Date: Fri, 6 Jan 2012 11:34:58 -0500 From: J David <j.david.lists@gmail.com> To: Ed Maste <emaste@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: openbgpds not talking each other since 8.2-STABLE upgrade Message-ID: <CABXB=RR5MzmHebmrMyZAk4kkCCyMWX1XD0XrqGWsUJ%2Bo3vpjDg@mail.gmail.com> In-Reply-To: <20120106153500.GA78077@sandvine.com> References: <20120104.040611.1847309275485655567.hrs@allbsd.org> <4F036A7F.9030906@FreeBSD.org> <52D4B9DF-4BC3-4AF7-BCE0-A88E18F25650@gmail.com> <20120104.144214.74742226.sthaug@nethelp.no> <CABXB=RQFuAdkFiRgNH%2B9QWHMn8zMR31wmcSWumwWv54UwVyvvw@mail.gmail.com> <CABXB=RR7hwaQtQcOJks3ipt3iKM=_ViErxG8THSr2rsCoLgOTA@mail.gmail.com> <20120106153500.GA78077@sandvine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 6, 2012 at 10:35 AM, Ed Maste <emaste@freebsd.org> wrote: > Thank you very much for this extensive testing and analysis. =A0Would you > care to post your basic echo server somewhere for others to use in > debugging this, just to save time for anyone who can debug further? With a bit of clean-up to stop people who look at it from instantly going blind in self-defense, I should be able to do that later today. > +Outgoing traffic is digested; digests on incoming traffic are verfied > +if the net.inet.tcp.signature_verify_input sysctl is nonzero. Good change. This bit from tcp(4) may also be inaccurate: "Only IPv4 (AF_INET) sessions are supported." It appears to work with IPv6 as well. (Arguably it should not since tmk the standard was never defined/intended for IPv6, but there is no doubt that having it work is very useful for IPv6 BGP.) > =A0The current default behavior for the system is to respond to a system > =A0advertising this option with TCP-MD5; this may change. This behavior described in the man page did pop up last night. The bit about "this may change" is of concern because currently this answers the question of how a single bound socket is supposed to serve both clients that do and do not use TCP-MD5. It's actually quite easy/convenient, so it would be a shame if that did change. > Yes, your testing clearly demonstrates some kernel issues here. =A0I'll > see if I can find someone to investigate (or can help guide further > debugging). If I can help, I am happy to do so, but in general the kernel is something that happens to other people. :) Thanks!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CABXB=RR5MzmHebmrMyZAk4kkCCyMWX1XD0XrqGWsUJ%2Bo3vpjDg>