FreeBSD Mail Archives

Date:      Wed, 24 Apr 2024 07:54:17 +0200
From:      Gerrit =?UTF-8?B?S8O8aG4=?= <gerrit.kuehn@aei.mpg.de>
To:        Matthew Grooms <mgrooms@shrew.net>
Cc:        stable@freebsd.org
Subject:   Re: possible regression handling packet fragmentation in 14.0 with tftp/pxe
Message-ID:  <20240424075417.6640e97f@arc.aei.uni-hannover.de>
In-Reply-To: <922446cd-4511-4132-8e8f-9c9144a7f9b1@shrew.net>
References:  <20240419153951.5a23ce5f@arc.aei.uni-hannover.de> <86y1999wwe.fsf@ltc.des.dev> <20240422075948.5bb856ac@arc.aei.uni-hannover.de> <86o7a18ppl.fsf@ltc.des.dev> <20240423071923.52b90652@arc.aei.uni-hannover.de> <922446cd-4511-4132-8e8f-9c9144a7f9b1@shrew.net>

index | next in thread | previous in thread | raw e-mail


[-- Attachment #1 --]
Am Tue, 23 Apr 2024 09:50:33 -0500
schrieb Matthew Grooms <mgrooms@shrew.net>:

> Sorry. I didn't missed some of the previous details here, but I see you 
> mention pf below. Did you happen to see this?
> 
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276856

Ah, great. No, I hadn't seen that before, thanks.
This certainly looks like it might be the cause of the issue I see,
although I'm not sure I fully understand the situation. What I get so far
is that

* 14.0 does not reassemble packets by default anymore when using scrub
  while 13.x did

* 14.0 silently drops fragmented packets by default where 13.x didn't

Is that correct? That would probably explain why tftp couldn't pass my vpn
tunnel anymore.

What I am using in my pf.conf is a simple
---
scrub in all
---

From the bug report I get that either using
---
scrub fragment reassemble
---

or

---
set reassemble yes
---

should be able to fix this and get the old behaviour back?


I remember playing with the "scrub fragment" option last week, but maybe I
didn't try to explicitely turn it on as that was described as default in
the manpage.
Anyway, I'll look into this again, thank you very much for the pointer.



One more question:
Looking at the linked reviews:
https://reviews.freebsd.org/D42355
https://reviews.freebsd.org/D42270

These appear to address the issue. I can get to the actual commit from the
review:
https://reviews.freebsd.org/rGede5d4ff5b39ccbc193c30fb6c093c7c4de9a464

Is there an easy way to find out where this commit ends up, i.e., whether
it is merged into 14.0, 14.1 or so?


