From owner-freebsd-net@freebsd.org Sun Feb 18 11:37:36 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BBACEF015DD for ; Sun, 18 Feb 2018 11:37:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 55BAE725A1 for ; Sun, 18 Feb 2018 11:37:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 9582B255C8 for ; Sun, 18 Feb 2018 11:37:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w1IBbZfA071077 for ; Sun, 18 Feb 2018 11:37:35 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w1IBbZ2t071076 for freebsd-net@FreeBSD.org; Sun, 18 Feb 2018 11:37:35 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 223835] BGP session not established with md5 password via FRRouting Date: Sun, 18 Feb 2018 11:37:32 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-STABLE X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ae@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Feb 2018 11:37:36 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223835 --- Comment #27 from commit-hook@freebsd.org --- A commit references this bug: Author: ae Date: Sun Feb 18 11:36:46 UTC 2018 New revision: 329518 URL: https://svnweb.freebsd.org/changeset/base/329518 Log: MFC r329101: Reinitialize IP header length after checksum calculation. It is used later by TCP-MD5 code. This fixes the problem with broken TCP-MD5 over IPv4 when NIC has disabled TCP checksum offloading. PR: 223835 Changes: _U stable/11/ stable/11/sys/netinet/tcp_input.c --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Sun Feb 18 19:01:02 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EB1A4F21CCE for ; Sun, 18 Feb 2018 19:01:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8085E8585B for ; Sun, 18 Feb 2018 19:01:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id BECD6134C for ; Sun, 18 Feb 2018 19:01:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w1IJ10CK098268 for ; Sun, 18 Feb 2018 19:01:00 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w1IJ10ag098267 for freebsd-net@FreeBSD.org; Sun, 18 Feb 2018 19:01:00 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 7556] [ppp] sl_compress_init() will fail if called anything else than -1 or >MAX_STATE Date: Sun, 18 Feb 2018 19:01:00 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 2.2.6-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Feb 2018 19:01:02 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D7556 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-net@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Feb 19 06:27:18 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EDA27F05E58 for ; Mon, 19 Feb 2018 06:27:17 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8B30B82C68 for ; Mon, 19 Feb 2018 06:27:17 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: by mail-qk0-x230.google.com with SMTP id f25so11025940qkm.0 for ; Sun, 18 Feb 2018 22:27:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=SBhFm/jZ6H/JJzMkw02wPGzAqtp1vBRfHv7AuPqXD4o=; b=PVfL5XEdBKwHsnNxhPg9CyVJYt6YCuR4tTIl47oN8aUjsMr8DkAo51mRYURwzPFIEa beZKa/OYX7GMUg44aEgqLApFVYJX9qdebuUExLX9lM4wQpf8cC48x15MKU2KNPDDwpXY jH0L/ajtZu7cle0PcLuV0kohF8VNthsGSxbikKa0igrS59QFuzyCUqkkxLAPPip/no0X XgZveRQGtPtxwhOhgN+jm7Fcv+dMPeiRyKwnELG57QODL1O6XQC0EHn67ZWTWxPuYy/2 fkRLpa/xLR6Zk+Mod24ebpGW3FBAutgucZb0CWEJopN/kk8lXl2hILdQDy98FG221K44 NYWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=SBhFm/jZ6H/JJzMkw02wPGzAqtp1vBRfHv7AuPqXD4o=; b=tSDmPADQW426SC1eoA+UU3WN3HrLQFQYmd5E5AHEcHMtz9unDiL0gRDXwiwZwQDGsC bEtKEVgkjxbNzR+H54J6IdH+FnHXk3Ej6fX/pN69O+UvBsv2VaAPwyR6RZ4tb1yaUl0C h4XIU5AedNhP0Xx32avqHPKlQLdCqtUyn6UFTb6oPmdGMjaPycycson8Ua16HElmwKT9 cqEuKBMMdbUdkY08LrDN7rWEpS+32UDifleDIMgEq8uZ+Rgjr/tiA4qKnk+6/ho6fREz SdoXdnn2zspAI2VvCKIa8RkixICOPkP1c+MKoap+pLWm4e+c3fr6VH/LyX41dRBMXCvX OiIg== X-Gm-Message-State: APf1xPCnkBqVAe0AnME7bEImg+2WszgOTHve2oz4mZBOZ5KKVTf15KLl KIAhw+NY87xzJ0jU+mSnSkfRM6LehdSGmirxwIs5MyLV X-Google-Smtp-Source: AH8x224WtUh6KO1aSTuHz1YTQUge0O5W0hZwH8IBKi0mVqavIC6N61WLIOUeBO0IIBTq8593YszHb/G3lm/ha9FOPJ0= X-Received: by 10.55.24.34 with SMTP id j34mr21068046qkh.294.1519021636969; Sun, 18 Feb 2018 22:27:16 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.112.24 with HTTP; Sun, 18 Feb 2018 22:27:16 -0800 (PST) From: Misak Khachatryan Date: Mon, 19 Feb 2018 10:27:16 +0400 Message-ID: Subject: Racoon and setkey problems To: freebsd-net@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 06:27:18 -0000 Hello there, I 4 machines with ipsec confingured by racoon and running well by several years. A three week ago 3 of them starting to fill the log with messages like this: Feb 19 10:17:57 rtr-1 racoon: [10.1.0.2] ERROR: failed to process ph2 packet (side: 1, status: 8). Feb 19 10:17:57 rtr-1 racoon: [10.1.0.2] ERROR: phase2 negotiation failed. Feb 19 10:17:58 rtr-1 racoon: ERROR: libipsec failed send update (No buffer space available) Feb 19 10:17:58 rtr-1 racoon: ERROR: pfkey update failed. Feb 19 10:17:58 rtr-1 racoon: [10.0.0.2] ERROR: failed to process ph2 packet (side: 0, status: 8). Feb 19 10:17:58 rtr-1 racoon: [10.0.0.2] ERROR: phase2 negotiation failed. Feb 19 10:18:00 rtr-1 racoon: ERROR: libipsec failed send update (No buffer space available) Feb 19 10:18:00 rtr-1 racoon: ERROR: pfkey update failed. I see also increasing counter of "messages with memory allocation failure" on "sent to userland" part. # netstat -s -p pfkey pfkey: 3067523 requests sent from userland 453974456 bytes sent from userland histogram by message type: getspi: 1533688 update: 1533640 add: 25 delete: 1 acquire: 42 register: 16 flush: 10 dump: 18 x_promisc: 23 x_spdadd: 48 x_spddump: 5 x_spdflush: 7 0 messages with invalid length field 0 messages with invalid version field 0 messages with invalid message type field 0 messages too short 0 messages with memory allocation failure 0 messages with duplicate extension 0 messages with invalid extension type 0 messages with invalid sa type 0 messages with invalid address extension 7717719 requests sent to userland 1461098984 bytes sent to userland histogram by message type: getspi: 1533688 update: 1533640 add: 25 delete: 1 acquire: 1569975 register: 16 expire: 2968244 flush: 10 dump: 111982 x_promisc: 48 x_spdadd: 48 x_spddump: 60 x_spdflush: 7 1757766 messages toward single socket 1533864 messages toward all sockets 9076534 messages toward registered sockets 1644111 messages with memory allocation failure 3 of machines running 10.4-RELEASE-p1, one 10.3. Two of the machine almost the same, only ip addresses and few lines of configs differ. One is OK, other one have problem. Running almost any setkey command leads to: # setkey -x setkey: send: No buffer space available All packet versions are completely the same, binaries exactly same size. Any help will be appreciated. Best regards, Misak Khachatryan From owner-freebsd-net@freebsd.org Mon Feb 19 08:24:20 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D72ACF0D7B9 for ; Mon, 19 Feb 2018 08:24:19 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward101o.mail.yandex.net (forward101o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::601]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3DC1A87149 for ; Mon, 19 Feb 2018 08:24:19 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback18j.mail.yandex.net (mxback18j.mail.yandex.net [IPv6:2a02:6b8:0:1619::94]) by forward101o.mail.yandex.net (Yandex) with ESMTP id 1A4611341EC2; Mon, 19 Feb 2018 11:24:17 +0300 (MSK) Received: from smtp3o.mail.yandex.net (smtp3o.mail.yandex.net [2a02:6b8:0:1a2d::27]) by mxback18j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id c0IvufGa5G-OGFiEd27; Mon, 19 Feb 2018 11:24:17 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1519028657; bh=WWYal63VfNBxSsm2rW8PIHPNkcvHsd3dLk6HVgXafoo=; h=Subject:To:References:From:Message-ID:Date:In-Reply-To; b=XGpn3h7wJ0HXdRWrKGXI7aFFdtcf0EW8MdAHJkjknjceMh7B5TrmWyDbqe9sJF74z ijDpDIdTwrxapAF5B0eNH5Qnm7t03GapxrQL/96HiRvGUR9Nsn1BrLguFjGF0L9yJQ 1ppFdispTr9vS6dmQUfykG3Vr4taEBVrAVKZlfGU= Received: by smtp3o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 1Fd74z0Kkz-OGsetMcN; Mon, 19 Feb 2018 11:24:16 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1519028656; bh=WWYal63VfNBxSsm2rW8PIHPNkcvHsd3dLk6HVgXafoo=; h=Subject:To:References:From:Message-ID:Date:In-Reply-To; b=Zysb0pHbPvrsuRAE7e5cCcEWX1i4m2S7ACsrqD3I3vehUCnqY3g7mp57+uCfKOy0Z Rm6ncNI5onpTIvRwuEfkF328c9UHbY04eH1y3FHkRB/RsYCZH/xkhRs3ytoQiYHTgc h710xrgezd3D41uJjOr6MCIlV1+vYgQKv1FlZC/A= Authentication-Results: smtp3o.mail.yandex.net; dkim=pass header.i=@yandex.ru Subject: Re: Racoon and setkey problems To: Misak Khachatryan , freebsd-net@freebsd.org References: From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Message-ID: <44de0205-895d-468c-e883-dc43be3286d4@yandex.ru> Date: Mon, 19 Feb 2018 11:23:19 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="WzMhxgREsY9i9djR5Ua3gNM2JauNQsYD9" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 08:24:20 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --WzMhxgREsY9i9djR5Ua3gNM2JauNQsYD9 Content-Type: multipart/mixed; boundary="zMHbpTLhR0XrFhyUOMxtqSu8tfukMDHiy"; protected-headers="v1" From: "Andrey V. Elsukov" To: Misak Khachatryan , freebsd-net@freebsd.org Message-ID: <44de0205-895d-468c-e883-dc43be3286d4@yandex.ru> Subject: Re: Racoon and setkey problems References: In-Reply-To: --zMHbpTLhR0XrFhyUOMxtqSu8tfukMDHiy Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 19.02.2018 09:27, Misak Khachatryan wrote: > 1644111 messages with memory allocation failure >=20 > 3 of machines running 10.4-RELEASE-p1, one 10.3. > Two of the machine almost the same, only ip addresses and few lines of > configs differ. One is OK, other one have problem. You can inspect the output of following commands to find where is the problem: % vmstat -m | egrep "sec|sah|pol" % netstat -m Also net.inet.ipsec.debug=3D1 will enable some debugging output that can shed light to what happens. --=20 WBR, Andrey V. Elsukov --zMHbpTLhR0XrFhyUOMxtqSu8tfukMDHiy-- --WzMhxgREsY9i9djR5Ua3gNM2JauNQsYD9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlqKiXcACgkQAcXqBBDI oXrgDAf8DhI19glWMTPyocg8I/FsfNf4QUnvd6wk8d2n0g+GKNWFk0c5VIh8WAig +o48JELY6OihrqCYjKrkCCI4zSijYLVcrNMPCeVwabsObVCES7XM9qhJzuG7Uk3t GBdcl5Yk33U3GdmnI3HOIWpd/Hxv2q/YvFls5Ic13Iof3rRi/bHuGLATL1AT8mIf K9rolBBFofVU+NzoDxibD5TvoaNDNEYeSCQVaV6rFf+EeaxmPyAlfT3AxCewkXnd TksxOcAVqnsaOz+5IrFma07xhU9S44fiWhrd95j/BTGfkklp+eXsLkL2bvY1MdCc p8nE5bPm/BillejnCai0v+sSQeemhg== =8hLY -----END PGP SIGNATURE----- --WzMhxgREsY9i9djR5Ua3gNM2JauNQsYD9-- From owner-freebsd-net@freebsd.org Mon Feb 19 08:33:47 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8D048F0E415 for ; Mon, 19 Feb 2018 08:33:47 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: from mail-qt0-x233.google.com (mail-qt0-x233.google.com [IPv6:2607:f8b0:400d:c0d::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 28672876FA for ; Mon, 19 Feb 2018 08:33:47 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: by mail-qt0-x233.google.com with SMTP id d8so11286826qtm.0 for ; Mon, 19 Feb 2018 00:33:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=gTejtFz0aEK+xoUiWPleDU4aBGHCaV7ujqqdqwxkOuw=; b=N0tr75EIF5gaa4rW2zxKTie+KSpzS6TQNT4+CV0tzWVGGfndXWU4j75ZfMVSmPRmv9 Uq0hHh+WIZ21qtRNki8MsFqkzDdm50NNqvxVeJv8Lh6L4QOkzgGuqgP8l3rfgbeFmleg ghKLSpNVoMHL8UI/SOMv8tGNmaraFoON9NXhjLSfd8vGQ96ywcow7WHC0jRmypA46/0v gyv+Tl2rCmmd4q+TX81ngjVrP3a/Ak2NRiIfzKoYwMgi+DkVySu38a5G5IhBKFY7vPLa ilsCgz0okQiqEndq7NTJwV1u70WXesIKooFz2+H56fPDpZI1WgyHDqaV0hvAZCSDfuz1 l35g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=gTejtFz0aEK+xoUiWPleDU4aBGHCaV7ujqqdqwxkOuw=; b=VeSgDcYKoNjYWP+oK+XbWw4Vp4qYc/qGYIGpPksGD1ARq/NKOmMJzwX8dbuKtKYcM+ SBlQyAphsMvMS7qb9SEKbfKOypNm/aBXPKim7ahDgMYRDsvwwEvLycFOHCKmZKnodXpA dKaKI58+2YxoGEnvs8Xa3rnXTFj51V+um4jNxSGzxWNXWQ6OkbTVvR5IVpLBT/BLqBJv c+bAoA6QtXAL3nAz4W/0z5uWp/LcsLgsNLN2aPUQ9QFFyir6H97Z2k8CCydSiDR3QtSJ bBoku6qEZ+p3ENU8o2q66lDQoOI/by/1YZas7WttI+lCmkI3jvnZyIZCEGNVqtmEs9p+ MvSA== X-Gm-Message-State: APf1xPDzI5CFFdpVjZqPShV7v6SLfCz3F+kQy7YYFy8I0o+UeQtic/Da e8v3wgi0eQyIg/BGW+mhrz0QIIskhn7eSRR1m3WXag== X-Google-Smtp-Source: AH8x227sztfRLJ5aYY18DaQQcMk0HpgXPL54m/W3mw22GVY+lKZfi5dN7X/ooNnrJqd3SNZgU4tNHFf3/Fry0/elzE8= X-Received: by 10.200.42.67 with SMTP id l3mr23332380qtl.164.1519029226699; Mon, 19 Feb 2018 00:33:46 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.112.24 with HTTP; Mon, 19 Feb 2018 00:33:46 -0800 (PST) In-Reply-To: <44de0205-895d-468c-e883-dc43be3286d4@yandex.ru> References: <44de0205-895d-468c-e883-dc43be3286d4@yandex.ru> From: Misak Khachatryan Date: Mon, 19 Feb 2018 12:33:46 +0400 Message-ID: Subject: Re: Racoon and setkey problems To: "Andrey V. Elsukov" Cc: freebsd-net@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 08:33:47 -0000 Thanks, will try right now! Best regards, Misak Khachatryan On Mon, Feb 19, 2018 at 12:23 PM, Andrey V. Elsukov wrote: > On 19.02.2018 09:27, Misak Khachatryan wrote: >> 1644111 messages with memory allocation failure >> >> 3 of machines running 10.4-RELEASE-p1, one 10.3. >> Two of the machine almost the same, only ip addresses and few lines of >> configs differ. One is OK, other one have problem. > > You can inspect the output of following commands to find where is the > problem: > > % vmstat -m | egrep "sec|sah|pol" > % netstat -m > > Also net.inet.ipsec.debug=1 will enable some debugging output that can > shed light to what happens. > > -- > WBR, Andrey V. Elsukov > From owner-freebsd-net@freebsd.org Mon Feb 19 09:25:26 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C54D4F1274D for ; Mon, 19 Feb 2018 09:25:26 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 45F4569704 for ; Mon, 19 Feb 2018 09:25:25 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id w1J9PCat004858 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 19 Feb 2018 10:25:12 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: kmisak@gmail.com Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id w1J9P6sG058855 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 19 Feb 2018 16:25:06 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: Racoon and setkey problems To: Misak Khachatryan , freebsd-net@freebsd.org References: From: Eugene Grosbein Message-ID: <5A8A97EC.4040103@grosbein.net> Date: Mon, 19 Feb 2018 16:25:00 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.6 LOCAL_FROM From my domains X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 09:25:26 -0000 19.02.2018 13:27, Misak Khachatryan wrote: > 1644111 messages with memory allocation failure > > 3 of machines running 10.4-RELEASE-p1, one 10.3. > Two of the machine almost the same, only ip addresses and few lines of > configs differ. One is OK, other one have problem. > > Running almost any setkey command leads to: > > # setkey -x > setkey: send: No buffer space available > > All packet versions are completely the same, binaries exactly same size. > > Any help will be appreciated. Perhaps, that is mbuf cluster exhaustion. Please show output of commands: netstat -m vmstat -z | egrep 'ITEM|mbuf' sysctl kern.ipc.nmbclusters How much RAM do they have? Do they run 32 bit or 64 bit system? From owner-freebsd-net@freebsd.org Mon Feb 19 09:28:23 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CDD2BF12AC7 for ; Mon, 19 Feb 2018 09:28:23 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: from mail-qk0-x22d.google.com (mail-qk0-x22d.google.com [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6BA146987D for ; Mon, 19 Feb 2018 09:28:23 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: by mail-qk0-x22d.google.com with SMTP id 15so11411501qkl.3 for ; Mon, 19 Feb 2018 01:28:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=wqk4nhuGxU4a3o6wUe0nthsHU4B9g+gh720m3TAfmsU=; b=G7bpIAHK1ltYpkGlq73pptZfQ4M6j1Omt4iTYyR85T9YwKLozN+rIHHMZqn2m1bvB0 YCZ5aH/e2vKkdViPOGPiyE94oRZ0OA6aBTF3QW8n9FGPKKIoDKWfhmyUnSIugeP88mv9 OpJWfHiOWHAwPnVDLa2cFo1+yn44FdjdjoEJ1u+o8LbxjmVVjSKKbbKFl60xgk9RV14u 9EuDaAzAkY8srwT+22msAI2Q+Hn3wtqL9zR01d7NDSbQpDtunJGzqc8TzS4qb3IKVCPe dd5Yk93AviL/yFHR0Z60BEo/eko0yxSzqRpjx5zHEhFgm9WlkdZHEd/pwaMmjTioR+Cq hKHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=wqk4nhuGxU4a3o6wUe0nthsHU4B9g+gh720m3TAfmsU=; b=TW+xIGqs1g+jiGMZ7QpHpYeXssI4vYBFGQdZa6+VCCouR68Z4Q0avcY55drPQhdxEM k+/E+wM35sjbzPwO1glnbTtOzKtktEiWUDGd74SDrQlrW15YztENH1jjYU7puiDNlOg3 vxbYlQWzkgZ/33m3OqXQRdgdmugw7oO0snArtyLvIpCsi9bJHOVB2/xYw+xTHVuu/HMk k9vIf3LmFfI0/F82hJlv6E/xT5B/4UOSr7nkYkAU3NfxaMsYb3b1SLmqNpOAltBsHDi7 GDqJ4DDGSxlfwAzCO+NuK7YaVCo2qiMiUo2soZPaW60KDtUmHOU+n+S8lgPr9NTLSq2n OViw== X-Gm-Message-State: APf1xPCncb09HWTscm8bwkrxlUKC7A7mBTOJWBcuzZe5aLfauW+1MsN6 GF+DHCj4VS5g1YBs8JVIpc+dls23RJO8uLQ7a5tnLr/G X-Google-Smtp-Source: AH8x226CvTyu0UX5krmR7pYmlFHAg6oSoUyY6Zg+3FCYdKDHEUGNr460w/tZ55GDrk1NxSoWdbED0JsJIdzYUsAVh54= X-Received: by 10.233.214.18 with SMTP id r18mr22369932qkk.175.1519032502921; Mon, 19 Feb 2018 01:28:22 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.112.24 with HTTP; Mon, 19 Feb 2018 01:28:22 -0800 (PST) In-Reply-To: <5A8A97EC.4040103@grosbein.net> References: <5A8A97EC.4040103@grosbein.net> From: Misak Khachatryan Date: Mon, 19 Feb 2018 13:28:22 +0400 Message-ID: Subject: Re: Racoon and setkey problems To: Eugene Grosbein Cc: freebsd-net@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 09:28:24 -0000 Hi, # vmstat -m | egrep "sec|sah|pol" inpcbpolicy 122 4K - 4955796 32 secasvar 48558 12140K - 1572045 256 sahead 3 1K - 15 256 ipsecpolicy 256 64K - 9911740 256 ipsecrequest 12 2K - 48 128 ipsec-misc 389632 12176K - 12575976 16,32,64 ipsec-saq 3 1K - 15 128 ipsec-reg 3 1K - 12 32 # netstat -m 3178/8717/11895 mbufs in use (current/cache/total) 3075/4025/7100/524288 mbuf clusters in use (current/cache/total/max) 3075/4009 mbuf+clusters out of packet secondary zone in use (current/cache) 0/248/248/126182 4k (page size) jumbo clusters in use (current/cache/total/max) 0/0/0/37387 9k jumbo clusters in use (current/cache/total/max) 0/0/0/21030 16k jumbo clusters in use (current/cache/total/max) 6944K/11221K/18165K bytes allocated to network (current/cache/total) 0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters) 0/0/0 requests for mbufs delayed (mbufs/clusters/mbuf+clusters) 0/0/0 requests for jumbo clusters delayed (4k/9k/16k) 0/0/0 requests for jumbo clusters denied (4k/9k/16k) 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile # vmstat -z | egrep 'ITEM|mbuf' ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP mbuf_packet: 256, 1615140, 3084, 4000,835233903, 0, 0 mbuf: 256, 1615140, 104, 4707,1373358845, 0, 0 mbuf_cluster: 2048, 524288, 7084, 16, 7084, 0, 0 mbuf_jumbo_page: 4096, 126182, 0, 248, 309522, 0, 0 mbuf_jumbo_9k: 9216, 37387, 0, 0, 0, 0, 0 mbuf_jumbo_16k: 16384, 21030, 0, 0, 0, 0, 0 mbuf_ext_refcnt: 4, 0, 0, 0, 0, 0, 0 # sysctl kern.ipc.nmbclusters kern.ipc.nmbclusters: 524288 Nothing new in messages with net.inet.ipsec.debug=1 Best regards, Misak Khachatryan On Mon, Feb 19, 2018 at 1:25 PM, Eugene Grosbein wrote: > 19.02.2018 13:27, Misak Khachatryan wrote: > >> 1644111 messages with memory allocation failure >> >> 3 of machines running 10.4-RELEASE-p1, one 10.3. >> Two of the machine almost the same, only ip addresses and few lines of >> configs differ. One is OK, other one have problem. >> >> Running almost any setkey command leads to: >> >> # setkey -x >> setkey: send: No buffer space available >> >> All packet versions are completely the same, binaries exactly same size. >> >> Any help will be appreciated. > > Perhaps, that is mbuf cluster exhaustion. Please show output of commands: > > netstat -m > vmstat -z | egrep 'ITEM|mbuf' > sysctl kern.ipc.nmbclusters > > How much RAM do they have? Do they run 32 bit or 64 bit system? > > From owner-freebsd-net@freebsd.org Mon Feb 19 09:40:47 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8B2C5F139D7 for ; Mon, 19 Feb 2018 09:40:47 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 12C726A0B8 for ; Mon, 19 Feb 2018 09:40:46 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id w1J9eeDd004990 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 19 Feb 2018 10:40:40 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: kmisak@gmail.com Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id w1J9eaQW063447 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 19 Feb 2018 16:40:36 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: Racoon and setkey problems To: Misak Khachatryan References: <5A8A97EC.4040103@grosbein.net> Cc: freebsd-net@freebsd.org From: Eugene Grosbein Message-ID: <5A8A9B8E.2070400@grosbein.net> Date: Mon, 19 Feb 2018 16:40:30 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.6 LOCAL_FROM From my domains X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 09:40:47 -0000 19.02.2018 16:28, Misak Khachatryan wrote: > # vmstat -m | egrep "sec|sah|pol" > inpcbpolicy 122 4K - 4955796 32 > secasvar 48558 12140K - 1572045 256 > sahead 3 1K - 15 256 > ipsecpolicy 256 64K - 9911740 256 > ipsecrequest 12 2K - 48 128 > ipsec-misc 389632 12176K - 12575976 16,32,64 Looking at huge "MemUse" values for secasvar and ipsec-misc, I suspect some kind of memory leak. FreeBSD 11.1 has new IPSEC implementation and you may consider trying new version. Meantime, you can try to flush all IPSEC-related data from the system: service racoon stop setkey -F; setkey -FP service racoon start If that does not help, reboot and start monitoring these numbers for secasvar and ipsec-misc. How many IPSEC tunnells/associations do you have simultaneously? And again, are those systems 32 bit or 64 bit? From owner-freebsd-net@freebsd.org Mon Feb 19 09:49:59 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 506B3F144FA for ; Mon, 19 Feb 2018 09:49:59 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D9A336A5CC for ; Mon, 19 Feb 2018 09:49:58 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: by mail-qk0-x230.google.com with SMTP id v124so78373qkh.11 for ; Mon, 19 Feb 2018 01:49:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=WYY0ob/Twrh4lan1pdre/0LrqvRb/BH92ijCCJpEeQs=; b=hAITY21SQPkdQ3sKhd1FJ/q4NgsveRS45slFGhu+GCrS91ZWsYMUuD1alV5CXRuMFV mnW8iM4s7fBxO3l4Ppkgq0Sx1dFlh2dFmBaVGW353fUqcd0YaJLN6rGsdPk6zRvFEsEb blSt8zdeW+JY8eanJjUsPEv+7hc/+PpFx9CU4lBe+nfSv89ynXY4OK+B9f3jY4RXNWqx HWMYHatHKD0szgBPl2TVL/IK/Yc87V6EgwSE0OBAfFT4Q00V9Zxjcut1PhPFJ6JN2Et7 7ogy7iTmFZm8F6prG7FUGtnpubzAzDihOROvSrm+k40M5qyvU9TfCj/hZE2h0Dn2XPA8 V5Cg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=WYY0ob/Twrh4lan1pdre/0LrqvRb/BH92ijCCJpEeQs=; b=QhOm1uvokIkgD2UbPI3vvmGl2xFCcTqvJYEinbDyyuEnRmIMPo3r5iI1QMebSm2FQF Rx5PAQw0rE7Su7e96HRPAZnmTi23rHoqs703P9+ziJsf8QYO8EUaox9HhBtwI7EXE5Xn rpdMhWw3zAIwXkG5gKEBl29XhV6krGvtEusOmuHbUDeLv8t9iwiyxrr0JjpyQ0Egp7Ez fzYAndYc70VJ8f4PQIomPdVvjXmQn/4jAOMATZgk1dWtk1WzfBkEfwu54r+pUeyZuQlB f7kx5w7DCyiJ/R4kEnU8TWRosZgbXmu7n5sNzpNs1O7fjDISFMdT+X/gqatOOeRdllco NgmQ== X-Gm-Message-State: APf1xPBVTMcZLntOYGD8jPe0sRXQpVkOZKcav4WmVJYt4OSjb2QamDco SsICw8YR7u2IQ7WP/6Hz8kpOb5d3Epprsnu5Tlw= X-Google-Smtp-Source: AH8x227BjZH0Af8uxwOf9nuwSWzSM1la1hNEmYq9ahPN+973PEUFRiwvYUQo4fLRomROtMuMEuSiaxyJIjjh1NiC7fg= X-Received: by 10.55.24.34 with SMTP id j34mr21632456qkh.294.1519033798464; Mon, 19 Feb 2018 01:49:58 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.112.24 with HTTP; Mon, 19 Feb 2018 01:49:57 -0800 (PST) In-Reply-To: <5A8A9B8E.2070400@grosbein.net> References: <5A8A97EC.4040103@grosbein.net> <5A8A9B8E.2070400@grosbein.net> From: Misak Khachatryan Date: Mon, 19 Feb 2018 13:49:57 +0400 Message-ID: Subject: Re: Racoon and setkey problems To: Eugene Grosbein Cc: freebsd-net@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 09:49:59 -0000 HThis machine was rebooted few days ago and immediately it starts behave like this, FreeBSD xxxxxx.net 10.4-RELEASE-p1 FreeBSD 10.4-RELEASE-p1 #0: Mon Oct 30 21:13:49 +04 2017 xxxx@xxxxxx.net:/usr/obj/usr/src/sys/RTR amd64 It's 64 bit system with 2 MB of memory: # vmstat procs memory page disks faults cpu r b w avm fre flt re pi po fr sr md0 ad0 in sy cs us sy id 1 0 0 2145M 716M 384 0 0 0 617 229 0 0 3678 2043 8230 0 1 99 Flushing rules doesn't help, there is 3 IPSEC tunnels in racoon.conf overall, IPv4 and IPv6, so 12 rules in setkey.conf Best regards, Misak Khachatryan On Mon, Feb 19, 2018 at 1:40 PM, Eugene Grosbein wrote: > 19.02.2018 16:28, Misak Khachatryan wrote: > >> # vmstat -m | egrep "sec|sah|pol" >> inpcbpolicy 122 4K - 4955796 32 >> secasvar 48558 12140K - 1572045 256 >> sahead 3 1K - 15 256 >> ipsecpolicy 256 64K - 9911740 256 >> ipsecrequest 12 2K - 48 128 >> ipsec-misc 389632 12176K - 12575976 16,32,64 > > Looking at huge "MemUse" values for secasvar and ipsec-misc, > I suspect some kind of memory leak. > > FreeBSD 11.1 has new IPSEC implementation and you may consider trying new version. > > Meantime, you can try to flush all IPSEC-related data from the system: > > service racoon stop > setkey -F; setkey -FP > service racoon start > > If that does not help, reboot and start monitoring these numbers for secasvar and ipsec-misc. > > How many IPSEC tunnells/associations do you have simultaneously? > And again, are those systems 32 bit or 64 bit? > From owner-freebsd-net@freebsd.org Mon Feb 19 09:58:37 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 75358F14FE9; Mon, 19 Feb 2018 09:58:37 +0000 (UTC) (envelope-from laurence.pawling@globalsign.com) Received: from APC01-PU1-obe.outbound.protection.outlook.com (mail-pu1apc01on0108.outbound.protection.outlook.com [104.47.126.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT TLS CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2DC306AB59; Mon, 19 Feb 2018 09:58:35 +0000 (UTC) (envelope-from laurence.pawling@globalsign.com) Received: from HK2PR0302MB2545.apcprd03.prod.outlook.com (10.170.152.14) by HK2PR0302MB2420.apcprd03.prod.outlook.com (10.170.151.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.527.6; Mon, 19 Feb 2018 09:58:31 +0000 Received: from HK2PR0302MB2545.apcprd03.prod.outlook.com ([fe80::997e:7c67:c760:d087]) by HK2PR0302MB2545.apcprd03.prod.outlook.com ([fe80::997e:7c67:c760:d087%2]) with mapi id 15.20.0527.012; Mon, 19 Feb 2018 09:58:30 +0000 From: Laurence Pawling To: "freebsd-xen@freebsd.org" , "freebsd-virtualization@freebsd.org" , "freebsd-net@freebsd.org" CC: David King , Vlad Galu Subject: multi-vCPU networking issues as client OS under Xen Thread-Topic: multi-vCPU networking issues as client OS under Xen Thread-Index: AQHTqWgyLMPz8qfMa0GcAhXNzUcYuA== Date: Mon, 19 Feb 2018 09:58:30 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [89.197.152.162] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; HK2PR0302MB2420; 7:Jy+0LdTqz0VYXfNf2pZl3s/C/jZ7SQsE14zFpVs2YO7URYRr3lv64eqTlJ5Ilz2qWeeh1PFJjOMxA8yU88jfPy5t0GuT+KTTCQUMPSbpbDixZq8p4UpVVLsHp5rShIaw3PA/AvOQSQCsM1P3t/73JmFpJjDHvh8zeiJzcNPjYu6Lb4PFwTjltzb/NqVRRMflzoXYMdFY88MVMSYH82N4ubFyuTttyrznO13sa9zgG3HZgUO3dbIa0rgIPPSEyMYV x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR; x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(6019001)(7966004)(376002)(366004)(39850400004)(39380400002)(396003)(346002)(269900001)(189003)(199004)(53754006)(3280700002)(102836004)(105586002)(99936001)(6506007)(68736007)(55236004)(316002)(26005)(6116002)(3846002)(3660700001)(110136005)(36756003)(186003)(54906003)(4326008)(450100002)(6306002)(54896002)(6512007)(53936002)(82746002)(6436002)(6486002)(107886003)(106356001)(2501003)(5250100002)(5660300001)(2906002)(25786009)(2900100001)(33656002)(97736004)(66066001)(8936002)(83716003)(86362001)(508600001)(8676002)(81166006)(81156014)(7736002)(99286004)(14454004)(2201001)(966005); DIR:OUT; SFP:1102; SCL:1; SRVR:HK2PR0302MB2420; H:HK2PR0302MB2545.apcprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; x-ms-office365-filtering-correlation-id: 2dd732c0-f776-41c5-28b3-08d5777f54b4 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7153060)(49563074)(7193020); SRVR:HK2PR0302MB2420; x-ms-traffictypediagnostic: HK2PR0302MB2420: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040501)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231101)(944501161)(10201501046)(3002001)(6041288)(20161123562045)(20161123564045)(20161123560045)(20161123558120)(201703131423095)(201703011903075)(201702281528075)(20161123555045)(201703061421075)(6072148)(201708071742011); SRVR:HK2PR0302MB2420; BCL:0; PCL:0; RULEID:; SRVR:HK2PR0302MB2420; x-forefront-prvs: 0588B2BD96 received-spf: None (protection.outlook.com: globalsign.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: 6f5xtPZRz6fb2IJcO2+F9eGVS6+UNiCiVRflUTJOaoFdG9F1sDQ1zLt52Z4PY+zILxt63HYDDis3FzwZkscoueHEW4+vOk5k3jAcN77A4PM5+EPR+YDQSDGrwfbcKiLrmG2emJQ1F8zPLRgd1FJUv1d5pMlhw6qTGcPWI+IfL9I= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="B_3601879107_1679118586" MIME-Version: 1.0 X-OriginatorOrg: globalsign.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2dd732c0-f776-41c5-28b3-08d5777f54b4 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Feb 2018 09:58:30.7188 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 8fff67c1-8281-4635-b62f-93106cb7a9a8 X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2PR0302MB2420 X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 09:58:37 -0000 --B_3601879107_1679118586 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: quoted-printable Hi all, =20 I=E2=80=99m wondering if anyone here has seen this issue before, I=E2=80=99ve spent the= last couple of days troubleshooting: =20 Platform: Host: XenServer 7.0 running on 2 x E2660-v4, 256GB RAM Server VM: FreeBSD 11 (tested on 11.0-p15 and 11.1-p6), 2GB RAM (also teste= d with 32GB RAM), 1x50GB HDD, 1 x NIC, 2 or more vCPUs in any combination (2= sockets x 1 core, 1 socket x 2 cores, =E2=80=A6) Client VM: FreeBSD 11, any configuration of vCPUs, RAM and HDD. =20 Behaviour: Sporadic interruption of TCP sessions when utilising the above machine as a= =E2=80=9Cserver=E2=80=9D with =E2=80=9Cclients=E2=80=9D connecting. Looking into the communication = with pcap/Wireshark, you see a TCP Dup Ack sent from both ends, followed by = the client sending an RST packet, terminating the TCP session. We have also = seen evidence of the client sending a Keepalive packet, which is ACK=E2=80=99d by = the server before the RST is sent from the client end. =20 To recreate: On the above VM, perform a vanilla install of nginx: pkg install nginx service nginx onestart Then on a client VM (currently only tested with FreeBSD), run the following= (or similar): for i in {1..10000}; do if [ $(curl -s -o /dev/null -w "%{http_code}" http:= //10.2.122.71) !=3D 200 ] ; then echo "error"; fi; done When vCPUs=3D1 on the server, I get no errors, when vCPUs>1 I get errors repo= rted. The frequency of errors *seems* to be proportional to the number of vC= PUs, but they are sporadic with no clear periodicity or pattern, so that is = just anecdotal. Also, the problem seems by far the most prevalent when commu= nicating between two VMs on the same host, in the same VLAN. Xen still sends= packets via the switch rather than bridging internally between the interfac= es. Note that we have not had a chance to investigate the effect of different n= umbers of CPUs on the *client* end, however it does seem to be governed enti= rely by the server end. =20 We cannot recreate this issue using the same FreeBSD image and same configu= ration, but using KVM as a hypervisor. =20 Has anyone met this before? =20 Thanks, =20 Laurence --B_3601879107_1679118586 Content-type: application/pkcs7-signature; name="smime.p7s" Content-transfer-encoding: base64 Content-disposition: attachment; filename="smime.p7s" MIIP9AYJKoZIhvcNAQcCoIIP5TCCD+ECAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0B BwGggg21MIIFYjCCBEqgAwIBAgIMSX2V7ElwCIrABZuQMA0GCSqGSIb3DQEBCwUAMF0xCzAJ BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxT aWduIFBlcnNvbmFsU2lnbiAyIENBIC0gU0hBMjU2IC0gRzMwHhcNMTYwODI2MTQzNjA4WhcN MTkwODI3MTQzNjA4WjCBnDELMAkGA1UEBhMCR0IxDTALBgNVBAgTBEtlbnQxEjAQBgNVBAcT CU1haWRzdG9uZTEfMB0GA1UEChMWR01PIEdsb2JhbFNpZ24gTGltaXRlZDEZMBcGA1UEAxMQ TGF1cmVuY2UgUGF3bGluZzEuMCwGCSqGSIb3DQEJARYfbGF1cmVuY2UucGF3bGluZ0BnbG9i YWxzaWduLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALBcjCf6ajlJBRGN ptXjlTf3Wwv5TuzE6iW5j3YOxxGE2uRSoisepRd5pHkQ3ffF1u4Rjfc3aXcHvlmipxf3pA3e TrGJGrlLhvpnY2Zg7ZXDYHEqZIfgASxl/5EXeshGqVi9uIoCjHng+oyfXU0GWuKPgqh88oZN Wm45QoeH4t96TRdlY/dpFjK8ea6vFvZApvbum8bYJZGlJOtgPl0j8/uF1akM8SNxciDQfT39 2quhOd6LxK0LeX9qIe5lXjbhojmyb0IUf4HKZanSuFMer5OY9MnsFgMsUdLs/D5LWw2dsqcF YfQgGs2FEolsnBwmogblGogYxpqy8qIK2JZwJp0CAwEAAaOCAeAwggHcMA4GA1UdDwEB/wQE AwIFoDCBngYIKwYBBQUHAQEEgZEwgY4wTQYIKwYBBQUHMAKGQWh0dHA6Ly9zZWN1cmUuZ2xv YmFsc2lnbi5jb20vY2FjZXJ0L2dzcGVyc29uYWxzaWduMnNoYTJnM29jc3AuY3J0MD0GCCsG AQUFBzABhjFodHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3NwZXJzb25hbHNpZ24yc2hh MmczME0GA1UdIARGMEQwQgYKKwYBBAGgMgEoCjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3 dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJBgNVHRMEAjAAMEQGA1UdHwQ9MDswOaA3 oDWGM2h0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3NwZXJzb25hbHNpZ24yc2hhMmczLmNy bDAqBgNVHREEIzAhgR9sYXVyZW5jZS5wYXdsaW5nQGdsb2JhbHNpZ24uY29tMB0GA1UdJQQW MBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU5SIdmwI3kfJf98Y87lFl62amcP0w HwYDVR0jBBgwFoAUaXKCYjFnlUSFd5GAxAQ2SZ17C2EwDQYJKoZIhvcNAQELBQADggEBACMg 3mWAnD3BBOGpqvrPNem5D3G0GMKlVWSsRax251QsJwogpkoFDgbyX4QtHmkooPRGNydJGwhV TjvWu5BMle9UuZbcDw6zno3/hLD7kDIUlNJOuU+IgRhWtZwp6ELxaSvIBkiDKPRmpue3P73X