From owner-freebsd-net@FreeBSD.ORG Fri Jan 6 16:34:59 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7E06D1065673 for ; Fri, 6 Jan 2012 16:34:59 +0000 (UTC) (envelope-from jdavidlists@gmail.com) Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com [209.85.213.54]) by mx1.freebsd.org (Postfix) with ESMTP id DBC068FC18 for ; Fri, 6 Jan 2012 16:34:58 +0000 (UTC) Received: by yhfq46 with SMTP id q46so765518yhf.13 for ; Fri, 06 Jan 2012 08:34:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=E3FRJplXaGxuDnqqOMNl2BC6oF9BLPZ6FvVKAaQK6ME=; b=W/YlcSVwgSKHhQWzLW1qqtvAaR9GY75UgjTWMfKtR1w8y6Afe/QtUA0h8zmNT2V5DU UMx8T9cEO3fPA61FPqz/mOOVYqLQ1OAKRTLj4QSIEpmUSlqzz4xfoib05KbSEVJJfLHt L+mTDPKgwFpfBi4D6Q7bS7kiprEZ3rKh7JofU= MIME-Version: 1.0 Received: by 10.236.43.66 with SMTP id k42mr8168875yhb.116.1325867698337; Fri, 06 Jan 2012 08:34:58 -0800 (PST) Sender: jdavidlists@gmail.com Received: by 10.236.24.194 with HTTP; Fri, 6 Jan 2012 08:34:58 -0800 (PST) In-Reply-To: <20120106153500.GA78077@sandvine.com> References: <20120104.040611.1847309275485655567.hrs@allbsd.org> <4F036A7F.9030906@FreeBSD.org> <52D4B9DF-4BC3-4AF7-BCE0-A88E18F25650@gmail.com> <20120104.144214.74742226.sthaug@nethelp.no> <20120106153500.GA78077@sandvine.com> Date: Fri, 6 Jan 2012 11:34:58 -0500 X-Google-Sender-Auth: yMzYXk0AU-adjjwgpX7-xBQB9n0 Message-ID: From: J David To: Ed Maste Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org Subject: Re: openbgpds not talking each other since 8.2-STABLE upgrade X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jan 2012 16:34:59 -0000 On Fri, Jan 6, 2012 at 10:35 AM, Ed Maste wrote: > Thank you very much for this extensive testing and analysis. =A0Would you > care to post your basic echo server somewhere for others to use in > debugging this, just to save time for anyone who can debug further? With a bit of clean-up to stop people who look at it from instantly going blind in self-defense, I should be able to do that later today. > +Outgoing traffic is digested; digests on incoming traffic are verfied > +if the net.inet.tcp.signature_verify_input sysctl is nonzero. Good change. This bit from tcp(4) may also be inaccurate: "Only IPv4 (AF_INET) sessions are supported." It appears to work with IPv6 as well. (Arguably it should not since tmk the standard was never defined/intended for IPv6, but there is no doubt that having it work is very useful for IPv6 BGP.) > =A0The current default behavior for the system is to respond to a system > =A0advertising this option with TCP-MD5; this may change. This behavior described in the man page did pop up last night. The bit about "this may change" is of concern because currently this answers the question of how a single bound socket is supposed to serve both clients that do and do not use TCP-MD5. It's actually quite easy/convenient, so it would be a shame if that did change. > Yes, your testing clearly demonstrates some kernel issues here. =A0I'll > see if I can find someone to investigate (or can help guide further > debugging). If I can help, I am happy to do so, but in general the kernel is something that happens to other people. :) Thanks!