3xxw jcROZ2OP0lNu2571ZpR4YuzMUOIhOaQBIF2wrTvLjKUsAnNQYK9gsFTeDHRsE4HZLxJvEdiZ CWN7COi9un4xtP4Khc3Fmn6ANEyh0bIgx1Eii2RGINuA2XRVYhPRJLUZRSVQcrND9k9S+m+T oaqz9JgFLusFA1KhdeYnE1bojpq1U1bsmEicLW2QfEGVumKTgUrTsno0cVPH73KDILFvHA0D 8t4UaQveRTRUVdHZ02IBVt655Q8Xq1TkHJ7l+2Ckso5IBujWD74QpSRzzffn/ihhEExwYSTj FSs0C/OgU+EDZbcq2SWu4n1OGsW337/80HnJKVWBPAZYy4EmiyQSY05MG/fj9RA9Qi4TjFLD LrIf6dFAmiiIwWjlAKiyyUk+XDJXrc1L2VhcHqfdBY4I/qwV1YAI1QI4W/i6TstB1j0GwKa3 ZORwu4eahL5+9R6xBedhXZpCL0dyKuI8iPaC8npaOCJoL8+l4+KXR/PKt8b8kzIcvSpyCZii PQ== Organization: FreeBSD Message-ID: Date: Thu, 19 Mar 2020 14:19:55 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="8z5bs69UCsV8muV4i3FtMd5xlK67ZrRIi" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 11:20:09 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --8z5bs69UCsV8muV4i3FtMd5xlK67ZrRIi Content-Type: multipart/mixed; boundary="OQFcyCRqscLGE3Eoo6jEabHsJUNeEIDxa" --OQFcyCRqscLGE3Eoo6jEabHsJUNeEIDxa Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 19.03.2020 9:42, Eugene Grosbein wrote: >>> I=E2=80=99d expect both ipfw and pf to happily saturate gigabit links= with NAT, even on quite modest hardware. >>> Are you sure the NAT code is the bottleneck? >> ipfw nat is very slow, really. There are many reasons, and one of the= m >> (easy fixable, but you need patch sources and rebuild kernel/module) i= s >> that `libalias` uses only 4096 buckets in state hashtable by default. = So >> it could saturate 1GBps link if you have 10 TCP connections, but it >> could not saturate 100Mbit if your have, say, 100K UDP streams. >=20 > It's really 4001 that is (and sould be) prime number. Oh, yes, I've forgot this detail. > Don't you think that now as ipfw nat builds libalias in kernel context,= > it could scale with maxusers (sys/systm.h) ? >=20 > Something like (4001 + (maxusers-32)*8) so it grows with amount of phys= ical memory > and is kept small for low-memory systems. IMHO, "maxusers" us useless now. It must be sysctl, as size of dynamic state table of IPFW itself. I have low-memory system where WHOLE memory is dedicated to firewall/nat, for example. I need really huge tables (131101) to make it work "bad" and not "terrible". --=20 // Lev Serebryakov --OQFcyCRqscLGE3Eoo6jEabHsJUNeEIDxa-- --8z5bs69UCsV8muV4i3FtMd5xlK67ZrRIi Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE+W0coLX0MYtnSzMK6rA8WL/cR48FAl5zVVtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEY5 NkQxQ0EwQjVGNDMxOEI2NzRCMzMwQUVBQjAzQzU4QkZEQzQ3OEYACgkQ6rA8WL/c R4++pRAAqMir1CampcJk5VTS4qV3FtSuhv9l1zAIVXLnoMY09AHb+0+kK8wShfZt eq+M53G1+JsD9YY9OKzpR71Hbsh+H032HdZH8cn+Os6i2u9gDRLkQFZTMc/VhKer dOhNDsAo4lml7xCB0s2pQcwWFXctcifzhYto/G9yZ2qCcbuLt7a/v/Mlktiv2rF0 xPl54QiGql21mIRs8FiWPnPVwYfdhu4prtG8JjdZzKT2RnHvk6+6109LIzlU3P6j rn/KQfrCjybYh0Vm4WzcMTMTSX27G9BRlTxdD01gsUP0YdcSFPJ0tGAxxDmtgzeh +LGw8Nm/gVDvQ5WtmWu7Er+0/qJSnofQyI7TLl9af20hyK8bcgwTX3ldnBipMgua tkKTCK/TjxjRY3kU6A7On1tVhQefCUZurlll5sMdcItS7dBioGdbdMUOgeKlK8mh 4XTHgVcC1pD2FBn//dr5iqBUA6MqoCZl0Inw+X9q9iVJSUKBZazsWqBz3EVaLOvH b3LcAc1FvtqCiSSuRocV5Dh4EigXChCs0/oU545DjebK2HPH4t7dnyOAKra6WE01 mfHpdozI5CvP4u6RTMiHQHrOfEvknQGzG9FUxDxUqS47RObLffVMXaoWsVV+hxBJ NY3/RVRzRrsTUQXNlKpLNTqTGCQ264L52bAAFl48FCWFuI2EIhE= =aDd3 -----END PGP SIGNATURE----- --8z5bs69UCsV8muV4i3FtMd5xlK67ZrRIi-- From owner-freebsd-net@freebsd.org Thu Mar 19 11:26:49 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0EEC925C952 for ; Thu, 19 Mar 2020 11:26:49 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jl3p4kWkz4RlS for ; Thu, 19 Mar 2020 11:26:46 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 02JBQYdJ058528 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 19 Mar 2020 11:26:36 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: Received: from [10.58.0.10] (dadvw [10.58.0.10]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id 02JBQWid008357 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for ; Thu, 19 Mar 2020 18:26:32 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: IPFW In-Kernel NAT vs PF NAT Performance To: freebsd-net@freebsd.org References: From: Eugene Grosbein Message-ID: Date: Thu, 19 Mar 2020 18:26:24 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.0 SPF_PASS SPF: sender matches SPF record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 48jl3p4kWkz4RlS X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-3.77 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.92)[-0.921,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.89)[-0.894,0]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; DMARC_NA(0.00)[grosbein.net]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(-1.85)[ip: (-5.14), ipnet: 2a01:4f8::/29(-2.56), asn: 24940(-1.55), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 11:26:49 -0000 19.03.2020 18:19, Lev Serebryakov wrote: >> Don't you think that now as ipfw nat builds libalias in kernel context, >> it could scale with maxusers (sys/systm.h) ? >> >> Something like (4001 + (maxusers-32)*8) so it grows with amount of physical memory >> and is kept small for low-memory systems. > IMHO, "maxusers" us useless now. It must be sysctl, as size of dynamic > state table of IPFW itself. I have low-memory system where WHOLE memory > is dedicated to firewall/nat, for example. I need really huge tables > (131101) to make it work "bad" and not "terrible". Sure, dedicated sysctl. I mean, its default value should be auto-tuned based on maxusers that grows with installed RAM by default. From owner-freebsd-net@freebsd.org Thu Mar 19 11:33:37 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0461925CE23 for ; Thu, 19 Mar 2020 11:33:37 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jlCh4Xccz4fJn for ; Thu, 19 Mar 2020 11:33:36 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from onlyone.not-for.work (onlyone.not-for.work [148.251.9.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: lev/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 2CCD215264 for ; Thu, 19 Mar 2020 11:33:36 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from [192.168.23.230] (unknown [89.113.128.32]) (Authenticated sender: lev@serebryakov.spb.ru) by onlyone.not-for.work (Postfix) with ESMTPSA id E63AA4625 for ; Thu, 19 Mar 2020 14:33:34 +0300 (MSK) Reply-To: lev@FreeBSD.org Subject: Re: IPFW In-Kernel NAT vs PF NAT Performance To: freebsd-net@freebsd.org References: <55dbea1fe75777780be166756c7641e8@neelc.org> From: Lev Serebryakov Autocrypt: addr=lev@FreeBSD.org; prefer-encrypt=mutual; keydata= xsFNBFKbGksBEADeguVs+XyJc3mL3iiOBqDd16wSk97YTJYOi4VsHsINzJr09oFvNDiaDBIi fLn2p8XcJvehcsF2GSgrfXfw+uK4O1jyNIKJmiYA0EtE+ZbRtvDrrE0w6Q8+SDeKA21SWh3Y vSQ0DJUontbgW55ER2CbEiIUTIn34uQ0kmESAaw/v5p/9ue8yPTmURvv130FqPFz8VPzltqL NxyGt54TxPfKAzAHEIwxlEZ63JOwzloKh1UDBExcsf9nJO08/TAVgR5UZ5njFBPzaaquhRoP qPJLEQQDqxPIlvMNtHKf7iIebE4BHeqgCdJA0BoiR6gpa0wlsZtdrTPK3n4wYSphLvGbhfOZ YW/hbcu7HYS/FImkVxB3iY17kcC1UTnx4ZaYeASPBGOOPbXky1lLfmDGWIFT//70yx+G17qD OZzF1SvJJhGvh6ilFYaWMX7T+nIp6Mcafc4D7AakXM+XdubNXOMlCJhzPcZ0skgAEnYV587w V7em5fDVwQccwvtfezzqKeJAU5TGiywBHSR5Svzk2FwRNf6M//hWkpq0SRR63iOhkHGOAEBi 69GfEIwH2/w24rLxP0E+Hqq8n+EWNkPatw1Mhcl5PKkdvGCjJUaGNMkpBffjyYo254JXRscR eEnwdIkJt4ErDvjb2/UrOFq31wWMOiLzJeVchAgvTHBMRfP9aQARAQABzShMZXYgU2VyZWJy eWFrb3YgPGxldkBzZXJlYnJ5YWtvdi5zcGIucnU+wsGwBBMBCABDAhsDBwsJCAcDAgEGFQgC CQoLBBYCAwECHgECF4ACGQEWIQT5bRygtfQxi2dLMwrqsDxYv9xHjwUCW/03kQUJDwW3xgAh CRDqsDxYv9xHjxYhBPltHKC19DGLZ0szCuqwPFi/3EePHxkP+wWNrAyks2fQctY/Gl7TMh+Y Q9uX0hAuZ2Vvi0LswBl/R85SsS7IvI9b3ogOWA8CAlHAxkvgH6sWrwRTNcCPS1MzulYxS914 0CSkdwwbv1JyDOOWYU6s8PfT9+BZr+9eNXStmEdEL5XcA1k2YncQtlR3m+oLkqlAOtteZWti pitMIX9BGYIVKyl0t0RnIx+m/QPVGU9gu02j0I3NSRnKQPyFxZqYK0nPBu+FKaEhIAqdKPOv GL4/ijansdiWO3mXy18G0Mkr8yYRSidpGgXGY6lmGzQ3R6ZS30bLI8DkskOOvfErwhZv5dH5 w4+JH5sQ7bIL5HEXs//ZU9UzMdQwcURMjcFfKGyfL0hSLRqzP8m7SL1k9ZL161OQ6C5zVO/M bSCmeeLkbfOj1NW1ZIv6UjVVWE/LS4+gqg/04C+Y24vj+7vMpBVEevdwmIEdmVciFudklcnN omuocb29GKbquRZRDGiE+mhqkwmp5e59AnePp3+AvkewSCsXlR1sfjEP/Tn5OsYerJ7eAAOj DjxO374TAqJG5ftW4BA/nVmx9FGKV1/A9Yc1UuH6LdQfLf7pmTck1Cxg4kdH+3qKGD63sAR0 Wh27XDjnBKXJUN7J+nctWMZJMvw4OhTXdTyVhWt6USKEzw8M5plY4sFqxBEAe8igQXlq1Xjd ISV7wYhT4l3FzsFNBFKbGksBEAC0a9wfjo2P3JyT7Lc+QlbFVshGbSbazb4ma7QYG5IZZD5v fLBFkePoG6cnrn3WCXp4A43hszAynCwe4eXyAkv4+gPF3ZSeNE5Wz3zYG+jh2nm2iGCkyaVy kfbA+2chor2DKH5tHpuNMBlF+wSJHZKJmlo/sFIktAnV1NBVg4/cL+9/hIpvl82cl3hYCD7/ e7/qRE+w38CpAAzn65FvbODn7xlY3fsJt+cHPBJ4EBM9KnTwcce+F+72RQMZQEl7vIAwSRmL dgZHN0MFC533l62SVoKjT0eaOOIBrvesmojhWjfwugibXr+WRF/tGcW77Bxwe2eQLbEVESqW eMORxRxocx7Q7aACoHmf4G4U1Vzx7zUEfNfHjfjZeQVfAURf/MoUelZSW/BmMIfKCg3lRlWA t+Pq2h2UADPVqAZze45beE/c8z8LZsOZiGoRhYL8NSg6+ziLTdmYLWdtFGAuZhqOtNp5h6tG j21OksBotcaIa5YjbCmmnImIjGlSBkUKvIhq/RXth5b2gNwaQdu+Yv4AlZVHRsuVywL/skDF L5+We11bDK6MQ5PzvmntRJcgbyoisn1hiV04OV1LpJJMkJn1j8VlBqDQNT/z+BjB0ru/0anv +5uLj7v0ck06rEo4yiXT/ZAcBM76j7V7FaGbkoba6bUUCQ2H5YYBOKpikjCnpwARAQABwsGT BBgBCAAmAhsMFiEE+W0coLX0MYtnSzMK6rA8WL/cR48FAlv9N7IFCQ8Ft+cAIQkQ6rA8WL/c R48WIQT5bRygtfQxi2dLMwrqsDxYv9xHj3CnD/9btCtkcphRYRUe08tUyVwzV/syDCdiUhF7 8jqDKTC+3zuyrFJi7t4fF9follHYz1Ri5RixxJHnuDFcq7ZTOprPYqO8QhckLAJOy5dmORDX 2guEA+y5zDYBwwjpio9dtnuE7QyHyMx4nMPq8O/HfO+6dDEZChkrGvcG9FTI7s0JhsDs3xxw jcROZ2OP0lNu2571ZpR4YuzMUOIhOaQBIF2wrTvLjKUsAnNQYK9gsFTeDHRsE4HZLxJvEdiZ CWN7COi9un4xtP4Khc3Fmn6ANEyh0bIgx1Eii2RGINuA2XRVYhPRJLUZRSVQcrND9k9S+m+T oaqz9JgFLusFA1KhdeYnE1bojpq1U1bsmEicLW2QfEGVumKTgUrTsno0cVPH73KDILFvHA0D 8t4UaQveRTRUVdHZ02IBVt655Q8Xq1TkHJ7l+2Ckso5IBujWD74QpSRzzffn/ihhEExwYSTj FSs0C/OgU+EDZbcq2SWu4n1OGsW337/80HnJKVWBPAZYy4EmiyQSY05MG/fj9RA9Qi4TjFLD LrIf6dFAmiiIwWjlAKiyyUk+XDJXrc1L2VhcHqfdBY4I/qwV1YAI1QI4W/i6TstB1j0GwKa3 