gMTq2VnDwUx5Sxk9FkZcyFNfZ1wvZGWA03sZAZXj1UkmBrsGZ/dOpfsLr1Z0N4AR2ZVx+H4C MyWzVGJzp5Lvqw54WDY4KL4XRmkw8SrdujgIA5SsoAl4wEmSl1GZiXdb88koxbQ7yME+roNa q86YT7L4n4cWSBsf5lQTodjeYLWN1mmlBGzBxcv2ceTcy541lbwwggToMIID0KADAgECAg5I G2oJE72AJMpdIvAU8zANBgkqhkiG9w0BAQsFADBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJv b3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAe Fw0xNjA2MTUwMDAwMDBaFw0yNDA2MTUwMDAwMDBaMF0xCzAJBgNVBAYTAkJFMRkwFwYDVQQK ExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWduIFBlcnNvbmFsU2lnbiAy IENBIC0gU0hBMjU2IC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2lmiT Zf0sAexiow1Uv4vLpEORopqvsYPytW1v2fDq3M8We9cZ44QDhfnGH3CPH2xJxWkZHnCRODV+ AkhdOWsYRKZqpch09F31hD5jH3FEggg+7cmn9uluJkEpgMlJuv/ZdqCjuxv2ed9LKNNKe5xR wg9lUKGfqEqd5UYEjYNP3LLIPc+YIQmYTMDxj3qpPzcmZUfYZo9JJsLDQL5mPWz/Oq0pRvAT nOHy65mni8LTX1Btog5vxwaXOC9OoY5HArSDANik47pBB2Dl3Tda8gfBO6ecl2gut++pSDa8 6WmomapH6cf2UdL5sSy2xUm1mJ5TU9r7cvN8D/hxPtcD+mfDAgMBAAGjggG1MIIBsTAOBgNV HQ8BAf8EBAMCAQYwagYDVR0lBGMwYQYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDCQYK KwYBBAGCNxQCAgYKKwYBBAGCNwoDBAYJKwYBBAGCNxUGBgorBgEEAYI3CgMMBggrBgEFBQcD BwYIKwYBBQUHAxEwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUaXKCYjFnlUSFd5GA xAQ2SZ17C2EwHwYDVR0jBBgwFoAUj/BLf6guRSSuTVD6Y5qL3uLdG7wwPgYIKwYBBQUHAQEE MjAwMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vcm9vdHIzMDYG A1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vcm9vdC1yMy5jcmww ZwYDVR0gBGAwXjALBgkrBgEEAaAyASgwDAYKKwYBBAGgMgEoCjBBBgkrBgEEAaAyAV8wNDAy BggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wDQYJ KoZIhvcNAQELBQADggEBAKidzTLMfGfiC1DXpVxwo2biJe/qtLZTMG6HEjdcM+LCKFbjk71F lfNY2BVxTPPkgokUvv6lzEe96wZUgj7mv7716oj1ecQoIguMevYOC+MqrkmaDpvCJ/JsthtV SgG2GeFoUHRYvBJFGE+u3l4bEzDnVSY0gKL+FIoEqweEYVIRolAAtnLgcvQRZ24TogtgCNfo FJdEO0cV5Q911vjp/kd/mvMhMYuyf0Eimg5WuBLzvw7gmd9RZCLb3IF+fvkdqOJ8W88L66qf 6txWe+ukuCws5gb/riRZf8VEfz6aFV76ZxJffGxSlzEr2r28tNW2uhT/IlSYQLg5wfl1Cxsc GqMwggNfMIICR6ADAgECAgsEAAAAAAEhWFMIojANBgkqhkiG9w0BAQsFADBMMSAwHgYDVQQL ExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UE AxMKR2xvYmFsU2lnbjAeFw0wOTAzMTgxMDAwMDBaFw0yOTAzMTgxMDAwMDBaMEwxIDAeBgNV BAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYD VQQDEwpHbG9iYWxTaWduMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCV2kHkG eCIW9cCDtoTKKJ79BXYRxa2IcvxGAkPHsoqdBF8kyy5L4WCCRuFSqwyBR3Bs3WTR6/Usow+C PQwrrpfXthSGEHm7OxOAd4wI4UnSamIvH176lmjfiSeVOJ8G1z7JyyZZDXPesMjpJg6DFcbv W4vSBGDKSaYo9mk79svIKJHlnYphVzesdBTcdOA67nIvLpz70Lu/9T0A4QYz6IIrrlOmOhZz jN1BDiA6wLSnoemyT5AuMmDpV8u5BJJoaOU4JmB1sp93/5EU764gSfytQBVI0QIxYRleuJfv rXe3ZJp6v1/BE++bYvsNbOBUaRapA9pu6YOTcXbGaYWCFwIDAQABo0IwQDAOBgNVHQ8BAf8E BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUj/BLf6guRSSuTVD6Y5qL3uLdG7ww DQYJKoZIhvcNAQELBQADggEBAEtA28BQqv7IDO/3llRFSbuWAAlBrLMThoYoBzPKa+Z0uboA La6kCtP18fEPir9zZ0qDx0R7eOCvbmxvAymOMzlFw47kuVdsqvwSluxTxi3kJGy5lGP73FNo Z1Y+g7jPNSHDyWj+ztrCU6rMkIrp8F1GjJXdelgoGi8d3s0AN0GP7URt11Mol37zZwQeFdeK lrTT3kwnpEwbc3N29BeZwh96DuMtCK0KHCz/PKtVDg+Rfjbrw1dJvuEuLXxgi8NBURMjnc73 MmuUAaiZ5ywzHzo7JdKGQM47LIZ4yWEvFLru21Vv34TuBQlNvSjYcs7TYlBlHuuSl4Mx2bO1 ykdYP18xggIDMIIB/wIBATBtMF0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWdu IG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWduIFBlcnNvbmFsU2lnbiAyIENBIC0gU0hBMjU2 IC0gRzMCDEl9lexJcAiKwAWbkDANBglghkgBZQMEAgEFAKBpMC8GCSqGSIb3DQEJBDEiBCB1 hdN+15YgrzdHOYlGIDgH1Z393+n2atHqAdmV2odHvTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN AQcBMBwGCSqGSIb3DQEJBTEPFw0xODAyMTkwOTU4MjdaMA0GCSqGSIb3DQEBAQUABIIBAIYJ rroL/O9xwtOdTUhkbvXH+oYvFTtPzrlg1QvLkCQn+IC6BUF4840hpt7MrQOeU5vASAlo54t6 Y1GJiOj/kfMU3p+u0GCPf7LsiRWGfFjbpzX2nHaDisT7PGFDp9beMSXQIjZiO9ElElSbTpPF Dr4ofT21umsiuzZevY9GV2+CPEmt9ijuFCcDG1eEBppgEBlwjG+BkoYv2sEu7DiqKGf10znh Vk9aHngQtVuBi67P8LBCEsNKlGKW1Y1yH9hgT8G7CMM1jfqbCC/NkzVwba/F394z8LZOv5eI St5DPdqs5HzDpF3vjXuGz312Nx1IWV5VfAFYWflGgCVIch0H6mg= --B_3601879107_1679118586-- From owner-freebsd-net@freebsd.org Mon Feb 19 10:05:34 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A2258F1599B for ; Mon, 19 Feb 2018 10:05:34 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: from mail-qk0-x22b.google.com (mail-qk0-x22b.google.com [IPv6:2607:f8b0:400d:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3EBB96B1C0 for ; Mon, 19 Feb 2018 10:05:34 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: by mail-qk0-x22b.google.com with SMTP id s198so11503451qke.5 for ; Mon, 19 Feb 2018 02:05:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=2JEiAgGcu7OQrwOiq/pI1/RSA3nUu7rcyJ0BLCb4xq4=; b=eDOmLuur9eVAG3WdELtCC1UoULwKyoj8Ekx6NBp0aDKQKbwBvW8J9xm8KIBDa59FiQ mj2C8pLYRNzFd9FKogJNCk/FWTZ5Eglx+O+6HK6uwRA3nxbcMxzFzOQsgpRlvy8A2wO7 CEC8zapkXR4ZiwY4kGwPrFzDvuG3i6AUhhYLax80E/OWrl9RcQPuvdQHP+XFJzc6g7fZ adGdRbQTFyWw0RmLtcqVTY+R52n2zZf6jnIMjSAvSm3BT5yOWDgtlLSewRhBeTi5gpJL QBgdv0QqYa5d9NO4FSrmRYJKtMn3inG8ftBKVei/C6UuZ2N52KflYbwIrataFWPcrENo agrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=2JEiAgGcu7OQrwOiq/pI1/RSA3nUu7rcyJ0BLCb4xq4=; b=snMKL0ChcMEgkwKxXF3aJzjq+sUxX6dXq28iAsxVYKelwk8hO3THWvnJeQgcEI2k5Z 8pQqFQtGV011LJfBzp5iVF4d7KBEtVoARs8jWxxjtnSYtlDML/rwjA2yWPt9j+HV3ieB /qTSfTyAnV355qgornvfYSq7fv80osgZQDMOL3vH+YTuIknaGBZG6sw8ZGSumsYrwSgq GxUSHGLQEzX4j0iSo1sqANrlvxGpqJ2zoYagjJKiyeIddrmnjjWK33tUdr4UNO1urUsA rntK9+XNlPDGDN9snqhtLKxyISiCeEtPg6ZTnX6E6AFVCHvYPuQUdT310EsG5p05T5zH p4mg== X-Gm-Message-State: APf1xPDaO/yngUwV7+1/7COB1oU6VtIjB8FcB9DLKcr/xlf7k8MTElTf PBb2GoH97K2Q/krNLkirQa60HGth72qMmy3BfEXOBLKa X-Google-Smtp-Source: AH8x227kqsxc3ATSBPtY6gXZgWv+212E+CyN8jltwbqcbYsJagCD8vQm7ZH5kHnfJ3YNlrncEidB2BnT71lj6sIDDd4= X-Received: by 10.55.126.194 with SMTP id z185mr4362216qkc.340.1519034733734; Mon, 19 Feb 2018 02:05:33 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.112.24 with HTTP; Mon, 19 Feb 2018 02:05:33 -0800 (PST) In-Reply-To: References: <5A8A97EC.4040103@grosbein.net> <5A8A9B8E.2070400@grosbein.net> From: Misak Khachatryan Date: Mon, 19 Feb 2018 14:05:33 +0400 Message-ID: Subject: Re: Racoon and setkey problems To: Eugene Grosbein Cc: freebsd-net@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 10:05:35 -0000 BTW, restarting racoon produces this output: # service racoon stop Stopping racoon. Waiting for PIDS: 54657. # setkey -F; setkey -FP send: No buffer space available send: No buffer space available # service racoon start Starting racoon. I did ktrace of setkey: 5499 setkey CALL socket(PF_KEY,SOCK_RAW,0x2) 5499 setkey RET socket 3 5499 setkey CALL setsockopt(0x3,SOL_SOCKET,SO_SNDBUF,0x7fffffffebac,0x4) 5499 setkey RET setsockopt 0 5499 setkey CALL setsockopt(0x3,SOL_SOCKET,SO_RCVBUF,0x7fffffffebac,0x4) 5499 setkey RET setsockopt 0 5499 setkey CALL getpid 5499 setkey RET getpid 5499/0x157b 5499 setkey CALL sendto(0x3,0x7fffffffeb78,0x10,0,0,0) 5499 setkey RET sendto -1 errno 55 No buffer space available and tried to increase net.raw.recvspace & net.raw.sendspace with no luck Best regards, Misak Khachatryan On Mon, Feb 19, 2018 at 1:49 PM, Misak Khachatryan wrote: > HThis machine was rebooted few days ago and immediately it starts > behave like this, > > FreeBSD xxxxxx.net 10.4-RELEASE-p1 FreeBSD 10.4-RELEASE-p1 #0: Mon Oct > 30 21:13:49 +04 2017 xxxx@xxxxxx.net:/usr/obj/usr/src/sys/RTR > amd64 > > It's 64 bit system with 2 MB of memory: > > # vmstat > procs memory page disks faults cpu > r b w avm fre flt re pi po fr sr md0 ad0 in sy cs us sy id > 1 0 0 2145M 716M 384 0 0 0 617 229 0 0 3678 2043 8230 0 1 99 > > Flushing rules doesn't help, there is 3 IPSEC tunnels in racoon.conf > overall, IPv4 and IPv6, so 12 rules in setkey.conf > > > > > Best regards, > Misak Khachatryan > > > On Mon, Feb 19, 2018 at 1:40 PM, Eugene Grosbein wrote: >> 19.02.2018 16:28, Misak Khachatryan wrote: >> >>> # vmstat -m | egrep "sec|sah|pol" >>> inpcbpolicy 122 4K - 4955796 32 >>> secasvar 48558 12140K - 1572045 256 >>> sahead 3 1K - 15 256 >>> ipsecpolicy 256 64K - 9911740 256 >>> ipsecrequest 12 2K - 48 128 >>> ipsec-misc 389632 12176K - 12575976 16,32,64 >> >> Looking at huge "MemUse" values for secasvar and ipsec-misc, >> I suspect some kind of memory leak. >> >> FreeBSD 11.1 has new IPSEC implementation and you may consider trying new version. >> >> Meantime, you can try to flush all IPSEC-related data from the system: >> >> service racoon stop >> setkey -F; setkey -FP >> service racoon start >> >> If that does not help, reboot and start monitoring these numbers for secasvar and ipsec-misc. >> >> How many IPSEC tunnells/associations do you have simultaneously? >> And again, are those systems 32 bit or 64 bit? >> From owner-freebsd-net@freebsd.org Mon Feb 19 10:07:19 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 17CAAF15C53; Mon, 19 Feb 2018 10:07:19 +0000 (UTC) (envelope-from prvs=5814e79b2=roger.pau@citrix.com) Received: from SMTP.EU.CITRIX.COM (smtp.eu.citrix.com [185.25.65.24]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (Client CN "mail.citrix.com", Issuer "DigiCert SHA2 Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 584346B31C; Mon, 19 Feb 2018 10:07:18 +0000 (UTC) (envelope-from prvs=5814e79b2=roger.pau@citrix.com) X-IronPort-AV: E=Sophos;i="5.46,534,1511827200"; d="scan'208";a="68150322" Date: Mon, 19 Feb 2018 10:05:58 +0000 From: Roger Pau =?iso-8859-1?Q?Monn=E9?= To: Laurence Pawling CC: "freebsd-xen@freebsd.org" , "freebsd-virtualization@freebsd.org" , "freebsd-net@freebsd.org" , David King , Vlad Galu Subject: Re: multi-vCPU networking issues as client OS under Xen Message-ID: <20180219100558.adgb6m5ukdfvxehp@MacBook-Pro-de-Roger.local> References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: NeoMutt/20171208 X-ClientProxiedBy: AMSPEX02CAS01.citrite.net (10.69.22.112) To AMSPEX02CL02.citrite.net (10.69.22.126) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 10:07:19 -0000 On Mon, Feb 19, 2018 at 09:58:30AM +0000, Laurence Pawling via freebsd-xen wrote: > Hi all, > > > > I’m wondering if anyone here has seen this issue before, I’ve spent the last couple of days troubleshooting: > > > > Platform: > > Host: XenServer 7.0 running on 2 x E2660-v4, 256GB RAM > > Server VM: FreeBSD 11 (tested on 11.0-p15 and 11.1-p6), 2GB RAM (also tested with 32GB RAM), 1x50GB HDD, 1 x NIC, 2 or more vCPUs in any combination (2 sockets x 1 core, 1 socket x 2 cores, …) > > Client VM: FreeBSD 11, any configuration of vCPUs, RAM and HDD. > > > > Behaviour: > > Sporadic interruption of TCP sessions when utilising the above machine as a “server” with “clients” connecting. Looking into the communication with pcap/Wireshark, you see a TCP Dup Ack sent from both ends, followed by the client sending an RST packet, terminating the TCP session. We have also seen evidence of the client sending a Keepalive packet, which is ACK’d by the server before the RST is sent from the client end. > > > > To recreate: > > On the above VM, perform a vanilla install of nginx: > > pkg install nginx > > service nginx onestart > > Then on a client VM (currently only tested with FreeBSD), run the following (or similar): > > for i in {1..10000}; do if [ $(curl -s -o /dev/null -w "%{http_code}" http://10.2.122.71) != 200 ] ; then echo "error"; fi; done > > When vCPUs=1 on the server, I get no errors, when vCPUs>1 I get errors reported. The frequency of errors *seems* to be proportional to the number of vCPUs, but they are sporadic with no clear periodicity or pattern, so that is just anecdotal. Also, the problem seems by far the most prevalent when communicating between two VMs on the same host, in the same VLAN. Xen still sends packets via the switch rather than bridging internally between the interfaces. When using >1 vCPUs can you set hw.xn.num_queues=1 on /boot/loader.conf and try to reproduce the issue? I'm afraid this is rather related to multiqueue (which is only used if >1 vCPUs). Thanks, Roger. From owner-freebsd-net@freebsd.org Mon Feb 19 10:31:10 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E0875F17D6D for ; Mon, 19 Feb 2018 10:31:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 170C46CC64 for ; Mon, 19 Feb 2018 10:31:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 3486F11A59 for ; Mon, 19 Feb 2018 10:31:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w1JAV9gq085833 for ; Mon, 19 Feb 2018 10:31:09 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w1JAV9n7085831 for freebsd-net@FreeBSD.org; Mon, 19 Feb 2018 10:31:09 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 138678] [lo] FreeBSD does not assign linklocal address to loopbacks >0 Date: Mon, 19 Feb 2018 10:31:09 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 10:31:11 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D138678 --- Comment #5 from commit-hook@freebsd.org --- A commit references this bug: Author: ae Date: Mon Feb 19 10:30:34 UTC 2018 New revision: 329558 URL: https://svnweb.freebsd.org/changeset/base/329558 Log: MFC r328540: Assign IPv6 link-local address to loopback interfaces whith unit > 0. When an interface has IFF_LOOPBACK flag in6_ifattach() tries to assing IPv6 loopback address to this interface. It uses in6ifa_ifpwithaddr() to check, that interface doesn't already have given address and then uses in6_ifattach_loopback(). If in6_ifattach_loopback() fails, it just exits and thus skips assignment of IPv6 LLA. Fix this using in6ifa_ifwithaddr() function. If IPv6 loopback address is already assigned in the system, do not call in6_ifattach_loopback(). PR: 138678 Changes: _U stable/11/ stable/11/sys/netinet6/in6_ifattach.c --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Feb 19 10:35:59 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8E4E4F18430 for ; Mon, 19 Feb 2018 10:35:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 290EB6D4E9 for ; Mon, 19 Feb 2018 10:35:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 79FFE11B90 for ; Mon, 19 Feb 2018 10:35:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w1JAZw2w098963 for ; Mon, 19 Feb 2018 10:35:58 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w1JAZw4O098961 for freebsd-net@FreeBSD.org; Mon, 19 Feb 2018 10:35:58 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 138678] [lo] FreeBSD does not assign linklocal address to loopbacks >0 Date: Mon, 19 Feb 2018 10:35:58 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: resolution bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 10:35:59 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D138678 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|Open |Closed --- Comment #6 from Andrey V. Elsukov --- Fixed in head/ and stable/11. Thanks! --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Feb 19 10:42:18 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7806BF18D1C; Mon, 19 Feb 2018 10:42:18 +0000 (UTC) (envelope-from laurence.pawling@globalsign.com) Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-sg2apc01on0091.outbound.protection.outlook.com [104.47.125.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT TLS CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0F5B46D962; Mon, 19 Feb 2018 10:42:16 +0000 (UTC) (envelope-from laurence.pawling@globalsign.com) Received: from HK2PR0302MB2545.apcprd03.prod.outlook.com (10.170.152.14) by HK2PR0302MB2579.apcprd03.prod.outlook.com (10.170.145.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.527.6; Mon, 19 Feb 2018 10:42:12 +0000 Received: from HK2PR0302MB2545.apcprd03.prod.outlook.com ([fe80::997e:7c67:c760:d087]) by HK2PR0302MB2545.apcprd03.prod.outlook.com ([fe80::997e:7c67:c760:d087%2]) with mapi id 15.20.0527.012; Mon, 19 Feb 2018 10:42:08 +0000 From: Laurence Pawling To: =?utf-8?B?Um9nZXIgUGF1IE1vbm7DqQ==?