From owner-freebsd-net@FreeBSD.ORG Mon Jan 9 17:00:28 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A7FB1065672 for ; Mon, 9 Jan 2012 17:00:28 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) by mx1.freebsd.org (Postfix) with ESMTP id B06818FC13 for ; Mon, 9 Jan 2012 17:00:27 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id C152025D3892; Mon, 9 Jan 2012 17:00:26 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 71B9EBD8D19; Mon, 9 Jan 2012 17:00:25 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id WNYUI7BTyiGE; Mon, 9 Jan 2012 17:00:24 +0000 (UTC) Received: from orange-en1.sbone.de (orange-en1.sbone.de [IPv6:fde9:577b:c1a9:31:cabc:c8ff:fecf:e8e3]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 5031CBD8D17; Mon, 9 Jan 2012 17:00:24 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: "Bjoern A. Zeeb" In-Reply-To: <20120106221859.GC29646@diehard.n-r-g.com> Date: Mon, 9 Jan 2012 17:00:23 +0000 Content-Transfer-Encoding: 7bit Message-Id: <648F3DA8-EBEC-4CC1-A8C4-EC4B1E0896F7@lists.zabbadoz.net> References: <20120104.040611.1847309275485655567.hrs@allbsd.org> <4F036A7F.9030906@FreeBSD.org> <52D4B9DF-4BC3-4AF7-BCE0-A88E18F25650@gmail.com> <20120104.144214.74742226.sthaug@nethelp.no> <20120106153500.GA78077@sandvine.com> <20120106221859.GC29646@diehard.n-r-g.com> To: Claudio Jeker X-Mailer: Apple Mail (2.1084) Cc: freebsd-net@freebsd.org Subject: Re: openbgpds not talking each other since 8.2-STABLE upgrade X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jan 2012 17:00:28 -0000 On 6. Jan 2012, at 22:18 , Claudio Jeker wrote: > On Fri, Jan 06, 2012 at 10:35:01AM -0500, Ed Maste wrote: >> On Thu, Jan 05, 2012 at 08:18:39PM -0500, J David wrote: >> >>> To help understand what's going on and test some of this stuff, I >>> hacked up a TCP-MD5-aware echo server and tried various things. >> >> Hi J David, >> >> Thank you very much for this extensive testing and analysis. Would you >> care to post your basic echo server somewhere for others to use in >> debugging this, just to save time for anyone who can debug further? >> > > nc(1) has MD5 support (-S). There is no need for extra tools. > You still need to install the SA since nc will only turn on the sockopt. Not for the listen socket in FreeBSD... I patched that locally. General comment for all the others on the issue as well: There's quite a bit of things to fix in the input path validation to do still it turns out; seems we are still accepting unsigned RSTs despite a policy in place to mandate MD5 between the hosts etc... I am trying to get the SYN cache breakage fixed currently to get the status quo back to what was expected and am finding other things in the stack etc that distract me and get improved along the lines... anyway, I am hopeful to have a patch for the first issue later today. It's a bit intrusive as I indeed started to clean some things up also preparing for more. I'll keep everyone informed. /bz -- Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do!