Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 19 Apr 2024 15:39:51 +0200
From:      Gerrit =?UTF-8?B?S8O8aG4=?= <gerrit.kuehn@aei.mpg.de>
To:        freebsd-stable@freebsd.org
Subject:   possible regression handling packet fragmentation in 14.0 with tftp/pxe
Message-ID:  <20240419153951.5a23ce5f@arc.aei.uni-hannover.de>

next in thread | raw e-mail | index | archive | help
--Sig_/J_HhMHjp0FHYYB.x_9v55wV
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

Hello,

I have found something that looks like a regression to me (but it may also
be a bugfix, and I was just relying on the bug earlier :-). Anyway, I
don't fully understand what is going on, maybe someone here has more
insight than I do.

I have various router appliances based on FreeBSD. They act as
NAT-routers, dns/dhcp-servers and vpn-servers (using tinc in switch mode as
vpn solution). I use these in different incarnations for many years now
(since 8.something afaicr), the systems work fine up to 13.3. With 14.0 I
hit a strange issue:
Some of my LANs that FreeBSD is acting as NAT-gateway for (using pf for
nat, including scrubbing) contain diskless machines that need to boot off a
NFS-server that is located outside the LAN. To make this possible, The
router and the NFS-server run a tinc-connection. On the router, tinc's
virtual TAP-interface is bridged with the physical interface of the LAN:

---
bridge0: flags=3D1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP>
metric 0 mtu 1500 options=3D0
        ether 58:9c:fc:10:ff:ed
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: tap0 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 7 priority 128 path cost 2000000
        member: ix3 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 4 priority 128 path cost 2000
        groups: bridge
        nd6 options=3D9<PERFORMNUD,IFDISABLED>
---

The remote server runs both nfsd for the diskless root and tftpd for
PXE-booting. This was working fine up to 13.3. However, with the router
under 14.0, the first step of the tftp-part (delivering pxelinux.0 from
the syslinux package) fails and ends up in timeouts.

For the following:
192.168.130.3 is the diskless client trying to boot (Linux)
192.168.130.253 is the server for nfsroot and tftp (FreeBSD)
192.168.130.254 is the router and dhcp-server (FreeBSD 13.3/14.0)

The tftpd-server logs the follwoing events for this in /var/log/xferlog
when the client tries to boot via pxe:

---
Apr 19 11:37:40 192.168.130.253 tftpd[49562]: Filename: 'pxelinux.0'
Apr 19 11:37:40 192.168.130.253 tftpd[49562]: Mode: 'octet'
Apr 19 11:37:40 192.168.130.253 tftpd[49564]: Filename: 'pxelinux.0'
Apr 19 11:37:40 192.168.130.253 tftpd[49564]: Mode: 'octet'
Apr 19 11:37:40 192.168.130.253 tftpd[49564]: 192.168.130.3: read request
for //pxelinux.0: success
Apr 19 11:37:45 192.168.130.253 tftpd[49564]: receive_packet:
timeout
Apr 19 11:37:45 192.168.130.253 tftpd[49564]: Timeout #0 on ACK 1
Apr 19 11:37:50 192.168.130.253 tftpd[49564]: receive_packet: timeout
Apr 19 11:37:50 192.168.130.253 tftpd[49564]: Timeout #1 on ACK 1
Apr 19 11:37:55 192.168.130.253 tftpd[49564]: receive_packet: timeout
Apr 19 11:37:55 192.168.130.253 tftpd[49564]: Timeout #2 on ACK 1
Apr 19 11:38:00 192.168.130.253 tftpd[49564]: receive_packet: timeout
Apr 19 11:38:00 192.168.130.253 tftpd[49564]: Timeout #3 on ACK 1
Apr 19 11:38:05 192.168.130.253 tftpd[49564]: receive_packet: timeout
Apr 19 11:38:05 192.168.130.253 tftpd[49564]: Timeout #4 on ACK 1
Apr 19 11:38:10 192.168.130.253 tftpd[49564]: receive_packet: timeout
Apr 19 11:38:10 192.168.130.253 tftpd[49564]: Timeout #5 send ACK 1 giving
up
---

