Date: Mon, 27 Jun 2022 11:25:14 -0500 From: "Mike Karels" <mike@karels.net> To: "Marek Zarychta" <zarychtam@plan-b.pwste.edu.pl> Cc: "Dave Cottlehuber" <dch@skunkwerks.at>, freebsd-net <freebsd-net@freebsd.org> Subject: Re: missing SYN/ACK for inbound TCP solved by altering broadcast address - why? Message-ID: <1D46186C-EE8C-4EDA-9FE8-8636C3D90299@karels.net> In-Reply-To: <6e6d272a-0954-1fba-c0eb-14480d858a37@plan-b.pwste.edu.pl> References: <b727be82-f90b-4391-b151-81660f204a00@www.fastmail.com> <6e6d272a-0954-1fba-c0eb-14480d858a37@plan-b.pwste.edu.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Responding to parts of two emails:
On 27 Jun 2022, at 7:41, Marek Zarychta wrote:
> W dniu 27.06.2022 o=C2=A013:44, Dave Cottlehuber pisze:
>> I've found a workaround for this issue, but don't understand why this
>> occurs. Reading RFC1122 has left me none the wiser. What am I =
>> missing?
>> Is this a Linuxism or simple a standardisation loophole?
>
> It has been standardized in RFC3021 over twenty years ago. FreeBSD =
> ifconfig(8) supports /31 netmask for a long time and the broadcast =
> address is correctly assigned in this case (255.255.255.255). Either =
> dhcp-options(5) "option broadcast-address" is missing on the DHCP =
> server or our dhclient(8) is misbehaving or maybe the Linux client is =
> better in figuring out the right broadcast address.
Looks like RFC3021 only says it applies to point-to-point interfaces,
and doesn=E2=80=99t consider other types. I don=E2=80=99t remember any c=
ode in =
ifconfig
to special-case this, although the kernel will default the broadcast
correctly in this case (to the all-1=E2=80=99s address; I guess that=E2=80=
=99s an =
extension).
That means something is giving the broadcast address to ifconfig =
explicitly.
>> ## Problem
>>
>> - on 13.1-R, dhclient-set config works for all UDP, & outbound TCP
>> - but inbound TCP connections send no SYN/ACK at all back
>> - on Linux Ubuntu 22.04 & others, the DHCP supplied IP config
>> works as expected
Do you know if this worked with 13.0? (I made a change in 13.1,
but don=E2=80=99t quite see how it would cause this situation to change.)=
>> failing FreeBSD config from dhclient:
>> inet 147.75.93.61 netmask 0xfffffffe broadcast 147.75.93.60
This is odd. I don=E2=80=99t know why the broadcast address would be hos=
t 0
on that network, but note that it is the same as the router address.
That is probably the root of the problem. I don=E2=80=99t see a broadcas=
t
address in the lease below, so maybe dhclient is confused. The
default broadcast would be host -1, but of course that is the host
itself.
>> working Linux config (note broadcast)
>> inet 147.75.93.61 netmask 0xfffffffe broadcast 255.255.255.254
That=E2=80=99s an odd choice of broadcast, but it doesn=E2=80=99t really =
matter =
here.
>> - full details below (dhcp lease, ifconfigs etc)
>>
>> I worked around this by forcing broadcast-address in dhclient.conf:
>>
>> ## /etc/dhclient.conf
>> interface "ice0" {
>> supersede broadcast-address 255.255.255.255;
>> }
>> # repeat for other ifaces as required
>>
>> Which is ~ok~ for the moment, but I'd like to understand why this
>> occurs, and fix it properly. Either at DHCPD end, or FreeBSD
>> config.
>>
>>
>>
>> # Further details
>>
>> - Ubuntu 22.04 from vendor
>> - FreeBSD 13.1-RELEASE amd64 vanilla install
>> - 4x ice(4) NICs (Intel E810) and 2x (unused) ix (igxbe)
>> - 2x of the ice(4) are bonded link aggregation
>> - dhclient only used to attach to 1 nic, ignoring FreeBSD side of =
>> bonding
>>
>>
>> ## Linux ip addr
>>
>> # ip addr
>> 8: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc =
>> noqueue state UP group default qlen 1000
>> link/ether b4:96:91:d9:99:20 brd ff:ff:ff:ff:ff:ff
>> inet 147.75.92.187/31 brd 255.255.255.255 scope global bond0
>> ...
>>
>> ## FreeBSD ifconfig
>>
>> # ifconfig ice0
>> ice0: flags=3D8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mt=
u =
>> 1500
>> options=3D4e10438<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,LRO,VLAN_HWFILTER,=
RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
>> ether b4:96:91:d9:9b:48
>> inet 147.75.93.61 netmask 0xfffffffe broadcast 147.75.93.60
>> media: Ethernet autoselect (25G-AUI <full-duplex>)
>> status: active
>> nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>> ...
>> root@metalBSD:~ # netstat -4rn
>> Routing tables
>>
>> Internet:
>> Destination Gateway Flags Netif Expire
>> default 147.75.93.60 UGS ice0
>> 127.0.0.1 link#7 UH lo0
>> 147.75.93.60/31 link#3 U ice0
>> 147.75.93.61 link#3 UHS lo0
>>
>> root@metalBSD:~ # cat /var/db/dhclient.leases.ice0
>>
>> - note no broadcast-address provided
>> - Linux & FreeBSD evidently derive it differently
>>
>> lease {
>> interface "ice0";
>> fixed-address 147.75.93.61;
>> option subnet-mask 255.255.255.254;
>> option routers 147.75.93.60;
>> option domain-name-servers 147.75.207.207,147.75.207.208;
>> option host-name "intransigent09";
>> option dhcp-lease-time 172800;
>> option dhcp-message-type 5;
>> option dhcp-server-identifier 139.178.78.140;
>> renew 1 2022/6/27 18:40:06;
>> rebind 2 2022/6/28 12:40:06;
>> expire 2 2022/6/28 18:40:06;
>> }
>>
>> A+
>> Dave
>>
>
>
> -- =
> Marek Zarychta
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1D46186C-EE8C-4EDA-9FE8-8636C3D90299>