From nobody Mon Jun 10 23:16:45 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VynkP4fscz5N6S8 for ; Mon, 10 Jun 2024 23:16:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VynkP2fRzz4ZNK for ; Mon, 10 Jun 2024 23:16:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1718061405; a=rsa-sha256; cv=none; b=ZNuZmAnvfKHfnQuHcRqNvDsVVk5zsxJVB3hHjipmIv7iJ8jSD1x7xMdV5+MLJpfQNK1QHm GFQDF2OI5JzkySdiZ7+SEWkDnIYjSiiUGllygtB5SRGdJvoxmAxSk8AklbRc0kZUnMwfY0 BbBI4mtaornECpsZ3sH5DhNvgnJxW4AWXwW1oAxjeo/DEYe+urlSWFZGM4d4mItP9y4U+v VFMh4tUJG6z29SzvIrGOVkno+ScpscWETKBdwlsCOD9rGmmIUYdjRrsvz2Gfssvv+qGSaj 3O4H9JbmxRA5Tn+YdE8bA08Sb6tBOCsqQP9wg0fNsi23Ow10CN8LlkKf2wFbwQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1718061405; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CCNKsQCMMoqpGzlIZeGF2D5SNYKSc5MzxOFiM9gZcnQ=; b=IiuYuPtL6lSiIaqqGEUQeInNcqKi7S2mJbs3jFFFn0/1a0PIEFxOKz5poRIhsBy3EMqIWc nRo+nigOHFUgP2xPI466qHBqvujnSZsAO0t4oVxsFYI229xnY1aOucdyjLv5VbX4WrYu46 mp5xRMJEwOl2feLqWS46pTEnSBTqTm1l03BgfiTEZLEovcTseRumzhTRWHyurY5vaEfeIY a3VYFJkzfd9xxuyatSNfBdUjb8IfcVafipaK/4G8pN1TWKeG0m7eT5ibaKm6yqM9cPznpp lAyPpw+f8H9RCYO68R/r1df65AhRFF4E7BHrDzUESHwVIuyMkjOv4ecas+TOsg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VynkP2F9tzlVB for ; Mon, 10 Jun 2024 23:16:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 45ANGjwx006132 for ; Mon, 10 Jun 2024 23:16:45 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 45ANGjJn006131 for net@FreeBSD.org; Mon, 10 Jun 2024 23:16:45 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 279653] Page fault in in6_selecthlim Date: Mon, 10 Jun 2024 23:16:45 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.0-STABLE X-Bugzilla-Keywords: crash X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279653 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |net@FreeBSD.org Keywords| |crash --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Jun 11 01:51:22 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Vys8q3vpcz5NMjR for ; Tue, 11 Jun 2024 01:51:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Vys8q2s16z4pRP for ; Tue, 11 Jun 2024 01:51:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1718070683; a=rsa-sha256; cv=none; b=UfpnMQy08MmENxhiPw+CDJYC5db/dtZO0wP2AqFZ5Qqf6XjJvOK5p3vW3oSTou9vTLuDIo o5OA6u5v8hQKOSuDxoTv3Pez0uRFW4BHZp9BJB6Hnz8Ft33MJp4etRs5lEmKsppVRhqXqQ CSKsLVtvmjQm3nauj2uSA+eodp3cnOpihIniPv7d5zd6SIKNgj/IujYx0lby/OTCKDZyiQ 9V+1a4dsTkZ/t+p8gdDnpka2SiR/zr9kKWbxhYdLxJpynPjWiiDj6I0FTkS6XXsyBirKyv g/4yLACouQ1B7CK+Mz1yMKkJa7pE6DQYo93Ag9cWs7URNage+9UmJAnqHyntBQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1718070683; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EzERQdPzfS5vkBYd5Me2qYDFTdz8ohqU/TZktw+4eZQ=; b=g6U7pQ8NrHQznsrUHzN4nwtwvGTPnJdqRKiG7cvpTlenEpd+McdExGClnuO9K7iqsh+2Py J10FFgDmEdCtPqNWqTNDulN94Fwht2P5GJFyBEGi6dZPr3UQuxdxkz+rNUhmx+ozBst43s hqGE3hUl4YvWoztrHgFlNE7Qgcq6rXulpp7HOUyJyoSO3lEDBWbAQBGGpDs1uxOkQ4wrxM qqbN4Qcov1lkh3STzIuz6Ciqgn0EU+s4Uhm0q0k6yaYvJExHFu5cQc2pEx3gtQtzKQQrLF QtTrrqaDSWCl3I13U6ZmVUSx9/FfoZ+LDn9imeZzYNs5lL0zAFbOCKQpD88gsw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Vys8q2TdVzqRM for ; Tue, 11 Jun 2024 01:51:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 45B1pNc5016457 for ; Tue, 11 Jun 2024 01:51:23 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 45B1pNVj016456 for net@FreeBSD.org; Tue, 11 Jun 2024 01:51:23 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 279653] Page fault in in6_selecthlim