Date: Fri, 7 Jun 2024 10:10:53 +0200 From: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> To: Gleb Smirnoff <glebius@freebsd.org>, emaste@freebsd.org, Zhenlei Huang <zlei@FreeBSD.org> Cc: freebsd-net@freebsd.org Subject: ICMP6 Message-ID: <972cd3b3-e64a-46e6-a8ea-1bdd6ab7033e@plan-b.pwste.edu.pl>
next in thread | raw e-mail | index | archive | help
Invaluable Committers, Dear Subscribers, I found Gleb's fixes to ICMP6 error rate limiting extremely useful, especially since this limiting is not working at all in stable/14 (as far as I was able to test). It looks to me like IPv6 bits in FreeBSD are not widely tested and seem to be neglected. In some places, they remain as they were initially imported from KAME. Some time ago kaktus@ fixed logging for unforwarded packets [1] [2]. Recently glebius@ fixed ICMP6 error rate limiting, but there is still open PR 245103[3] and other bugs. It's appreciated by the community that Netflix uses IPv6 and their programmers are working on the improvements. So please let me ask here for the MFC of the few commits to the stable/14 branch. The commits I am asking for have the following hashes: 7142ab4790666022a2a3d85910e9cd8e241d9b87, 9d7f17d7467ed8c9740730a8db7a82e4768e5177, b508545ce044dbfdd83da772e73f969a3713d59d, ac44739fd834f51cacb26485a4140fd482e20150, c6c96aaba8dd74eb39469ed156ff19cc31d599b7, 32aeee8ce7e72738fff236ccd5629d55035458f8, 4f96be33fe7676c69c5abb476bb09bba0c63a3f4, a03aff88a14448c3084a0384082ec996d7213897, 4399e055ea610cdefa1470ad1ee614dd81ba5e56, 75d15e893b14188b83c5fb5e4979fa21c557934f, f7c4d12bcd5bd7f7fbf6bf9fa601c47e7f97bc5f. I have done the MFC in my local repo and while testing the stable/14 built from it on the bunch of hosts, I found the set complete, applicable, and most likely not breaking KBI. The only problem I spotted was the too-low default value of net.inet6.icmp6.errppslimit[4]. Fortunately, it's tunable, so bumping it to 200 fixed the error flooding for Nextcloud hosts. Let me mention here, that the value of the similar knob for IPv4 (net.inet.icmp.icmplim) was already bumped to 200 some time ago. Maybe some brave committer will take on this MFC of the above set of commits to stable/14 and thus will contribute to preparing an even better future 14.2-RELEASE. 1. https://reviews.freebsd.org/D38644 2. https://reviews.freebsd.org/D38758 3. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245103 4. https://github.com/freebsd/freebsd-src/blob/main/sys/netinet6/icmp6.c#L2735 Best regards -- Marek Zarychta
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?972cd3b3-e64a-46e6-a8ea-1bdd6ab7033e>