A tcpdump for the MAC of the pxe client taken on the physical interface of
the router looks like this:

---
11:37:36.843770 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request
from 00:25:90:69:bf:ae, length 548
11:37:36.844639 IP 192.168.130.254.67 > 255.255.255.255.68: BOOTP/DHCP,
Reply, length 357
11:37:40.853302 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request
from 00:25:90:69:bf:ae, length 548
11:37:40.855024 IP 192.168.130.254.67 > 255.255.255.255.68: BOOTP/DHCP,
Reply, length 357
11:37:40.855653 ARP, Request who-has 192.168.130.253 tell 192.168.130.3,
length 46
11:37:40.856543 ARP, Reply 192.168.130.253 is-at 00:bd:df:ce:fa:03, length
28
11:37:40.856584 IP 192.168.130.3.2070 > 192.168.130.253.69: TFTP, length
27, RRQ "pxelinux.0" octet tsize 0
11:37:40.860701 IP 192.168.130.253.38476 > 192.168.130.3.2070: UDP, length
14
11:37:40.860737 IP 192.168.130.3.2070 > 192.168.130.253.38476: UDP, length
17
11:37:40.860908 IP 192.168.130.3.2071 > 192.168.130.253.69: TFTP, length
32, RRQ "pxelinux.0" octet blksize 1456
11:37:40.891419 IP 192.168.130.253.31448 > 192.168.130.3.2071: UDP, length
15
11:37:40.891455 IP 192.168.130.3.2071 > 192.168.130.253.31448: UDP, length
4
11:37:40.910020 IP 192.168.130.253.31448 > 192.168.130.3.2071: UDP, length
1460
11:37:40.910037 IP 192.168.130.253 > 192.168.130.3: ip-proto-17
11:37:45.910310 IP 192.168.130.253.31448 > 192.168.130.3.2071: UDP, length
1460
11:37:45.910327 IP 192.168.130.253 > 192.168.130.3: ip-proto-17
11:37:50.915422 IP 192.168.130.253.31448 > 192.168.130.3.2071: UDP, length
1460
11:37:50.915439 IP 192.168.130.253 > 192.168.130.3: ip-proto-17
11:37:55.919340 IP 192.168.130.253.31448 > 192.168.130.3.2071: UDP, length
1460
11:37:55.919359 IP 192.168.130.253 > 192.168.130.3: ip-proto-17
11:38:00.934017 IP 192.168.130.253.31448 > 192.168.130.3.2071: UDP, length
1460
11:38:00.934033 IP 192.168.130.253 > 192.168.130.3: ip-proto-17
11:38:05.943631 IP 192.168.130.253.31448 > 192.168.130.3.2071: UDP, length
1460
11:38:05.943651 IP 192.168.130.253 > 192.168.130.3: ip-proto-17
---

It looks like there are tftp packages transmitted that are somehow never
picked up by the client. As 13.3 was running fine in this place, I compared
the tcpdump output to what is happening there:

---
13:34:34.112855 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP,
Request from 00:25:90:69:bf:ae (oui Unknown), length 548
13:34:36.145073 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP,
Request from 00:25:90:69:bf:ae (oui Unknown), length 548
13:34:40.154596 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP,
Request from 00:25:90:69:bf:ae (oui Unknown), length 548
13:34:40.155930 ARP, Request who-has 192.168.130.253 tell 192.168.130.3,
length 46
13:34:40.156176 ARP, Reply 192.168.130.253 is-at 00:bd:7b:2d:f7:05 (oui
Unknown), length 28
13:34:40.156239 IP 192.168.130.3.2070 > 192.168.130.253.tftp:  27 RRQ
"pxelinux.0" octet tsize 0
13:34:40.159338 IP 192.168.130.253.16697 > 192.168.130.3.2070: UDP, length
14
13:34:40.159406 IP 192.168.130.3.2070 > 192.168.130.253.16697: UDP, length
17
13:34:40.159574 IP 192.168.130.3.2071 > 192.168.130.253.tftp:  32 RRQ
"pxelinux.0" octet blksize 1456
13:34:40.162327 IP 192.168.130.253.33393 > 192.168.130.3.2071: UDP, length
15
13:34:40.162388 IP 192.168.130.3.2071 > 192.168.130.253.33393: UDP, length
4
13:34:40.162708 IP 192.168.130.253.33393 > 192.168.130.3.2071: UDP, bad
length 1460 > 1392
13:34:40.162758 IP 192.168.130.253 > 192.168.130.3: udp
13:34:40.162837 IP 192.168.130.3.2071 > 192.168.130.253.33393: UDP, length
4
13:34:40.163089 IP 192.168.130.253.33393 > 192.168.130.3.2071: UDP, bad
length 1460 > 1392
13:34:40.163124 IP 192.168.130.253 > 192.168.130.3: udp
13:34:40.163670 IP 192.168.130.3.2071 > 192.168.130.253.33393: UDP, length
4
13:34:40.163920 IP 192.168.130.253.33393 > 192.168.130.3.2071: UDP, bad
length 1460 > 1392
13:34:40.163956 IP 192.168.130.253 > 192.168.130.3: udp
13:34:40.164515 IP 192.168.130.3.2071 > 192.168.130.253.33393: UDP, length
4
13:34:40.164765 IP 192.168.130.253.33393 > 192.168.130.3.2071: UDP, bad
length 1460 > 1392
[...]
---


Although this reports "bad length" all the time (whatever this means), it
works and transfers bootloader, initramfs, kernel etc. for diskless Linux
machines in the LAN.
But this suspiciously looked like MTU problems. The VPN only offers an MTU
of 1425 by default, while tftp appears to use 1460. After some
searching and reading I found that the original tftp default was 512 byte
packets, and the client obviously requests larger packets for speed
reasons explicitely with the "blksize 1456" command. Unfortunately, I found
no way to configure the PXE firmware to use smaller packets.
However, adding the "-o" option to FreeBSD's tftpd could disable all extra
options and forced both the server and the client to user smaller packets.
TFTP and PXE-booting were working fine again after that change.

On the other hand, this feels like a workaround. What is the actual
problem here, and why did the very same setup "just work" up to FreeBSD
13.3 on the router? The setup of pf.conf is quite minimal, the packet
normalization part is just
---
set block-policy return
set optimization aggressive
scrub in all
---

Is this some kind of regression or rather the fix of a bug I was relying
upon earlier? Any hints and insight would be greatly appreciated.


cu
  Gerrit

--Sig_/J_HhMHjp0FHYYB.x_9v55wV
Content-Type: application/pkcs7-signature; name=smime.p7s
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7s