= CC: "freebsd-xen@freebsd.org" , "freebsd-virtualization@freebsd.org" , "freebsd-net@freebsd.org" , David King , Vlad Galu Subject: Re: multi-vCPU networking issues as client OS under Xen Thread-Topic: multi-vCPU networking issues as client OS under Xen Thread-Index: AQHTqWgyLMPz8qfMa0GcAhXNzUcYuKOrf6kAgAAKGgA= Date: Mon, 19 Feb 2018 10:42:08 +0000 Message-ID: References: <20180219100558.adgb6m5ukdfvxehp@MacBook-Pro-de-Roger.local> In-Reply-To: <20180219100558.adgb6m5ukdfvxehp@MacBook-Pro-de-Roger.local> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [89.197.152.162] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; HK2PR0302MB2579; 7:mOYvIhWLrbCaDEWovAyP5/Xnh43SekpUIWaOUzDvFcFcy3bYI595F/JF2RBByJ1+FNW/jNfcrwpm9+ItxOJAaqgjRj9nctwa04gP6POwLf6CckDH884Ah59VFBkcmwIe4rV+Ir5Wjavk3IkRBYsLE0DIlEDnX0mALxxFnlZ5Q0uXUSGP1XpltMX0X2Clbf4TsbR/j0lm+D/wP/Hd31Uf+MggG/KA2vdp6XUNRJqf+kIMfL2NLTQ/6enz0fQPNfY1 x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR; x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(7966004)(396003)(366004)(346002)(376002)(39380400002)(39850400004)(189003)(199004)(8666007)(4326008)(25786009)(33656002)(97736004)(99936001)(54906003)(83716003)(107886003)(316002)(99286004)(86362001)(6246003)(106356001)(6486002)(105586002)(5250100002)(6436002)(53936002)(6512007)(66066001)(2900100001)(82746002)(14454004)(81166006)(68736007)(2906002)(5660300001)(81156014)(8676002)(3660700001)(26005)(6116002)(3846002)(229853002)(55236004)(305945005)(6506007)(102836004)(6346003)(508600001)(7736002)(2950100002)(36756003)(6916009)(186003)(76176011)(8936002)(3280700002); DIR:OUT; SFP:1102; SCL:1; SRVR:HK2PR0302MB2579; H:HK2PR0302MB2545.apcprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; x-ms-office365-filtering-correlation-id: 22d8cdaa-6b7f-4db5-5d65-08d577856d39 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(3008032)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(2017052603307)(7153060)(49563074)(7193020); SRVR:HK2PR0302MB2579; x-ms-traffictypediagnostic: HK2PR0302MB2579: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(158342451672863); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040501)(2401047)(5005006)(8121501046)(3231101)(944501161)(93006095)(93001095)(3002001)(10201501046)(6041288)(20161123562045)(20161123560045)(201703131423095)(201703011903075)(201702281528075)(20161123555045)(201703061421075)(20161123564045)(20161123558120)(6072148)(201708071742011); SRVR:HK2PR0302MB2579; BCL:0; PCL:0; RULEID:; SRVR:HK2PR0302MB2579; x-forefront-prvs: 0588B2BD96 received-spf: None (protection.outlook.com: globalsign.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: EhUssBYBudn1yhuBRkD8kZaLgC2I0vav5iH1734j/l3c1m0F+Yuf5QCpT7xe5ON3hwJBEuvUNCCuTkp7+xSYvxMMLiQbWRHrOLCZGf8/mSLupxZPmsmKrGy/1QJTLjHWj1OIs38WRJI3DXFKpyr2hfz13Vq9eG5b0cWBJMe9pHY= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="B_3601881728_1046608566" MIME-Version: 1.0 X-OriginatorOrg: globalsign.com X-MS-Exchange-CrossTenant-Network-Message-Id: 22d8cdaa-6b7f-4db5-5d65-08d577856d39 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Feb 2018 10:42:08.9156 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 8fff67c1-8281-4635-b62f-93106cb7a9a8 X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2PR0302MB2579 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 10:42:18 -0000 --B_3601881728_1046608566 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: 7bit > When using >1 vCPUs can you set hw.xn.num_queues=1 on > /boot/loader.conf and try to reproduce the issue? > > I'm afraid this is rather related to multiqueue (which is only used > if >1 vCPUs). > > Thanks, Roger. Roger - thanks for your quick reply, this is confirmed. Setting hw.xn.num_queues=1 on the server VM when vCPUs > 1 prevents the issue. For reference, please can you comment on the performance impact of this? Laurence --B_3601881728_1046608566 Content-type: application/pkcs7-signature; name="smime.p7s" Content-transfer-encoding: base64 Content-disposition: attachment; filename="smime.p7s" MIIP9AYJKoZIhvcNAQcCoIIP5TCCD+ECAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0B BwGggg21MIIFYjCCBEqgAwIBAgIMSX2V7ElwCIrABZuQMA0GCSqGSIb3DQEBCwUAMF0xCzAJ BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxT aWduIFBlcnNvbmFsU2lnbiAyIENBIC0gU0hBMjU2IC0gRzMwHhcNMTYwODI2MTQzNjA4WhcN MTkwODI3MTQzNjA4WjCBnDELMAkGA1UEBhMCR0IxDTALBgNVBAgTBEtlbnQxEjAQBgNVBAcT CU1haWRzdG9uZTEfMB0GA1UEChMWR01PIEdsb2JhbFNpZ24gTGltaXRlZDEZMBcGA1UEAxMQ TGF1cmVuY2UgUGF3bGluZzEuMCwGCSqGSIb3DQEJARYfbGF1cmVuY2UucGF3bGluZ0BnbG9i YWxzaWduLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALBcjCf6ajlJBRGN ptXjlTf3Wwv5TuzE6iW5j3YOxxGE2uRSoisepRd5pHkQ3ffF1u4Rjfc3aXcHvlmipxf3pA3e TrGJGrlLhvpnY2Zg7ZXDYHEqZIfgASxl/5EXeshGqVi9uIoCjHng+oyfXU0GWuKPgqh88oZN Wm45QoeH4t96TRdlY/dpFjK8ea6vFvZApvbum8bYJZGlJOtgPl0j8/uF1akM8SNxciDQfT39 2quhOd6LxK0LeX9qIe5lXjbhojmyb0IUf4HKZanSuFMer5OY9MnsFgMsUdLs/D5LWw2dsqcF YfQgGs2FEolsnBwmogblGogYxpqy8qIK2JZwJp0CAwEAAaOCAeAwggHcMA4GA1UdDwEB/wQE AwIFoDCBngYIKwYBBQUHAQEEgZEwgY4wTQYIKwYBBQUHMAKGQWh0dHA6Ly9zZWN1cmUuZ2xv YmFsc2lnbi5jb20vY2FjZXJ0L2dzcGVyc29uYWxzaWduMnNoYTJnM29jc3AuY3J0MD0GCCsG AQUFBzABhjFodHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3NwZXJzb25hbHNpZ24yc2hh MmczME0GA1UdIARGMEQwQgYKKwYBBAGgMgEoCjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3 dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJBgNVHRMEAjAAMEQGA1UdHwQ9MDswOaA3 oDWGM2h0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3NwZXJzb25hbHNpZ24yc2hhMmczLmNy bDAqBgNVHREEIzAhgR9sYXVyZW5jZS5wYXdsaW5nQGdsb2JhbHNpZ24uY29tMB0GA1UdJQQW MBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU5SIdmwI3kfJf98Y87lFl62amcP0w HwYDVR0jBBgwFoAUaXKCYjFnlUSFd5GAxAQ2SZ17C2EwDQYJKoZIhvcNAQELBQADggEBACMg 3mWAnD3BBOGpqvrPNem5D3G0GMKlVWSsRax251QsJwogpkoFDgbyX4QtHmkooPRGNydJGwhV TjvWu5BMle9UuZbcDw6zno3/hLD7kDIUlNJOuU+IgRhWtZwp6ELxaSvIBkiDKPRmpue3P73X gMTq2VnDwUx5Sxk9FkZcyFNfZ1wvZGWA03sZAZXj1UkmBrsGZ/dOpfsLr1Z0N4AR2ZVx+H4C MyWzVGJzp5Lvqw54WDY4KL4XRmkw8SrdujgIA5SsoAl4wEmSl1GZiXdb88koxbQ7yME+roNa q86YT7L4n4cWSBsf5lQTodjeYLWN1mmlBGzBxcv2ceTcy541lbwwggToMIID0KADAgECAg5I G2oJE72AJMpdIvAU8zANBgkqhkiG9w0BAQsFADBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJv b3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAe Fw0xNjA2MTUwMDAwMDBaFw0yNDA2MTUwMDAwMDBaMF0xCzAJBgNVBAYTAkJFMRkwFwYDVQQK ExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWduIFBlcnNvbmFsU2lnbiAy IENBIC0gU0hBMjU2IC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2lmiT Zf0sAexiow1Uv4vLpEORopqvsYPytW1v2fDq3M8We9cZ44QDhfnGH3CPH2xJxWkZHnCRODV+ AkhdOWsYRKZqpch09F31hD5jH3FEggg+7cmn9uluJkEpgMlJuv/ZdqCjuxv2ed9LKNNKe5xR wg9lUKGfqEqd5UYEjYNP3LLIPc+YIQmYTMDxj3qpPzcmZUfYZo9JJsLDQL5mPWz/Oq0pRvAT nOHy65mni8LTX1Btog5vxwaXOC9OoY5HArSDANik47pBB2Dl3Tda8gfBO6ecl2gut++pSDa8 6WmomapH6cf2UdL5sSy2xUm1mJ5TU9r7cvN8D/hxPtcD+mfDAgMBAAGjggG1MIIBsTAOBgNV HQ8BAf8EBAMCAQYwagYDVR0lBGMwYQYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDCQYK KwYBBAGCNxQCAgYKKwYBBAGCNwoDBAYJKwYBBAGCNxUGBgorBgEEAYI3CgMMBggrBgEFBQcD BwYIKwYBBQUHAxEwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUaXKCYjFnlUSFd5GA xAQ2SZ17C2EwHwYDVR0jBBgwFoAUj/BLf6guRSSuTVD6Y5qL3uLdG7wwPgYIKwYBBQUHAQEE MjAwMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vcm9vdHIzMDYG A1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vcm9vdC1yMy5jcmww ZwYDVR0gBGAwXjALBgkrBgEEAaAyASgwDAYKKwYBBAGgMgEoCjBBBgkrBgEEAaAyAV8wNDAy BggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wDQYJ KoZIhvcNAQELBQADggEBAKidzTLMfGfiC1DXpVxwo2biJe/qtLZTMG6HEjdcM+LCKFbjk71F lfNY2BVxTPPkgokUvv6lzEe96wZUgj7mv7716oj1ecQoIguMevYOC+MqrkmaDpvCJ/JsthtV SgG2GeFoUHRYvBJFGE+u3l4bEzDnVSY0gKL+FIoEqweEYVIRolAAtnLgcvQRZ24TogtgCNfo FJdEO0cV5Q911vjp/kd/mvMhMYuyf0Eimg5WuBLzvw7gmd9RZCLb3IF+fvkdqOJ8W88L66qf 6txWe+ukuCws5gb/riRZf8VEfz6aFV76ZxJffGxSlzEr2r28tNW2uhT/IlSYQLg5wfl1Cxsc GqMwggNfMIICR6ADAgECAgsEAAAAAAEhWFMIojANBgkqhkiG9w0BAQsFADBMMSAwHgYDVQQL ExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UE AxMKR2xvYmFsU2lnbjAeFw0wOTAzMTgxMDAwMDBaFw0yOTAzMTgxMDAwMDBaMEwxIDAeBgNV BAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYD VQQDEwpHbG9iYWxTaWduMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCV2kHkG eCIW9cCDtoTKKJ79BXYRxa2IcvxGAkPHsoqdBF8kyy5L4WCCRuFSqwyBR3Bs3WTR6/Usow+C PQwrrpfXthSGEHm7OxOAd4wI4UnSamIvH176lmjfiSeVOJ8G1z7JyyZZDXPesMjpJg6DFcbv W4vSBGDKSaYo9mk79svIKJHlnYphVzesdBTcdOA67nIvLpz70Lu/9T0A4QYz6IIrrlOmOhZz jN1BDiA6wLSnoemyT5AuMmDpV8u5BJJoaOU4JmB1sp93/5EU764gSfytQBVI0QIxYRleuJfv rXe3ZJp6v1/BE++bYvsNbOBUaRapA9pu6YOTcXbGaYWCFwIDAQABo0IwQDAOBgNVHQ8BAf8E BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUj/BLf6guRSSuTVD6Y5qL3uLdG7ww DQYJKoZIhvcNAQELBQADggEBAEtA28BQqv7IDO/3llRFSbuWAAlBrLMThoYoBzPKa+Z0uboA La6kCtP18fEPir9zZ0qDx0R7eOCvbmxvAymOMzlFw47kuVdsqvwSluxTxi3kJGy5lGP73FNo Z1Y+g7jPNSHDyWj+ztrCU6rMkIrp8F1GjJXdelgoGi8d3s0AN0GP7URt11Mol37zZwQeFdeK lrTT3kwnpEwbc3N29BeZwh96DuMtCK0KHCz/PKtVDg+Rfjbrw1dJvuEuLXxgi8NBURMjnc73 MmuUAaiZ5ywzHzo7JdKGQM47LIZ4yWEvFLru21Vv34TuBQlNvSjYcs7TYlBlHuuSl4Mx2bO1 ykdYP18xggIDMIIB/wIBATBtMF0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWdu IG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWduIFBlcnNvbmFsU2lnbiAyIENBIC0gU0hBMjU2 IC0gRzMCDEl9lexJcAiKwAWbkDANBglghkgBZQMEAgEFAKBpMC8GCSqGSIb3DQEJBDEiBCB8 aNzfpYozQ/xfkCCmjjSKys2lJJQRltQwtSN3tVOFSTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN AQcBMBwGCSqGSIb3DQEJBTEPFw0xODAyMTkxMDQyMDhaMA0GCSqGSIb3DQEBAQUABIIBADW/ nOtPmnBaLXY094SU+v12CNLetpAJYGhjPS7ExN8H7goqX8cajt6j+W9gaBH5yIu3eTe/HS89 +YVS4cPYUgZote8QKxRmxd7+3xomnEQKs1iXPp2QW5fyxi/3xlCJxy190rTlSVzJqstYMPT7 YVGoeYv4PirWpmnyTtGfD+nc1RbUH08w527rvfHds4rFICaFDh6pGLDOu++JdsGAc1Pb+DXq F0ENsOeY+eBszBIvj/ihb+iM2Go2px7oD1K78VaX2PjLeIoeMvXb58uihT+/b0iTpzzTMUXz yrvx+W9LTvRZo5T1+F27++FAXwCvif64zW8mUtQ5M8nCRgtjfeE= --B_3601881728_1046608566-- From owner-freebsd-net@freebsd.org Mon Feb 19 10:58:00 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1DEE7F1A0AF for ; Mon, 19 Feb 2018 10:58:00 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward101o.mail.yandex.net (forward101o.mail.yandex.net [37.140.190.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7811E6E21C for ; Mon, 19 Feb 2018 10:57:58 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback13g.mail.yandex.net (mxback13g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:92]) by forward101o.mail.yandex.net (Yandex) with ESMTP id 6DCDA1341190; Mon, 19 Feb 2018 13:57:51 +0300 (MSK) Received: from smtp2j.mail.yandex.net (smtp2j.mail.yandex.net [2a02:6b8:0:801::ac]) by mxback13g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id GhIzjoL4G4-vpWaXIUH; Mon, 19 Feb 2018 13:57:51 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1519037871; bh=z9CACTGAEJQTy2GRd4Ib2UmrQlzlI6utO/ZK9CmWZRE=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=uJxQo4lYJtF7vSo51u5RJ55t4fUmOrB5dgxCVoWMAQMs2RzC3dfZzxZDaXPMjh3V2 TuRE+U8JQ9+lUI5s4B2JuLTk3Dj4rkPczmGOoVJETmJL6hM9WyI9uRz+hhl/2K5IEc TnlOotnbQFD4whRIO5pl/zPpDYghw5DMw+3i3H/s= Received: by smtp2j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id ALy50XjZwl-voO46lat; Mon, 19 Feb 2018 13:57:50 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1519037870; bh=z9CACTGAEJQTy2GRd4Ib2UmrQlzlI6utO/ZK9CmWZRE=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=Oiy3dO3XWiD/s7i8Kf4ArG0/nQmj+nXPe5qlHFzT61p8N8pj+T98Rxszp0HtFexxa qgm/19F7h/sF8qBoJ0WJ1pLisguBXtvJyV2klUokSDqCeWp6ovShLz+i9YdfOlclpi dfRhj7B45fWO0gToxLWU1PqLGMSKOckeXofa/z1Y= Authentication-Results: smtp2j.mail.yandex.net; dkim=pass header.i=@yandex.ru Subject: Re: Racoon and setkey problems To: Misak Khachatryan , Eugene Grosbein Cc: freebsd-net@freebsd.org References: <5A8A97EC.4040103@grosbein.net> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Message-ID: <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> Date: Mon, 19 Feb 2018 13:56:57 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="m1uYAfCKuGKWf9aRkp5pHSRuKnryESzfq" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 10:58:00 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --m1uYAfCKuGKWf9aRkp5pHSRuKnryESzfq Content-Type: multipart/mixed; boundary="scJGonz5nZqXsb5c0sWhoKMs7QoHKcHNy"; protected-headers="v1" From: "Andrey V. Elsukov" To: Misak Khachatryan , Eugene Grosbein Cc: freebsd-net@freebsd.org Message-ID: <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> Subject: Re: Racoon and setkey problems References: <5A8A97EC.4040103@grosbein.net> In-Reply-To: --scJGonz5nZqXsb5c0sWhoKMs7QoHKcHNy Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 19.02.2018 12:28, Misak Khachatryan wrote: > Hi, >=20 > # vmstat -m | egrep "sec|sah|pol" > inpcbpolicy 122 4K - 4955796 32 > secasvar 48558 12140K - 1572045 256 > sahead 3 1K - 15 256 > ipsecpolicy 256 64K - 9911740 256 > ipsecrequest 12 2K - 48 128 > ipsec-misc 389632 12176K - 12575976 16,32,64 > ipsec-saq 3 1K - 15 128 > ipsec-reg 3 1K - 12 32 > histogram by message type: > getspi: 1533688 > update: 1533640 > add: 25 > delete: 1 > acquire: 1569975 > register: 16 > expire: 2968244 > flush: 10 > dump: 111982 > x_promisc: 48 > x_spdadd: 48 > x_spddump: 60 > x_spdflush: 7 This looks very strange. Are these from the same machine? You said the system has only 3 tunnels. From this output I can say, that you have too many SAs. Huge numbers for getspi, update, and acquire messages means that you have security policy that produces many SAs. Probably something wrong with your configs. --=20 WBR, Andrey V. Elsukov --scJGonz5nZqXsb5c0sWhoKMs7QoHKcHNy-- --m1uYAfCKuGKWf9aRkp5pHSRuKnryESzfq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlqKrXkACgkQAcXqBBDI oXq/agf7BSZSodVzVh7IqJ+zS+y5eo82CUyKGbmO379aHTiUFWhZwnvBkeZ4uG8M WQ23nDotdb89L+rdDEJ0Sbk4XxL3wQe/NrXtq5BWl8Y9V6bdcYzY6+EFBfF0EEVU v9wdaaqamQFuFjhFanaLE78FxHoB2DPOmWi0aHl9HXRnVGB0/ceyu9TXRMdKUK63 SFxnYEmhvJtQ8DDLc2DABxPkhJvddiFFc8ch+/NPjhNC7juuCnCiWdsoouWdnS6d W+U80mOEasc5CqSkectnU5Xf9tDB14obof//TtxRIAUHccViJGJuZ6p1n4O3GTJj qaH1C/HZk2E9m8dDDtfS6Nd9RU5siQ== =EEUW -----END PGP SIGNATURE----- --m1uYAfCKuGKWf9aRkp5pHSRuKnryESzfq-- From owner-freebsd-net@freebsd.org Mon Feb 19 11:02:28 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 093E8F1A800; Mon, 19 Feb 2018 11:02:28 +0000 (UTC) (envelope-from prvs=5814e79b2=roger.pau@citrix.com) Received: from SMTP.EU.CITRIX.COM (smtp.eu.citrix.com [185.25.65.24]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (Client CN "mail.citrix.com", Issuer "DigiCert SHA2 Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F9C96E80D; Mon, 19 Feb 2018 11:02:27 +0000 (UTC) (envelope-from prvs=5814e79b2=roger.pau@citrix.com) X-IronPort-AV: E=Sophos;i="5.46,534,1511827200"; d="scan'208";a="68152684" Date: Mon, 19 Feb 2018 11:02:19 +0000 From: Roger Pau =?iso-8859-1?Q?Monn=E9?= To: Laurence Pawling CC: "freebsd-xen@freebsd.org" , "freebsd-virtualization@freebsd.org" , "freebsd-net@freebsd.org" , David King , Vlad Galu Subject: Re: multi-vCPU networking issues as client OS under Xen Message-ID: <20180219110219.r4yrgbc4yomb3gly@MacBook-Pro-de-Roger.local> References: <20180219100558.adgb6m5ukdfvxehp@MacBook-Pro-de-Roger.local> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20171208 X-ClientProxiedBy: AMSPEX02CAS02.citrite.net (10.69.22.113) To AMSPEX02CL02.citrite.net (10.69.22.126) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 11:02:28 -0000 On Mon, Feb 19, 2018 at 10:42:08AM +0000, Laurence Pawling wrote: > > When using >1 vCPUs can you set hw.xn.num_queues=1 on > > /boot/loader.conf and try to reproduce the issue? > > > > I'm afraid this is rather related to multiqueue (which is only used > > if >1 vCPUs). > > > > Thanks, Roger. > > Roger - thanks for your quick reply, this is confirmed. Setting hw.xn.num_queues=1 on the server VM when vCPUs > 1 prevents the issue. I've also been told that in order to discard this being a XenServer specific issue you should execute the following on Dom0 and reboot the server: # xe-switch-network-backend bridge And then try to reproduce the issue again with >1 vCPUs (and of course removing the queue limit in loader.conf) > For reference, please can you comment on the performance impact of this? I'm afraid I don't have any numbers. Roger. From owner-freebsd-net@freebsd.org Mon Feb 19 15:41:22 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C4D58F094B8 for ; Mon, 19 Feb 2018 15:41:21 +0000 (UTC) (envelope-from v.maffione@gmail.com) Received: from mail-qt0-x22b.google.com (mail-qt0-x22b.google.com [IPv6:2607:f8b0:400d:c0d::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5A1DF7AB5E; Mon, 19 Feb 2018 15:41:21 +0000 (UTC) (envelope-from v.maffione@gmail.com) Received: by mail-qt0-x22b.google.com with SMTP id f4so12702987qtj.6; Mon, 19 Feb 2018 07:41:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=QviTMNJKqGBfZ65pdjT9iYFIeeVuOV+gCBfubS/IajE=; b=ER7BaFFEcQpGz/dD47Z7WYvlsb8h0IjE5wuYhlOINhp8NuUfWO66LRIjkAuYWNIghd hicZY3PI0cITgtux+9JXzWE1yR9DH+Yzg4P/1Fd1utQrq2NZKGE0kGCYd2k5CwWW1w8R LAdF46u2v1dFmO69jHrrXIQb8MscuvGaKM5FE8eZ+y+VxQKNbPRpI7S8PL8U3F/bLCWS PbcSr7iSTl9AFl3mO+LYWslnQYAbK9hqQNY1f71wlpOwwJv+/lb7ZMe59R+x0uWOHeal KclrcqSnkQVXI/QSIV5SRUKmc9OMP78utLWfH9XAUTY5euA7eLXgWgJu/LDzSyFC7lLm WFsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=QviTMNJKqGBfZ65pdjT9iYFIeeVuOV+gCBfubS/IajE=; b=IwEEbMkds824ULGw33f+k+Q4I2jx8HF/4425ldZk2HzS4L8A9sgdMmiqDJstDeEgQp q2sNzsJqolOocNRUpIPHnWq+DTERzEK5iY1ZJwVSt2m6Z1D2H1RclN5+D8QMhNaCKquP Tt0Z2RdUlb2qTyUUVXwEN4UiEctZ+RV37Mrh6uOGiwJjj9FMkdWG0LmhHyhgYlWFoWbO 6XrlOdcyrcigjlYKi8dcnffvARTsbPN5np4/QsTrgQkdvEIVQQncTG6pt/gTcW6xGO6X BrmTj9Rq9GzVe7sq+Zn7tpmm2XNCLqFvArRnB9alFLeCu9hLNB7huLcmFwUNKlcZTI8N 8VfA== X-Gm-Message-State: APf1xPCRks3nEZxdtI2xYG5Br1FqS1c8A2VVcQeiN3TNIE4opeWR0lQe lIKSqalQqpU2K+uCpgomjWUCmKqk0LR9ubxY5STLKA== X-Google-Smtp-Source: AH8x224i+5o6gu3RzQFGd2/rV3zMxcYL8lI3mSg/ruBoHGWysSYs4gXLPLfPuCZBySjR20kntYbrxYOsbszRR91Ydys= X-Received: by 10.200.55.146 with SMTP id d18mr25177818qtc.61.1519054880629; Mon, 19 Feb 2018 07:41:20 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.170.90 with HTTP; Mon, 19 Feb 2018 07:41:20 -0800 (PST) From: Vincenzo Maffione Date: Mon, 19 Feb 2018 16:41:20 +0100 Message-ID: Subject: fix for some netmap drivers To: Navdeep Parhar , Matthew Macy Cc: FreeBSD Net Content-Type: multipart/mixed; boundary="001a114094da8e07f905659286cb" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 15:41:22 -0000 --001a114094da8e07f905659286cb Content-Type: text/plain; charset="UTF-8" Hello, Can anyone please apply the attached patch? It follows up the removal of the nkr_slot_flags in the upstream netmap. The change fixes compilation issues and has no effect on functionality. Thanks, Vincenzo -- Vincenzo Maffione --001a114094da8e07f905659286cb Content-Type: text/x-patch; charset="US-ASCII"; name="netmap-driver-fix.patch" Content-Disposition: attachment; filename="netmap-driver-fix.