ZORwu4eahL5+9R6xBedhXZpCL0dyKuI8iPaC8npaOCJoL8+l4+KXR/PKt8b8kzIcvSpyCZii PQ== Organization: FreeBSD Message-ID: <2ea463e1-a1ee-defe-b640-ad45f56a4949@FreeBSD.org> Date: Thu, 19 Mar 2020 14:33:34 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <55dbea1fe75777780be166756c7641e8@neelc.org> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="fcRpe1rKPRkoCJAblFgK1rerq4I0V0PLE" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 11:33:37 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --fcRpe1rKPRkoCJAblFgK1rerq4I0V0PLE Content-Type: multipart/mixed; boundary="BVNY0lSl7Gas9yGnLbC7DlkUDjhwze7FW" --BVNY0lSl7Gas9yGnLbC7DlkUDjhwze7FW Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 19.03.2020 7:14, Neel Chauhan wrote: > However, if you know, where in the code does libalias use only 4096 > buckets? I want to know incase I want/have to switch back to IPFW. 4096 is my mistake, it is 4001 and must be prime. It is here: sys/netinet/libalias/alias_local.h:69-70: #define LINK_TABLE_OUT_SIZE 4001 #define LINK_TABLE_IN_SIZE 4001 --=20 // Lev Serebryakov --BVNY0lSl7Gas9yGnLbC7DlkUDjhwze7FW-- --fcRpe1rKPRkoCJAblFgK1rerq4I0V0PLE Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE+W0coLX0MYtnSzMK6rA8WL/cR48FAl5zWI5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEY5 NkQxQ0EwQjVGNDMxOEI2NzRCMzMwQUVBQjAzQzU4QkZEQzQ3OEYACgkQ6rA8WL/c R4/ezw/8CaLlmn2wzCOsnTeWVQY1u66ACQDPUgZGL/xV1b+yUkIDw6U4FKQtQ3Hy SYFY7aDyf9nPZUefMtTeiAu+DxvxndZNqY9pbyZTUwbVm3cYG3qJvSfZHFfTe04Z 5Cu+IoRGQJEKTdUitWYdua+XM0GlhlmSWSszRYslpA4929qOhXcOjfoTjnqCA2gA hyH/jyE0m9zpeM9V4Y78J+gsRh4tILxWSF7xnPnXllfWWY3aXRaAffR2AcY9Ag07 2pXun8gQ+R9cDAXZiGNXnJWFQi8jpd77Ji9ncCiyznc39c61DbrYxCco4vHfxUjF h6oHUrHizH2c8PoB1MyKmobTxsn5o7zGVSNYudAC0kg1D87VMzF7m+bqCzy5Aiqa 8a0SgidX/T/VuuvjNFlsCpxF9/GO4AuxATmL/jet8sJ95LzSTn6f+Czkwsyyu/sU IqsGonQ6xCwa0QOc87kBwyDzx/kp5d6WWxcdC075wlUWDIoNUP+vMd6xpSJ8xn4H RY7TwiJC49XCfHet5jyXQBb8rBK0pGn0uux52wwdPGTkHyUUH6nFJL1sFqoTRoxM WlTwQumLt6WJAjyoPL79zpSLC51Ri+i5Gm52QhjhxjDl1QLZjR97KUBKYlYxr4Gd oSX+uN6bXLo5hLujxnh8nnfNGSpv3IFvjCj3J8fXzit3p/uWoYE= =IXAN -----END PGP SIGNATURE----- --fcRpe1rKPRkoCJAblFgK1rerq4I0V0PLE-- From owner-freebsd-net@freebsd.org Thu Mar 19 13:08:04 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 002B3260146 for ; Thu, 19 Mar 2020 13:08:04 +0000 (UTC) (envelope-from zec@fer.hr) Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2041.outbound.protection.outlook.com [40.107.20.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jnJg4MVTz41Bv; Thu, 19 Mar 2020 13:08:03 +0000 (UTC) (envelope-from zec@fer.hr) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OA9L+nsiMnNt39ofSIE3jsHk8Ec+fr7XrDAMWXXjB2dA1DKqiLLQY+a5eIl4Mg7jX4hEGOSJ/vWCNGy1WFY7vPpQDN4p5UxP7OF1sHBHr9rOy9v0QZ75Ec7H3YL1qeuj/wPhfMD+ZgQQBQO7R8PbUj65+wSXaopRFpRvIyGxm6x60aoGMnzl4r9PApUm+KfVv+PyawfMEhxooFeugZS4KHsv3KzMyKQHlROste/kC/mTQaonDzdpchGXxrtpHFJxcsOvT7+WqtOq8YiOCZi+2NX8i+yplVqevqimFMxYn6GZqOgJwXzCkADVH+H1fcXZAbav0VHvlOmiNZmyxZTw7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XQoopnyfCcC3lvJyTH8XVMAFFsvmpTfJOmiKVptrHgw=; b=cEOP/vFt3iKZBmc+88pghqFf7sYbsuiuIymaWMIVDoqstAzbZzBaWEWFqoIwkFY//wDtUshEI6ry+YO3qLuTJoqo//waUhpw7QvlKCdUpUxBxiXnHx3esaPOBQlbXdDjdVX3YBd9/zRvoc351Bt0QgHk8U1SQKIHrMAQ1gKAwRooRjcOjEkdbJMKWCkKxUQdkWu6y3+uev2RNvZJeaUcL4Iclru5tBl/qnYi/9KUpXoDNxq6MWEWTSxAwJ5ekKlkObQO/9UiaR9kvwEQJ2lUbSpbok+olsYWcaDR5SeSDNOwLO2nhYVSnFWc4rlxt2vgReFcLrYP/q4i+5g7zJ5dfw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fer.hr; dmarc=pass action=none header.from=fer.hr; dkim=pass header.d=fer.hr; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ferhr.onmicrosoft.com; s=selector2-ferhr-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XQoopnyfCcC3lvJyTH8XVMAFFsvmpTfJOmiKVptrHgw=; b=F6wYZd46HqXUDcbr0XgzdZmmHXyp9D8Ndv9z+zY3Ng3jkeWKpDxY1D281veGsGyd3DrIdyhCLfe1DCmkbia45xtWOHQK37kh7Lurf0XySQ6XPvWwMXAc7BxQjP5wum4gOe27kNzrn6yIB5RZPTKvBhZG6Cuwi+WQWHfX1USWGF4= Received: from AM0PR08MB5315.eurprd08.prod.outlook.com (10.255.225.87) by AM0PR08MB5010.eurprd08.prod.outlook.com (10.255.29.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.18; Thu, 19 Mar 2020 13:08:01 +0000 Received: from AM0PR08MB5315.eurprd08.prod.outlook.com ([fe80::ccc2:ade:260d:b6db]) by AM0PR08MB5315.eurprd08.prod.outlook.com ([fe80::ccc2:ade:260d:b6db%7]) with mapi id 15.20.2814.021; Thu, 19 Mar 2020 13:08:01 +0000 Date: Thu, 19 Mar 2020 14:08:48 +0100 From: Marko Zec To: Lev Serebryakov Cc: freebsd-net@freebsd.org Subject: Re: IPFW In-Kernel NAT vs PF NAT Performance Message-ID: <20200319140848.4160644c@x23> In-Reply-To: <2ea463e1-a1ee-defe-b640-ad45f56a4949@FreeBSD.org> References: <55dbea1fe75777780be166756c7641e8@neelc.org> <2ea463e1-a1ee-defe-b640-ad45f56a4949@FreeBSD.org> X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; amd64-portbld-freebsd11.3) Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-ClientProxiedBy: VI1PR0501CA0032.eurprd05.prod.outlook.com (2603:10a6:800:60::18) To AM0PR08MB5315.eurprd08.prod.outlook.com (2603:10a6:208:18e::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from x23 (31.147.121.189) by VI1PR0501CA0032.eurprd05.prod.outlook.com (2603:10a6:800:60::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.15 via Frontend Transport; Thu, 19 Mar 2020 13:08:01 +0000 X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; amd64-portbld-freebsd11.3) X-Originating-IP: [31.147.121.189] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e472e025-5ba9-4c79-5e62-08d7cc068d90 X-MS-TrafficTypeDiagnostic: AM0PR08MB5010: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-Forefront-PRVS: 0347410860 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(396003)(136003)(346002)(366004)(39850400004)(199004)(6916009)(86362001)(66556008)(4744005)(33716001)(478600001)(81156014)(53546011)(66946007)(1076003)(6666004)(66476007)(52116002)(5660300002)(6496006)(8676002)(450100002)(4326008)(956004)(16526019)(186003)(8936002)(55016002)(26005)(9686003)(316002)(786003)(9576002)(2906002)(81166006); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR08MB5010; H:AM0PR08MB5315.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; Received-SPF: None (protection.outlook.com: fer.hr does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: oL8khNmsUKGA1cu0ehXOlhLt6kNSs1F/JMlD8Q4wjA9VT+HLAD5BLSQkgQLlspIR/70CJvXK/XSAm5gVUegvgkl+wNiDbkpd4BTE6+yzL4jE2XOXLqzv/fh9WGiTuwtfi+WCpH5VXCV1JJEngL8tehI4M/4HGy9YfNYJjJoLF6bjNdGnNc7TEIBL8jpCC8eKyHRHppA93bR7NAuI3mMfHBYhpHAKDuEfU6Fni0SJWTGlKceQDckahd3ZHM4WR+SHUugTf6/4/2FWnDCM8uvCtlZVX68KKFgJYglUe6wpk/gfDnNSEvvVSmr5DyLO22fCmWwiL22tDkQADsmkZ7uTrNrTvlFzjiHOHeB+BqerRN/A/aXCru+ZtP61PTE2dGpfgOCiX4GCPdoRbhv4EmlNZXOgJKRVMcY9UUYfYwz7NXs4MoCd6zYG49m0mi6thPDP X-MS-Exchange-AntiSpam-MessageData: oiUStPOV9C+c6XKo4lF6jXrMjBYUUPqvaUtJc08dL1sJGTlxP/mARgRHaNMbZzMVnmRt/FJLM5TD9ItXRP/fs8iUcAnxww4TVKEErE3QUxUU0hJ9z+JhPIgsISdBq3cvaCuG0pco2ES2z8Kjvtm9tw== X-OriginatorOrg: fer.hr X-MS-Exchange-CrossTenant-Network-Message-Id: e472e025-5ba9-4c79-5e62-08d7cc068d90 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Mar 2020 13:08:01.5045 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: ca71eddc-cc7b-4e5b-95bd-55b658e696be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: hgvg40hSS/NCBx5NLqvk1jOpUWiZSFb3agNr+zowASu0zUi3qPKea9Fvvq3nFLuO X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB5010 X-Rspamd-Queue-Id: 48jnJg4MVTz41Bv X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-2.52 / 15.00]; NEURAL_SPAM_MEDIUM(0.58)[0.575,0]; REPLY(-4.00)[]; NEURAL_SPAM_LONG(0.90)[0.903,0] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 13:08:04 -0000 On Thu, 19 Mar 2020 14:33:34 +0300 Lev Serebryakov wrote: > On 19.03.2020 7:14, Neel Chauhan wrote: > > > However, if you know, where in the code does libalias use only 4096 > > buckets? I want to know incase I want/have to switch back to IPFW. > 4096 is my mistake, it is 4001 and must be prime. It is here: > > sys/netinet/libalias/alias_local.h:69-70: > > #define LINK_TABLE_OUT_SIZE 4001 > #define LINK_TABLE_IN_SIZE 4001 Out of curiosity, why exactly _must_ the hash size be a prime here? Doing a quick fgrep -R powerof2 /sys/netinet | fgrep hash reveals that a completely different line of thought prevails there, and probably elsewhere as well? What gives? Marko From owner-freebsd-net@freebsd.org Thu Mar 19 13:22:48 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9B665260686; Thu, 19 Mar 2020 13:22:48 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (cross.sbone.de [195.201.62.