From nobody Mon Jun 27 11:44:55 2022
X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C38EF869BF2
	for <freebsd-net@mlmmj.nyi.freebsd.org>; Mon, 27 Jun 2022 11:45:29 +0000 (UTC)
	(envelope-from dch@skunkwerks.at)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4LWmBK0mCfz3L4s
	for <freebsd-net@freebsd.org>; Mon, 27 Jun 2022 11:45:28 +0000 (UTC)
	(envelope-from dch@skunkwerks.at)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46])
	by mailout.west.internal (Postfix) with ESMTP id 31037320090B
	for <freebsd-net@freebsd.org>; Mon, 27 Jun 2022 07:45:27 -0400 (EDT)
Received: from imap44 ([10.202.2.94])
  by compute2.internal (MEProxy); Mon, 27 Jun 2022 07:45:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at;
	 h=cc:content-type:date:date:from:from:in-reply-to:message-id
	:mime-version:reply-to:sender:subject:subject:to:to; s=fm3; t=
	1656330326; x=1656416726; bh=pHqBPc77gbXw3Z3sG+hwQzFZxyppaKAtewO
	RKSgvnZ8=; b=XvEANtNaA2McRfBcTBBdicm4vY7qOhU2/9oAw69E2Q1dsaJMLTi
	EsWowRPBL61hursU6GduO/JfiisAe5VzxOpYRuvvezIM4bHT4EuHOQBoo/v6CAE2
	8ieumbLNqY8jHftZ2BAEwhYJFbEEn7pqLy9nahlSALTW3f+aBXdvyvzfbihWOIMP
	z+kuxZX+xl9OtmmFnzhLIPOXymGSNPLZ/KwWZgtf3sBmQxJeuSV/E/NElCu6PcmJ
	5C5au6E0BYRWvqm8V+/uLFvhK5JWjq2bykj3yZ3XCSyi9iOg9hOMj8cRNLPbFxL5
	JOfiCiJUAmK9CbrH7cOf0naSgyKVJb0/Z/w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:date:date:feedback-id
	:feedback-id:from:from:in-reply-to:message-id:mime-version
	:reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1656330326; x=
	1656416726; bh=pHqBPc77gbXw3Z3sG+hwQzFZxyppaKAtewORKSgvnZ8=; b=H
	/iE9poLiUTdrzMctVNeGyJksAOCo/atbYfD1uAu5PzectsPSYsiqw0kmxiJgb0IY
	vTqI85QvUNJAIec9cq7ZJDLG5IG81ciL3SX7ym6yG+rodrI6NLcbozJoL5Ij9Wvp
	92AHeCWNaxey9HpTsC2kn5fij3TWVU7nqKzOjOigCHl+v6W5CHDqUN5BLXuIigh2
	JSK23/RGzl5Z3l0+ZDG4h3e8+sbjGGMLoWDQjmI5QC2Iil9Z9kI7ltcHu5TTKiCp
	uRh4dXkWmYmoo8Mx7D/rR1r8dtqtQQOkOm1/HAhQKXBlIklGmz5IFzRK+Riok9zr
	GJOASOrRcaBSfVFZnlVIQ==
X-ME-Sender: <xms:Vpi5YuMTUjsT4wGhufO5MjfeegRAESoW9_N1QvuuLsBt6dYTIqmFIA>
    <xme:Vpi5Ys-FCndHgtvBORgXUkHOvJvfeMoogABY6PuXUjdVHMq8b1pXs58zOI2FvXhBA
    BVKbdgK98zvSKQ_tg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudeghedggeehucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvufgtsehttdertd
    erredtnecuhfhrohhmpedfffgrvhgvucevohhtthhlvghhuhgsvghrfdcuoegutghhsehs
    khhunhhkfigvrhhkshdrrghtqeenucggtffrrghtthgvrhhnpeejgfdtgfefgeduieegle
    dugffhffeugfehueduleelieehudeiueefleeuuddvgfenucevlhhushhtvghrufhiiigv
    pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegutghhsehskhhunhhkfigvrhhkshdrrg
    ht
X-ME-Proxy: <xmx:Vpi5YlRL5_fViygGDHXJLP0mUPikbCf4Sv71FTaMHk-EjtSgOoEYdQ>
    <xmx:Vpi5Yuv2e-nEwZ2OxbaS9ef_Grhb22wsKdBP0vE6OytFAxzdvlwdPQ>
    <xmx:Vpi5YmcIh3DqRRUrvRRtouUdRn4wEaU2EQz2XqJeP_MqK6TpPl6S5g>
    <xmx:Vpi5Ygr4DQngTwarSh6MutCNoguzq87CQVnNWH9xnJi2zpUEZloF3A>
Feedback-ID: ic0e84090:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id 4173736A0073; Mon, 27 Jun 2022 07:45:26 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-713-g1f035dc716-fm-20220617.001-g1f035dc7
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-net
List-Help: <mailto:freebsd-net+help@freebsd.org>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Subscribe: <mailto:freebsd-net+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-net+unsubscribe@freebsd.org>
Sender: owner-freebsd-net@freebsd.org
Mime-Version: 1.0
Message-Id: <b727be82-f90b-4391-b151-81660f204a00@www.fastmail.com>
Date: Mon, 27 Jun 2022 11:44:55 +0000
From: "Dave Cottlehuber" <dch@skunkwerks.at>
To: freebsd-net <freebsd-net@freebsd.org>
Subject: missing SYN/ACK for inbound TCP solved by altering broadcast address - why?
Content-Type: text/plain
X-Rspamd-Queue-Id: 4LWmBK0mCfz3L4s
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=skunkwerks.at header.s=fm3 header.b=XvEANtNa;
	dkim=pass header.d=messagingengine.com header.s=fm2 header.b="H /iE9po";
	dmarc=none;
	spf=pass (mx1.freebsd.org: domain of dch@skunkwerks.at designates 64.147.123.24 as permitted sender) smtp.mailfrom=dch@skunkwerks.at
X-Spamd-Result: default: False [-2.59 / 15.00];
	 XM_UA_NO_VERSION(0.01)[];
	 MV_CASE(0.50)[];
	 R_SPF_ALLOW(-0.20)[+ip4:64.147.123.24];
	 RCVD_COUNT_THREE(0.00)[4];
	 TO_DN_ALL(0.00)[];
	 DKIM_TRACE(0.00)[skunkwerks.at:+,messagingengine.com:+];
	 NEURAL_HAM_SHORT(-1.00)[-1.000];
	 FROM_EQ_ENVFROM(0.00)[];
	 MIME_TRACE(0.00)[0:+];
	 SUBJECT_ENDS_QUESTION(1.00)[];
	 ASN(0.00)[asn:29838, ipnet:64.147.123.0/24, country:US];
	 RCVD_TLS_LAST(0.00)[];
	 RCVD_IN_DNSWL_LOW(-0.10)[64.147.123.24:from];
	 ARC_NA(0.00)[];
	 NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	 R_DKIM_ALLOW(-0.20)[skunkwerks.at:s=fm3,messagingengine.com:s=fm2];
	 FREEFALL_USER(0.00)[dch];
	 FROM_HAS_DN(0.00)[];
	 TO_MATCH_ENVRCPT_ALL(0.00)[];
	 NEURAL_HAM_LONG(-1.00)[-1.000];
	 MIME_GOOD(-0.10)[text/plain];
	 PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org];
	 DMARC_NA(0.00)[skunkwerks.at];
	 RCPT_COUNT_ONE(0.00)[1];
	 DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim];
	 MLMMJ_DEST(0.00)[freebsd-net];
	 MID_RHS_WWW(0.50)[]
X-ThisMailContainsUnwantedMimeParts: N

I've found a workaround for this issue, but don't understand why this
occurs. Reading RFC1122 has left me none the wiser. What am I missing?
Is this a Linuxism or simple a standardisation loophole?

## Problem

- on 13.1-R, dhclient-set config works for all UDP, & outbound TCP
- but inbound TCP connections send no SYN/ACK at all back
- on Linux Ubuntu 22.04 & others, the DHCP supplied IP config
  works as expected

failing FreeBSD config from dhclient:
  inet 147.75.93.61 netmask 0xfffffffe broadcast 147.75.93.60
                                                 ^^^^^^^^^^^^

working Linux config (note broadcast)
  inet 147.75.93.61 netmask 0xfffffffe broadcast 255.255.255.254
                                                 ^^^^^^^^^^^^^^^

- full details below (dhcp lease, ifconfigs etc)

I worked around this by forcing broadcast-address in dhclient.conf:

## /etc/dhclient.conf
interface "ice0" {
  supersede broadcast-address 255.255.255.255;
}
# repeat for other ifaces as required

Which is ~ok~ for the moment, but I'd like to understand why this
occurs, and fix it properly. Either at DHCPD end, or FreeBSD
config.



# Further details

- Ubuntu 22.04 from vendor
- FreeBSD 13.1-RELEASE amd64 vanilla install
- 4x ice(4) NICs (Intel E810) and 2x (unused) ix (igxbe)
- 2x of the ice(4) are bonded link aggregation
- dhclient only used to attach to 1 nic, ignoring FreeBSD side of bonding


## Linux ip addr

# ip addr
8: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether b4:96:91:d9:99:20 brd ff:ff:ff:ff:ff:ff
    inet 147.75.92.187/31 brd 255.255.255.255 scope global bond0
...

## FreeBSD ifconfig

# ifconfig ice0
ice0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4e10438<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,LRO,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
        ether b4:96:91:d9:9b:48
        inet 147.75.93.61 netmask 0xfffffffe broadcast 147.75.93.60
        media: Ethernet autoselect (25G-AUI <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
...
root@metalBSD:~ # netstat -4rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            147.75.93.60       UGS        ice0
127.0.0.1          link#7             UH          lo0
147.75.93.60/31    link#3             U          ice0
147.75.93.61       link#3             UHS         lo0

root@metalBSD:~ # cat /var/db/dhclient.leases.ice0

- note no broadcast-address provided
- Linux & FreeBSD evidently derive it differently

lease {
  interface "ice0";
  fixed-address 147.75.93.61;
  option subnet-mask 255.255.255.254;
  option routers 147.75.93.60;
  option domain-name-servers 147.75.207.207,147.75.207.208;
  option host-name "intransigent09";
  option dhcp-lease-time 172800;
  option dhcp-message-type 5;
  option dhcp-server-identifier 139.178.78.140;
  renew 1 2022/6/27 18:40:06;
  rebind 2 2022/6/28 12:40:06;
  expire 2 2022/6/28 18:40:06;
}

A+
Dave