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_jdue1va70 ZGlmZiAtLWdpdCBhL3N5cy9kZXYvY3hnYmUvdDRfbmV0bWFwLmMgYi9zeXMvZGV2L2N4Z2JlL3Q0 X25ldG1hcC5jCmluZGV4IGZhM2JiYjlmYzhmLi40NTA4M2ZiOWEzOSAxMDA2NDQKLS0tIGEvc3lz L2Rldi9jeGdiZS90NF9uZXRtYXAuYworKysgYi9zeXMvZGV2L2N4Z2JlL3Q0X25ldG1hcC5jCkBA IC05NzQsNyArOTc0LDcgQEAgdDRfbm1faW50cih2b2lkICphcmcpCiAJCQljYXNlIENQTF9SWF9Q S1Q6CiAJCQkJcmluZy0+c2xvdFtmbF9jaWR4XS5sZW4gPSBHX1JTUERfTEVOKGxxKSAtCiAJCQkJ ICAgIHNjLT5wYXJhbXMuc2dlLmZsX3BrdHNoaWZ0OwotCQkJCXJpbmctPnNsb3RbZmxfY2lkeF0u ZmxhZ3MgPSBrcmluZy0+bmtyX3Nsb3RfZmxhZ3M7CisJCQkJcmluZy0+c2xvdFtmbF9jaWR4XS5m bGFncyA9IDA7CiAJCQkJZmxfY2lkeCArPSAobHEgJiBGX1JTUERfTkVXQlVGKSA/IDEgOiAwOwog CQkJCWZsX2NyZWRpdHMgKz0gKGxxICYgRl9SU1BEX05FV0JVRikgPyAxIDogMDsKIAkJCQlpZiAo X19wcmVkaWN0X2ZhbHNlKGZsX2NpZHggPT0gbm1fcnhxLT5mbF9zaWR4KSkKZGlmZiAtLWdpdCBh L3N5cy9uZXQvaWZsaWIuYyBiL3N5cy9uZXQvaWZsaWIuYwppbmRleCBiYTdkMjU0N2VkMS4uNDRh Mjc2ZTY3ZDcgMTAwNjQ0Ci0tLSBhL3N5cy9uZXQvaWZsaWIuYworKysgYi9zeXMvbmV0L2lmbGli LmMKQEAgLTEwNjgsNyArMTA2OCw2IEBAIGlmbGliX25ldG1hcF9yeHN5bmMoc3RydWN0IG5ldG1h cF9rcmluZyAqa3JpbmcsIGludCBmbGFncykKIAlpZiAobmV0bWFwX25vX3BlbmRpbnRyIHx8IGZv cmNlX3VwZGF0ZSkgewogCQlpbnQgY3JjbGVuID0gaWZsaWJfY3Jjc3RyaXAgPyAwIDogNDsKIAkJ aW50IGVycm9yLCBhdmFpbDsKLQkJdWludDE2X3Qgc2xvdF9mbGFncyA9IGtyaW5nLT5ua3Jfc2xv dF9mbGFnczsKIAogCQlmb3IgKGkgPSAwOyBpIDwgcnhxLT5pZnJfbmZsOyBpKyspIHsKIAkJCWZs ID0gJnJ4cS0+aWZyX2ZsW2ldOwpAQCAtMTA4NCw3ICsxMDgzLDcgQEAgaWZsaWJfbmV0bWFwX3J4 c3luYyhzdHJ1Y3QgbmV0bWFwX2tyaW5nICprcmluZywgaW50IGZsYWdzKQogCiAJCQkJZXJyb3Ig PSBjdHgtPmlzY19yeGRfcGt0X2dldChjdHgtPmlmY19zb2Z0YywgJnJpKTsKIAkJCQlyaW5nLT5z bG90W25tX2ldLmxlbiA9IGVycm9yID8gMCA6IHJpLmlyaV9sZW4gLSBjcmNsZW47Ci0JCQkJcmlu Zy0+c2xvdFtubV9pXS5mbGFncyA9IHNsb3RfZmxhZ3M7CisJCQkJcmluZy0+c2xvdFtubV9pXS5m bGFncyA9IDA7CiAJCQkJaWYgKGZsLT5pZmxfc2RzLmlmc2RfbWFwKQogCQkJCQlidXNfZG1hbWFw X3N5bmMoZmwtPmlmbF9pZmRpLT5pZGlfdGFnLAogCQkJCQkJCWZsLT5pZmxfc2RzLmlmc2RfbWFw W25pY19pXSwgQlVTX0RNQVNZTkNfUE9TVFJFQUQpOwo= --001a114094da8e07f905659286cb-- From owner-freebsd-net@freebsd.org Mon Feb 19 17:44:55 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CABA3F14AEA for ; Mon, 19 Feb 2018 17:44:55 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: from mail-qt0-x234.google.com (mail-qt0-x234.google.com [IPv6:2607:f8b0:400d:c0d::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 607C18217B for ; Mon, 19 Feb 2018 17:44:55 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: by mail-qt0-x234.google.com with SMTP id g14so13210259qti.2 for ; Mon, 19 Feb 2018 09:44:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=EyppjxLhrrqVW+01i8HJq7lpxNnllSC6NX2bcrJ6+Jo=; b=t3hWzjM9WlOKfe6+vYF0dGj9IT2fLDWvtM2wrRIJrUh4+uUzq1YWLx+u9gps5TEHNy cjYv+uimAq0WSZOHS1rF6lAhg0kXsal+BKc2Kb6UlyUQzWXjAiQhnJKN4DvNTXGz37za IYzNK0r9cG+NXbHCgZK20KMyn45biuZaG5c8maP9iSvjXnCj4uMBGNqCl40rdqjlSHLb VFy5pZQ1RA9S4r2XLRntDy62ZuhQ3Hrmhja8q7JnOX6z1b2Tue+OGzj+lbt8tCchCSnI UcX2zFg6pYSkLvUgpB9qjMeJlfWQU3PKnspXGWQSCKusph5dnlHLJL74zu/aJTFdIB2H vIog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=EyppjxLhrrqVW+01i8HJq7lpxNnllSC6NX2bcrJ6+Jo=; b=EQ5plOQaOBI7DAhl1TksjJOSl/yU3vqqayel28VmazJpQ+QlJnsP07SQuw8EGhuzTg eRZ10bMhnlXkwDD4lhOr14mrTz6524bh7/6qh8E6pH8txLutE3Td23ti8O/Q4d0FB6fP 6p94PikJ3MJOQeKmO1tD0zPsL7bvrfOUZVpuE6DXAzfnNk0IUqolgOVPX9sAYlYbibUF AvSop5mMDL/cJ2DjRqJQubF9wwqlvB5crDnED80hi6RAQBqto9QgNX4uyBiRNlx4SCPk uYC+fB0ni18LvecRGN5ONlUcIcCtxAB4Nl6G7ss5ArWDNy49lCQM64PKNaupeyLIh4gp 98/w== X-Gm-Message-State: APf1xPBBp3S1pt57LNvhdPFr2ebuqv8mEeMkNyTXeToBcF4RLq/Sm3Wm 9mmXgBbeWPpi/OsP4zNJ4HYOfsGkiRrRbjY3f0VfJg== X-Google-Smtp-Source: AH8x227wokUPhofCRyxZsOFK5/SgUGD0K5Y2Quk4zhB0TZ70/+3DtS255/t0wVtIosgITkPXKWza+NOFYxL7IpNW4B8= X-Received: by 10.200.15.250 with SMTP id f55mr17118760qtk.171.1519062294847; Mon, 19 Feb 2018 09:44:54 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.112.24 with HTTP; Mon, 19 Feb 2018 09:44:54 -0800 (PST) In-Reply-To: <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> From: Misak Khachatryan Date: Mon, 19 Feb 2018 21:44:54 +0400 Message-ID: Subject: Re: Racoon and setkey problems To: "Andrey V. Elsukov" Cc: Eugene Grosbein , freebsd-net@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 17:44:56 -0000 Hi Andrey, yes, all output is from same machine. I'll recheck all configs again, or, if it's OK, I can post them here. The most confusing thing is that everything worked as a charm several years. And nothing changed in configurations until logs stars to fill up with these messages and i tried to play with some settings to troubleshoot. Best regards, Misak Khachatryan On Mon, Feb 19, 2018 at 2:56 PM, Andrey V. Elsukov wrote: > On 19.02.2018 12:28, Misak Khachatryan wrote: >> Hi, >> >> # vmstat -m | egrep "sec|sah|pol" >> inpcbpolicy 122 4K - 4955796 32 >> secasvar 48558 12140K - 1572045 256 >> sahead 3 1K - 15 256 >> ipsecpolicy 256 64K - 9911740 256 >> ipsecrequest 12 2K - 48 128 >> ipsec-misc 389632 12176K - 12575976 16,32,64 >> ipsec-saq 3 1K - 15 128 >> ipsec-reg 3 1K - 12 32 >> histogram by message type: >> getspi: 1533688 >> update: 1533640 >> add: 25 >> delete: 1 >> acquire: 1569975 >> register: 16 >> expire: 2968244 >> flush: 10 >> dump: 111982 >> x_promisc: 48 >> x_spdadd: 48 >> x_spddump: 60 >> x_spdflush: 7 > > This looks very strange. Are these from the same machine? > You said the system has only 3 tunnels. From this output I can say, that > you have too many SAs. Huge numbers for getspi, update, and acquire > messages means that you have security policy that produces many SAs. > Probably something wrong with your configs. > > -- > WBR, Andrey V. Elsukov > From owner-freebsd-net@freebsd.org Tue Feb 20 05:55:20 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4CEB2F0585D for ; Tue, 20 Feb 2018 05:55:20 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B28C7845FE for ; Tue, 20 Feb 2018 05:55:19 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id w1K5tAFf013511 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 20 Feb 2018 06:55:11 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: kmisak@gmail.com Received: from eg.sd.rdtc.ru (eugen@localhost [127.0.0.1]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTP id w1K5t2DH008888; Tue, 20 Feb 2018 12:55:02 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: Racoon and setkey problems To: Misak Khachatryan , "Andrey V. Elsukov" References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> Cc: freebsd-net@freebsd.org From: Eugene Grosbein Message-ID: <5A8BB836.2010501@grosbein.net> Date: Tue, 20 Feb 2018 12:55:02 +0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE, T_DATE_IN_FUTURE_96_Q autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * 0.0 T_DATE_IN_FUTURE_96_Q Date: is 4 days to 4 months after Received: * date * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-Spam-Level: ** X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 05:55:20 -0000 On 20.02.2018 00:44, Misak Khachatryan wrote: > Hi Andrey, > > yes, all output is from same machine. I'll recheck all configs again, > or, if it's OK, I can post them here. The most confusing thing is that > everything worked as a charm several years. And nothing changed in > configurations until logs stars to fill up with these messages and i > tried to play with some settings to troubleshoot. You may be suffering from some kind of massive IPSEC-scanning bots activity that try to expoit IPSEC-related bugs and trigger some memory leak. You should really try 11.1. From owner-freebsd-net@freebsd.org Tue Feb 20 07:01:20 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3D0EDF08B08 for ; Tue, 20 Feb 2018 07:01:20 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D12E086A82 for ; Tue, 20 Feb 2018 07:01:19 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: by mail-qk0-x229.google.com with SMTP id v124so3842557qkh.11 for ; Mon, 19 Feb 2018 23:01:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=CQzx2HjE3cEvR3O2YVkWMfxICUn2BbEptrchnIloGEI=; b=fC7oekyatJbMjcV8Dwe8vvGtsYp5qzUSNSTJNP+eDxbTi7MC1qEOIZtukHb5TVg7zp 0L+OuAOAwmRly8r/zkh32D8BvfoavPlroP74xDpT9wsBRVVkOObmJCiyCnOPZfoNxrdg 9/30FV5sxPQMNmAFmfX1NrzrE3zCTqg+RWRWc1MDzM76LVeytgDReDkjzG5OEyKa2Bvm ZXqf2rXKccoBux12pKZysPIPW0Y7n2876VLBJ3YHX6YeAnCN4WdfuCUEgXa5kNS+XQQv VLjHkO5TqnWHPjjXLBLwnxdUYHAN+/Iy61XohdZylTn0xczIPilDAMsT85MmuiYN8MTm 0RYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CQzx2HjE3cEvR3O2YVkWMfxICUn2BbEptrchnIloGEI=; b=KGQnSSUQ6gu20zI+tsdXztCIq5K6/ssqhetKWxoffIxkfAMEdECQGILFmKVIYinBGq RhkIm3rYsxNdgUFsmuT/KK26h/eu+4QfjiIWcwQ+S+kUn8ryjFxcYzoV3X76YkYpiQLL R44hhVgx6JoSlnrQesUDhNhV8qGHncjh9iEgrVkHczlQQLV1Z5CUDzUrKaMjnZKzhfLS NUq4XHoZW3kCDYaHRiRGPVqD2FmENJvNjB/jDzzqFkQxibBpiQHz6qsdzPa6UbHrPqsm +SvnSyouzieuHX1w14UrukMMxu0aXhpY8164abhQsLsGzZjqgAMN2+Bzwg2i3Th94ofx tXog== X-Gm-Message-State: APf1xPCNB9qv6OXiN3Jr8uqnE1RuGgnUlXl6Ek41DZKlmkZM50PaS99c XTe5POWhAC3QCJ2wbGdIw6vuxGu8M4xfSjzrnS1ZBw== X-Google-Smtp-Source: AH8x227h6edjt63C9A+RsE08K1k7co9iw4e4w6IOAPSOsuSLYIO5f3wswsSfYE2UrasGGExkWyTTOks5pXKvGO6ANSM= X-Received: by 10.55.126.194 with SMTP id z185mr9056335qkc.340.1519110079368; Mon, 19 Feb 2018 23:01:19 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.81.201 with HTTP; Mon, 19 Feb 2018 23:01:18 -0800 (PST) Received: by 10.200.81.201 with HTTP; Mon, 19 Feb 2018 23:01:18 -0800 (PST) In-Reply-To: References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> From: Misak Khachatryan Date: Tue, 20 Feb 2018 11:01:18 +0400 Message-ID: Subject: Re: Racoon and setkey problems To: Eugene Grosbein Cc: "Andrey V. Elsukov" , freebsd-net@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 07:01:20 -0000 One of the machines didn't connected to the Internet, have only private ip address on it's interfaces, so i have doubts about that. But thanks, I'll check for that too. I'm exporting traffic from two machines to netflow collector, should be easy. On Feb 20, 2018 9:55 AM, "Eugene Grosbein" wrote: On 20.02.2018 00:44, Misak Khachatryan wrote: > Hi Andrey, > > yes, all output is from same machine. I'll recheck all configs again, > or, if it's OK, I can post them here. The most confusing thing is that > everything worked as a charm several years. And nothing changed in > configurations until logs stars to fill up with these messages and i > tried to play with some settings to troubleshoot. You may be suffering from some kind of massive IPSEC-scanning bots activity that try to expoit IPSEC-related bugs and trigger some memory leak. You should really try 11.1. From owner-freebsd-net@freebsd.org Tue Feb 20 12:48:36 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2B824F26791 for ; Tue, 20 Feb 2018 12:48:36 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward105j.mail.yandex.net (forward105j.mail.yandex.net [IPv6:2a02:6b8:0:801:2::108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A071E75504 for ; Tue, 20 Feb 2018 12:48:35 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback14j.mail.yandex.net (mxback14j.mail.yandex.net [IPv6:2a02:6b8:0:1619::90]) by forward105j.mail.yandex.net (Yandex) with ESMTP id 9F3BC18476E; Tue, 20 Feb 2018 15:48:32 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback14j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id K34xRP0Ryz-mWLKQ6eu; Tue, 20 Feb 2018 15:48:32 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1519130912; bh=JjPlwUNmD3y+XIfimZcxmpmO/ERK7MWIs+xG0e4z/7s=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=reLka108adbFbXRXOQ6tolGL3zfNnul45NxkCgw83fx5ihy4sVoa5SgYQJf+Yp3Jd CjXBSEE6mfoCN7g+thtfiNujWELNn/erQ13jm57iDGv/uo6wYgUn2EUclu5j+OObQ/ GGGY3MZHuU4S+nBUdUNp7+pScdzy426Taf6knE68= Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 6VEklM7G1d-mP6CAKJk; Tue, 20 Feb 2018 15:48:25 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1519130905; bh=JjPlwUNmD3y+XIfimZcxmpmO/ERK7MWIs+xG0e4z/7s=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=pALOBo9P5Laf1rYoV8jBxFDeV9+U7AJpsrY/VzR+xjvZXdF5vmYqcLGXy8tVJXQuY 6XPntY1jOPM814/iiVHQ679w9Kxm0TKXjqe9IuYzc53QNJ54+AaFyOX9jH7YvHe+bQ 7FRSNB0iCojFber2YHHJXuamf6td/Hpw/Ix9itJk= Authentication-Results: smtp2p.mail.yandex.net; dkim=pass header.i=@yandex.ru Subject: Re: Racoon and setkey problems To: Eugene Grosbein , Misak Khachatryan Cc: freebsd-net@freebsd.org References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Message-ID: <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> Date: Tue, 20 Feb 2018 15:47:23 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <5A8BB836.2010501@grosbein.net> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="M6wNp3NrTzZa6rBuGfnFvtJm41l1GZvCz" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 12:48:36 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --M6wNp3NrTzZa6rBuGfnFvtJm41l1GZvCz Content-Type: multipart/mixed; boundary="kzlhj1vNoOHn9S0iEhCwL4eH06vZZhPkd"; protected-headers="v1" From: "Andrey V. Elsukov" To: Eugene Grosbein , Misak Khachatryan Cc: freebsd-net@freebsd.org Message-ID: <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> Subject: Re: Racoon and setkey problems References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> In-Reply-To: <5A8BB836.2010501@grosbein.net> --kzlhj1vNoOHn9S0iEhCwL4eH06vZZhPkd Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 20.02.2018 08:55, Eugene Grosbein wrote: >> yes, all output is from same machine. I'll recheck all configs again, >> or, if it's OK, I can post them here. The most confusing thing is that= >> everything worked as a charm several years. And nothing changed in >> configurations until logs stars to fill up with these messages and i >> tried to play with some settings to troubleshoot. >=20 > You may be suffering from some kind of massive IPSEC-scanning bots acti= vity > that try to expoit IPSEC-related bugs and trigger some memory leak. >=20 > You should really try 11.1. 11.1-RELEASE had several bugs in new IPsec code, that were fixed in stable/11 branch. So, if you want to try, I recommend to use stable/11. Also there is very little chance that some problem will be fixed in 10.x branch. --=20 WBR, Andrey V. Elsukov --kzlhj1vNoOHn9S0iEhCwL4eH06vZZhPkd-- --M6wNp3NrTzZa6rBuGfnFvtJm41l1GZvCz Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlqMGNsACgkQAcXqBBDI oXpMkAf/Z8Ng2O0Wy8/BfQnFyuupHhO9mDizawqAlQVTE0MTnoKZlizcRG3CR8XN shcHfHTda9k1nOpiqlpXCFIySRZy0lWkfz2qVgo5D60DunYZcPc0e/2A4C8plutX /MIzhJ7Nb0HsunterUvZjZzde8T+L1sOtzNpl0LOzX5sLn6/MoL2VQSDXLx6GrR/ wXBL95EAjmfcPzwJpsTqo/URkdVdyK0yqWvRIx4ZyOdAadvEBX/d2xCziVV7fQwC em0mCaEExO6te8w77YThyQQGmK6/SjZFptZc+GiukhJGrl01lMHncHH/Ey/CIuB6 XSyB5XqdLqsynQbHP2k+QYHQ4KszlA== =fpgI -----END PGP SIGNATURE----- --M6wNp3NrTzZa6rBuGfnFvtJm41l1GZvCz-- From owner-freebsd-net@freebsd.org Tue Feb 20 16:00:53 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C6484F0F585 for ; Tue, 20 Feb 2018 16:00:53 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) Received: from relay2.tomsk.ru (mail.sibptus.tomsk.ru [212.73.124.5]) by mx1.freebsd.org (Postfix) with ESMTP id 1BF897D5F1 for ; Tue, 20 Feb 2018 16:00:51 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) X-Virus-Scanned: by clamd daemon 0.98.5_1 for FreeBSD at relay2.tomsk.ru Received: from [212.73.125.240] (HELO admin.sibptus.transneft.ru) by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.16) with ESMTPS id 39939608 for freebsd-net@freebsd.org; Tue, 20 Feb 2018 21:55:59 +0600 Received: from admin.sibptus.transneft.ru (sudakov@localhost [127.0.0.1]) by admin.sibptus.transneft.ru (8.15.2/8.15.2) with ESMTP id w1KG0lFJ079286 for ; Tue, 20 Feb 2018 23:00:49 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) Received: (from sudakov@localhost) by admin.sibptus.transneft.ru (8.15.2/8.15.2/Submit) id w1KG0iTS079285 for freebsd-net@freebsd.org; Tue, 20 Feb 2018 23:00:44 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) X-Authentication-Warning: admin.sibptus.transneft.ru: sudakov set sender to vas@mpeks.tomsk.su using -f Date: Tue, 20 Feb 2018 23:00:44 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: bsnmpd and arbitrary OIDs Message-ID: <20180220160044.GA79151@admin.sibptus.transneft.