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jndf54KVz4gBC; Thu, 19 Mar 2020 13:22:46 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 01CAA8D4A168; Thu, 19 Mar 2020 13:22:44 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 7B1E4E7089D; Thu, 19 Mar 2020 13:22:44 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id wtJPBlSRQI1d; Thu, 19 Mar 2020 13:22:42 +0000 (UTC) Received: from [169.254.231.217] (unknown [IPv6:fde9:577b:c1a9:4902:edb8:d7e:6ea:811a]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 9088CE7089C; Thu, 19 Mar 2020 13:22:42 +0000 (UTC) From: "Bjoern A. Zeeb" To: "Victor Sudakov" Cc: "Miroslav Lachman" <000.fbsd@quip.cz>, freebsd-net@freebsd.org, freebsd-questions@freebsd.org Subject: Re: IPv6 in jails Date: Thu, 19 Mar 2020 13:22:40 +0000 X-Mailer: MailMate (2.0BETAr6146) Message-ID: <01EF7656-4F8A-4075-A0B4-27E8AB17B516@lists.zabbadoz.net> In-Reply-To: <20200319021432.GA80800@admin.sibptus.ru> References: <20200318151556.GA64871@admin.sibptus.ru> <2dd539ed-0ee3-079b-27b2-28126056c69a@quip.cz> <20200318155046.GD65497@admin.sibptus.ru> <4CA69535-0F6C-40FC-83CF-5000FD728C2D@lists.zabbadoz.net> <20200319021432.GA80800@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 48jndf54KVz4gBC X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of bzeeb-lists@lists.zabbadoz.net designates 195.201.62.131 as permitted sender) smtp.mailfrom=bzeeb-lists@lists.zabbadoz.net X-Spamd-Result: default: False [-5.01 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; NEURAL_HAM_MEDIUM(-0.99)[-0.992,0]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:195.201.62.131]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[zabbadoz.net]; NEURAL_HAM_LONG(-1.00)[-0.997,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_SCORE(-2.72)[ip: (-9.11), ipnet: 195.201.0.0/16(-2.91), asn: 24940(-1.55), country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:195.201.0.0/16, country:DE]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 13:22:48 -0000 On 19 Mar 2020, at 2:14, Victor Sudakov wrote: >> If it does, can you add a >> >> exec.start += "sleep 2 "; >> >> to your config > > OK, I've added it to the configs of 3 experimental jails. > >> and see if your problem goes away? > > It goes away partially (only for sshd in 2 of the 3 available jails), > and > not for syslogd in any of the 3 available jails. Restarting the > daemons > from within the jail fixes the problem. An example from a problem > jail: > .. > >> If it does, the reason is >> that you configure an IPv6 address to an interface and DUD has not >> yet >> completed by the time sshd or other daemons start. Giving it the 2 >> seconds >> avoids this problem and the address is usable at that time. > > There is obviously a race somewhere, but the 2 second sleep does not > eliminate it entirely. Well not so much of a race but than a “gap”. The point is you are configuring an address on the base system and the jail knows nothing about it so it’ll simply start the daemons. Normally the startup scripts would do the right thing. I don’t think “polluting” jail(8) with logic to check that the addresses become available or not is a good idea. However I agree that it should automatically do the right thing somehow .. > Thank you for the hint in the right direction, what would you suggest > further? If you make it 3 seconds, does it deterministically work then? /bz From owner-freebsd-net@freebsd.org Thu Mar 19 14:01:36 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2FECE26111D; Thu, 19 Mar 2020 14:01:36 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48jpVQ5wXxz45f8; Thu, 19 Mar 2020 14:01:34 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=vTgUg3MgEK5fLIv5X2bS62bPWK4N0X2e5Q2R+bBVVCo=; b=JBOEHFsMn9QQmnSh7AH65ylHmg bVat+l5g44cZhgBxFSw5CRGRiKRkJqGOyex5UpY/4z7a4xLMeYou8TCb22XC90k41dcqAPB4H3eTD f55giLSywo+ohNVWOU/oR9k/hkKqpiqdO3eaAoUVs/dgNJ9eAUwlGBaB2RDzj/0XK6Gs=; Received: from vas by admin.sibptus.ru with local (Exim 4.93.0.4 (FreeBSD)) (envelope-from ) id 1jEvjo-000OUQ-Dt; Thu, 19 Mar 2020 21:01:32 +0700 Date: Thu, 19 Mar 2020 21:01:32 +0700 From: Victor Sudakov To: "Bjoern A. Zeeb" Cc: Miroslav Lachman <000.fbsd@quip.cz>, freebsd-net@freebsd.org, freebsd-questions@freebsd.org Subject: Re: IPv6 in jails Message-ID: <20200319140132.GA93947@admin.sibptus.ru> References: <20200318151556.GA64871@admin.sibptus.ru> <2dd539ed-0ee3-079b-27b2-28126056c69a@quip.cz> <20200318155046.GD65497@admin.sibptus.ru> <4CA69535-0F6C-40FC-83CF-5000FD728C2D@lists.zabbadoz.net> <20200319021432.GA80800@admin.sibptus.ru> <01EF7656-4F8A-4075-A0B4-27E8AB17B516@lists.zabbadoz.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="tKW2IUtsqtDRztdT" Content-Disposition: inline In-Reply-To: <01EF7656-4F8A-4075-A0B4-27E8AB17B516@lists.zabbadoz.net> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 48jpVQ5wXxz45f8 X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=JBOEHFsM; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.46 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+mx:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; IP_SCORE(-3.36)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.93), country: US(-0.05)]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 14:01:36 -0000 --tKW2IUtsqtDRztdT Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Bjoern A. Zeeb wrote: >=20 > > > If it does, can you add a > > >=20 > > > exec.start +=3D "sleep 2 "; > > >=20 > > > to your config > >=20 > > OK, I've added it to the configs of 3 experimental jails. > >=20 > > > and see if your problem goes away? > >=20 > > It goes away partially (only for sshd in 2 of the 3 available jails), > > and > > not for syslogd in any of the 3 available jails. Restarting the daemons > > from within the jail fixes the problem. An example from a problem jail: > >=20 > .. > >=20 > > > If it does, the reason is > > > that you configure an IPv6 address to an interface and DUD has not > > > yet > > > completed by the time sshd or other daemons start. Giving it the 2 What is "DUD" BTW? > > > seconds > > > avoids this problem and the address is usable at that time. > >=20 > > There is obviously a race somewhere, but the 2 second sleep does not > > eliminate it entirely. >=20 > Well not so much of a race but than a =E2=80=9Cgap=E2=80=9D. >=20 > The point is you are configuring an address on the base system and the ja= il > knows nothing about it so it=E2=80=99ll simply start the daemons. Normal= ly the > startup scripts would do the right thing. >=20 > I don=E2=80=99t think =E2=80=9Cpolluting=E2=80=9D jail(8) with logic to c= heck that the addresses > become available or not is a good idea. However I agree that it should > automatically do the right thing somehow .. >=20 >=20 >=20 > > Thank you for the hint in the right direction, what would you suggest > > further? >=20 > If you make it 3 seconds, does it deterministically work then? Not quite: https://termbin.com/arvb syslogd sometimes remains deprived of the IPv6 address. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --tKW2IUtsqtDRztdT Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJec3s8AAoJEA2k8lmbXsY0Od0IAK0+xmWkuH/uazuRTSVKr9VI +XHfx9+tThzPE0MlrPBwJJ0x0Mj+HbI9RxYxQlmCRXkNoNQ2oIca5KmEjSHlnr+p cka9T025H2mJ//SP53i8ZFB8+kVlj4z6nsE+X0eJBuah0dhmdrAP/p7oWWgpPRYq mqwagg814XAWNXzWfZZ8LDtlgjVszY2L29khNojAk9Ao87slowlJ8j+BPCKrF30Y WPiHUTlW8hVmogsKB6q+bdNg6ePqAoG9GbyM4UF6tHrEQH9M0RwpS1lDSkTNZdTj amgRXlQFcS8IuPUIlFntTuJdtFvFGN0z2ZncFEHjsHKbcCQce6BnQs1TjEBnm0M= =+OwQ -----END PGP SIGNATURE----- --tKW2IUtsqtDRztdT-- From owner-freebsd-net@freebsd.org Thu Mar 19 17:20:22 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CCABE26521F for ; Thu, 19 Mar 2020 17:20:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 48jtvp4d4hz3Q9x for ; Thu, 19 Mar 2020 17:20:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 43B3726521D; Thu, 19 Mar 2020 17:20:22 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4343F26521C for ; Thu, 19 Mar 2020 17:20:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jtvn3JZzz3Q83 for ; Thu, 19 Mar 2020 17:20:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2CAFBE4DA for ; Thu, 19 Mar 2020 17:20:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02JHKKKb038108 for ; Thu, 19 Mar 2020 17:20:20 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02JHKKup038107 for net@FreeBSD.org; Thu, 19 Mar 2020 17:20:20 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 206567] [msk] msk0: watchdog timeout - 88E8053 on i386 Date: Thu, 19 Mar 2020 17:20:20 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.3-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: tgl@sss.pgh.pa.us X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 17:20:23 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206567 Tom Lane changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tgl@sss.pgh.pa.us --- Comment #2 from Tom Lane --- I'm getting much the same behavior on an early 2006 Mac Mini (MA206LL/A). = The ethernet interface shows up in dmesg just as quoted above: ... pcib1: irq 17 at device 28.0 on pci0 pcib1: failed to allocate initial I/O port window: 0x1000-0x1fff pci1: on pcib1 mskc0: mem 0x90200000-0x90203fff i= rq 16 at device 0.0 on pci1 msk0: on mskc0 msk0: Using defaults for TSO: 65518/35/2048 msk0: Ethernet address: 00:16:cb:a5:22:11 miibus0: on msk0 e1000phy0: PHY 0 on miibus0 e1000phy0: none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto, auto-flow pcib2: irq 16 at device 28.1 on pci0 pci2: on pcib2 ... Things work fine for quite a while (a month or more), and then suddenly the interface fails to operate, with repeating messages like this in syslog: Mar 17 03:27:15 oldmini kernel: msk0: watchdog timeout Mar 17 03:27:15 oldmini kernel: msk0: link state changed to DOWN Mar 17 03:27:18 oldmini kernel: msk0: link state changed to UP Mar 17 03:28:15 oldmini kernel: msk0: watchdog timeout Mar 17 03:28:15 oldmini kernel: msk0: link state changed to DOWN Mar 17 03:28:18 oldmini kernel: msk0: link state changed to UP Mar 17 03:29:16 oldmini kernel: msk0: watchdog timeout Mar 17 03:29:16 oldmini kernel: msk0: link state changed to DOWN Mar 17 03:29:19 oldmini kernel: msk0: link state changed to UP Mar 17 03:30:16 oldmini kernel: msk0: watchdog timeout Mar 17 03:30:16 oldmini kernel: msk0: link state changed to DOWN Mar 17 03:30:19 oldmini kernel: msk0: link state changed to UP Rebooting fixes it; I've not tried any lesser solutions. Currently running FreeBSD oldmini.sss.pgh.pa.us 12.1-RELEASE-p2 FreeBSD 12.1-RELEASE-p2 GENER= IC=20 i386 but I also saw this with 12.0. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Mar 19 17:45:10 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3DFE326846E for ; Thu, 19 Mar 2020 17:45:10 +0000 (UTC) (envelope-from jbe-mlist@magnetkern.de) Received: from sapphire.magnetkern.de (sapphire.magnetkern.de [185.228.139.199]) by mx1.freebsd.org (Postfix) with ESMTP id 48jvSP0JTZz3Ksx for ; Thu, 19 Mar 2020 17:45:08 +0000 (UTC) (envelope-from jbe-mlist@magnetkern.de) Received: from titanium (p5DD45C70.dip0.t-ipconnect.de [93.212.92.112]) by sapphire.magnetkern.de (Postfix) with ESMTPSA id 95F7363A; Thu, 19 Mar 2020 17:45:02 +0000 (UTC) Date: Thu, 19 Mar 2020 18:45:02 +0100 From: Jan Behrens To: freebsd-net@freebsd.org Cc: "Bjoern A. Zeeb" , "Victor Sudakov" Subject: Re: IPv6 in jails Message-Id: <20200319184502.02545d3a849fd60fe63a717f@magnetkern.de> In-Reply-To: <4CA69535-0F6C-40FC-83CF-5000FD728C2D@lists.zabbadoz.net> References: <20200318151556.GA64871@admin.sibptus.ru> <2dd539ed-0ee3-079b-27b2-28126056c69a@quip.cz> <20200318155046.GD65497@admin.sibptus.ru> <4CA69535-0F6C-40FC-83CF-5000FD728C2D@lists.zabbadoz.net> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48jvSP0JTZz3Ksx X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of jbe-mlist@magnetkern.de designates 185.228.139.199 as permitted sender) smtp.mailfrom=jbe-mlist@magnetkern.de X-Spamd-Result: default: False [2.71 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[112.92.212.93.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; MV_CASE(0.50)[]; DMARC_NA(0.00)[magnetkern.de]; NEURAL_SPAM_MEDIUM(0.88)[0.876,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(1.00)[0.997,0]; IP_SCORE(0.54)[ipnet: 185.228.136.0/22(3.34), asn: 197540(-0.61), country: DE(-0.02)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:197540, ipnet:185.228.136.0/22, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 17:45:10 -0000 On Wed, 18 Mar 2020 16:51:32 +0000 "Bjoern A. Zeeb" wrote: > Can you then do a jexec test4 and run service sshd restart and see if it > starts working? I experienced the same problem as discussed in this thread when I set up IPv6 with my server. Strangely, when I rebooted the host system and simply started the jails one after the other (with a freshly booted host system), the problem didn't occur, but maybe that was just random. A "service sshd restart" inside the jail always seemed to help, which is why I also assumed there was some sort of race condition. But maybe it is related to some addresses being in use yet when restarting a jail? Regards, Jan From owner-freebsd-net@freebsd.org Thu Mar 19 17:49:31 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B652B26A093 for ; Thu, 19 Mar 2020 17:49:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 48jvYR4Qqwz3NqV for ; Thu, 19 Mar 2020 17:49:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 932EB26A08D; Thu, 19 Mar 2020 17:49:31 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 92C8326A08B for ; Thu, 19 Mar 2020 17:49:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jvYR31j1z3NqJ for ; Thu, 19 Mar 2020 17:49:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4C518EA8F for ; Thu, 19 Mar 2020 17:49:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02JHnVvq032026 for ; Thu, 19 Mar 2020 17:49:31 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02JHnVVc032025 for net@FreeBSD.org; Thu, 19 Mar 2020 17:49:31 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 206567] [msk] msk0: watchdog timeout - 88E8053 on i386 Date: Thu, 19 Mar 2020 17:49:31 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.3-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: zarychtam@plan-b.pwste.edu.pl X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 17:49:31 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206567 Marek Zarychta changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zarychtam@plan-b.pwste.edu. | |pl --- Comment #3 from Marek Zarychta --- IMHO this hardware is buggy and never worked reliable for me. I have been s= till using it as a part of lagg(4) on FreeBSD 11.3. It used to behave even worse earlier (used with older FreeBSD releases). I recall similar failures on Li= nux, rebooting machine was solving the issue. Bringing this card up and down, reloading drivers etc was never helping regardless it was going on FreeBSD = or Linux. Please replace your NIC. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Mar 19 18:13:56 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9B42926D0B4 for ; Thu, 19 Mar 2020 18:13:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 48jw5c2cn0z4KWS for ; Thu, 19 Mar 2020 18:13:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id BEB1C26D0AC; Thu, 19 Mar 2020 18:13:55 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BC99226D0AB for ; Thu, 19 Mar 2020 18:13:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jw5b19hJz4KVF for ; Thu, 19 Mar 2020 18:13:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A3B80F06D for ; Thu, 19 Mar 2020 18:13:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02JIDs8b011500 for ; Thu, 19 Mar 2020 18:13:54 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02JIDs6b011490 for net@FreeBSD.org; Thu, 19 Mar 2020 18:13:54 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 206567] [msk] msk0: watchdog timeout - 88E8053 on i386 Date: Thu, 19 Mar 2020 18:13:53 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.3-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: tgl@sss.pgh.pa.us X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 18:13:56 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206567 --- Comment #4 from Tom Lane --- macOS has been rock solid reliable for ~14 years on that same hardware, so = that sounds like a pretty lame excuse to me. (I wonder whether digging into the Darwin kernel sources would yield anything interesting about how to drive t= his interface...) --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Mar 19 21:06:39 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 75562270DFE for ; Thu, 19 Mar 2020 21:06:39 +0000 (UTC) (envelope-from jacques.fourie@gmail.com) Received: from mail-io1-xd2d.google.com (mail-io1-xd2d.google.com [IPv6:2607:f8b0:4864:20::d2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jzwp0wNLz4SsZ for ; Thu, 19 Mar 2020 21:06:33 +0000 (UTC) (envelope-from jacques.fourie@gmail.com) Received: by mail-io1-xd2d.google.com with SMTP id q128so3824247iof.9 for ; Thu, 19 Mar 2020 14:06:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=YpOHj9nhClL3M//SJzT0pjCsuREZOcsV7TDi5QihYmg=; b=CIgGZn0mKlPpJGnuIQHR+Q0aRVyTwLDyafx0QFXVyeEDuJLLPSZTmTHcXQm1USng6u A6p56gjU7NvefKPTkWDnmgNX5cKPdnwHtxqodZYMiy+D5KKjX/piJZnm9i5SyhY9ekbx sBM1k+PYNYijVkoKC3+R9bUBAvWvOgZxzsTqhMxavJvLUDBVt6wGaE91YsMSI9Am6J22 84qTc6ShZrIL8xm7xWg6AOHMCDBbWkFRRV71h7ko6BxbEBSzVjgIETAi9Z8zvRKJV450 SWJhgZKH24PWTM9//ZbhAUZm7cumSc3E+KOA/FJ3Wx291TFjO7FkZhC6ZKZ80QdQjYbZ BDnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=YpOHj9nhClL3M//SJzT0pjCsuREZOcsV7TDi5QihYmg=; b=FEPHgpqjPYaNcQTndHivqZkAA/0lhM+nxutyc9Y6827HCbATtfiMn+FkCr7wrRz5/H FHwvzxlD0N3VxIv10eVSYaHI34hy7kxue9JtFELNvodKf+Kll5dm9CJpPSi7SY/lnbhT 4PplQ9uRpTEb9L83960zYtR2h3V310P3a/c6c7lbHCUmaroNCNRnoTLZfN3j2Dt/CKCJ pX5BQGqmwZGCEhcxJmJH+FpLSrkFDKDoie4OXEF2MWZwmd3wCJI3RXiaVEu7wZ1lpbJ7 Hbw2R08UbjOC8zC+CEAlAecoMxnR0/A88WgW9V6WvaJb5ibe63taD9ccVgAyPKzgSNf0 v4AQ== X-Gm-Message-State: ANhLgQ14YQggqUpfzpOnel0ajtwLQClYmxR7C/kw80rO7Qjz9kL8idUO QIsuaf03zEBXV2a0t1suGWovxlwORTeUOG3kwKlkdQ== X-Google-Smtp-Source: ADFU+vtWRqI9Rp99LHcvIKjhIWM1dygJyk4KOMs+FLyTk6Pydfp9LL2HJVE6D9BtGchinoSCWvmVHG7UEDTz6suf3Ds= X-Received: by 2002:a02:13c6:: with SMTP id 189mr4949027jaz.14.1584651989530; Thu, 19 Mar 2020 14:06:29 -0700 (PDT) MIME-Version: 1.0 From: Jacques Fourie Date: Thu, 19 Mar 2020 17:06:18 -0400 Message-ID: Subject: if_vxlan question To: freebsd-net@freebsd.org X-Rspamd-Queue-Id: 48jzwp0wNLz4SsZ X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=CIgGZn0m; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of jacquesfourie@gmail.com designates 2607:f8b0:4864:20::d2d as permitted sender) smtp.mailfrom=jacquesfourie@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; IP_SCORE(0.00)[ip: (-6.80), ipnet: 2607:f8b0::/32(-1.85), asn: 15169(-1.64), country: US(-0.05)]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[d.2.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 21:06:39 -0000 Hi, I noticed that my FreeBSD box was dropping vxlan packets with higher VNI's. Looking at the code it seems that the check at line 2548 is not correct: if (vxh->vxlh_flags != htonl(VXLAN_HDR_FLAGS_VALID_VNI) || vxh->vxlh_vni & ~htonl(VXLAN_VNI_MASK)) <----- Incorrect? goto out; Let's say the VNI is 99901. This will arrive on the wire as 0x01,0x86,0x3d,0x00. The above check will compute 0x3d8601 & 0xff, which will return 0x01. I think the correct version should be without the htonl(), ie: vxh->vxh_vni & ~VXLAN_VNI_MASK Can someone please double check? Thanks, Jacques From owner-freebsd-net@freebsd.org Thu Mar 19 23:37:34 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0AE99273FE1 for ; Thu, 19 Mar 2020 23:37:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 48k3H073vkz4TYC for ; Thu, 19 Mar 2020 23:37:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 96335273FE0; Thu, 19 Mar 2020 23:37:32 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 95485273FDF for ; Thu, 19 Mar 2020 23:37:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48k3H02zx7z4TWy for ; Thu, 19 Mar 2020 23:37:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 23E6B1AA83 for ; Thu, 19 Mar 2020 23:37:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02JNbWsm082912 for ; Thu, 19 Mar 2020 23:37:32 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02JNbWAb082911 for net@FreeBSD.org; Thu, 19 Mar 2020 23:37:32 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 206567] [msk] msk0: watchdog timeout - 88E8053 on i386 Date: Thu, 19 Mar 2020 23:37:29 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.3-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: brad@comstyle.