From owner-freebsd-current@freebsd.org Sun Dec 23 02:51:40 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BE6BA1347A37 for ; Sun, 23 Dec 2018 02:51:40 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 39D7686462 for ; Sun, 23 Dec 2018 02:51:40 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: by mailman.ysv.freebsd.org (Postfix) id F0ACF1347A32; Sun, 23 Dec 2018 02:51:39 +0000 (UTC) Delivered-To: current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CD8331347A28 for ; Sun, 23 Dec 2018 02:51:39 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 6FBC386458; Sun, 23 Dec 2018 02:51:38 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id atp3g4G6eMRX3atp5gQqJa; Sat, 22 Dec 2018 19:49:00 -0700 X-Authority-Analysis: v=2.3 cv=TL87tGta c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=kj9zAlcOel0A:10 a=2ur7OfE09M0A:10 a=pGLkceISAAAA:8 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=OFpJwVb_HiOFZ94JBfIA:9 a=CjuIK1q_8ugA:10 a=UJ0tAi3fqDAA:10 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id 36B7F951; Sat, 22 Dec 2018 18:48:57 -0800 (PST) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id wBN2muk0042925; Sat, 22 Dec 2018 18:48:56 -0800 (PST) (envelope-from Cy.Schubert@cschubert.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id wBN2mu73042922; Sat, 22 Dec 2018 18:48:56 -0800 (PST) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201812230248.wBN2mu73042922@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.7.1 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Enji Cooper cc: Cy Schubert , Yuri Pankov , Mark Peek , Warner Losh , =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= , freebsd-current Subject: Re: workaround for VMware WS NAT bug triggered by OpenSSH 7.8p1 changes In-Reply-To: Message from Enji Cooper of "Sat, 22 Dec 2018 17:58:39 -0800." <82004750-097A-47E5-9981-86B4B7A5F755@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 22 Dec 2018 18:48:56 -0800 X-CMAE-Envelope: MS4wfNzV0UXC1MLoYQxLa6+xmvnfZ0RkxQjO7Ev+lQic2dHXJbjLtsWFMY46RoWykDQ290bQTfLuBcFfHlGHts6LxXDOHKpwkKP8x+71m+0WTFSaQC8OvI79 WHSBPB9rxfdJwxS6Jn6c5liem/GLNg/vH64k0fAr57vBU/q3xFIdgCRDgI55w0QUIXl6gs4KsyXmhSCsP+surVMStr3WwovurcqJmpyryvNCJ7D2TY46ouUP cbdzg0URrlwpZ3rFC94pOZ+EckJ3g6Rq6HTJaD6g8S3pxMGQx9sk6Hhc53I9iNELPyX+Z99HK0bMYWI6zStLkg== X-Rspamd-Queue-Id: 6FBC386458 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-4.81 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[Cy.Schubert@cschubert.com]; MV_CASE(0.50)[]; HAS_XAW(0.00)[]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[cached: spqr.komquats.com]; NEURAL_HAM_SHORT(-0.99)[-0.992,0]; RCPT_COUNT_SEVEN(0.00)[7]; FREEMAIL_TO(0.00)[gmail.com]; RECEIVED_SPAMHAUS_PBL(0.00)[17.125.67.70.zen.spamhaus.org : 127.0.0.11]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA]; MIME_TRACE(0.00)[0:+]; RCVD_IN_DNSWL_LOW(-0.10)[12.134.59.64.list.dnswl.org : 127.0.5.1]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; RCVD_COUNT_FIVE(0.00)[5]; REPLYTO_EQ_FROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-2.11)[ip: (-6.03), ipnet: 64.59.128.0/20(-2.46), asn: 6327(-1.97), country: CA(-0.09)]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_NA(0.00)[] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Dec 2018 02:51:41 -0000 In message <82004750-097A-47E5-9981-86B4B7A5F755@gmail.com>, Enji Cooper writes : > > On Dec 22, 2018, at 1:03 PM, Cy Schubert = > wrote: > > =E2=80=A6 > > > Regarding the Red Hat bugzilla bug, looks like they're doing the right > > thing by reaching out to VMware. This should be our position as well. > > Add it to ssh_config or sshd_config if one must but have VMware fix > > their bugs. Putting workarounds in our O/S to work around a bug in = > some > > other vendor's virtualization is something I don't support. If we must > > add the #ifdefs to our ssh, then add an UPDATING entry to say that to > > enable it put VMWARE_GUEST_WORKAROUND or however we choose to enable = > it > > in src.conf. > > This is the reason why I CCed mp@ :).. Mark works for VMware (I worked = > with him a bit when I was at Isilon). > > =E2=80=A6 > > > We, FreeBSD, should try to open a ticket or reach out to VMware to add > > a +1 to the issue that RH has already opened. This is the right thing > > to do. In this case we should consider ourselves an O/S vendor too, > > which BTW we are. > > Yes, but unless there=E2=80=99s a champion internal to the project = > driving this, it=E2=80=99s up to individual users to drive the bug = > report/fix. If, however, there were regular regression tests run with = > VMware (and this can be done with pyvmomi/paramiko, etc), then we the = > project could provide this guarantee to VMware and vice versa if VMware = > invested the time in making this so--which I thought they did with = > 10.x=E2=80=A6 but if they don=E2=80=99t have an easy way to verify = > changes, there=E2=80=99s a bit of a chicken and egg problem. I'm suggesting we do. Regression tests might require that FreeBSD have a VMware cluster of one or preferably two machines somewhere. That is if VMware is willing to "help" out. The reason I suggest a cluster of two is vmotion can negatively affect some applications (Oracle RAC comes to mind). It would be interesting to find out how FreeBSD and apps running on FreeBSD react to being vmotioned from one ESXi host to another. Testing vCPU and vRAM hot add are other items that should be in our test suite. How well would FreeBSD work with vNUMA? > > > BTW the 2018-11-08 entry in the RH bug talks about adding the > > workaround to sshd_config. > > =E2=80=A6 which is what I did instead of making the code change. Does this suggest that sshd on servers running under VMware are also affected, i.e. ssh session from a computer not running on VMware such as from real hardware or a from PuTTY session o a PC to sshd on a VM? > > Thanks so very much for the patch and (more importantly) for the = > discussion/solution Yuri!! I really appreciate your unblocking me. Yes, thank you Yuri for pointing out the problem and providing a solution. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.