Date: Tue, 11 Jun 2024 01:51:22 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.0-STABLE X-Bugzilla-Keywords: crash X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: zlei@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279653 Zhenlei Huang changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zlei@FreeBSD.org --- Comment #1 from Zhenlei Huang --- (In reply to Daniel Ponte from comment #0) The stack trace is weird. The caller `sys/netinet/tcp_output.c` ``` 1444 ip6->ip6_hlim =3D in6_selecthlim(inp, NULL); ``` The callee, `sys/netinet6/in6_src.c`: ``` 843 int 844 in6_selecthlim(struct inpcb *inp, struct ifnet *ifp) 845 { 846=20 847 if (inp && inp->in6p_hops >=3D 0) 848 return (inp->in6p_hops); 849 else if (ifp) 850 return (ND_IFINFO(ifp)->chlim); 851 else if (inp && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { ... } ``` The line 850 of should never hit as `ifp` is NULL, the backtrace also shows that clearly. That is quite odd ... Is it possible that kgdb report the wrong line number= ? --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Jun 11 10:09:57 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Vz4D54xBSz5P4r2 for ; Tue, 11 Jun 2024 10:09:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Vz4D519R4z4Ml4 for ; Tue, 11 Jun 2024 10:09:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1718100597; a=rsa-sha256; cv=none; b=gDMMoHBHNODZvGahWtAowE93H+5jjnw4ybbpPh4kRiWMRTmR3w294mAq9yWi8x+1c+c5vl LEydXlq4i3zYvK7AAgGvf0+zIis/bZyP9T85RLnwN6KXtuu2wv2FH+fyqHF2d4sDF8ofuj fMcQPyhilrDMOkfCkRAtucIUoHtsTF3gzY6cz8GnmtiQMJ7aKgsm7gzE2PSognJ8rV+hLY s4Oj99IiKxW44veWg0eo//kvetq1JvkkSL8NOde+7oSvdeP47LxQSQwNSw7RAwDN6q9wSg utNjpHCgkFsK84ww+jBb89kzl63+pxvbWM8anFtTtqMU04zw1DmwYki4SP7JJQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1718100597; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fErnHhZ9QjZPp/DP5NOZXAQ4BTp7pTSwoszhcJVGicQ=; b=ceS/OTVO+3MpeG2sGWpDca/SNQO5L3yiuBLqYg5kNkUkeFtZVo0MkQsDejjBJj0coGWJha oklLy/BCd8UdywLZnPOaQPaxR2WlIWGWtYtpGLf9RlRtLnKZyXgE2TUTbcEXW9MnPy+kh2 H+hjoypoycc/jS12yfUrFveh/C6nuzgWr0HSDumpd5eNrwYpyiYDNiM7qH/En7L/GDbyEe S4qdQg+Wci0N3aUbvltKqEAvkR0HadzGG6IdAjrIWkGpRUulxT09pPyBgK6Mh1XqYEKhOs u7RGxhP6xqpAP7VSSe7KGl3cqAWwKwjZd6nVT18G2vAdxrZ07ykmSMWUenO8BA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Vz4D50cZpz14fl for ; Tue, 11 Jun 2024 10:09:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 45BA9ukt043570 for ; Tue, 11 Jun 2024 10:09:56 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 45BA9u9O043568 for net@FreeBSD.org; Tue, 11 Jun 2024 10:09:56 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 279653] Page fault in in6_selecthlim Date: Tue, 11 Jun 2024 10:09:57 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.0-STABLE X-Bugzilla-Keywords: crash X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279653 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ae@FreeBSD.org --- Comment #2 from Andrey V. Elsukov --- (In reply to Zhenlei Huang from comment #1) fault virtual address =3D 0x10 corresponds to offset of nd_ifinfo field in = struct in6_ifextra that is returned by if_getafdata(). --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Wed Jun 12 15:33:20 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VzqLm35Lzz5Mw7c for ; Wed, 12 Jun 2024 15:33:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VzqLm1rfnz4Vc0 for ; Wed, 12 Jun 2024 15:33:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1718206400; a=rsa-sha256; cv=none; b=LaYB84+jPA2ezQmw7Pzw/2612MnQzs0GPBEn6O3HPmxkJZIvY0FUb3ck/XjuGAcRl6vjqE