From nobody Mon Jun 27 16:25:14 2022 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 80530875BD8 for ; Mon, 27 Jun 2022 16:25:24 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (mail.karels.net [216.160.39.52]) by mx1.freebsd.org (Postfix) with ESMTP id 4LWtPG6yq9z4kwy for ; Mon, 27 Jun 2022 16:25:22 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (localhost [127.0.0.1]) by mail.karels.net (8.16.1/8.16.1) with ESMTP id 25RGPExp005121; Mon, 27 Jun 2022 11:25:14 -0500 (CDT) (envelope-from mike@karels.net) Received: from [10.0.2.130] ([10.0.1.1]) by mail.karels.net with ESMTPSA id EUHzF+rZuWL/EwAA4+wvSQ (envelope-from ); Mon, 27 Jun 2022 11:25:14 -0500 From: "Mike Karels" To: "Marek Zarychta" Cc: "Dave Cottlehuber" , freebsd-net Subject: Re: missing SYN/ACK for inbound TCP solved by altering broadcast address - why? Date: Mon, 27 Jun 2022 11:25:14 -0500 X-Mailer: MailMate (1.13.2r5673) Message-ID: <1D46186C-EE8C-4EDA-9FE8-8636C3D90299@karels.net> In-Reply-To: <6e6d272a-0954-1fba-c0eb-14480d858a37@plan-b.pwste.edu.pl> References: <6e6d272a-0954-1fba-c0eb-14480d858a37@plan-b.pwste.edu.pl> List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4LWtPG6yq9z4kwy X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mike@karels.net designates 216.160.39.52 as permitted sender) smtp.mailfrom=mike@karels.net X-Spamd-Result: default: False [-2.06 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; FREEFALL_USER(0.00)[mike]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip4:216.160.39.52]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[karels.net]; NEURAL_HAM_MEDIUM(-0.86)[-0.862]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; NEURAL_HAM_SHORT(-0.99)[-0.994]; MLMMJ_DEST(0.00)[freebsd-net]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:209, ipnet:216.160.36.0/22, country:US]; SUBJECT_ENDS_QUESTION(1.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-ThisMailContainsUnwantedMimeParts: N Responding to parts of two emails: On 27 Jun 2022, at 7:41, Marek Zarychta wrote: > W dniu 27.06.2022 o=C2=A013:44, Dave Cottlehuber pisze: >> I've found a workaround for this issue, but don't understand why this >> occurs. Reading RFC1122 has left me none the wiser. What am I = >> missing? >> Is this a Linuxism or simple a standardisation loophole? > > It has been standardized in RFC3021 over twenty years ago. FreeBSD = > ifconfig(8) supports /31 netmask for a long time and the broadcast = > address is correctly assigned in this case (255.255.255.255). Either = > dhcp-options(5) "option broadcast-address" is missing on the DHCP = > server or our dhclient(8) is misbehaving or maybe the Linux client is = > better in figuring out the right broadcast address. Looks like RFC3021 only says it applies to point-to-point interfaces, and doesn=E2=80=99t consider other types. I don=E2=80=99t remember any c= ode in = ifconfig to special-case this, although the kernel will default the broadcast correctly in this case (to the all-1=E2=80=99s address; I guess that=E2=80= =99s an = extension). That means something is giving the broadcast address to ifconfig = explicitly. >> ## Problem >> >> - on 13.1-R, dhclient-set config works for all UDP, & outbound TCP >> - but inbound TCP connections send no SYN/ACK at all back >> - on Linux Ubuntu 22.04 & others, the DHCP supplied IP config >> works as expected Do you know if this worked with 13.0? (I made a change in 13.1, but don=E2=80=99t quite see how it would cause this situation to change.)= >> failing FreeBSD config from dhclient: >> inet 147.75.93.61 netmask 0xfffffffe broadcast 147.75.93.60 This is odd. I don=E2=80=99t know why the broadcast address would be hos= t 0 on that network, but note that it is the same as the router address. That is probably the root of the problem. I don=E2=80=99t see a broadcas= t address in the lease below, so maybe dhclient is confused. The default broadcast would be host -1, but of course that is the host itself. >> working Linux config (note broadcast) >> inet 147.75.93.61 netmask 0xfffffffe broadcast 255.255.255.254 That=E2=80=99s an odd choice of broadcast, but it doesn=E2=80=99t really = matter = here. >> - full details below (dhcp lease, ifconfigs etc) >> >> I worked around this by forcing broadcast-address in dhclient.conf: >> >> ## /etc/dhclient.conf >> interface "ice0" { >> supersede broadcast-address 255.255.255.255; >> } >> # repeat for other ifaces as required >> >> Which is ~ok~ for the moment, but I'd like to understand why this >> occurs, and fix it properly. Either at DHCPD end, or FreeBSD >> config. >> >> >> >> # Further details >> >> - Ubuntu 22.04 from vendor >> - FreeBSD 13.1-RELEASE amd64 vanilla install >> - 4x ice(4) NICs (Intel E810) and 2x (unused) ix (igxbe) >> - 2x of the ice(4) are bonded link aggregation >> - dhclient only used to attach to 1 nic, ignoring FreeBSD side of = >> bonding >> >> >> ## Linux ip addr >> >> # ip addr >> 8: bond0: mtu 1500 qdisc = >> noqueue state UP group default qlen 1000 >> link/ether b4:96:91:d9:99:20 brd ff:ff:ff:ff:ff:ff >> inet 147.75.92.187/31 brd 255.255.255.255 scope global bond0 >> ... >> >> ## FreeBSD ifconfig >> >> # ifconfig ice0 >> ice0: flags=3D8863 metric 0 mt= u = >> 1500 >> options=3D4e10438 >> ether b4:96:91:d9:9b:48 >> inet 147.75.93.61 netmask 0xfffffffe broadcast 147.75.93.60 >> media: Ethernet autoselect (25G-AUI ) >> status: active >> nd6 options=3D29 >> ... >> root@metalBSD:~ # netstat -4rn >> Routing tables >> >> Internet: >> Destination Gateway Flags Netif Expire >> default 147.75.93.60 UGS ice0 >> 127.0.0.1 link#7 UH lo0 >> 147.75.93.60/31 link#3 U ice0 >> 147.75.93.61 link#3 UHS lo0 >> >> root@metalBSD:~ # cat /var/db/dhclient.leases.ice0 >> >> - note no broadcast-address provided >> - Linux & FreeBSD evidently derive it differently >> >> lease { >> interface "ice0"; >> fixed-address 147.75.93.61; >> option subnet-mask 255.255.255.254; >> option routers 147.75.93.60; >> option domain-name-servers 147.75.207.207,147.75.207.208; >> option host-name "intransigent09"; >> option dhcp-lease-time 172800; >> option dhcp-message-type 5; >> option dhcp-server-identifier 139.178.78.140; >> renew 1 2022/6/27 18:40:06; >> rebind 2 2022/6/28 12:40:06; >> expire 2 2022/6/28 18:40:06; >> } >> >> A+ >> Dave >> > > > -- = > Marek Zarychta