From owner-freebsd-net@FreeBSD.ORG Fri Jan 6 15:35:02 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5E132106566C for ; Fri, 6 Jan 2012 15:35:02 +0000 (UTC) (envelope-from emaste@freebsd.org) Received: from mail1.sandvine.com (Mail1.sandvine.com [64.7.137.134]) by mx1.freebsd.org (Postfix) with ESMTP id 0182C8FC0C for ; Fri, 6 Jan 2012 15:35:01 +0000 (UTC) Received: from labgw2.phaedrus.sandvine.com (192.168.222.22) by WTL-EXCH-1.sandvine.com (192.168.196.31) with Microsoft SMTP Server id 14.1.339.1; Fri, 6 Jan 2012 10:35:01 -0500 Received: by labgw2.phaedrus.sandvine.com (Postfix, from userid 10332) id 34C9233C02; Fri, 6 Jan 2012 10:35:01 -0500 (EST) Date: Fri, 6 Jan 2012 10:35:01 -0500 From: Ed Maste To: J David Message-ID: <20120106153500.GA78077@sandvine.com> References: <20120104.040611.1847309275485655567.hrs@allbsd.org> <4F036A7F.9030906@FreeBSD.org> <52D4B9DF-4BC3-4AF7-BCE0-A88E18F25650@gmail.com> <20120104.144214.74742226.sthaug@nethelp.no> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: openbgpds not talking each other since 8.2-STABLE upgrade X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jan 2012 15:35:02 -0000 On Thu, Jan 05, 2012 at 08:18:39PM -0500, J David wrote: > To help understand what's going on and test some of this stuff, I > hacked up a TCP-MD5-aware echo server and tried various things. Hi J David, Thank you very much for this extensive testing and analysis. Would you care to post your basic echo server somewhere for others to use in debugging this, just to save time for anyone who can debug further? I've reformatted your results into a table for reference: Case Verify Socket Opt Result Server Client Server Client 1 0 0 N N P 2 0 0 N Y P 3 0 0 Y N P 4 0 0 Y Y P 5 0 1 N N P 6 0 1 N Y FAIL - LAST_ACK 7 0 1 Y N FAIL - times out 8 0 1 Y Y FAIL - LAST_ACK 9 1 0 N N P 10 1 0 N Y P 11 1 0 Y N FAIL 12 1 0 Y Y P 13 1 1 N N P 14 1 1 N Y FAIL - LAST_ACK 15 1 1 Y N FAIL - times out 16 1 1 Y Y FAIL - LAST_ACK > although the tcp(4) man page refers only to outgoing > traffic. (Though again that may be a documentation error.) Yes, tcp(4) was not updated when inbound TCP-MD5 checking went in. I'll commit a change similar to the one below (after I find the appropriate markup for the sysctl ID). Index: tcp.4 =================================================================== --- tcp.4 (revision 229319) +++ tcp.4 (working copy) @@ -196,8 +196,8 @@ .It Dv TCP_MD5SIG This option enables the use of MD5 digests (also known as TCP-MD5) on writes to the specified socket. -In the current release, only outgoing traffic is digested; -digests on incoming traffic are not verified. +Outgoing traffic is digested; digests on incoming traffic are verfied +if the net.inet.tcp.signature_verify_input sysctl is nonzero. The current default behavior for the system is to respond to a system advertising this option with TCP-MD5; this may change. .Pp > So there may be some bugs here on the FreeBSD side that may make it > hard to get openbgpd working properly. Yes, your testing clearly demonstrates some kernel issues here. I'll see if I can find someone to investigate (or can help guide further debugging). Thanks again for the effort here so far. -Ed