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 23:37:34 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206567 Brad Smith changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |brad@comstyle.com --- Comment #5 from Brad Smith --- At the moment OpenBSD disables MSI interrupts for the 8053 chipset. Have any of you guys tried using the tunable to disable MSI and see if it makes any difference? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Fri Mar 20 03:06:27 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E6EC72584A2 for ; Fri, 20 Mar 2020 03:06:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 48k7w35sPnz3PZ9 for ; Fri, 20 Mar 2020 03:06:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id C90ED2584A1; Fri, 20 Mar 2020 03:06:27 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C8D462584A0 for ; Fri, 20 Mar 2020 03:06:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48k7w350nDz3PZ4 for ; Fri, 20 Mar 2020 03:06:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A737E1D15C for ; Fri, 20 Mar 2020 03:06:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02K36RXS067822 for ; Fri, 20 Mar 2020 03:06:27 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02K36Rcc067821 for net@FreeBSD.org; Fri, 20 Mar 2020 03:06:27 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 206567] [msk] msk0: watchdog timeout - 88E8053 on i386 Date: Fri, 20 Mar 2020 03:06:26 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.3-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: tgl@sss.pgh.pa.us X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2020 03:06:28 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206567 --- Comment #6 from Tom Lane --- > Have any of you guys tried using the tunable to disable MSI and > see if it makes any difference? Oh, thanks for the suggestion. I'm happy to try, but what change are you suggesting exactly? I see multiple sysctl variables with "msi" in their na= mes, so I'm confused. $ sysctl -a | grep -i msi hw.sdhci.enable_msi: 1 hw.puc.msi_disable: 0 hw.pci.honor_msi_blacklist: 1 hw.pci.msix_rewrite_table: 0 hw.pci.enable_msix: 1 hw.pci.enable_msi: 1 hw.mfi.msi: 1 hw.malo.pci.msi_disable: 0 hw.bce.msi_enable: 1 hw.aac.enable_msi: 1 machdep.disable_msix_migration: 0 machdep.num_msi_irqs: 512 --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Fri Mar 20 03:11:13 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A31FD258726 for ; Fri, 20 Mar 2020 03:11:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 48k81Y3lzZz4296 for ; Fri, 20 Mar 2020 03:11:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 7069F258725; Fri, 20 Mar 2020 03:11:13 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7022D258724 for ; Fri, 20 Mar 2020 03:11:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48k81Y1hT5z428Z for ; Fri, 20 Mar 2020 03:11:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 299481D1B1 for ; Fri, 20 Mar 2020 03:11:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02K3BDFM090778 for ; Fri, 20 Mar 2020 03:11:13 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02K3BDXR090757 for net@FreeBSD.org; Fri, 20 Mar 2020 03:11:13 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 206567] [msk] msk0: watchdog timeout - 88E8053 on i386 Date: Fri, 20 Mar 2020 03:11:13 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.3-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: brad@comstyle.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2020 03:11:13 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206567 --- Comment #7 from Brad Smith --- Looks like hw.msk.msi_disable=3D1 in /boot/loader.conf. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Fri Mar 20 03:45:06 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 884A72594D9 for ; Fri, 20 Mar 2020 03:45:06 +0000 (UTC) (envelope-from neel@neelc.org) Received: from rainpuddle.neelc.org (rainpuddle.neelc.org [IPv6:2001:19f0:8001:fed:5400:2ff:fe73:c622]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48k8md2dCTz4fgP for ; Fri, 20 Mar 2020 03:45:04 +0000 (UTC) (envelope-from neel@neelc.org) Received: from mail.neelc.org (rainpuddle.neelc.org [IPv6:2001:19f0:8001:fed:5400:2ff:fe73:c622]) by rainpuddle.neelc.org (Postfix) with ESMTPSA id 14D47B1FBF for ; Thu, 19 Mar 2020 20:45:01 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 19 Mar 2020 20:44:59 -0700 From: Neel Chauhan To: freebsd-net@freebsd.org Subject: Reviewing three ipfw(8) patches User-Agent: Roundcube Webmail/1.4.1 Message-ID: X-Sender: neel@neelc.org X-Rspamd-Queue-Id: 48k8md2dCTz4fgP X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=neelc.org; spf=pass (mx1.freebsd.org: domain of neel@neelc.org designates 2001:19f0:8001:fed:5400:2ff:fe73:c622 as permitted sender) smtp.mailfrom=neel@neelc.org X-Spamd-Result: default: False [-5.98 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.94)[-0.944,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.99)[-0.990,0]; IP_SCORE(-3.34)[ip: (-9.82), ipnet: 2001:19f0:8000::/38(-4.91), asn: 20473(-1.93), country: US(-0.05)]; DMARC_POLICY_ALLOW(-0.50)[neelc.org,none]; RCVD_COUNT_ONE(0.00)[1]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:20473, ipnet:2001:19f0:8000::/38, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; ONCE_RECEIVED(0.10)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2020 03:45:06 -0000 Hi freebsd-net@, I'm not sure if this mailing list is the right place to ask for code review. If not, could you please direct me to the right mailing list? I have three patches for ipfw(8) below: * https://reviews.freebsd.org/D24011 (ipfw: Support {w:x:y::z}:port (bracketed) IPv6 addresses in the fwd command) * https://reviews.freebsd.org/D23888 (ipfw: Allow resolving of IPv6 DNS AAAA records in IPv6 table lookups) * https://reviews.freebsd.org/D24021 (ipfw: Add me4 as to refer to an host's IPv4 address in add_src() and add_dst()) Could someone please review them and commit if they are okay? -Neel === https://www.neelc.org/ From owner-freebsd-net@freebsd.org Fri Mar 20 03:46:53 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 14231259624 for ; Fri, 20 Mar 2020 03:46:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 48k8ph5nhtz3FcC for ; Fri, 20 Mar 2020 03:46:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 32DDD259623; Fri, 20 Mar 2020 03:46:52 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3276C259621 for ; Fri, 20 Mar 2020 03:46:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48k8pg6wM6z3FZ1 for ; Fri, 20 Mar 2020 03:46:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4C64E1D96B for ; Fri, 20 Mar 2020 03:46:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02K3kp9Y030771 for ; Fri, 20 Mar 2020 03:46:51 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02K3kpCu030770 for net@FreeBSD.org; Fri, 20 Mar 2020 03:46:51 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 206567] [msk] msk0: watchdog timeout - 88E8053 on i386 Date: Fri, 20 Mar 2020 03:46:51 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.3-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: tgl@sss.pgh.pa.us X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2020 03:46:53 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206567 --- Comment #8 from Tom Lane --- Ah, now I see the tunable in msk(4). Installed and rebooted; no obvious ch= ange in dmesg output or performance. Since the MTBF was a month or two already, it'll be awhile before I can say if this fixed things ... but thanks for the tip! --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Fri Mar 20 14:22:47 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4BB43268B33 for ; Fri, 20 Mar 2020 14:22:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 48kQwR137yz4mtC for ; Fri, 20 Mar 2020 14:22:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id D50AD268B32; Fri, 20 Mar 2020 14:22:46 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D31A1268B31 for ; Fri, 20 Mar 2020 14:22:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48kQwP55pbz4msD for ; Fri, 20 Mar 2020 14:22:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 798F624EDD for ; Fri, 20 Mar 2020 14:22:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02KEMj3T053939 for ; Fri, 20 Mar 2020 14:22:45 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02KEMjcp053920 for net@FreeBSD.org; Fri, 20 Mar 2020 14:22:45 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 206567] [msk] msk0: watchdog timeout - 88E8053 on i386 Date: Fri, 20 Mar 2020 14:22:44 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.3-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: portmaster@bsdforge.