OREjDUjDFMSw7L9c6C0F6pRs1kYzi+53NijGP/HgVqDcYqiHV+P8auKG9i7eRMdy/r/QD4 eYKXcXJumHtWkMX/kR9P0Z7XTi5ALnryj2KzgqWnEQOEgm3i7y2bTmYM6sHWWD5g/aLi5Z FGTvVkDpjkDBlpOFmZXLEO/qo4yAeFSyCJfoNyvbfmVton56eDfqQ42BYSH/TXusEs3zpV MojZ5F7+3/2Cph8bZNZYkR7stxrdlaqw9nYlq/XQ8VtTMkMa7QsZjpO6LOeQRA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1718206400; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=REurZ9ivdgg4FCbum7KG/61GZUszVYzO+Rn1sWX4FA0=; b=oBBlS6LNGs2lWyzB52XJ75d0OGph9a1fKE0rL0vTat8v4QfipiVImsAFxqzX7ZGgOICwJ4 kRgHmCoszP4w3Xuf5l1fWUZHn7Lj68FoQE32PmRY08o6UGbh/YDrGAb1KtF8SLgpb1sHP8 hARtxipXvE4+tg5pptnqO0kFrx+HcSwfgttM62rFNLvC9wG1PfX2F0BHAmqKPwkx2TMSlE 6PLQi8kgJeqXiPy92oFBjUKE32ZnKX0xB7Wp4IhG5bO2wb9INbcdI/7VJtdvNWXMh8XI4r UnAE8Gg7wTKJRT2UFcz/n5l8P5pTxIn6+aoFWpYqQh5Hvh+Eg+1C1dagSbnMFQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VzqLm1S3RzymX for ; Wed, 12 Jun 2024 15:33:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 45CFXKVC086755 for ; Wed, 12 Jun 2024 15:33:20 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 45CFXKb7086752 for net@FreeBSD.org; Wed, 12 Jun 2024 15:33:20 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 279550] tun interface get stuck and cannot be destroyed Date: Wed, 12 Jun 2024 15:33:20 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.3-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: r4@sovserv.ru X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279550 --- Comment #2 from Ivan --- Sorry for the sub reply, but I'm not getting any emails from bugzilla for s= ome reason. It happened once, after some time the stuck interface self-destructed. It h= as not reproduced again so far. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Wed Jun 12 15:33:20 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VzqLn103Tz5Mw7j for ; Wed, 12 Jun 2024 15:33:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VzqLm61Ryz4VW2 for ; Wed, 12 Jun 2024 15:33:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1718206400; a=rsa-sha256; cv=none; b=UAjtXvXvZvXFIpmDzauudD6v1EIrb3udxeAGXYwbg2466i6WORXn7zqaqQDoXw+mpQSkaG SrbzHFJE21Pm/IM6NUth/2W10zw9y7OGmYYEJpnxAsikOEzeY/n5ygW0UYwMvz8pqb6LIq DNMviK5/boai/0qEc3Uch+0syCq4ylXGkvRiOkR71N/mJQqvR/Gc0DFHfdAw1rB+PPjjZF 7d/9aXGHXxmhrUT/NyIuMRfZKzB/gP2gJNCpztU56DRNhzbYew8DzhWS0Cytu3fZmiw/Cv q6uJEmUAI8sFfsTwR2TptI+BmKSyNmT2+ck4eiPO5Xbe92x1J5ZZYc904JJpyw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1718206400; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bENVh6UW8t0Zjl+A5sZ0oyQC2opIf2cG5PqmvsmGA/U=; b=jdpqjTHJQc9QQBPPfafK4HmhyXFIfIviJu2PhNbC6vA2Z3tnY3iN1tFP8DNhZwskPHenTI XpOabZ3kGMRXGCxH/4qjHnU/JXnvi+iHKncJleBvD4x0R1uDaoyq/0bAXfwfH6J/IIKD/J 2/6LbnzIxaQpGsv7FxAi7LfsBfmvEJy9nEDF1ywXluVGmgd52gU5MtcUtl0658bUE1TTgK hKEiq0tD6aODBH/xHxhsluQwvoHKIyBMihxp5KddPHoyVYXEDABol3zaqZqhRv2jPAfpU1 DxTdOQzSXgGGZnbsP9WxWi7dRYeoKs1T/Xv7vFYwboBAX5h7+13w0v7OoW7hNg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VzqLm5Vj1zykV for ; Wed, 12 Jun 2024 15:33:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 45CFXKSO086795 for ; Wed, 12 Jun 2024 15:33:20 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 45CFXKXj086794 for net@FreeBSD.org; Wed, 12 Jun 2024 15:33:20 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 279550] tun interface get stuck and cannot be destroyed Date: Wed, 12 Jun 2024 15:33:20 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.3-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: r4@sovserv.ru X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279550 --- Comment #2 from Ivan --- Sorry for the sub reply, but I'm not getting any emails from bugzilla for s= ome reason. It happened once, after some time the stuck interface self-destructed. It h= as not reproduced again so far. --- Comment #3 from Ivan --- Sorry for the sub reply, but I'm not getting any emails from bugzilla for s= ome reason. It happened once, after some time the stuck interface self-destructed. It h= as not reproduced again so far. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Wed Jun 12 21:47:54 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Vzzg61KBgz5NWpy for ; Wed, 12 Jun 2024 21:48:02 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (pdx.rh.CN85.dnsmgr.net [65.75.216.6]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Vzzg50xjkz4NC7; Wed, 12 Jun 2024 21:48:01 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=gndrsh.dnsmgr.net; spf=pass (mx1.freebsd.org: domain of freebsd-rwg@gndrsh.dnsmgr.net designates 65.75.216.6 as permitted sender) smtp.mailfrom=freebsd-rwg@gndrsh.dnsmgr.net Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1]) by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id 45CLls89042314; Wed, 12 Jun 2024 14:47:54 -0700 (PDT) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: (from freebsd-rwg@localhost) by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id 45CLlsgN042313; Wed, 12 Jun 2024 14:47:54 -0700 (PDT) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <202406122147.45CLlsgN042313@gndrsh.dnsmgr.net> Subject: Re: Discarding inbound ICMP REDIRECT by default In-Reply-To: To: Ed Maste Date: Wed, 12 Jun 2024 14:47:54 -0700 (PDT) CC: freebsd-net@FreeBSD.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.70 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.90)[-0.896]; DMARC_POLICY_ALLOW(-0.50)[gndrsh.dnsmgr.net,none]; R_SPF_ALLOW(-0.20)[+ip4:65.75.216.0/23]; MIME_GOOD(-0.10)[text/plain]; ARC_NA(0.00)[]; ASN(0.00)[asn:10494, ipnet:65.75.216.0/23, country:US]; RCPT_COUNT_TWO(0.00)[2]; MID_RHS_MATCH_FROM(0.00)[]; R_DKIM_NA(0.00)[]; MLMMJ_DEST(0.00)[freebsd-net@FreeBSD.org]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_TRACE(0.00)[0:+] X-Rspamd-Queue-Id: 4Vzzg50xjkz4NC7 > I propose that we start dropping inbound ICMP REDIRECTs by default, by > setting the net.inet.icmp.drop_redirect sysctl to 1 by default (and > changing the associated rc.conf machinery). I've opened a Phabricator > review at https://reviews.freebsd.org/D45102. I propse that we NOT do this. If you need this to protect your end node your probably doing something really unsafe network wise. The place that ICMP REDIRECTS should be dropped, and is most places, is at access routers and firewalls. Any one that needs this change to protect there network has larger issues than an ICMP REDIECT causing some issues. ICMP redirectr are very usefull for not having to run routing protocols on all your end nodes and allowing your edge/access routers tell your internal hosts via redirects how to get to places more efficiently. > > ICMP REDIRECTs served a useful purpose in earlier networks, but on They still serve this very usefull purpose. > balance are more likely to represent a security issue today than to > provide a routing benefit. With the change in review it is of course > still possible to enable them if desired for a given installation. > This