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: AO "Svyaztransneft", SibPTUS X-PGP-Key: http://www.dreamwidth.org/pubkey?user=victor_sudakov X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.9.3 (2018-01-21) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 16:00:54 -0000 Dear Colleagues, Is it possible to configure bsnmpd to return an arbitrary value for an OID, e.g. snmpget -On -v1 -c public localhost .1.3.6.1.4.1.34498.2.1.1.1.2.0 should always return .1.3.6.1.4.1.34498.2.1.1.1.2.0 = STRING: "54.6 V" I need this for debugging a network monitoring system. Thank you very much in advance. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN AS43859 From owner-freebsd-net@freebsd.org Tue Feb 20 17:50:35 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4A51AF192C3 for ; Tue, 20 Feb 2018 17:50:35 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C622A82C16 for ; Tue, 20 Feb 2018 17:50:34 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id w1KHoMbn017695 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 20 Feb 2018 18:50:23 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: vas@mpeks.tomsk.su Received: from [10.58.0.4] (dadv@[10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id w1KHoFJG012656 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 21 Feb 2018 00:50:15 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: bsnmpd and arbitrary OIDs To: Victor Sudakov , freebsd-net@freebsd.org References: <20180220160044.GA79151@admin.sibptus.transneft.ru> From: Eugene Grosbein Message-ID: <5A8C5FD6.3070201@grosbein.net> Date: Wed, 21 Feb 2018 00:50:14 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <20180220160044.GA79151@admin.sibptus.transneft.ru> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 17:50:35 -0000 20.02.2018 23:00, Victor Sudakov wrote: > Is it possible to configure bsnmpd to return an arbitrary value for an OID, e.g. > > snmpget -On -v1 -c public localhost .1.3.6.1.4.1.34498.2.1.1.1.2.0 > > should always return > > .1.3.6.1.4.1.34498.2.1.1.1.2.0 = STRING: "54.6 V" > > I need this for debugging a network monitoring system. > > Thank you very much in advance. You can do that with net-mgmt/bsnmp-ucd addon and little addition to /etc/snmpd.config: begemotSnmpdModulePath."ucd" = "/usr/local/lib/snmp_ucd.so" %ucd extNames.0 = "kern.clockrate" extCommand.0 = "/sbin/sysctl -n kern.clockrate" Refer to bsnmp-ucd(8) manual page for defails. From owner-freebsd-net@freebsd.org Tue Feb 20 21:43:53 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 120E5F0639C for ; Tue, 20 Feb 2018 21:43:53 +0000 (UTC) (envelope-from nparhar@gmail.com) Received: from mail-pl0-x232.google.com (mail-pl0-x232.google.com [IPv6:2607:f8b0:400e:c01::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9E06B71D0F for ; Tue, 20 Feb 2018 21:43:52 +0000 (UTC) (envelope-from nparhar@gmail.com) Received: by mail-pl0-x232.google.com with SMTP id s13so8175449plq.6 for ; Tue, 20 Feb 2018 13:43:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:message-id:subject:from:to:cc:date:in-reply-to:references :mime-version:content-transfer-encoding; bh=Hpxi289ciYMQncAJPfPe8sf0vkh5if6gWh4rSgBQ138=; b=ukI6BCP+jE87nOYznMw7i9NhG87/akzWdYEGtPUlnCLMHDwGTlsnjI6kw1+BGolpt7 wp5jR2X4h7D/yzCvbHxlmXZy7d97TbmNhGrN+sgDqG7KrWXuHlUbOZgpZJlc6ealhvPZ ltM0/2kvlWzj9zMrqGtmvpLPbjV+N7MYc0Vu14G64A0NuMbaCfS1IQ2R25/4epgdSofI DrB0FSz3t5mAJlW5keMOTTTyyaQBRxjWTeilkI7IeP1s5xCiH5KGnaKkGVH9BSH/Yxm9 C7gPSMTaFFaGpSIUJ5+SkEloOsN37k31s3SQ9yH2GMrc3fjFEZ5GxdYS7rSPMFaxBr6e Ic+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:message-id:subject:from:to:cc:date :in-reply-to:references:mime-version:content-transfer-encoding; bh=Hpxi289ciYMQncAJPfPe8sf0vkh5if6gWh4rSgBQ138=; b=XO3IrdjKAsPxfWkWIFN+at8TJRS34Jbl6QMV+ucN+DrhuC6A3Au9VCZWPCBoKom1Pz E1fPVQVDsYSLOHFMamoqQIeTOTAujw6MpPHI4M0K4n3lNXUlFg6LZAfeiSc9QP8Z6/Rj AQ9nTGUndcCVq+875+ORklEtoB3ZXi75eWYXe/oOXFvrJwrXs3XUtAuqen+SLlwoNDOg 6DXZ0tmzcUFpBIl99P9Xw9KX5+78u3hv4ctVT0nBI0hM+TWQd80ddSNj7typDdQuxy3W HYq8zaxwOXI8ICtFeoECnM8Rs4R4zJjwQIFRZK6rZmdNqUGVBd2qqKZbgAXKX+mmsLZj HrVA== X-Gm-Message-State: APf1xPBqOkD6HD9k8j8Ssz6LtDSbUeaod8xIlPCljkRhfSVmXmkHohJS 2HyM9sZXo1GdvuJG2c4Z7laDwtJk X-Google-Smtp-Source: AH8x224eeo5iDO69vAFiQM4wquQVyt4wXORgRdgyGgEDKlwDpDPSkmvUrTkYmsh2m/htA/+r0MYM2w== X-Received: by 2002:a17:902:aa87:: with SMTP id d7-v6mr911528plr.237.1519163031459; Tue, 20 Feb 2018 13:43:51 -0800 (PST) Received: from dwarf (stargate.chelsio.com. [12.32.117.8]) by smtp.googlemail.com with ESMTPSA id g77sm5111863pfk.135.2018.02.20.13.43.50 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 20 Feb 2018 13:43:50 -0800 (PST) Sender: Navdeep Parhar Message-ID: <1519163029.49115.0.camel@FreeBSD.org> Subject: Re: fix for some netmap drivers From: Navdeep Parhar To: Vincenzo Maffione , Matthew Macy Cc: FreeBSD Net Date: Tue, 20 Feb 2018 13:43:49 -0800 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.24.2 FreeBSD GNOME Team Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 21:43:53 -0000 Done in r329675. On Mon, 2018-02-19 at 16:41 +0100, Vincenzo Maffione wrote: > Hello, > Can anyone please apply the attached patch? It follows up the > removal of the nkr_slot_flags in the upstream netmap. > The change fixes compilation issues and has no effect on > functionality. > > Thanks, > Vincenzo > From owner-freebsd-net@freebsd.org Wed Feb 21 14:19:37 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D2CFEF05956 for ; Wed, 21 Feb 2018 14:19:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6E7D07D3A5 for ; Wed, 21 Feb 2018 14:19:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id B96345265 for ; Wed, 21 Feb 2018 14:19:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w1LEJaCC073125 for ; Wed, 21 Feb 2018 14:19:36 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w1LEJabd073124 for freebsd-net@FreeBSD.org; Wed, 21 Feb 2018 14:19:36 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 193953] vlan(4) on LACP lagg(4) do not update if_baudrate value and thus SNMP daemons do not provide high capacity counters Date: Wed, 21 Feb 2018 14:19:36 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 10.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: short_desc assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 14:19:38 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D193953 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|bsnmpd missing 64-bit |vlan(4) on LACP lagg(4) do |fields with vlan under lagg |not update if_baudrate | |value and thus SNMP daemons | |do not provide high | |capacity counters Assignee|freebsd-bugs@FreeBSD.org |freebsd-net@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Feb 21 14:21:46 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B2C64F05E2C for ; Wed, 21 Feb 2018 14:21:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4E5567D795 for ; Wed, 21 Feb 2018 14:21:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 915C952B4 for ; Wed, 21 Feb 2018 14:21:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w1LELjQm084687 for ; Wed, 21 Feb 2018 14:21:45 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w1LELjaF084686 for freebsd-net@FreeBSD.org; Wed, 21 Feb 2018 14:21:45 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 193953] vlan(4) on LACP lagg(4) do not update if_baudrate value and thus SNMP daemons do not provide high capacity counters Date: Wed, 21 Feb 2018 14:21:45 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 10.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: attachments.description Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 14:21:46 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D193953 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #190856|Another patch |Another patch for FreeBSD description| |12-CURRENT --- Comment #8 from Andrey V. Elsukov --- Comment on attachment 190856 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D190856 Another patch for FreeBSD 12-CURRENT Note that the patch for CURRENT. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Feb 21 15:21:39 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 62CA5F0BA77 for ; Wed, 21 Feb 2018 15:21:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id F2C6E81342 for ; Wed, 21 Feb 2018 15:21:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 3DD4A5B1E for ; Wed, 21 Feb 2018 15:21:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w1LFLcvI027095 for ; Wed, 21 Feb 2018 15:21:38 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w1LFLc82027094 for freebsd-net@FreeBSD.org; Wed, 21 Feb 2018 15:21:38 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 193953] vlan(4) on LACP lagg(4) do not update if_baudrate value and thus SNMP daemons do not provide high capacity counters Date: Wed, 21 Feb 2018 15:21:38 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 10.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: zarychtam@plan-b.pwste.edu.pl X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 15:21:39 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D193953 --- Comment #9 from Marek Zarychta --- (In reply to Andrey V. Elsukov from comment #8) Plans to MFC this? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Feb 21 16:22:20 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0D7FFF121C3 for ; Wed, 21 Feb 2018 16:22:20 +0000 (UTC) (envelope-from katie.sadowske@accudbpro.com) Received: from IND01-MA1-obe.outbound.protection.outlook.com (mail-ma1ind01on0054.outbound.protection.outlook.com [104.47.100.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT TLS CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 99978844C7 for ; Wed, 21 Feb 2018 16:22:17 +0000 (UTC) (envelope-from katie.sadowske@accudbpro.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT3485838.onmicrosoft.com; s=selector1-accudbpro-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=p7b3TVclixzCjgy1Qmiops6MjGrvCHBTCD7MAXQCd/U=; b=D/q6DFp0E+zYBZXNyVskYOjlDs7SU5A5QUkRykcnAvEc5NysGz36uWIsPi5ab6sCUJgz0PeJARvFvIpLZhYuVJ7NX8GdXk1BLXbMWWOf8XfaitYYLk+HeengsP+NI6JqPTcR+6h8RkBJhLR54Cy5otFbOk/anUZz6LNjRd55wKE= Received: from MA1PR0101MB1815.INDPRD01.PROD.OUTLOOK.COM (52.134.142.144) by MA1PR0101MB1831.INDPRD01.PROD.OUTLOOK.COM (52.134.142.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Wed, 21 Feb 2018 16:22:13 +0000 Received: from MA1PR0101MB1815.INDPRD01.PROD.OUTLOOK.COM ([fe80::cc2a:914f:771a:adf0]) by MA1PR0101MB1815.INDPRD01.PROD.OUTLOOK.COM ([fe80::cc2a:914f:771a:adf0%15]) with mapi id 15.20.0506.023; Wed, 21 Feb 2018 16:22:13 +0000 From: Katie Sadowske To: "freebsd-net@freebsd.org" Subject: RE: B2B Contacts List Thread-Topic: RE: B2B Contacts List Thread-Index: AdOrJ73xENd0gulEQI+Z+fx8ojKwOQ== Date: Wed, 21 Feb 2018 16:03:34 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=katie.sadowske@accudbpro.com; x-originating-ip: [2405:204:669c:125c:29c8:91fc:69f3:47b2] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; MA1PR0101MB1831; 7:x2hyBFxagAixLw0ETYQ5dc1eisV9C5fQZJwLWtomOGcN4/QEEPiJIx/whF9k0u9v2huDuBIpfLdcm51CGjdZWqTiPkj8MU9he2PoYwraMKnhHqHRtLN6NoF27W7W+sY/KAad5+CIwT5evKHsVdIpbTjZVP4z2GW7D3vxqkTixLHyEDa9tHeYoE1rL4pTEuv8eiOUm8F162xReD2LxmK0MlC1DsXass4DdcEXYqgJ7ZcuI/jSA3dT2cyXdTN6mCsj x-ms-office365-filtering-correlation-id: bb221727-0b3a-42f2-eb44-08d57947445c x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:MA1PR0101MB1831; x-ms-traffictypediagnostic: MA1PR0101MB1831: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(192374486261705)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231101)(2017060910165)(944501161)(3002001)(10201501046)(6041288)(20161123562045)(20161123564045)(20161123560045)(20161123558120)(2016111802025)(6043046)(6072148)(201708071742011); SRVR:MA1PR0101MB1831; BCL:0; PCL:0; RULEID:; SRVR:MA1PR0101MB1831; x-forefront-prvs: 0590BBCCBC x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39380400002)(396003)(39850400004)(376002)(366004)(346002)(44134004)(199004)(189003)(626008)(316002)(3280700002)(7696005)(59450400001)(55016002)(5640700003)(9326002)(6246003)(14454004)(229853002)(8676002)(8936002)(790700001)(6116002)(25786009)(99286004)(81156014)(86362001)(97736004)(81166006)(105586002)(52230400001)(106356001)(223583001)(2351001)(53936002)(6916009)(2906002)(6666003)(68736007)(186003)(74316002)(6506007)(478600001)(5660300001)(7116003)(3660700001)(102836004)(54896002)(9686003)(6436002)(5630700001)(33656002)(2900100001)(5250100002)(6306002)(2501003)(7736002)(45080400002)(26710200004); DIR:OUT; SFP:1101; SCL:1; SRVR:MA1PR0101MB1831; H:MA1PR0101MB1815.INDPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: accudbpro.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: ls13oAANUQxIMmA7HQKdlDJw9FVMohyYTaGV3BapeIDk716jDcXRanieB5KQ94dIy84i1Wx8FuGJr6ST/2ajpUj5ZZYiE6EvsdWKliIWEuqGNv3bDplnhSset0jdsssOia5UNs1ufQH4QnCflHGNfSU9wZJv8/W0Fd2OehFA1yQ= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: accudbpro.com X-MS-Exchange-CrossTenant-Network-Message-Id: bb221727-0b3a-42f2-eb44-08d57947445c X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Feb 2018 16:03:34.4617 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: df12b867-6ad1-4afc-9c76-84e279b5179c X-MS-Exchange-Transport-CrossTenantHeadersStamped: MA1PR0101MB1831 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 16:22:20 -0000 Hi, Our Database is a powerful tool to speed up your business processes, we are= sure you can find more customers and generate more from our list. We will = help you optimize your marketing, mobilize your sales teams, and deliver br= eakthrough growth. 1. Information Technology: Computer Hardware, Software, and IT Resellers (V= alue Added Resellers) etc. 2. Technology Users: SAP, MS Users, Oracle, ERP, CRM, Sage, Accounting Soft= ware, etc. 3. CRM users list: MS Dynamic CRM, MS Exchange Server, Siebel, SAP CRM, Sal= esforce, IBM Lotus, Goldmine, Sage, Saleslogix etc. 4. Business Intelligence, Networking software, IT security software, Databa= se application users list 5. Microsoft Customers/partners list, IBM Customers/partners List, Oracle C= ustomers/partners List, SAP Customers/partners List 6. IT Executives List: CIO, CTO, CISO, IT-VP, IT-Director, IT Manager, MIS = Manager Etc. 7. All C-level executives List: CEO, CFO, CIO, CTO, CMO, CISO, CSO, COO, CN= O etc. Please fill in the details below of your target market: Industry..............? Titles..............? Geography...............? Any instruction...............? Let me know your thoughts or pass on the message to the right person in you= r company. Regards, Katie Sadowske If you don't want to receive any message from us then please type "OPT OUT"= in the Subject Line From owner-freebsd-net@freebsd.org Thu Feb 22 01:29:02 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7C228F15A48 for ; Thu, 22 Feb 2018 01:29:02 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) Received: from relay2.tomsk.ru (mail.sibptus.tomsk.ru [212.73.124.5]) by mx1.freebsd.org (Postfix) with ESMTP id C65FE7F0BE for ; Thu, 22 Feb 2018 01:29:00 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) X-Virus-Scanned: by clamd daemon 0.98.5_1 for FreeBSD at relay2.tomsk.ru Received: from [212.73.125.240] (HELO admin.sibptus.transneft.ru) by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.16) with ESMTPS id 39940909; Thu, 22 Feb 2018 07:24:07 +0600 Received: from admin.sibptus.transneft.ru (sudakov@localhost [127.0.0.1]) by admin.sibptus.transneft.ru (8.15.2/8.15.2) with ESMTP id w1M1StUw011560; Thu, 22 Feb 2018 08:28:57 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) Received: (from sudakov@localhost) by admin.sibptus.transneft.ru (8.15.2/8.15.2/Submit) id w1M1Sp6f011558; Thu, 22 Feb 2018 08:28:52 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) X-Authentication-Warning: admin.sibptus.transneft.ru: sudakov set sender to vas@mpeks.tomsk.su using -f Date: Thu, 22 Feb 2018 08:28:51 +0700 From: Victor Sudakov To: Eugene Grosbein Cc: freebsd-net@freebsd.org Subject: Re: bsnmpd and arbitrary OIDs Message-ID: <20180222012851.GA11433@admin.sibptus.transneft.ru> References: <20180220160044.GA79151@admin.sibptus.transneft.ru> <5A8C5FD6.3070201@grosbein.