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2020 14:22:47 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206567 --- Comment #9 from Chris Hutchinson --- Out of curiosity. If you turn up the verbosity (boot_verbose=3D"YES" in /boot/loader.conf) What is the message regarding msiX. I ask this because in most of the cases I've seen regarding this watchdog error on NICs. Is because of the interrupt handling where msiX is concerned -- not enough interrupts available, mis-routed, poor implementation. So the suggestion has been to terminate msiX. Just thought it worth mentioning. --Chris --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Fri Mar 20 15:05:00 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E0C18269AEB for ; Fri, 20 Mar 2020 15:05:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 48kRs85YjHz4HyV for ; Fri, 20 Mar 2020 15:05:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id BCE52269AEA; Fri, 20 Mar 2020 15:05:00 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BCAA9269AE9 for ; Fri, 20 Mar 2020 15:05:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48kRs84h9hz4HyR for ; Fri, 20 Mar 2020 15:05:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 997BA2563C for ; Fri, 20 Mar 2020 15:05:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02KF50Gu037490 for ; Fri, 20 Mar 2020 15:05:00 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02KF50IL037480 for net@FreeBSD.org; Fri, 20 Mar 2020 15:05:00 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 206567] [msk] msk0: watchdog timeout - 88E8053 on i386 Date: Fri, 20 Mar 2020 15:04:59 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.3-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: tgl@sss.pgh.pa.us X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2020 15:05:01 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206567 --- Comment #10 from Tom Lane --- Created attachment 212548 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D212548&action= =3Dedit verbose boot-time dmesg output from tgl's mac mini --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Fri Mar 20 15:07:47 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CF818269D15 for ; Fri, 20 Mar 2020 15:07:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 48kRwM4XRmz4LfG for ; Fri, 20 Mar 2020 15:07:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 45201269D14; Fri, 20 Mar 2020 15:07:47 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 43391269D13 for ; Fri, 20 Mar 2020 15:07:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48kRwL6FCWz4LcK for ; Fri, 20 Mar 2020 15:07:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9D2F52566C for ; Fri, 20 Mar 2020 15:07:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02KF7ksU063539 for ; Fri, 20 Mar 2020 15:07:46 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02KF7kqU063526 for net@FreeBSD.org; Fri, 20 Mar 2020 15:07:46 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 206567] [msk] msk0: watchdog timeout - 88E8053 on i386 Date: Fri, 20 Mar 2020 15:07:46 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.3-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: tgl@sss.pgh.pa.us X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2020 15:07:47 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206567 --- Comment #11 from Tom Lane --- (In reply to Chris Hutchinson from comment #9) > Out of curiosity. If you turn up the verbosity > (boot_verbose=3D"YES" in /boot/loader.conf) > What is the message regarding msiX. Not sure which message you were looking for, so I uploaded the whole dmesg result from rebooting with boot_verbose=3D"YES" (and without the hw.msk.msi_disable change that Brad suggested, in case that makes a difference). --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Fri Mar 20 15:37:20 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1D3A426A64C for ; Fri, 20 Mar 2020 15:37:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 48kSZS02BQz3yrZ for ; Fri, 20 Mar 2020 15:37:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id F121D26A64A; Fri, 20 Mar 2020 15:37:19 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EF9E526A649 for ; Fri, 20 Mar 2020 15:37:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48kSZR5D20z3yrT for ; Fri, 20 Mar 2020 15:37:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A911925BFF for ; Fri, 20 Mar 2020 15:37:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02KFbJ7a024287 for ; Fri, 20 Mar 2020 15:37:19 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02KFbJvh024286 for net@FreeBSD.org; Fri, 20 Mar 2020 15:37:19 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 206567] [msk] msk0: watchdog timeout - 88E8053 on i386 Date: Fri, 20 Mar 2020 15:37:19 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.3-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: portmaster@bsdforge.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2020 15:37:20 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206567 --- Comment #12 from Chris Hutchinson --- (In reply to Tom Lane from comment #11) OK. I only see one MSI-X message in dmesg(8) It's related to your (msk) card -- Found 1 of 1 interrupts. I ran into the same error you're reporting. But it was on a dual port re (realtek) card. The most proposed solution was to disable MSI-X on the card. Blamed on a poor implementation. I wasn't satisfied with that, as doing so would reduce performance, and I work that card pretty hard. So I performed some additional investigation into exactly *why* this problem occurs, and ultimately decided to investigate the kernel tunable kern.ipc.nmbjumbop and kern.ipc.nmbclusters After tweaking them for awhile. I found thresholds that eliminated the error, and have been running the card blissfully for about 9 months now. If I were you, I might be inclined to increase those numbers until the errors cease. There is no magic number I can provide. As it differs from card to card, and load to load. But it's enough to say that the *default* number is inadequate (too small). HTH --Chris --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Fri Mar 20 15:44:07 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4323B26A998 for ; Fri, 20 Mar 2020 15:44:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 48kSkH16thz44jB for ; Fri, 20 Mar 2020 15:44:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 25F4D26A997; Fri, 20 Mar 2020 15:44:07 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 25B5026A996 for ; Fri, 20 Mar 2020 15:44:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48kSkH0Gcsz44j8 for ; Fri, 20 Mar 2020 15:44:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 04C7425DFF for ; Fri, 20 Mar 2020 15:44:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 02KFi6De045838 for ; Fri, 20 Mar 2020 15:44:06 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 02KFi6SZ045837 for net@FreeBSD.org; Fri, 20 Mar 2020 15:44:06 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 206567] [msk] msk0: watchdog timeout - 88E8053 on i386 Date: Fri, 20 Mar 2020 15:44:06 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.3-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: portmaster@bsdforge.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2020 15:44:07 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206567 Chris Hutchinson changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |portmaster@bsdforge.com --- Comment #13 from Chris Hutchinson --- (In reply to Chris Hutchinson from comment #12) OH, and make sure you RE-enable MSI. If you already disabled it. :) --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Mar 21 04:35:10 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F35B227E411 for ; Sat, 21 Mar 2020 04:35:10 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48knqx6wwqz3Lv9 for ; Sat, 21 Mar 2020 04:35:09 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=XRmYmV2jbPRJQg+0DCh0bKBBc+WzqO8U1QacfgkU1vg=; b=B+6aZatvXzrADyrnS6PR8DSIYU c76lpfQ3PhmM82GvktAxDUdST2PIlqfs/EOBmK39VE0PYYRG1JgmL1CCvt4tk7i6yRxrC+FnO9u3B HwXMuX04VGBi42XDJOB8VsL9LE2OmfIRvpBsLNWQAFRKMsGz+SiRlOrcMLAsUNmlcSC4=; Received: from vas by admin.sibptus.ru with local (Exim 4.93.0.4 (FreeBSD)) (envelope-from ) id 1jFVqg-000DSH-2Y; Sat, 21 Mar 2020 11:35:02 +0700 Date: Sat, 21 Mar 2020 11:35:02 +0700 From: Victor Sudakov To: Jan Behrens Cc: freebsd-net@freebsd.org, "Bjoern A. Zeeb" Subject: Re: IPv6 in jails Message-ID: <20200321043502.GA51499@admin.sibptus.ru> References: <20200318151556.GA64871@admin.sibptus.ru> <2dd539ed-0ee3-079b-27b2-28126056c69a@quip.cz> <20200318155046.GD65497@admin.sibptus.ru> <4CA69535-0F6C-40FC-83CF-5000FD728C2D@lists.zabbadoz.net> <20200319184502.02545d3a849fd60fe63a717f@magnetkern.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="+HP7ph2BbKc20aGI" Content-Disposition: inline In-Reply-To: <20200319184502.02545d3a849fd60fe63a717f@magnetkern.de> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 48knqx6wwqz3Lv9 X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=B+6aZatv; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.46 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; URIBL_BLOCKED(0.00)[sibptus.ru.multi.uribl.com,tomsk.ru.multi.uribl.com]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; IP_SCORE(-3.36)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.93), country: US(-0.05)]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Mar 2020 04:35:11 -0000 --+HP7ph2BbKc20aGI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Jan Behrens wrote: >=20 > > Can you then do a jexec test4 and run service sshd restart and see if i= t=20 > > starts working? >=20 > I experienced the same problem as discussed in this thread when I set > up IPv6 with my server. Strangely, when I rebooted the host system and > simply started the jails one after the other (with a freshly booted > host system), the problem didn't occur, but maybe that was just random. >=20 > A "service sshd restart" inside the jail always seemed to help, which > is why I also assumed there was some sort of race condition. But maybe > it is related to some addresses being in use yet when restarting a jail? Does this happen only with IPv6 jail addresses? --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --+HP7ph2BbKc20aGI Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJedZl2AAoJEA2k8lmbXsY0RD0H/jZtJczcYT2/U6cPUJJNBzjY W+ZW8q73hk5w+8tzL8jZuSFVeIO18Mv7TQhJA6LYT7pIGJ4moGegYh16GHC09mzR Z94H55I8KxdTXTeuxu/waRWm2bhILq4ypPh0gi+OCYvmsTzF/pUM9LnP7Qm3DzuK nG8PZygMzlmx8xexioTbCGVNGougyytco1Qw8w6qhqIpgfXFzb1RPsSHGEV8vz12 T/tWvEILMNxO72iEErz/HlPHsvcZUkshqpk57kz5t/iLdl0AMRquXObxgxDB+UK/ VkF/X4yhjI2wRSuTHfIFl6FO/RUUzlAhEazsq7+V8NQerSvOiWWU0yhe/5Enc9o= =9QrI -----END PGP SIGNATURE----- --+HP7ph2BbKc20aGI-- From owner-freebsd-net@freebsd.org Sat Mar 21 05:02:54 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7602F27EF6C for ; Sat, 21 Mar 2020 05:02:54 +0000 (UTC) (envelope-from bsd-lists@BSDforge.com) Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com [24.113.41.