change would appear in FreeBSD 15.0 and would not be MFC'd. > > One question raised in the review is about switching the default to > YES but keeping the special handling for "auto" (dropping ICMP > REDIRECT if a routing daemon is in use, honouring them if not). I > don't think this is particularly valuable given that auto was > introduced to override the default NO when necessary; there's no need > for it with the default being YES. That functionality could be > maintained if there is a compelling use case, though. The policy that is there now is exactly how things should be configured for a host in a network protected by a proper router w/firewall. The existing "auto" does exactly the right thing. > > If you have any questions or feedback please follow up here or in the review. > > -- Rod Grimes rgrimes@freebsd.org From nobody Wed Jun 12 22:05:39 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W003Z6BjLz5NXx2 for ; Wed, 12 Jun 2024 22:05:46 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Received: from udns.ultimatedns.net (udns.ultimatedns.net [24.113.41.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "ultimatedns.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4W003Z4Mcnz4S41; Wed, 12 Jun 2024 22:05:46 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Authentication-Results: mx1.freebsd.org; none Received: from ultimatedns.net (localhost [127.0.0.1]) by udns.ultimatedns.net (8.16.1/8.16.1) with ESMTP id 45CM5esh018851; Wed, 12 Jun 2024 15:05:46 -0700 (PDT) (envelope-from bsd-lists@bsdforge.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ultimatedns.net; s=mx99; t=1718229946; x=1718230546; r=y; bh=FaP2M6eO7bzOnrXkcNfpZG6k0oTzQ0Q/prS3hcASwbA=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=bLJh3RFTDWV0Dld8qzU6k/tSsAODledgv9GU1LPHM+3erRM+DsLvQHU4xHrf3rX+I kznIvOXh14SAmxvbNTKIHbPX4HKq0khdfnMmVtgAG217oa0QSoLJfhjyKhz8EEThR/ un6T4BlH9S1QqsRkhk6RrbzvlcKqs41IQUyEjdJV1vgZdVXrYRaBwufK5HRRbXb0M7 wqzPyxs77s1HRqRes0VESKlY7oJ+pehiFfrRdaW0QkGyWUgG6gmNGROTVBRxK4Ty4q gqt9gLQ4O7rZA4QmZ+lw0LAzuOKXYOABRLSGoNMjI1n56hS/oQzqwLVa4d/rw6wp79 D5ezbRYbtHSoQ== List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Date: Wed, 12 Jun 2024 15:05:39 -0700 From: Chris To: "Rodney W. Grimes" Cc: Ed Maste , freebsd-net@freebsd.org Subject: Re: Discarding inbound ICMP REDIRECT by default In-Reply-To: <202406122147.45CLlsgN042313@gndrsh.dnsmgr.net> References: <202406122147.45CLlsgN042313@gndrsh.dnsmgr.net> User-Agent: UDNSMS/17.0 Message-ID: <72ceb2fe26812a237a17bd8de4024b7f@bsdforge.com> X-Sender: bsd-lists@bsdforge.com Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:11404, ipnet:24.113.0.0/16, country:US] X-Rspamd-Queue-Id: 4W003Z4Mcnz4S41 On 2024-06-12 14:47, Rodney W. Grimes wrote: >> I propose that we start dropping inbound ICMP REDIRECTs by default, by >> setting the net.inet.icmp.drop_redirect sysctl to 1 by default (and >> changing the associated rc.conf machinery). I've opened a Phabricator >> review at https://reviews.freebsd.org/D45102. > > I propse that we NOT do this. If you need this to protect your end > node your probably doing something really unsafe network wise. The > place that ICMP REDIRECTS should be dropped, and is most places, is > at access routers and firewalls. > > Any one that needs this change to protect there network has larger > issues than an ICMP REDIECT causing some issues. > > ICMP redirectr are very usefull for not having to run routing > protocols on all your end