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5A8C5FD6.3070201@grosbein.net> Organization: AO "Svyaztransneft", SibPTUS X-PGP-Key: http://www.dreamwidth.org/pubkey?user=victor_sudakov X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.9.3 (2018-01-21) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 01:29:02 -0000 Eugene Grosbein wrote: > > > Is it possible to configure bsnmpd to return an arbitrary value for an OID, e.g. > > > > snmpget -On -v1 -c public localhost .1.3.6.1.4.1.34498.2.1.1.1.2.0 > > > > should always return > > > > .1.3.6.1.4.1.34498.2.1.1.1.2.0 = STRING: "54.6 V" > > > > I need this for debugging a network monitoring system. > > > > Thank you very much in advance. > > You can do that with net-mgmt/bsnmp-ucd addon and little addition to /etc/snmpd.config: > > begemotSnmpdModulePath."ucd" = "/usr/local/lib/snmp_ucd.so" Eugene, thanks for the info. I hoped to do with the base system only. For the present I have used the "pass" facility from net-mgmt/net-snmp snmpd. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN AS43859 From owner-freebsd-net@freebsd.org Thu Feb 22 07:10:56 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1FA71F0A161 for ; Thu, 22 Feb 2018 07:10:56 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: from mail-qt0-x234.google.com (mail-qt0-x234.google.com [IPv6:2607:f8b0:400d:c0d::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A46AB70EB4 for ; Thu, 22 Feb 2018 07:10:55 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: by mail-qt0-x234.google.com with SMTP id d14so5164187qtg.1 for ; Wed, 21 Feb 2018 23:10:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=N4jUWOK9u1QlDE4EXdlGEr+1PRU/Y1/qp8A02qCDd40=; b=Y4+3M3MVOdVVPUjCRF7nuyz2V67YEuM0CyWO0Eab1kqx9tUEg5NDjfjQXIws++rp/n fN7wFIRdNsfxGu0GCL2k9gQR98rkAb6tEjYhBdRB7THAOsrzeTKJL/vQXQD+Oi0zkYef z6KqLmuM0IeUm8jpk1mQro5ylfnjLjTWb3xDjVwTAJnBsUCIOOoR00Jap1bd1oL0RcD7 8DSQjk7IvCcYUpKnFxdS1ZlFdOzXKgbV88bQ2/5wNIXd9qkL5yS8jaFU3AAkDPGJbfnP Eo19q5xQQcqwWUDLHfW1P5li6Ff0WL3gn4wZWbTkgQvG5SW7vY42ehx0Cu5TcRB3BSiQ GqsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=N4jUWOK9u1QlDE4EXdlGEr+1PRU/Y1/qp8A02qCDd40=; b=Za5MaZmfj4e2jrn2EsngPgcSdVzGsxkzyzefx/fNPa7WfTyePVqA9WEtVrnPU5dkUK Ysdrey6876Yd7kptGkGQD8t41vFm7aQ5wxbmWEFD4iNGfkYvgu0hiulwv7J048bBOFmI 7CnkY47Db1RMAU6kfKqwieA8i0ZkZin+4VVTgLx45SMH4UGdVuJrRvCO2EswVtnCb56t NbOwgxubrwQFfntXKMQLjEx7sgwe78z+ENvY09xcj0hWJF7O4pixxe3kSuGgWBuwOlD3 ZSyH1HuvK7pYanQXCDWRmvDsDBmRjZ3s46HPDvex86RFwq7peaFsu+l8THQa7TdlcSfr v2aA== X-Gm-Message-State: APf1xPCrdLXRM1taGA67SQTGx63ZSeVRA5zoAWBoyU1RrfM06DJQAN5v sSEjutUexGTYRIkhzmYIJKIm2O07HzqQ5OxSvnKinLpu X-Google-Smtp-Source: AH8x225zETU1KYZRGjoL/Ry2srZd4oCm8Y6rb/gPU/3UXXxqKg/o9Wgc2m//ri4kLx2oE/2iNtT83dGLUctCtY5KTYg= X-Received: by 10.237.45.167 with SMTP id i36mr9535238qtd.126.1519283455171; Wed, 21 Feb 2018 23:10:55 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.81.201 with HTTP; Wed, 21 Feb 2018 23:10:54 -0800 (PST) In-Reply-To: <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> From: Misak Khachatryan Date: Thu, 22 Feb 2018 11:10:54 +0400 Message-ID: Subject: Re: Racoon and setkey problems To: "Andrey V. Elsukov" Cc: Eugene Grosbein , freebsd-net@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 07:10:56 -0000 Hello there, just a quick feedback. I've added rules to my ipfw to block all isakmp ports on interfaces not involved in ipsec and rebooted 3 of 4 machines. Situation returned to normal on them, but rebooting fourth host is very painful. It seems i have some kind of massive ipsec probes from botnet which fills all my SAD and SPD entries or PFKEY sockets. All i need is to flush all SAD and SDP entries, but setkey can't do that. Is there any other way? Best regards, Misak Khachatryan On Tue, Feb 20, 2018 at 4:47 PM, Andrey V. Elsukov wrote: > On 20.02.2018 08:55, Eugene Grosbein wrote: >>> yes, all output is from same machine. I'll recheck all configs again, >>> or, if it's OK, I can post them here. The most confusing thing is that >>> everything worked as a charm several years. And nothing changed in >>> configurations until logs stars to fill up with these messages and i >>> tried to play with some settings to troubleshoot. >> >> You may be suffering from some kind of massive IPSEC-scanning bots activity >> that try to expoit IPSEC-related bugs and trigger some memory leak. >> >> You should really try 11.1. > > 11.1-RELEASE had several bugs in new IPsec code, that were fixed in > stable/11 branch. So, if you want to try, I recommend to use stable/11. > Also there is very little chance that some problem will be fixed in 10.x > branch. > > -- > WBR, Andrey V. Elsukov > From owner-freebsd-net@freebsd.org Thu Feb 22 07:45:21 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2D96DF0EB25 for ; Thu, 22 Feb 2018 07:45:21 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id AD4D072FD1 for ; Thu, 22 Feb 2018 07:45:20 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id w1M7j8RA001722 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 22 Feb 2018 08:45:08 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: vas@mpeks.tomsk.su Received: from eg.sd.rdtc.ru (eugen@localhost [127.0.0.1]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTP id w1M7j1hs025868; Thu, 22 Feb 2018 14:45:01 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: bsnmpd and arbitrary OIDs To: Victor Sudakov References: <20180220160044.GA79151@admin.sibptus.transneft.ru> <5A8C5FD6.3070201@grosbein.net> <20180222012851.GA11433@admin.sibptus.transneft.ru> Cc: freebsd-net@freebsd.org From: Eugene Grosbein X-Enigmail-Draft-Status: N1110 Message-ID: <5A8E74FD.8010406@grosbein.net> Date: Thu, 22 Feb 2018 14:45:01 +0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <20180222012851.GA11433@admin.sibptus.transneft.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-Spam-Level: ** X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 07:45:21 -0000 On 22.02.2018 08:28, Victor Sudakov wrote: >> You can do that with net-mgmt/bsnmp-ucd addon and little addition to /etc/snmpd.config: >> >> begemotSnmpdModulePath."ucd" = "/usr/local/lib/snmp_ucd.so" > > Eugene, thanks for the info. I hoped to do with the base system only. > > For the present I have used the "pass" facility from net-mgmt/net-snmp snmpd. Yes, this is basically the same. bsnmpd in the base system is pretty light and has very basic functions only and is designed for usage of addons. From owner-freebsd-net@freebsd.org Thu Feb 22 07:50:37 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F3DBEF0F436 for ; Thu, 22 Feb 2018 07:50:36 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5FB7F7328D for ; Thu, 22 Feb 2018 07:50:36 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id w1M7oTrr001765 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 22 Feb 2018 08:50:30 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: kmisak@gmail.com Received: from eg.sd.rdtc.ru (eugen@localhost [127.0.0.1]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTP id w1M7oQ47026020; Thu, 22 Feb 2018 14:50:26 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: Racoon and setkey problems To: Misak Khachatryan , "Andrey V. Elsukov" References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> Cc: freebsd-net@freebsd.org From: Eugene Grosbein Message-ID: <5A8E7642.2020509@grosbein.net> Date: Thu, 22 Feb 2018 14:50:26 +0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-Spam-Level: ** X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 07:50:37 -0000 On 22.02.2018 14:10, Misak Khachatryan wrote: > Hello there, > > just a quick feedback. I've added rules to my ipfw to block all isakmp > ports on interfaces not involved in ipsec and rebooted 3 of 4 > machines. Situation returned to normal on them, but rebooting fourth > host is very painful. It seems i have some kind of massive ipsec > probes from botnet which fills all my SAD and SPD entries or PFKEY > sockets. > > All i need is to flush all SAD and SDP entries, but setkey can't do > that. Is there any other way? Try to increase sysctl kern.ipc.maxsockbuf upto some huge value like 80MB and re-try with setkey. From owner-freebsd-net@freebsd.org Thu Feb 22 09:08:35 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 05141F169CD for ; Thu, 22 Feb 2018 09:08:35 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: from mail-qt0-x22d.google.com (mail-qt0-x22d.google.com [IPv6:2607:f8b0:400d:c0d::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8E8B076A1B for ; Thu, 22 Feb 2018 09:08:34 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: by mail-qt0-x22d.google.com with SMTP id f4so5431958qtj.6 for ; Thu, 22 Feb 2018 01:08:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=26fJxJf/tJj0q89Ayk0LJvQYE9Ry6u+IXV1CUTkvKQI=; b=HokEO7ghdbR8KwC00U1ovHlNidYo2oROvY0lne4BqRGDrpCgEALS+sXt5wQjloXnPp TG3IA38PcG9lKs6yJSLOG8zE+XNQskJNvEmm3Mdr2WSuV+v87oTY9WvaqY67Ju1Q3I2D Noel9nLgCmXdAHoKc1PSBzNOO8b+ayCscUpEo2pTJut66FTFkWXrA0hn1hRw+X/qdkXk hU5jFtFaP8QBg3o0+pHasg4Q3eajiqKqjT8Xl/REEyaKvrKVwBvWYB2KA7SxsbCjb3Lu PA2bSo3z25Qhsyj8iExf26s4EUCsvS8x551g7tdBnfQGQnsbS6KCdtt9MkXIP0RCM6G4 +/Ow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=26fJxJf/tJj0q89Ayk0LJvQYE9Ry6u+IXV1CUTkvKQI=; b=UnKJNJfrgLujCRqylG7HbHWubdB6iHTIv5D6XrKGvEbMjHzMEbEOiYarZjg5YQbBAL J3kgxYOD5scWYKSIIhTzwJlpoxfBjzlfrYTTrlLvq9u8HzR4Cl/ZZlJyPSSO4YNdIOTX 1/1idftSPQYQ2go+a9ES5Nn5A5P+I/f05sEcUEFAPoCc2s8RNWRIAz0zqjF1ycHkmrWT 8+SGfphDLM1H2HTyf6EZI819oCQ2/e8W5AamF1Xs4yFLxvVDBLapZcjfnW5togJvVx7w VoPPSxk6MPxf2G852f1Q9W/bTYiWNTHLdZoya8BlLlGb/hEwa6oTbdwjVprMDKU1Xwor Lkug== X-Gm-Message-State: APf1xPCh0yl7X6ghi4La9IU8gGjVBtlIOPZuvkqMaylO5rMT1/+2VehN KvHUhQ7mAWaFLf+1Bndvp0mS4b0100latRft/us= X-Google-Smtp-Source: AH8x226mbYTZBdPANWd/tQxWs2eac79ZVvKZTIxSvxs5xhEErYuipgGWJheJ2kaVC08FPgD3ZXld5KTr9gxiKNiUtic= X-Received: by 10.200.42.114 with SMTP id l47mr9989446qtl.164.1519290513730; Thu, 22 Feb 2018 01:08:33 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.81.201 with HTTP; Thu, 22 Feb 2018 01:08:33 -0800 (PST) In-Reply-To: <5A8E7642.2020509@grosbein.net> References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> <5A8E7642.2020509@grosbein.net> From: Misak Khachatryan Date: Thu, 22 Feb 2018 13:08:33 +0400 Message-ID: Subject: Re: Racoon and setkey problems To: Eugene Grosbein Cc: "Andrey V. Elsukov" , freebsd-net@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 09:08:35 -0000 That didn help. Best regards, Misak Khachatryan On Thu, Feb 22, 2018 at 11:50 AM, Eugene Grosbein wrote: > On 22.02.2018 14:10, Misak Khachatryan wrote: >> Hello there, >> >> just a quick feedback. I've added rules to my ipfw to block all isakmp >> ports on interfaces not involved in ipsec and rebooted 3 of 4 >> machines. Situation returned to normal on them, but rebooting fourth >> host is very painful. It seems i have some kind of massive ipsec >> probes from botnet which fills all my SAD and SPD entries or PFKEY >> sockets. >> >> All i need is to flush all SAD and SDP entries, but setkey can't do >> that. Is there any other way? > > Try to increase sysctl kern.ipc.maxsockbuf upto some huge value like 80MB > and re-try with setkey. > From owner-freebsd-net@freebsd.org Thu Feb 22 11:44:05 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D492AF2583D for ; Thu, 22 Feb 2018 11:44:04 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward104o.mail.yandex.net (forward104o.mail.yandex.net [37.140.190.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4EFD57D7A1 for ; Thu, 22 Feb 2018 11:44:04 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback5g.mail.yandex.net (mxback5g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:166]) by forward104o.mail.yandex.net (Yandex) with ESMTP id 52D39702401; Thu, 22 Feb 2018 14:44:01 +0300 (MSK) Received: from smtp3o.mail.yandex.net (smtp3o.mail.yandex.net [2a02:6b8:0:1a2d::27]) by mxback5g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id PfPGnKcDnM-i0QuJruM; Thu, 22 Feb 2018 14:44:01 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1519299841; bh=QcdoVKjIIiEwj+klipiVMxkBkJ/QROMp4Bc8jpNmQpE=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=sPJLdcPv4Fu9hKdEhiZITKxx2jntDhayf714tiLDJHn5ZLioKo7Sy349oCwAT9ckX zUoXeugxRaFbD62xOULKKDhnCArojqr8Xp2vwMvLL26PTyl/cx/UuUbV79MSLSLSta m1o40jeorfByXZgGPemmHKlehXTefSfYURXKT0I4= Received: by smtp3o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id xrAaRZ5UXN-hxYqEo4N; Thu, 22 Feb 2018 14:43:59 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1519299839; bh=QcdoVKjIIiEwj+klipiVMxkBkJ/QROMp4Bc8jpNmQpE=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=PZgkdtkpiyc4OWBBIV6o5GROY7oS+9cX0jfZv7Rfuuu1by02qQ1Y7iCWV2i7ebUHN kfQXKQuBhaZt77n7b44Bd9OT5lNZmh5QLNTbv8AhGWVKBdrX3cKfJkGQGW/83PWotj BoKhPF3CUFwL6lz0QjzLW3jnFCrqnHTA954nYf1s= Authentication-Results: smtp3o.mail.yandex.net; dkim=pass header.i=@yandex.ru Subject: Re: Racoon and setkey problems To: Misak Khachatryan , Eugene Grosbein Cc: freebsd-net@freebsd.org References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> <5A8E7642.2020509@grosbein.net> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Message-ID: Date: Thu, 22 Feb 2018 14:42:49 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="01wtH4sL4Po9Lp6gT7SiqtRAkmrNStyoc" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 11:44:05 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --01wtH4sL4Po9Lp6gT7SiqtRAkmrNStyoc Content-Type: multipart/mixed; boundary="7ZQj5bs9GnUv4askWgFXFpcbsH1DyJNvd"; protected-headers="v1" From: "Andrey V. Elsukov" To: Misak Khachatryan , Eugene Grosbein Cc: freebsd-net@freebsd.org Message-ID: Subject: Re: Racoon and setkey problems References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> <5A8E7642.2020509@grosbein.net> In-Reply-To: --7ZQj5bs9GnUv4askWgFXFpcbsH1DyJNvd Content-Type: multipart/mixed; boundary="------------937783B31F0910A303E54979" Content-Language: en-US This is a multi-part message in MIME format. --------------937783B31F0910A303E54979 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 22.02.2018 12:08, Misak Khachatryan wrote: > That didn help. >=20 > Best regards, > Misak Khachatryan Can you stop racoon and use the following commands and then show the outp= ut? # kldload dtraceall # chmod +x ./key.d # ./key.d and from another console run `setkey -x`, show what key.d will print out.= --=20 WBR, Andrey V. Elsukov --------------937783B31F0910A303E54979-- --7ZQj5bs9GnUv4askWgFXFpcbsH1DyJNvd-- --01wtH4sL4Po9Lp6gT7SiqtRAkmrNStyoc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlqOrLkACgkQAcXqBBDI oXqTlAf+LtcyVMAwdULYN47FZ/EZEgTKvocxtXbhITc4L3cQeBe8QPPghaIPLy2I igHLFwN2FuURZarIN9AiHI6/2yqzl+eiTGHEVXmMK21jDXiFZL+SERSdW/ZYHlZ2 NrZdi2WIOmbckUqR/hoewpedCuB9IrgKwcPTsdzXm7ub2B0MyiW2WviHixnQ4tOk nwkzrHeKAyPwOfSMnv3dhsSFpfl/Ff5QOCXdAG0g9PPs4CipzHBOLOLA+/PEBfDZ lP6tS7slbQH3ECXBA8M2WqshG5BJIDEzqe/BSI72+nnH53MKHYUcHfFtQrec5IBC LxbsOraOEKKfjMkaVmXYyPpDxsyNJw== =DbPk -----END PGP SIGNATURE----- --01wtH4sL4Po9Lp6gT7SiqtRAkmrNStyoc-- From owner-freebsd-net@freebsd.org Thu Feb 22 12:09:22 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CC2DFF27FB2 for ; Thu, 22 Feb 2018 12:09:22 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: from mail-qt0-x22a.google.com (mail-qt0-x22a.google.com [IPv6:2607:f8b0:400d:c0d::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 615A57EF64 for ; Thu, 22 Feb 2018 12:09:22 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: by mail-qt0-x22a.google.com with SMTP id m13so1218169qtg.13 for ; Thu, 22 Feb 2018 04:09:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rIq7SElAg2fyD7dBDPz+FNhQ9AYv+WsOKRvysbgtX4E=; b=emLmgl1ngK52CQ3NfWCLocF0Lu20lu1vRa7kVSAfm5EzdM4QKoyBvwa0RaKGQtGVPf buiY/GPhqcetpctbDQFiaS4nYZeCWEQaFQuya2l3P/ok/XXMnvPeYmnrnaTZRe9Qkahl CwRoKiGUeV47GUNdRPuY5WCxltwF7chisdOIW3JnSy1c2rWXOPNz7PklZhOI1y7Q/SR5 GFAHeAgcOsX16IXvSK2UqdyjBEnTi1OJHgw6/1my8wuz7uvXpT5FO2bsE7rKbTqFNg6C vEszRXqGjn6VEbyT3yphYfSSPvytv2dCyT8z36731LTgpgwPzsTUPFHqCCHDIkYS/S2G V1bw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rIq7SElAg2fyD7dBDPz+FNhQ9AYv+WsOKRvysbgtX4E=; b=bJtJ+HYm3JhIR9wU4vvExj0zOOdLv56NQgK2TJNrxtUl/Er7awrm+MVR5IzNf2RCrj VjnTXdphGHg65G6pNUkdqF1S94mCGgd3Ze0Ynm4lPWMR3Y2X6VFqpim/zvG3FllJnHea WdlrN657F9KhMbcRj71aqLHOs3UqWiszhL17Ri1KNjRRgmc5LASIkJBUsoMusHjNFh/2 psQg4IQtvShsVGwBsnlsSRmufI2lNi2kg4cBGvtK4HMLuLrPwVPWItyMx9wMaP5dz6zg /Xssuvdg/ivaaXTy4025+EO9Tq1BQEd5jyf98msclmtDPms3Mic8dHO1lYF8LL7wLz/n h93g== X-Gm-Message-State: APf1xPAWOyFz3Bw28GsWpBWEBNRA8czVIZjHRrB9k9DPMmXHozIaveVC ZM2vFJJaD7VrknreOFzu1tHt2nfUzvsPTnWbZSboi86J X-Google-Smtp-Source: AH8x227DJW2kSTR8qlbmnmnEli4k6Owp9+YjsVNeGwCsrMUmznZJRuw1Vb/3l+X4Wy6E4GzPv42Lfk20aLmtN8o2epc= X-Received: by 10.200.42.253 with SMTP id c58mr10540493qta.310.1519301361994; Thu, 22 Feb 2018 04:09:21 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.81.201 with HTTP; Thu, 22 Feb 2018 04:09:21 -0800 (PST) In-Reply-To: References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> <5A8E7642.2020509@grosbein.net> From: Misak Khachatryan Date: Thu, 22 Feb 2018 16:09:21 +0400 Message-ID: Subject: Re: Racoon and