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "ultimatedns.net", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48kpRx6cC5z4DkF for ; Sat, 21 Mar 2020 05:02:53 +0000 (UTC) (envelope-from bsd-lists@BSDforge.com) Received: from udns.ultimatedns.net (localhost [IPv6:0:0:0:0:0:0:0:1]) by udns.ultimatedns.net (8.15.2/8.15.2) with ESMTPS id 02L53Bwt084749 (version=TLSv1.2 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 20 Mar 2020 22:03:17 -0700 (PDT) (envelope-from bsd-lists@BSDforge.com) X-Mailer: Cypht MIME-Version: 1.0 Cc: , "Bjoern A. Zeeb" , Jan Behrens In-Reply-To: <20200321043502.GA51499@admin.sibptus.ru> From: Chris Reply-To: bsd-lists@BSDforge.com To: Victor Sudakov Subject: Re: IPv6 in jails Date: Fri, 20 Mar 2020 22:03:17 -0700 Message-Id: <16b9fef3ba2685ead7b5292d4d75c149@udns.ultimatedns.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 48kpRx6cC5z4DkF X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [1.92 / 15.00]; NEURAL_SPAM_LONG(0.99)[0.986,0]; NEURAL_SPAM_MEDIUM(0.93)[0.935,0]; ASN(0.00)[asn:11404, ipnet:24.113.0.0/16, country:US]; local_wl_ip(0.00)[24.113.41.81] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Mar 2020 05:02:54 -0000 On Sat, 21 Mar 2020 11:35:02 +0700 Victor Sudakov vas@sibptus=2Eru said > Jan Behrens wrote: > >=20 > > > Can you then do a jexec test4 and run service sshd restart and see if= it=20 > > > starts working? > >=20 > > I experienced the same problem as discussed in this thread when I set > > up IPv6 with my server=2E Strangely, when I rebooted the host system and > > simply started the jails one after the other (with a freshly booted > > host system), the problem didn't occur, but maybe that was just random=2E > >=20 > > A "service sshd restart" inside the jail always seemed to help, which > > is why I also assumed there was some sort of race condition=2E But maybe > > it is related to some addresses being in use yet when restarting a jail= ? >=20 > Does this happen only with IPv6 jail addresses? FWIW I never experience this on IP4, with some 7 jails starting simultaneou= sly=2E But I'm also using pf, nat, and rdr=2E If that should that make a difference=2E --Chris >=20 > --=20 > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > 2:5005/49@fidonet http://vas=2Etomsk=2Eru/ From owner-freebsd-net@freebsd.org Sat Mar 21 12:52:44 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E13902620D8 for ; Sat, 21 Mar 2020 12:52:44 +0000 (UTC) (envelope-from jbe-mlist@magnetkern.de) Received: from sapphire.magnetkern.de (sapphire.magnetkern.de [185.228.139.199]) by mx1.freebsd.org (Postfix) with ESMTP id 48l0t40FRbz3MDC for ; Sat, 21 Mar 2020 12:52:43 +0000 (UTC) (envelope-from jbe-mlist@magnetkern.de) Received: from titanium (p5DD45C70.dip0.t-ipconnect.de [93.212.92.112]) by sapphire.magnetkern.de (Postfix) with ESMTPSA id 8E204240; Sat, 21 Mar 2020 12:52:37 +0000 (UTC) Date: Sat, 21 Mar 2020 13:52:37 +0100 From: Jan Behrens To: Victor Sudakov Cc: freebsd-net@freebsd.org, "Bjoern A. Zeeb" Subject: Re: IPv6 in jails Message-Id: <20200321135237.12c09875dc0d695bdc99349d@magnetkern.de> In-Reply-To: <20200321043502.GA51499@admin.sibptus.ru> References: <20200318151556.GA64871@admin.sibptus.ru> <2dd539ed-0ee3-079b-27b2-28126056c69a@quip.cz> <20200318155046.GD65497@admin.sibptus.ru> <4CA69535-0F6C-40FC-83CF-5000FD728C2D@lists.zabbadoz.net> <20200319184502.02545d3a849fd60fe63a717f@magnetkern.de> <20200321043502.GA51499@admin.sibptus.ru> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48l0t40FRbz3MDC X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of jbe-mlist@magnetkern.de designates 185.228.139.199 as permitted sender) smtp.mailfrom=jbe-mlist@magnetkern.de X-Spamd-Result: default: False [2.74 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; URIBL_BLOCKED(0.00)[tomsk.ru.multi.uribl.com]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+mx]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[magnetkern.de]; TO_DN_SOME(0.00)[]; NEURAL_SPAM_MEDIUM(0.95)[0.951,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(0.96)[0.962,0]; IP_SCORE(0.53)[ipnet: 185.228.136.0/22(3.25), asn: 197540(-0.61), country: DE(-0.02)]; RCVD_NO_TLS_LAST(0.10)[]; RECEIVED_SPAMHAUS_PBL(0.00)[112.92.212.93.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:197540, ipnet:185.228.136.0/22, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Mar 2020 12:52:45 -0000 On Sat, 21 Mar 2020 11:35:02 +0700 Victor Sudakov wrote: > Jan Behrens wrote: > > > > > Can you then do a jexec test4 and run service sshd restart and see if it > > > starts working? > > > > I experienced the same problem as discussed in this thread when I set > > up IPv6 with my server. Strangely, when I rebooted the host system and > > simply started the jails one after the other (with a freshly booted > > host system), the problem didn't occur, but maybe that was just random. > > > > A "service sshd restart" inside the jail always seemed to help, which > > is why I also assumed there was some sort of race condition. But maybe > > it is related to some addresses being in use yet when restarting a jail? > > Does this happen only with IPv6 jail addresses? Yes, I did not notice any problem with the IPv4 addresses. When I do "jexec -l csh -l" and then enter "netstat -an", I see that sometimes sshd does not listen on the configured IPv6 address but on the configured IPv4 address. Whenever this happens, I can solve it with "service sshd restart" inside the jail. It also does not seem to happen when I reboot the host system and start the jails for the first time. In that case, sshd listens on both IPv4 and IPv6 (at least when I last tried, I'm not sure if this always works). > -- > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > 2:5005/49@fidonet http://vas.tomsk.ru/ -- Jan From owner-freebsd-net@freebsd.org Sat Mar 21 22:25:18 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3D27626E55B for ; Sat, 21 Mar 2020 22:25:18 +0000 (UTC) (envelope-from dan@langille.org) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48lFZj0YZqz3HMv for ; Sat, 21 Mar 2020 22:25:16 +0000 (UTC) (envelope-from dan@langille.org) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 5684F5C01A4 for ; Sat, 21 Mar 2020 18:25:16 -0400 (EDT) Received: from imap36 ([10.202.2.86]) by compute2.internal (MEProxy); Sat, 21 Mar 2020 18:25:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=langille.org; h= mime-version:message-id:date:from:to:subject:content-type; s= fm3; bh=9cXV4asBfOVdnYMnOIauXG+rY8C1GxpoLO46JHoUlK0=; b=HIpeQLr5 X4FM5GoENKZHjKkd/f2THoTNSyJ7yq7yk8c1pzN2AavM6c1DgNp7ieyKBA/TJ3Pu Awpra7/I3hHmoDZBXtXsCsdbVgLBmpTra400PWpfojaHbbM7c44HMKnoTj3fmeik plnqcCFt2UwxXoLd6wEB7QPY2MXZNZOxz15qBjj1P1MFq6yC5o4vZ7HlLDpvqP1R lzQQC8+DMtzYienQL+I9k9ewhP91UeY3ndtUk7xc/fk2pOsJZHcqlOEY0V6pA1yI n7qVhtwAS4xOY9KZxXeFiRRJVuAOqy75uOGOuO/6CbPoe6+y0cB0TccxvZnROEZV 0VfYviRJmmIgjg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=9cXV4asBfOVdnYMnOIauXG+rY8C1G xpoLO46JHoUlK0=; b=100bYuKvocAYvI+pNsa3guZuzpgxezUIXrim5c/gIpBOM hoB3tNjE1ITD2KSszywcIhTbrbourXpJ0XFsG+USvodJ0/9yFlhjV/NjKw3HUiFM vp5pABz/jG81f6XR7mTjV5I/Vtb9Aj34T3qYulDNkaLOJ7PkcBCM9jRkJaFWCzBy Vg1n5WImtlahT/SuIyHnPEGPPYqmvI6Z/NJ28fCUGBuLMF/DEBkIIK8yPJL9aCFD gArS1XfsvnZD8wmAp0qc2z+5atSy5tL9hEdX50ce40hqVkElnATh7fxuQF9Mt8Ku avQ2ndEpnWb3Z+90N4pHdCg6diSm6bmxfj3pvC8qg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudegfedgudeivdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgesthdtre dtreertdenucfhrhhomhepfdffrghnucfnrghnghhilhhlvgdfuceouggrnheslhgrnhhg ihhllhgvrdhorhhgqeenucffohhmrghinhepshgvrhhvvghthhgvhhhomhgvrdgtohhmpd hfrhgvvggsshgurdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehm rghilhhfrhhomhepuggrnheslhgrnhhgihhllhgvrdhorhhg X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id 175FE1880062; Sat, 21 Mar 2020 18:25:16 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.1.7-1021-g152deaf-fmstable-20200319v1 Mime-Version: 1.0 Message-Id: Date: Sat, 21 Mar 2020 18:24:55 -0400 From: "Dan Langille" To: freebsd-net@freebsd.org Subject: SFP+ on PRO/10GbE Content-Type: text/plain X-Rspamd-Queue-Id: 48lFZj0YZqz3HMv X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=langille.org header.s=fm3 header.b=HIpeQLr5; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=100bYuKv; dmarc=pass (policy=none) header.from=langille.org; spf=pass (mx1.freebsd.org: domain of dan@langille.org designates 66.111.4.29 as permitted sender) smtp.mailfrom=dan@langille.org X-Spamd-Result: default: False [-5.58 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.995,0]; R_DKIM_ALLOW(-0.20)[langille.org:s=fm3,messagingengine.com:s=fm2]; XM_UA_NO_VERSION(0.01)[]; URIBL_BLOCKED(0.00)[messagingengine.com.multi.uribl.com,servethehome.com.multi.uribl.com,langille.org.multi.uribl.com]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.29]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4]; IP_SCORE(-3.49)[ip: (-9.85), ipnet: 66.111.4.0/24(-4.89), asn: 11403(-2.69), country: US(-0.05)]; MV_CASE(0.50)[]; DKIM_TRACE(0.00)[langille.org:+,messagingengine.com:+]; DMARC_POLICY_ALLOW(-0.50)[langille.org,none]; RCVD_IN_DNSWL_LOW(-0.10)[29.4.111.66.