nodes and allowing your edge/access > routers tell your internal hosts via redirects how to get to > places more efficiently. > >> >> ICMP REDIRECTs served a useful purpose in earlier networks, but on > They still serve this very usefull purpose. > >> balance are more likely to represent a security issue today than to >> provide a routing benefit. With the change in review it is of course >> still possible to enable them if desired for a given installation. >> This change would appear in FreeBSD 15.0 and would not be MFC'd. >> >> One question raised in the review is about switching the default to >> YES but keeping the special handling for "auto" (dropping ICMP >> REDIRECT if a routing daemon is in use, honouring them if not). I >> don't think this is particularly valuable given that auto was >> introduced to override the default NO when necessary; there's no need >> for it with the default being YES. That functionality could be >> maintained if there is a compelling use case, though. > > The policy that is there now is exactly how things should be configured > for a host in a network protected by a proper router w/firewall. > The existing "auto" does exactly the right thing. > >> >> If you have any questions or feedback please follow up here or in the >> review. As Rodeney already effectively explains; dropping packets makes routing, and discovery exceedingly difficult. Which is NOT what the average user wants, or expects. I use "set block-policy drop" in pf(4). But as already noted, this is for "filtering" purposes. Your suggestion also has the negative affect of hanging remote ports. Which can result in other negative results by peers. Please don't. :) >> >> --Chris From nobody Wed Jun 12 22:37:04 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W00lr4Ndkz5NbJM for ; Wed, 12 Jun 2024 22:37:12 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Received: from udns.ultimatedns.net (udns.ultimatedns.net [24.113.41.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "ultimatedns.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4W00lq48xGz4WQy; Wed, 12 Jun 2024 22:37:11 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ultimatedns.net header.s=mx99 header.b=M1XpBQ8X; spf=none (mx1.freebsd.org: domain of bsd-lists@bsdforge.com has no SPF policy when checking 24.113.41.81) smtp.mailfrom=bsd-lists@bsdforge.com Received: from ultimatedns.net (localhost [127.0.0.1]) by udns.ultimatedns.net (8.16.1/8.16.1) with ESMTP id 45CMb5HQ091289; Wed, 12 Jun 2024 15:37:11 -0700 (PDT) (envelope-from bsd-lists@bsdforge.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ultimatedns.net; s=mx99; t=1718231831; x=1718232431; r=y; bh=fTvLKGEkOXtlLwIG6hno8NI/LdgTkk7oCIHjWJ2oR4s=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=M1XpBQ8XcELhqo2U+j4PwhP4olSgMVyT/J8HcY3jaVcP3m0OuxD4Kg1GlId/4VFkt NhfWuLQD2kHh6nn5gsrg9z/lm3P+q4LmSrnvat/k5NkCe64DmUuYWYoJU0ZZTuQbbQ acsUzuc0XUMSIbn0FDbdJw9XHZ7YQIMjbVwnGzOUOw8y0BHf4suGNbHyPdR1ta0Z+L Ka/K6XdnJ7JV6s+dZQYduRKer4PvQKR7eSGMfL8dIOUjl+pid84YC4fAuN9xtSEtSm IFWHb+QqN0GtxgiZPZsuo+2NNZMzBe7g3LEvAH0u6XTTztaTS5leyE2tKgPB7g2I+C NnS0c1MwkmqKw== List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Date: Wed, 12 Jun 2024 15:37:04 -0700 From: Chris To: "Rodney W. Grimes" Cc: Ed Maste , freebsd-net@freebsd.org Subject: Re: Discarding inbound ICMP REDIRECT by default In-Reply-To: <72ceb2fe26812a237a17bd8de4024b7f@bsdforge.com> References: <202406122147.45CLlsgN042313@gndrsh.dnsmgr.net> <72ceb2fe26812a237a17bd8de4024b7f@bsdforge.com> User-Agent: UDNSMS/17.0 Message-ID: <7628aa81fb381a08cbb1c2fabf6bc493@bsdforge.com> X-Sender: bsd-lists@bsdforge.com Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Bar: / X-Rspamd-Pre-Result: action=no action; module=multimap; Matched map: local_wl_ip X-Spamd-Result: default: False [-0.20 / 15.00]; R_DKIM_ALLOW(-0.20)[ultimatedns.net:s=mx99]; MIME_GOOD(-0.10)[text/plain]; ONCE_RECEIVED(0.10)[]; ASN(0.00)[asn:11404, ipnet:24.113.0.0/16, country:US]; DKIM_TRACE(0.00)[ultimatedns.net:+]; R_SPF_NA(0.00)[no SPF record]; local_wl_ip(0.00)[24.113.41.81]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-net@freebsd.org]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+] X-Rspamd-Queue-Id: 4W00lq48xGz4WQy On 2024-06-12 15:05, Chris wrote: > On 2024-06-12 14:47, Rodney W. Grimes wrote: >>> I propose that we start dropping inbound ICMP REDIRECTs by default, by >>> setting the net.inet.icmp.drop_redirect sysctl to 1 by default (and >>> changing the associated rc.conf machinery). I've opened a Phabricator >>> review at https://reviews.freebsd.org/D45102. >> >> I propse that we NOT do this. If you need this to protect your end >> node your probably doing something really unsafe network wise. The >> place that ICMP REDIRECTS should be dropped, and is most places, is >> at access routers and firewalls. >> >> Any one that needs this change to protect there network has larger >> issues than an ICMP REDIECT causing some issues. >> >> ICMP redirectr are very usefull for not having to run routing >> protocols on all your end nodes and allowing your edge/access >> routers tell your internal hosts via redirects how to get to >> places more efficiently. >> >>> >>> ICMP REDIRECTs served a useful purpose in earlier networks, but on >> They still serve this very usefull purpose. >> >>> balance are more likely to represent a security issue today than to >>> provide a routing benefit. With the change in review it is of course >>> still possible to enable them if desired for a given installation. >>> This change would appear in FreeBSD 15.0 and would not be MFC'd. >>> >>> One question raised in the review is about switching the default to >>> YES but keeping the special handling for "auto" (dropping ICMP >>> REDIRECT if a routing daemon is in use, honouring them if not). I >>> don't think this is particularly valuable given that auto was >>> introduced to override the default NO when necessary; there's no need >>> for it with the default being YES. That functionality could be >>> maintained if there is a compelling use case, though. >> >> The policy that is there now is exactly how things should be configured >> for a host in a network protected by a proper router w/firewall. >> The existing "auto" does exactly the right thing. >> >>> >>> If you have any questions or feedback please follow up here or in the >>> review. > As Rodeney already effectively explains; dropping packets makes routing, > and discovery exceedingly difficult. Which is NOT what the average user > wants, > or expects. I use "set block-policy drop" in pf(4). But as already noted, > this is for "filtering" purposes. Your suggestion also has the negative > affect > of hanging remote ports. Which can result in other negative results by > peers. > > Please don't. :) >>> >>> > --Chris OK, now having actually read the (phab) review. I'm of the opposite opinion. Your review seems to make the right decision. :) --Chris