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgIFADCABgkqhkiG9w0B
BwEAAKCCF/QwggQyMIIDGqADAgECAgEBMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
BAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcMB1Nh
bGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSEwHwYDVQQDDBhBQUEg
Q2VydGlmaWNhdGUgU2VydmljZXMwHhcNMDQwMTAxMDAwMDAwWhcNMjgxMjMxMjM1
OTU5WjB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVy
MRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEh
MB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAvkCd9G7h6naHHE1FRI6+RsiDBp3BKv4YH47kAvrz
q11QihYxC5oG0MVwIs1JLVRjzLZuaEYLU+rLTCTAvHJO6vEVrvRUmhIKw3qyM2Di
2olV8yJY897cz++DhqKMlE+faPKYkEaEJ8d2v+PMNSyLXgdkZYLASLCokflhn3Yg
UKiRx2a163hiA1bwihoT6jGjHqCZ/Tj29icyWG8H9Wu4+xQrr7eqzNZjX3OM2gWZ
qDioyxd4NlGs6Z70eDqNzw/ZQuKYDKsvnw4B3u+fmUnxLd+sdE0bmLVHxeUp0fmQ
GMdinL6DxyZ7Poolx8DdneY1aBAgnY/Y3tLDhJwNXugvyQIDAQABo4HAMIG9MB0G
A1UdDgQWBBSgEQojPpbxB+zirynvgqV/0DCktDAOBgNVHQ8BAf8EBAMCAQYwDwYD
VR0TAQH/BAUwAwEB/zB7BgNVHR8EdDByMDigNqA0hjJodHRwOi8vY3JsLmNvbW9k
b2NhLmNvbS9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDA2oDSgMoYwaHR0cDov
L2NybC5jb21vZG8ubmV0L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMA0GCSqG
SIb3DQEBBQUAA4IBAQAIVvwC8Jvo/6T61nvGRIDOT8TF9gBYzKa2vBRJaAR26Obu
XewCD2DWjVAYTyZOAePmsKXuv7x0VEG//fwSuMdPWvSJYAV/YLcFSvP28cK/xLl0
hrYtfWvM0vNG3S/G4GrDwzQDLH2W3VrCDqcKmcEFi6sML/NcOs9sN1UJh95TQGxY
7/y2q2VuBPYb3DzgWhXGntnxWUgwIWUDbOzpIXPsmwOh4DetoBUYj/q6As6nLKkQ
EyzU5QgmqyKXYPiQXnTUoppTvfKpaOCibsLXbLGjD56/62jnVvKu8uMrODoJgbVr
hde+Le0/GreyY+L1YiyC1GoAQVDxOYOflek2lphuMIIFgTCCBGmgAwIBAgIQOXJE
Ovkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7MQswCQYDVQQGEwJHQjEbMBkG
A1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYD
VQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRl
IFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4MTIzMTIzNTk1OVowgYgxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJzZXkg
Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQDEyVV
U0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00ytUINh4qog
TQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NCtnbyqTsr
kfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQfjtTkUcYR
Z0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM8Ny8nkz+
rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hmAUTnAU5G
U5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiVZ4vuPVb+
DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9N6frXTps
NVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sFqV4Wg8y4
Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9HE0XvMns
QybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ+gQek9Qm
RkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyXHAc/DVL1
7e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSgEQojPpbxB+zirynvgqV/0DCk
tDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgGG
MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEMGA1UdHwQ8MDow
OKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0FBQUNlcnRpZmljYXRlU2Vy
dmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29j
c3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4IBAQAYh1HcdCE9nIrgJ7cz
0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+rvSNb3I8QzvAP+u431yqqcau
8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+/czSAaF9ffgZGclCKxO/WIu6
pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gACiIDEOUMsfnNkjcZ7Tvx5Dq2
+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1FzZOFli9d31kWTz9RvdVFGD/t
So7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyAvGp4z7h/jnZymQyd/teRCBah
o1+VMIIG5jCCBM6gAwIBAgIQMQJw1DW+mySa+FbQ4eKFSTANBgkqhkiG9w0BAQwF
ADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcT
C0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAs
BgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcN
MjAwMjE4MDAwMDAwWhcNMzMwNTAxMjM1OTU5WjBGMQswCQYDVQQGEwJOTDEZMBcG
A1UEChMQR0VBTlQgVmVyZW5pZ2luZzEcMBoGA1UEAxMTR0VBTlQgUGVyc29uYWwg
Q0EgNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALNK4iJeJ1vpBFsU
BDUyIBSutNIxQMbNUMAeoUTKr55KYX8tkN5imzNqLaRCypYBPP9wED2AaO6e8njk
bjzJwLgPqDBkW9sG3kmi3GW6cF4Hwr5ysZqve/5EJDhV+9OhfTu/4dMnoR4Q41Hc
jMk9MzLOADAQ0awBZ/29r0d49AUmIKELNeqEqmnTN6fndL7x/2K0TLToZLxqS7sy
/Jvi0wEFr0CfdjcAsioh7KaD+Jizyb1aRKQzJ6Q20VEHX7UqWc1SkzTkbz6xj0S5
ydBBFQh0fNiy+qM/deVpK4HgmPSJrrpQZ+LlbHfWabmwoDPxF71QZVYiqrrAoUrG
RJ+47iLBiIg8miIYS7Hd2ppvAUt24CugMXUjETjQ+oYh09fNi5n/AvoER8UBvTHL
xt+blL0bvL+2z2YiUWk+2Qtn+dD+JU5Z2y71qV7+cr+4YXjvGzF5bYsi8HiwflTb
4Php3y+k1twKtchdcq2QGc0eDG6Y01nRHUiyr8/PtMAsLHEPNZ2wzsA7fb8mftHi
V20ZFmYqknJ8AIOfwdTVA+E62JayOJ+sxadqcmFDorsz/mrPwGZ8+txr4xSuvVjg
0dlv0yuA+1YpBDIYNfL4bkX+IcZ1mTstL4Xw0f4N2iW3bBmnPnYmoYxMM8gflCiT
gss73nBvG2f7v1PD7BDGYNO4iD4vAgMBAAGjggGLMIIBhzAfBgNVHSMEGDAWgBRT
eb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4EFgQUaQChxyFY+ODFGyCwCt2nUb8T
2eQwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYw
FAYIKwYBBQUHAwIGCCsGAQUFBwMEMDgGA1UdIAQxMC8wLQYEVR0gADAlMCMGCCsG
AQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzBQBgNVHR8ESTBHMEWgQ6BB
hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh
dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo
dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j
cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI
hvcNAQEMBQADggIBAAoFTnsNjx8TOQD9b+xixsPt7Req4wHMeNw/R5dddEPgQAQA
YJZKz5BEv1cjGbH7nbPH3AxrxhN6OVH40p6OLIo9MXSrrfMzGs7/P+FTCjwgNxFE
tLQ1KC9NboA3asJcl7mIs3l8h9iAgEH1zLUvq2s+5n++NQmbzudDsTFDMapY3kX1
TwyUCTRzmItqcbsYIyg2MeIXWfRtqPqC5R4bufmpzA5BPINLX340Sp/CNQ9QZqw3
VkfyHWwTo+vO9Gm2L6srNamJT6Lb+TeXZvl8UPL5a72O/pH0GgGHjt6z9QzPARna
RKshVWviNK6ST4WmZHllu3CJg0BXqx1vWyswawgvNeWt1qxITacYe9mSWTbNR2Cf
tvTUwerruDSY2jMaZPoNqbjUpuG/blYwWzzvVerBUhviAahPXJF/9V48ybWPBq6q
KOEokW+s3B4ad5sY96KlovEijaIQDip1HO0SD+rLNYaiBcr9MV2aK+DfbZ8w9BaN
CQyFEYwzxIKOVk3bYvzHRk5ihUDascmbk/bkiNl74c/KfuKQmJImaqWoWZR6jBcX
cPV0WUIKz/nILTpFhGojZEQW77by3aezAi9jrEIUBHRG1LwzPbJc2V3SOzYyaJFQ
atzuKZbN1Q9s9y/2x1QXtKwREY8jNgvx0iIfOK35gKgYJJcyDql4XfuEc2nVMIIH
SzCCBTOgAwIBAgIRAMCEqCZW/bEp9AgcdlGEWuEwDQYJKoZIhvcNAQEMBQAwRjEL
MAkGA1UEBhMCTkwxGTAXBgNVBAoTEEdFQU5UIFZlcmVuaWdpbmcxHDAaBgNVBAMT
E0dFQU5UIFBlcnNvbmFsIENBIDQwHhcNMjMwODE1MDAwMDAwWhcNMjYwODE0MjM1
OTU5WjCB0zEOMAwGA1UEERMFODA1MzkxRzBFBgNVBAoMPk1heC1QbGFuY2stR2Vz
ZWxsc2NoYWZ0IHp1ciBGw7ZyZGVydW5nIGRlciBXaXNzZW5zY2hhZnRlbiBlLlYu
MRswGQYDVQQJDBJIb2ZnYXJ0ZW5zdHJhw59lIDgxDzANBgNVBAgTBkJheWVybjEL
MAkGA1UEBhMCREUxFTATBgNVBAMTDEdlcnJpdCBLdWVobjEmMCQGCSqGSIb3DQEJ
ARYXZ2Vycml0Lmt1ZWhuQGFlaS5tcGcuZGUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQCg7n7fRC0hIeomyBYF0RZ0L/jKjURwqPL3vBN+HvDxzp+Wcn0a
Voeia3LPeXvf18d7BeIQ2SVFXWnWzVpVKzv7VUg4OD424GmcQrFXkChSvOc/rLaA
FmNIaKWgYwUOAqmDh3t9JzQTVj6FrAeJwzXmnv42msNUfnhA2dRllOCmilLUqm/5
nOgrImuiA3R1S0CcljAmEr5PnUmKJaanbaq74Jb54gf622cRyWwylMJijMGboDYw
uaGynrLgfo+rWbXc2TASO6pjSQDKAAfXO/NzLgp+BmneN1II9alVUAJRUpFDkgx9
peM+qUJryLtO+veOKElsOe2S4qvk0PaE/MVAcIJiThdY7qde8Q9FyOJsDN5kiX4g
fsKmtF7EdB71Uc8N78L62r7/7Y5WL8gRxXCN8BsmLXSiCylvtIYsbJMDhK6C+37w
9Cg1A8AWeksg1TmCcvolEJy3+bfPx7NlmEfRdkdzuVb1KxfB0z4SbhSwOAR1WYVg
mEAQuj1l9k7suUtdUY4ZeMnRLVPtmQh+bxcJPaRllpHSTYbYVQlSNXkP0al2/J8d
jJHhulOsCX8oYfyQ9a33jHsKUf632Lpg8446ym19UrNPh9pntXRXVhhkw+/tPE8G
BxH81BCvvSUhVu0Nckx8zOWiI1+6Z5t71udnXOEv9lJFvqDlY71lkiu+jQIDAQAB
o4IBpDCCAaAwHwYDVR0jBBgwFoAUaQChxyFY+ODFGyCwCt2nUb8T2eQwHQYDVR0O
BBYEFOsacOXMtCWA1hWcY7A/tb8e/tTSMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjA/BgNVHSAEODA2
MDQGCysGAQQBsjEBAgJPMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5j
b20vQ1BTMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9HRUFOVC5jcmwuc2VjdGln
by5jb20vR0VBTlRQZXJzb25hbENBNC5jcmwweAYIKwYBBQUHAQEEbDBqMD0GCCsG
AQUFBzAChjFodHRwOi8vR0VBTlQuY3J0LnNlY3RpZ28uY29tL0dFQU5UUGVyc29u
YWxDQTQuY3J0MCkGCCsGAQUFBzABhh1odHRwOi8vR0VBTlQub2NzcC5zZWN0aWdv
LmNvbTAiBgNVHREEGzAZgRdnZXJyaXQua3VlaG5AYWVpLm1wZy5kZTANBgkqhkiG
9w0BAQwFAAOCAgEAbUB7zWvNZ98vh3u7hzpnbA1K4U9bga1YkpVbOgv7/UY5RiZP
Rk06O18f5TnRSWiiF3XImBG1uVjbcwVKIemliCQRQzVVt2JXOJVT1EafDDe9DK5o
QaXGHY7NAT1lPLEwtgv8hxBBvthMaMa6lpibT/IUi83jHPZUgsGajCgPXd05Bh/L
jCzWDOmHuwFdjRAMQs1VsPYx+OVcRvS1jmw0bT6o5/nruRwF5brxUK39Mftj3sIN
b+UvVkXdAGw5iQWFwllGpwBgo3iESa1R72qkBMWph8D6Jbg795WBgjMULCPTiZkq
eOif9sW1/37AoutSh7VMh7WMrEW9QURVWYR1hYjS0/TMo8aXfPOLtLYoSg/R6i+j
eXqREsJQxMAl0e/JJej1TAFCsWg0r6Dg4mYq636plAr6pu7pJATNVPT0HrsBMYWu
PV2WRH8Obs+n1xe4ftGxE4yDWiL56lnp6tnfVR8qinEqpGBfj7BAwEcO/Na9b+oK
tDEmWHzupKkdmoOWktURY+Q/5RVWoiozNujYljc9iaK3agqBbJ5ZzRyrCKOPLnw4
9b8koO03WkXPqlm59nxAOdJE6ZQ2aQ8ev6ji+UlGnlIvgk70MsRukY2shpAiowb6
bKjKyK3QGNnT4zmL6ixSRmnYhC95U923Yf+hy+6jqS1Ec6kgpREYG53Qv5IxggMs
MIIDKAIBATBbMEYxCzAJBgNVBAYTAk5MMRkwFwYDVQQKExBHRUFOVCBWZXJlbmln
aW5nMRwwGgYDVQQDExNHRUFOVCBQZXJzb25hbCBDQSA0AhEAwISoJlb9sSn0CBx2
UYRa4TANBglghkgBZQMEAgIFAKCBozAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
MBwGCSqGSIb3DQEJBTEPFw0yNDA0MTkxMzM5NTFaMCgGCSqGSIb3DQEJDzEbMBkw
CwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMD8GCSqGSIb3DQEJBDEyBDAZeXMKbrEM
elQuLIU5VEhKdo0/srKmyDDdxRY8ywqUvlmNuLbwjDHnnV+Ca0Vf1pAwDQYJKoZI
hvcNAQEBBQAEggIAT2qfHpQLedG12kzwDqp/68q9me7hdDUiR+54cFaOEt5V0j32
DvyHVXjfjqyRcBCCjHQb6CuLfKKPEzVruM5MQinRe45Lcnd0esIPPZmNkwzt+D2p
Fk8UKetSIOHdG6uCODW9n6II09JWnEHcVPMPsui0lWLBGv3yEFgO6hsx+8zoKOYj
RuNpt+c0nv05ttO97L5ywP5jDshBZ0BycsYn78IQxIRxIzue32+pXJiWeL289YAG
xcMXlp3RcCrJBUARzZ/ThNqDehfVf07eIn91q14DvxEzc5IL6sRf3m60YSDXkwox
6KgaNLt49gLqwJ/rjVm1GECZrcQdfLFVnQ3orXzHv03+lVd2/NVZlBKFyWvnnaZP
Th8mxXXEJHSlaBWhv048bMs5hQhOcx+k0RRqGWadNtjW0HefShwuoQO4MPwGllD6
FNpfbGJKrta9Borr2HuuNhMJX8t4hWuRCxTrc7g1XGGJz5ssY6mILjA+ycp4TSz8
3O2VJqrX2z1Ff/DapV/lb8FU30JtZCqGNDwakr4SzIHAqwZI4oqSpBe3av1Knuf0
mj0r5mHxU0pqgQendeoeBgxx01GXahoXDi9zy0tm/gUS8/sBSaGDf7rczpWGcm0y
Z1XmUBuN7iZYqd1Gvh/qtwlV9g+1J9KL1IzfoMFNnNBQbPixXzA1Ibep1eIAAAAA
AAA=

--Sig_/J_HhMHjp0FHYYB.x_9v55wV--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20240419153951.5a23ce5f>