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US]; RCVD_TLS_LAST(0.00)[]; MID_RHS_WWW(0.50)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Mar 2020 22:25:18 -0000 Hello, I have an PRO/10GbE in a Dell R720, running FreeBSD 12.1, connected to a Unifi US-16-X switch. At present it is using an SFP transceiver. I wanted to move to SFP+. I am not sure which card this is. The iDRAC tells me: * Integrated NIC 1 - Intel(R) 2P X520/2P I350 rNDC * the service tag claims this R720 was configured with a Intel X520 DP 10Gb DA/SFP+ with part number C63DV. Looking that up, the images I found are consistent with what I have in the box. The NIC has room for two transceivers and two ethernet cables. When the SFP+ transceiver is inserted, this message appears: kernel: ix0: Unsupported SFP+ module type was detected. I don't know if this is: * the wrong transceiver - I've tried two [1] * the card firmware rejects anything not on a whitelist [2] * the transceiver is in the wrong slot [3] * only does DAC on 10G [4] Ideas and suggestions please. Thank you. $ dmesg|grep ix0|head -n 1 ix0: port 0xfcc0-0xfcdf mem 0xd8d00000-0xd8dfffff,0xd8ff8000-0xd8ffbfff irq 36 at device 0.0 numa-domain 0 on pci1 pciconf -lcbv provides this: ix0@pci0:1:0:0: class=0x020000 card=0x1f721028 chip=0x10fb8086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' device = '82599ES 10-Gigabit SFI/SFP+ Network Connection' class = network subclass = ethernet bar [10] = type Memory, range 64, base 0xd8d00000, size 1048576, enabled bar [18] = type I/O Port, range 32, base 0xfcc0, size 32, enabled bar [20] = type Memory, range 64, base 0xd8ff8000, size 16384, enabled cap 01[40] = powerspec 3 supports D0 D3 current D0 cap 05[50] = MSI supports 1 message, 64 bit, vector masks cap 11[70] = MSI-X supports 64 messages, enabled Table in map 0x20[0x0], PBA in map 0x20[0x2000] cap 10[a0] = PCI-Express 2 endpoint max data 256(512) FLR RO NS link x8(x8) speed 5.0(5.0) ASPM disabled(L0s) cap 03[e0] = VPD ecap 0001[100] = AER 1 0 fatal 0 non-fatal 1 corrected ecap 0003[140] = Serial 1 ecf4bbffffc0bda0 ecap 000e[150] = ARI 1 ecap 0010[160] = SR-IOV 1 IOV disabled, Memory Space disabled, ARI disabled 0 VFs configured out of 64 supported First VF RID Offset 0x0180, VF RID Stride 0x0002 VF Device ID 0x10ed Page Sizes: 4096 (enabled), 8192, 65536, 262144, 1048576, 4194304 [1] - The working 1G SFP is a Fiberstore SFP1G-SX-85. I have tried a Fiberstore SFP-10GSR-85 and a Avago AFBR-703SDZ [2] - https://forums.servethehome.com/index.php?threads/patching-intel-x520-eeprom-to-unlock-all-sfp-transceivers.24634/ [3] - there are two slots for transceiver in this unit - I thought I read something about one being different from the other, but I cannot locate that now. I tried inserting a second SFP+ into the second slot, but nothing seemed to change. I suspect it is just for lagg. [4] - https://forums.freebsd.org/threads/intel-x520-da2-or-x520-sr2.72173/ -- Dan Langille dan@langille.org From owner-freebsd-net@freebsd.org Sat Mar 21 23:20:13 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5232A26F81E for ; Sat, 21 Mar 2020 23:20:13 +0000 (UTC) (envelope-from jeffrey.e.pieper@intel.com) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "fmsmga101.fm.intel.com", Issuer "Sectigo RSA Organization Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48lGp26bf8z3Lk5 for ; Sat, 21 Mar 2020 23:20:10 +0000 (UTC) (envelope-from jeffrey.e.pieper@intel.com) IronPort-SDR: GaieSwDShxGM4N4/Ry8tvd6wGluBsJjsCBovZ3+DE18ikazdZimrltkHBD6QsQ6tmScO6KM/d/ ZGSyHw+XIXDA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2020 16:20:08 -0700 IronPort-SDR: vCrgbsnHUaymTilkJgXo2qRMMr4aJwEkpGOCrURbBAtfKVc/XuT6E8lCrepJnt+WQr5KqW0/ut YyQzMGPx4T0A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,290,1580803200"; d="scan'208";a="392517125" Received: from orsmsx109.amr.corp.intel.com ([10.22.240.7]) by orsmga004.jf.intel.com with ESMTP; 21 Mar 2020 16:20:08 -0700 Received: from orsmsx111.amr.corp.intel.com ([169.254.12.226]) by ORSMSX109.amr.corp.intel.com ([169.254.11.20]) with mapi id 14.03.0439.000; Sat, 21 Mar 2020 16:20:08 -0700 From: "Pieper, Jeffrey E" To: Dan Langille , "freebsd-net@freebsd.org" Subject: RE: SFP+ on PRO/10GbE Thread-Topic: SFP+ on PRO/10GbE Thread-Index: AQHV/8+iW1/7kfU5G02OZndwRC+br6hTrbfA Date: Sat, 21 Mar 2020 23:20:07 +0000 Message-ID: <2A35EA60C3C77D438915767F458D6568B90935EC@ORSMSX111.amr.corp.intel.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.22.254.139] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Rspamd-Queue-Id: 48lGp26bf8z3Lk5 X-Spamd-Bar: ---------- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=intel.com; spf=pass (mx1.freebsd.org: domain of jeffrey.e.pieper@intel.com designates 192.55.52.88 as permitted sender) smtp.mailfrom=jeffrey.e.pieper@intel.com X-Spamd-Result: default: False [-10.07 / 15.00]; ARC_NA(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; HAS_XOIP(0.00)[]; URIBL_BLOCKED(0.00)[servethehome.com.multi.uribl.com]; RWL_MAILSPIKE_GOOD(0.00)[88.52.55.192.rep.mailspike.net : 127.0.0.18]; R_SPF_ALLOW(-0.20)[+ip4:192.55.52.88/32]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[intel.com,none]; NEURAL_HAM_MEDIUM(-0.99)[-0.995,0]; IP_SCORE(-3.78)[ip: (-9.91), ipnet: 192.55.52.0/24(-4.96), asn: 4983(-3.96), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:4983, ipnet:192.55.52.0/24, country:US]; RCVD_IN_DNSWL_HI(-0.50)[88.52.55.192.list.dnswl.org : 127.0.9.3]; WHITELIST_SPF_DKIM(-3.00)[intel.com:s:+] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Mar 2020 23:20:13 -0000 Hi Dan, Intel(R) Ethernet Server Adapter X520-2 only supports Intel-branded optics,= however you can bypass that check in the driver by adding the following to= /boot/loader.conf: hw.ix.unsupported_sfp=3D1 I hope this helps, Jeff -----Original Message----- From: owner-freebsd-net@freebsd.org On Beha= lf Of Dan Langille Sent: Saturday, March 21, 2020 3:25 PM To: freebsd-net@freebsd.org Subject: SFP+ on PRO/10GbE Hello, I have an PRO/10GbE in a Dell R720, running FreeBSD 12.1, connected to a Un= ifi US-16-X switch. At present it is using an SFP transceiver. I wanted to = move to SFP+. I am not sure which card this is. The iDRAC tells me: * Integrated NIC 1 - Intel(R) 2P X520/2P I350 rNDC * the service tag claims this R720 was configured with a Intel X520 DP 10Gb= DA/SFP+ with part number C63DV. Looking that up, the images I found are consisten= t with what I have in the box. The NIC has room for two transceivers and two eth= ernet cables. When the SFP+ transceiver is inserted, this message appears: kernel: ix0: Unsupported SFP+ module type was detected. I don't know if this is: * the wrong transceiver - I've tried two [1] * the card firmware rejects anything not on a whitelist [2] * the transceiver is in the wrong slot [3] * only does DAC on 10G [4] Ideas and suggestions please. Thank you. $ dmesg|grep ix0|head -n 1 ix0: port 0xfcc0-0xfcdf mem= 0xd8d00000-0xd8dfffff,0xd8ff8000-0xd8ffbfff irq 36 at device 0.0 numa-doma= in 0 on pci1 pciconf -lcbv provides this: ix0@pci0:1:0:0: class=3D0x020000 card=3D0x1f721028 chip=3D0x10fb8086 rev=3D= 0x01 hdr=3D0x00 vendor =3D 'Intel Corporation' device =3D '82599ES 10-Gigabit SFI/SFP+ Network Connection' class =3D network subclass =3D ethernet bar [10] =3D type Memory, range 64, base 0xd8d00000, size 1048576, en= abled bar [18] =3D type I/O Port, range 32, base 0xfcc0, size 32, enabled bar [20] =3D type Memory, range 64, base 0xd8ff8000, size 16384, enab= led cap 01[40] =3D powerspec 3 supports D0 D3 current D0 cap 05[50] =3D MSI supports 1 message, 64 bit, vector masks=20 cap 11[70] =3D MSI-X supports 64 messages, enabled Table in map 0x20[0x0], PBA in map 0x20[0x2000] cap 10[a0] =3D PCI-Express 2 endpoint max data 256(512) FLR RO NS link x8(x8) speed 5.0(5.0) ASPM disabled(L0s) cap 03[e0] =3D VPD ecap 0001[100] =3D AER 1 0 fatal 0 non-fatal 1 corrected ecap 0003[140] =3D Serial 1 ecf4bbffffc0bda0 ecap 000e[150] =3D ARI 1 ecap 0010[160] =3D SR-IOV 1 IOV disabled, Memory Space disabled, ARI di= sabled 0 VFs configured out of 64 supported First VF RID Offset 0x0180, VF RID Stride 0x0002 VF Device ID 0x10ed Page Sizes: 4096 (enabled), 8192, 65536, 262144, 10485= 76, 4194304 [1] - The working 1G SFP is a Fiberstore SFP1G-SX-85. I have tried a Fibers= tore SFP-10GSR-85 and a Avago AFBR-703SDZ [2] - https://forums.servethehome.com/index.php?threads/patching-intel-x520= -eeprom-to-unlock-all-sfp-transceivers.24634/ [3] - there are two slots for transceiver in this unit - I thought I read s= omething about one being different from the other, but I cannot locate that no= w. I tried inserting a second SFP+ into the second slot, but nothing see= med to change. I suspect it is just for lagg. [4] - https://forums.freebsd.org/threads/intel-x520-da2-or-x520-sr2.72173/ --=20 Dan Langille dan@langille.org _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"