cu
  Gerrit

[-- Attachment #2 --]
0�	*�H��
��0�10
	`�He0�	*�H��
���0�20��0
	*�H��
0{10	UGB10UGreater Manchester10USalford10U
Comodo CA Limited1!0UAAA Certificate Services0
040101000000Z
281231235959Z0{10	UGB10UGreater Manchester10USalford10U
Comodo CA Limited1!0UAAA Certificate Services0�"0
	*�H��
�0�
��@��n��v�MED��Fȃ��*�����]P�1���p"�I-Tc̶nhFS��L$��rN����T�
�z�3`�ډU�"X�������O�h�F�'�v���5,�^de��H����a�v P���f��xbV���1����8��'2Xo�k��+�����c_s����8��x6Q���x:���B��/��I�-߬tM��G��)����b����&{>�%��ݝ�5h �����Ä�
^�/����0��0U�
#>����)�0��0U�0U�0�0{Ut0r08�6�4�2http://crl.comodoca.com/AAACertificateServices.crl06�4�2�0http://crl.comodo.net/AAACertificateServices.crl0
	*�H��
�V�������{�D��O���X̦��Ihv���]�`֍PO&N�氥tTA�����OZ�``�J���¿Ĺt��-}k���F�/��j��4,}��Z��
����/�\:�l7U	��S@lX����en��<�Zƞ��YH0!el��!s���7�����Χ,�,��&�"�`��^tԢ�S��h�n��l�����h�V���+8:	��k�׾-�?��c��b,��jAP�9����6��n0��0�i�9rD:�"�Q��l�15�0
	*�H��
0{10	UGB10UGreater Manchester10USalford10U
Comodo CA Limited1!0UAAA Certificate Services0
190312000000Z
281231235959Z0��10	UUS10U
New Jersey10UJersey City10U
The USERTRUST Network1.0,U%USERTrust RSA Certification Authority0�"0
	*�H��
�0�
��e6���ЬW
v��'�L�P�a� M	-d	�Ή��=�������ӱ�{7(+G�9Ƽ:�_��}��cB�v�;+���o�� �	>��t����bd���j�"<����{�����Q�gFQˆT?�3�~l����Q�5��f�rg�!f�ԛx�P:���ܼ�L���5WZ����=�,��T���:M�L��\��� =�"4�~;hfD�NFS�3`���S7�sC�2�S�۪�tNi�k�`������2�̓;Qx�g��=V��i�%&k3m�nG�sC�~�f�)|2�cU��
��T0��}7��]:l5\�A�کI�؀�	�b��f�%�̈́��?�9���L�|�k�^�̸g����[��L��[���s�#;-�5Ut	I�IX�6�Q��&}M���C&пA_@�DD���W��PWT�>�tc/�Pe	�XB.CL��%GY���&FJP��޾x��g��W�c��b��_U.�\�(%9�+��L�?
R���/����0��0U#0��
#>����)�0��0USy�Z�+J�T��؛���f�0U��0U�0�0U 
00U 0CU<0:08�6�4�2http://crl.comodoca.com/AAACertificateServices.crl04+(0&0$+0�http://ocsp.comodoca.com0
	*�H��
��Q�t!=���'�3�.�����^�"o�u��r�������-�J~��or<C;�?��\��Ʈ����{C��6|����?�޸�����Cd~����}}��B+�X����fv��N�΢M�2����q�[�A�
"���͒7�;��:��E&u����?{w;���=�\9�?{
E͓��/]�YO?Q��E?�J��at#�
Ps'DG]�*k�1��jL��jxϸ�vr���ב��_�0��0�Π1p�5��$��V���I0
	*�H��
0��10	UUS10U
New Jersey10UJersey City10U
The USERTRUST Network1.0,U%USERTrust RSA Certification Authority0
200218000000Z
330501235959Z0F10	UNL10U
GEANT Vereniging10UGEANT Personal CA 40�"0
	*�H��
�0�
��J�"^'[�[52 ���1@��P��Dʯ�Ja-��b�3j-�Bʖ<�p=�h��x�n<����0d[��I��e�p^¾r���{�D$8U�ӡ};���'��Q܌�=32�0Ѭg���Gx�& �5ꄪi�7��t���b�L��d�jK�2�����@�v7�*!즃���ɽZD�3'�6�Q_�*Y�R�4�o>��D���At|ز��?u�i+���􉮺Pg��lw�i���3��PeV"����J�D���"���<�"K��ښoKv�+�1u#8���!��͋���G��1��ߛ������f"Qi>�g���%NY�.��^�r��ax�1ym�"�x�~T���i�/���
��]r���n��Y�H���ϴ�,,q5����;}�&~��Wmf*�r|������:ؖ�8��ŧjraC��3�j��f|��k���X���o�+��V)25��nE�!�u�;-/����
�%�l�>v&��L3��(���;�pog��S���`Ӹ�>/���0��0U#0�Sy�Z�+J�T��؛���f�0Ui��!X��� �
ݧQ���0U��0U�0�0U%0++08U 10/0-U 0%0#+https://sectigo.com/CPS0PUI0G0E�C�A�?http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v+j0h0?+0�3http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%+0�http://ocsp.usertrust.com0
	*�H��
�
N{
�9�o�b�������x�?G�]tC�@`�JϐD�W#������k�z9Q�Ҟ�,�=1t���3��?�S
< 7D��5(/Mn�7j�\����y|�؀�A�̵/�k>��5	���C�1C1�X�E�O�	4s��jq�#(61�Y�m��������A<�K_~4J��5Pf�7VG�l����i�/�+5��O���7�f�|P��k�������޳���D�!Uk�4��O��dye�p��@W�o[+0k/5�֬HM�{ْY6�G`�������4��3d�
��Ԧ�nV0[<�U��R��O\��^<ɵ���(�(�o��w������"��*u���5����1]�+��m�0��	��3Ă�VM�b��FNb�@ڱɛ����{���~␘�&j��Y�z�p�tYB
���-:E�j#dD��ݧ�/c�BtFԼ3=�\�]�;62h�Pj��)���l�/��T���#6��"8����$�2�x]��si�0�K0�3����&V��)�vQ�Z�0
	*�H��
0F10	UNL10U
GEANT Vereniging10UGEANT Personal CA 40
230815000000Z
260814235959Z0��10U805391G0EU
>Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V.10U	Hofgartenstraße 810
UBayern10	UDE10UGerrit Kuehn1&0$	*�H��
	gerrit.kuehn@aei.mpg.de0�"0
	*�H��
�0�
���~�D-!!�&��t/�ʍDp����~��Ο�r}V��kr�y{���{��%E]i��ZU+;�UH88>6�i�B�W�(R��?���cHh��c���{}'4V>����5��6��T~x@��e�ঊRԪo���+"k�tuK@��0&�O�I�%��m��������g�l2��b����60������~��Y���0;�cI��;�s.
~i�7R��UPQR�C�}��>�BkȻN���(Il9��������@p�bNX�^�E��l�d�~ ~¦�^�t�Q�
���ھ��V/��p��&-t�)o��,l�����~��(5�zK �9�r�%�����ǳe�G�vGs�V�+��>n�8uY�`�@�=e�N�K]Q�x��-S�~o	=�e���M��U	R5yѩv�����S�	(a������{
Q��غ`�:�m}R�O��g�tWVd���<O����%!V�
rL|��#_�g�{��g\�/�RE���c�e�+�����0��0U#0�i��!X��� �
ݧQ���0U�p�̴%���c�?�����0U��0U�00U%0++0?U 80604+�1O0%0#+https://sectigo.com/CPS0BU;0907�5�3�1http://GEANT.crl.sectigo.com/GEANTPersonalCA4.crl0x+l0j0=+0�1http://GEANT.crt.sectigo.com/GEANTPersonalCA4.crt0)+0�http://GEANT.ocsp.sectigo.com0"U0�gerrit.kuehn@aei.mpg.de0
	*�H��
�m@{�k�g�/�{��:gl
J�O[��X��[:��F9F&OFM:;_�9�Ih�uȘ��X�sJ!饈$C5U�bW8�S�F�7��hA����=e<�0���A��Lhƺ���O�����T����(]�9ˌ,�釻]�B�U��1��\F���l4m>������P��1�c��
o�/VE�l9���YF�`�x�I�Q�j�ũ���%�;����3,#Ӊ�*x��ŵ�~���R��L����E�ADUY�u�����̣Ɨ|󋴶(J��/�yz��P��%���%��LB�h4����f*�~��
����$�T���1��=]�Dnϧ��~ѱ��Z"��Y����U*�q*�`_��@�G�ֽo�
�1&X|�����c�?�V�*36�ؖ7=���j
�l�Y����.|8��$��7ZEϪY��|@9�D�6i����IF�R/�N�2�n�����"��l��ȭ����9��,RFi؄/ySݷa���-Ds� ��п�1�,0�(0[0F10	UNL10U
GEANT Vereniging10UGEANT Personal CA 4���&V��)�vQ�Z�0
	`�He���0	*�H��
	1	*�H��
0	*�H��
	1
240424055417Z0(	*�H��
	100	`�He0
*�H��
0?	*�H��
	120����@wY`m$���a���0�]���f$=<}^�"�G���k�!U0
	*�H��
�����i��?{OsC|B��UD�"��o�FAm'�����D3b�X	�E�;�ƞd%��[tH�o�� ��c��j�X=I��jW2�r`q��m�;e��{�+�
�Ё}С�@"�5����A9�,�չ@�o�W)�ג��PB�#�#ܳ��e@�����������CX�s�y+vzo@i��RT�\Z�iyQ`�^e��}\��l^�w��a/~��dY����d�	�ћ|���b���X�c}�S���`�Y�����
�܆�s �c@��q�-ү��
28P��$���,O�q�p�#jЃf�zůʙ�:3=�b��H>���E:��W���V�b�F%P$BO֑x�E���~#�g�^��L�6�$�R06�U4�G��=�I�:&�/���oc����3�`E]>D4yng��0*�pgD�Ǣf�e�3��c���ź�p	j�7���e=���:v#��`Yf�$X"�yKB�f��,��{����hk�L����`

home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20240424075417.6640e97f>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation