Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 6 Jan 2012 11:34:58 -0500
From:      J David <j.david.lists@gmail.com>
To:        Ed Maste <emaste@freebsd.org>
Cc:        freebsd-net@freebsd.org
Subject:   Re: openbgpds not talking each other since 8.2-STABLE upgrade
Message-ID:  <CABXB=RR5MzmHebmrMyZAk4kkCCyMWX1XD0XrqGWsUJ%2Bo3vpjDg@mail.gmail.com>
In-Reply-To: <20120106153500.GA78077@sandvine.com>
References:  <20120104.040611.1847309275485655567.hrs@allbsd.org> <4F036A7F.9030906@FreeBSD.org> <52D4B9DF-4BC3-4AF7-BCE0-A88E18F25650@gmail.com> <20120104.144214.74742226.sthaug@nethelp.no> <CABXB=RQFuAdkFiRgNH%2B9QWHMn8zMR31wmcSWumwWv54UwVyvvw@mail.gmail.com> <CABXB=RR7hwaQtQcOJks3ipt3iKM=_ViErxG8THSr2rsCoLgOTA@mail.gmail.com> <20120106153500.GA78077@sandvine.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 6, 2012 at 10:35 AM, Ed Maste <emaste@freebsd.org> wrote:
> Thank you very much for this extensive testing and analysis. =A0Would you
> care to post your basic echo server somewhere for others to use in
> debugging this, just to save time for anyone who can debug further?

With a bit of clean-up to stop people who look at it from instantly
going blind in self-defense, I should be able to do that later today.

> +Outgoing traffic is digested; digests on incoming traffic are verfied
> +if the net.inet.tcp.signature_verify_input sysctl is nonzero.

Good change.  This bit from tcp(4) may also be inaccurate:

"Only IPv4 (AF_INET) sessions are supported."

It appears to work with IPv6 as well.  (Arguably it should not since
tmk the standard was never defined/intended for IPv6, but there is no
doubt that having it work is very useful for IPv6 BGP.)

> =A0The current default behavior for the system is to respond to a system
> =A0advertising this option with TCP-MD5; this may change.

This behavior described in the man page did pop up last night.  The
bit about "this may change" is of concern because currently this
answers the question of how a single bound socket is supposed to serve
both clients that do and do not use TCP-MD5.  It's actually quite
easy/convenient, so it would be a shame if that did change.

> Yes, your testing clearly demonstrates some kernel issues here. =A0I'll
> see if I can find someone to investigate (or can help guide further
> debugging).

If I can help, I am happy to do so, but in general the kernel is
something that happens to other people. :)

Thanks!



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CABXB=RR5MzmHebmrMyZAk4kkCCyMWX1XD0XrqGWsUJ%2Bo3vpjDg>