setkey problems To: "Andrey V. Elsukov" Cc: Eugene Grosbein , freebsd-net@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 12:09:23 -0000 I'm getting this: # ./key.d : No such file or directory # which dtrace /usr/sbin/dtrace Best regards, Misak Khachatryan On Thu, Feb 22, 2018 at 3:42 PM, Andrey V. Elsukov wrote: > On 22.02.2018 12:08, Misak Khachatryan wrote: >> That didn help. >> >> Best regards, >> Misak Khachatryan > > Can you stop racoon and use the following commands and then show the output? > > # kldload dtraceall > # chmod +x ./key.d > # ./key.d > > and from another console run `setkey -x`, show what key.d will print out. > > -- > WBR, Andrey V. Elsukov From owner-freebsd-net@freebsd.org Thu Feb 22 12:13:06 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 35A24F284AF for ; Thu, 22 Feb 2018 12:13:06 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: from mail-qt0-x22f.google.com (mail-qt0-x22f.google.com [IPv6:2607:f8b0:400d:c0d::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C0D1D7F395 for ; Thu, 22 Feb 2018 12:13:05 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: by mail-qt0-x22f.google.com with SMTP id f4so5963831qtj.6 for ; Thu, 22 Feb 2018 04:13:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Gw1/Pd4osu+N6J9WPN2iMhiXigELVZGmUhg7kRu68Z8=; b=Wy0vttvQZm02Ttfk7VzoIPdNFqwGUYoxFFJTPT27FMwOeFJswKJINLUv2VSWn+8R6S T935+vsZnmbmv167KCHE6DDEVulqWs421W2XluEmp/dNd07msIfRDYuXnR4z5V6arPiQ xkOuH8CoxTIQIdX9WTRpYjMo2eMgbpNWkQ0GGJMr5E/qjphliHtFzLwZti92r4KHllVQ CTrt3S6NL44rLj9BpDhGnMq15MBwBZyZhen+Btuf8XzC4Me3acpBzqjk5w9pBWgUwvOg bl1I63ZhFfoGzDanoEVr4uU8Bn09cAG2xxXN14fL+HireA35gPE/J+mdF2fVihQN44wF 6K5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Gw1/Pd4osu+N6J9WPN2iMhiXigELVZGmUhg7kRu68Z8=; b=Ls0PCw//aLYYY0GvGuM5Sqa6Qy8lRLXMNvp1trk8YzV+I8DB7zjJmicDYwaBqARpRA KODK40fxl0YS65vDSAvl7OZb1VhL8PTVgk6IUYCpwJerwD8bqJw/dWzCep8v4iaJud42 KkYUPJOzYDr1x2BIkwWiojhERigbqvxmcALANXL/cNfZLZY8o5bcSgV7B66A38Z5cVi2 VxIy+Qdv6eNFMmbLX5PuAg9rOi6Zn+Lz1HqE2sD6L8hAEzSgHMPd40QJSjZn17YPe5BV nah38x/6fZ8VjtMfYwGwoqFTKQoD2JYBElQdgYTLir6ziU+/BcvjwGFVcg85aQD7SyRt TZOg== X-Gm-Message-State: APf1xPCLMur4IaWNNPMBVtpowNkgYKdhWP2kLFm6Zcp+y2cnlBz2MzyW lqgrkuXCuGlvSIDwI04zqfgTH0l5hokEan8Bi2fOWaHy X-Google-Smtp-Source: AH8x226iR4edzyqvHI0NCXgdSjdHladlTEFzdFl2JJV/SJ+1wIgEmyKSH5aiEzwz+TZa0cnkal0EN39HnXl7UPt+UYY= X-Received: by 10.200.49.226 with SMTP id i31mr10660524qte.42.1519301585434; Thu, 22 Feb 2018 04:13:05 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.81.201 with HTTP; Thu, 22 Feb 2018 04:13:04 -0800 (PST) In-Reply-To: References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> <5A8E7642.2020509@grosbein.net> From: Misak Khachatryan Date: Thu, 22 Feb 2018 16:13:04 +0400 Message-ID: Subject: Re: Racoon and setkey problems To: "Andrey V. Elsukov" Cc: Eugene Grosbein , freebsd-net@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 12:13:06 -0000 I did this way: # dtrace -s key.d dtrace: script 'key.d' matched 6 probes CPU ID FUNCTION:NAME 7 7957 key_attach:return 0 7 7969 key_sendup0:return 0 7 7969 key_sendup0:return 55 7 24402 key_sendup_mbuf:return 55 7 11197 key_parse:return 55 ^C Best regards, Misak Khachatryan On Thu, Feb 22, 2018 at 4:09 PM, Misak Khachatryan wrote: > I'm getting this: > > # ./key.d > : No such file or directory > # which dtrace > /usr/sbin/dtrace > > Best regards, > Misak Khachatryan > > > On Thu, Feb 22, 2018 at 3:42 PM, Andrey V. Elsukov wrote: >> On 22.02.2018 12:08, Misak Khachatryan wrote: >>> That didn help. >>> >>> Best regards, >>> Misak Khachatryan >> >> Can you stop racoon and use the following commands and then show the output? >> >> # kldload dtraceall >> # chmod +x ./key.d >> # ./key.d >> >> and from another console run `setkey -x`, show what key.d will print out. >> >> -- >> WBR, Andrey V. Elsukov From owner-freebsd-net@freebsd.org Thu Feb 22 13:12:34 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0D23AF01AAF for ; Thu, 22 Feb 2018 13:12:34 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward105p.mail.yandex.net (forward105p.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 784C981AEB for ; Thu, 22 Feb 2018 13:12:33 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback9j.mail.yandex.net (mxback9j.mail.yandex.net [IPv6:2a02:6b8:0:1619::112]) by forward105p.mail.yandex.net (Yandex) with ESMTP id 4A3264082F3F; Thu, 22 Feb 2018 16:12:22 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback9j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id At2S8BhbHW-CMvqAUSp; Thu, 22 Feb 2018 16:12:22 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1519305142; bh=VUYZiBtGU5qjBpUybr2C2/W66fqiMpPStnvtqDu/8Zk=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=FibcchOEsqD7RuDF6x1MLSKFn1ZCsAyEPKX7KQG3Bef/l+ob5hyAq8endMf1JooE+ gmzcIR0kOwY7Wxul8pcsrkVrnoXWyZVUyXpZnYKhWa1pzl2LoXa4s6AJw/+8hgkb9O vrl7JYEVnLqOGSG2VIAtVDUWTGd4c5MnNLPvJNo0= Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id zunr0u3hoF-CLMKrjk7; Thu, 22 Feb 2018 16:12:21 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1519305141; bh=VUYZiBtGU5qjBpUybr2C2/W66fqiMpPStnvtqDu/8Zk=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=vRyt6kgCBqEHsQ+Q5u51u54g/Bz/Rp0FQnwI6gC0DJZJIhn3LFF5PCSv5adCbYwhX uRDAT0RFPg0yDrUCyyIdhADdgwbZy5JXtVd/kf4jkZ98aS+DfefOjzAMMtdAD+xrPJ 7Q/id+og5iP7H/PrpLJgOrIiaUtNBRSvGb8SQCmo= Authentication-Results: smtp2o.mail.yandex.net; dkim=pass header.i=@yandex.ru Subject: Re: Racoon and setkey problems To: Misak Khachatryan Cc: freebsd-net@freebsd.org, Eugene Grosbein References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> <5A8E7642.2020509@grosbein.net> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Message-ID: <182ad344-6d2d-418f-02c6-1ba11dd3c2cd@yandex.ru> Date: Thu, 22 Feb 2018 16:11:11 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="N3OxzyIRc97PDmlvudHWKy3LTumUyULFi" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 13:12:34 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --N3OxzyIRc97PDmlvudHWKy3LTumUyULFi Content-Type: multipart/mixed; boundary="xD5w5uz6bdmAjYRx1wiRJkGRMEIrue3il"; protected-headers="v1" From: "Andrey V. Elsukov" To: Misak Khachatryan Cc: freebsd-net@freebsd.org, Eugene Grosbein Message-ID: <182ad344-6d2d-418f-02c6-1ba11dd3c2cd@yandex.ru> Subject: Re: Racoon and setkey problems References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> <5A8E7642.2020509@grosbein.net> In-Reply-To: --xD5w5uz6bdmAjYRx1wiRJkGRMEIrue3il Content-Type: multipart/mixed; boundary="------------63B071DDB88013CC6749E2A3" Content-Language: en-US This is a multi-part message in MIME format. --------------63B071DDB88013CC6749E2A3 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 22.02.2018 15:13, Misak Khachatryan wrote: > I did this way: >=20 > # dtrace -s key.d > dtrace: script 'key.d' matched 6 probes > CPU ID FUNCTION:NAME > 7 7957 key_attach:return 0 > 7 7969 key_sendup0:return 0 > 7 7969 key_sendup0:return 55 > 7 24402 key_sendup_mbuf:return 55 > 7 11197 key_parse:return 55 > ^C Ok, I updated the script, please, show new result --=20 WBR, Andrey V. Elsukov --------------63B071DDB88013CC6749E2A3-- --xD5w5uz6bdmAjYRx1wiRJkGRMEIrue3il-- --N3OxzyIRc97PDmlvudHWKy3LTumUyULFi Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlqOwW8ACgkQAcXqBBDI oXrDSggAwHwjqeVttTmYewjfTo/9GYC6E/xdGuLC4uISxJ9WmdUq6nNg6nu9yZea qUCXdKYkFpR5sDR4LNVgDRsV/G6S3wTaXB5SVHWj9vCE3iiYWPZ+d9EJ/Cw9MzZi 8xMCC8yLIG9p9H5IlS/WczbO9rpwDeUP+p5uvu2v5mkJgry0gTJ6w1Y4X2rk6/ys zP0dGG0XG4EgCshYbYkGenk+Po2bK8Ly7KLugJfGqr5mYtYbeGD9igYDy4ICYjJM NSIsQxEXl4CAPTL9JfBWTDIhFgYB/tT3/hcjZQidHOJzxiVzrfG6moU29eEa+CSK 7Ay9mtinYQuSyZ775qfrIUb3Fqrmdw== =Zo5g -----END PGP SIGNATURE----- --N3OxzyIRc97PDmlvudHWKy3LTumUyULFi-- From owner-freebsd-net@freebsd.org Thu Feb 22 13:27:14 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C06EBF02CCB for ; Thu, 22 Feb 2018 13:27:14 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: from mail-qk0-x22f.google.com (mail-qk0-x22f.google.com [IPv6:2607:f8b0:400d:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3468882234 for ; Thu, 22 Feb 2018 13:27:14 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: by mail-qk0-x22f.google.com with SMTP id z197so6379022qkb.6 for ; Thu, 22 Feb 2018 05:27:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=1Dy3hsddEHD5jKhGLgskJ3EsTqKw9vv9TK5LSSr3Zhk=; b=um1qHYMLk1hzeK45BJZUu0kcR6peVrjnHbgDrXLsAIHmGzXDKorLvYrdtznW6yTpAM m7HeLQ4fT3aPKAflGyi1JB0iMSaTbsW2O68b4WO9ZF01IzUbKq2Nj+Ilb3lex3j3xpcB dIeOiyX4DeEaerOFJsZ1Laf4SiT3+yKKvAklCslnp5figZjBMWZBRXF5Pc8+LM8od0CK ycbWfJaMrWaaXeITECM0MOWLdtcJDCKxiCQfAYwK+zRWqA36/ZmyeRq4o61PpWADoeZb O3K52JhGR0bxZp1iC2r4KplwoHuSHNtzQE+rWcNnz6RpElJryZd2VcXzK7de0Cmy7/1U T4iw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=1Dy3hsddEHD5jKhGLgskJ3EsTqKw9vv9TK5LSSr3Zhk=; b=G1MNbGPHWJLehTjO63Fq4XE1z5NFzgLH0SeDW/x/CY1XIQk80e248qhQg4QCCnf2sA 5PRGpn+Pz5vqxQqz2B0Sa6z8oNHy0ffmFWI4bOvMWdL77zCp0KPqVKhyElRHX19BJK41 a2gI/UBVegcsgVt058B3uBPoDlfipK6CjIP/r+BrhGWg2TcY9qrNuIZWMyf73KLJheXM xqAw0jSJr9R0CfE+fOYQc9APqi9iqZ8yifEybRLRe55BF3G8J7L3ouZC0tgtyUO8U3Fo wMO5ytq/oEWL1TXpbenK6vRnJaSdBI5hG6tNp9vKFq1MF1gkaPRbIPbOK1vMG8sX1b5k 9amA== X-Gm-Message-State: APf1xPDB8Z9nxYLKxOe11TfIO77BN37jQ173jugZiG7KZaUPCIy2jC3y thyVs1PMzITMpYJAz5GmDedREEERVaMWzbTcFkw= X-Google-Smtp-Source: AG47ELs92klwZEwgo8IRUCaxWPoXqZE0BYIWFQAwOU1GgLijlDc0oZ54WJEBazbgDw7U18DfVZ8tjiXXj6RmRxGEw0Y= X-Received: by 10.233.214.18 with SMTP id r18mr10684284qkk.175.1519306033583; Thu, 22 Feb 2018 05:27:13 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.81.201 with HTTP; Thu, 22 Feb 2018 05:27:13 -0800 (PST) In-Reply-To: <182ad344-6d2d-418f-02c6-1ba11dd3c2cd@yandex.ru> References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> <5A8E7642.2020509@grosbein.net> <182ad344-6d2d-418f-02c6-1ba11dd3c2cd@yandex.ru> From: Misak Khachatryan Date: Thu, 22 Feb 2018 17:27:13 +0400 Message-ID: Subject: Re: Racoon and setkey problems To: "Andrey V. Elsukov" Cc: freebsd-net@freebsd.org, Eugene Grosbein Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 13:27:15 -0000 Here is the result: # dtrace -s key.d dtrace: script 'key.d' matched 8 probes CPU ID FUNCTION:NAME 3 25400 soreserve:entry 32768 65536 7 25400 soreserve:entry 8192 8192 7 7957 key_attach:return 0 7 12872 sbappendaddr:return 1 kernel`key_sendup0+0xee kernel`key_sendup_mbuf+0x14b kernel`key_parse+0x87f 7 7969 key_sendup0:return 0 kernel`key_sendup_mbuf+0x14b kernel`key_parse+0x87f kernel`sosend_generic+0x476 7 12872 sbappendaddr:return 0 kernel`key_sendup0+0xee kernel`key_sendup_mbuf+0x1e6 kernel`key_parse+0x87f 7 7969 key_sendup0:return 55 kernel`key_sendup_mbuf+0x1e6 kernel`key_parse+0x87f kernel`sosend_generic+0x476 7 24402 key_sendup_mbuf:return 55 kernel`key_parse+0x87f kernel`sosend_generic+0x476 kernel`kern_sendit+0x245 7 11197 key_parse:return 55 ^C Best regards, Misak Khachatryan On Thu, Feb 22, 2018 at 5:11 PM, Andrey V. Elsukov wrote: > On 22.02.2018 15:13, Misak Khachatryan wrote: >> I did this way: >> >> # dtrace -s key.d >> dtrace: script 'key.d' matched 6 probes >> CPU ID FUNCTION:NAME >> 7 7957 key_attach:return 0 >> 7 7969 key_sendup0:return 0 >> 7 7969 key_sendup0:return 55 >> 7 24402 key_sendup_mbuf:return 55 >> 7 11197 key_parse:return 55 >> ^C > > Ok, I updated the script, please, show new result > > -- > WBR, Andrey V. Elsukov From owner-freebsd-net@freebsd.org Thu Feb 22 13:55:30 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6EA1DF05915 for ; Thu, 22 Feb 2018 13:55:30 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward105o.mail.yandex.net (forward105o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::608]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D913D83B39 for ; Thu, 22 Feb 2018 13:55:29 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback5g.mail.yandex.net (mxback5g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:166]) by forward105o.mail.yandex.net (Yandex) with ESMTP id BF16944435A1; Thu, 22 Feb 2018 16:55:13 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback5g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id GnRi4c3v4F-tDQ88dgH; Thu, 22 Feb 2018 16:55:13 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1519307713; bh=Bp3mEOk1L9ZgjFmtTvM2rw+xImter/9n8uV6qmjjC40=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=mUFlaqdM6He+Wv81YH9oBPD2bsIeuwI/bFnpVKR22Uu5Q/YRzc7a0lRttM/7izP93 J6Ubp722CedjQFjtLSS8uLqzQ1TP9kJmLKW5fz6DOuHmwU/iyIICAwqpjxmKAtFrT/ 5sqrSOenE9uHEGBwL7ZbnW9oZ6gsU8rx7TELOXtw= Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id aKw5Cfrj4K-tCM87tu5; Thu, 22 Feb 2018 16:55:12 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1519307713; bh=Bp3mEOk1L9ZgjFmtTvM2rw+xImter/9n8uV6qmjjC40=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=mUFlaqdM6He+Wv81YH9oBPD2bsIeuwI/bFnpVKR22Uu5Q/YRzc7a0lRttM/7izP93 J6Ubp722CedjQFjtLSS8uLqzQ1TP9kJmLKW5fz6DOuHmwU/iyIICAwqpjxmKAtFrT/ 5sqrSOenE9uHEGBwL7ZbnW9oZ6gsU8rx7TELOXtw= Authentication-Results: smtp2o.mail.yandex.net; dkim=pass header.i=@yandex.ru Subject: Re: Racoon and setkey problems To: Misak Khachatryan Cc: freebsd-net@freebsd.org, Eugene Grosbein References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> <5A8E7642.2020509@grosbein.net> <182ad344-6d2d-418f-02c6-1ba11dd3c2cd@yandex.ru> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Message-ID: <9db09caa-010f-facb-778b-4a1a82cbb0b7@yandex.ru> Date: Thu, 22 Feb 2018 16:54:03 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="A0Jq5wyVep2q9YvSk2hzvGdbhlnwyzqIb" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 13:55:30 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --A0Jq5wyVep2q9YvSk2hzvGdbhlnwyzqIb Content-Type: multipart/mixed; boundary="4YZp9x3Ro0qOoXPQqnm5nwpBeM3Pm0Zcd"; protected-headers="v1" From: "Andrey V. Elsukov" To: Misak Khachatryan Cc: freebsd-net@freebsd.org, Eugene Grosbein Message-ID: <9db09caa-010f-facb-778b-4a1a82cbb0b7@yandex.ru> Subject: Re: Racoon and setkey problems References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> <5A8E7642.2020509@grosbein.net> <182ad344-6d2d-418f-02c6-1ba11dd3c2cd@yandex.ru> In-Reply-To: --4YZp9x3Ro0qOoXPQqnm5nwpBeM3Pm0Zcd Content-Type: multipart/mixed; boundary="------------D3DC18579D175A001CF528CB" Content-Language: en-US This is a multi-part message in MIME format. --------------D3DC18579D175A001CF528CB Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 22.02.2018 16:27, Misak Khachatryan wrote: > Here is the result: >=20 > # dtrace -s key.d > dtrace: script 'key.d' matched 8 probes > CPU ID FUNCTION:NAME > 3 25400 soreserve:entry 32768 65536 I hope the last update, to understand what is going on. --=20 WBR, Andrey V. Elsukov --------------D3DC18579D175A001CF528CB-- --4YZp9x3Ro0qOoXPQqnm5nwpBeM3Pm0Zcd-- --A0Jq5wyVep2q9YvSk2hzvGdbhlnwyzqIb Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlqOy3sACgkQAcXqBBDI oXpPPggAtrnzpr7+oPAMzZoKzl7HB309piTdMq2nQiDGaa+OJkwGVId4st4cwCKb BPoFqzFMIpyZcDWVwWI2SY7yWiDEY/SB+NOBPC/RUzLPRrVTXkS45K48lRZyeQN4 UOn5hx5inT+/5mYINktP08SZN/e5xhZOG0CEmEauT0IrtrR5lEPsOqlyuwAH9OrP x27Gfp3UNNI+8/mp1A1uLxGuM3elucFxxYrmZIlj1vJAMXnT0CQ/hRNzIOzGZdNH 0isXzGgx/tQCi9IBS6xUkIu6ypHPagzCX+bXCk+xPjoe8ADoy7aiyXKIvhPD6jGz 1l4lKM3tJSjAh53vx0TdmAfZxmmibA== =cIlQ -----END PGP SIGNATURE----- --A0Jq5wyVep2q9YvSk2hzvGdbhlnwyzqIb-- From owner-freebsd-net@freebsd.org Thu Feb 22 15:28:14 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9717BF0ECD0 for ; Thu, 22 Feb 2018 15:28:14 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: from mail-qt0-x22d.google.com (mail-qt0-x22d.google.com [IPv6:2607:f8b0:400d:c0d::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2A84268B60 for ; Thu, 22 Feb 2018 15:28:14 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: by mail-qt0-x22d.google.com with SMTP id a9so6720590qtj.8 for ; Thu, 22 Feb 2018 07:28:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=/4Cc0HxEQNApa/o1EO/WmR+3tMXbeQvWIeWOJt/avQo=; b=XyV7t4BiS2v3+DRDEY7HcXVWCHUD3SuPHwxOmE0qInbJmSa7dUT7CyeABimonStSOt p+5XNHL3POQdEYwJfOSQDYXeraVFp7+mFGq5G3IThcx0ARV4G7kwqxcNSTD1pL8Zzxhx n0jxVWM4j05UtxSjbli4kfVduGRmSfDEbEyDA02C0O5afKhmHqntHKpuwvVoXRs80hsC J3ZwTXh/ooC66qpOCM0AsFIcjb+Y3+tvOL3tXdQZLlP40FBAW0nT7CtsKSi9IS3w6Czr a52tiAi8We4xMSX29N2BkTOPqQcyLOZeVemqNlH/DaGM3IHKRL/V3q4kzUV6ppIgtn8/ zRpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/4Cc0HxEQNApa/o1EO/WmR+3tMXbeQvWIeWOJt/avQo=; b=FBTS2X3/KDWJgM6nllmR6I9pblYhHH84qHEXHwBdOw2n6egy6NNBUKZogl3yjFR/mo 0GKfLmqXcV7NZ0Fqb5vqK9jdx/e1lVt4GFE/jPgZNh+V4ta3OjdHRuDeJWgkywwzfpKM z04GFZcYPkFXB/qvwA9teqRhj4OiA7+g5g01exy2UHk6hiQeCXt+PEhrkmxlefF0sNbr CKCkFMhRXlno8UqvTs+zohsGGxxFbB15tfrfduU0SbDMOfIb3FFTO/OOtpYbOSsv9eG7 oa5Efh4nmyPgcyFd8QiQDCoAqOvuLSy5j6V8RS1/cs+n4BZqv1D/b2xG9gUnIHNWRBxi +Geg== X-Gm-Message-State: APf1xPBpJcR+KPSm+kpl6FA+69d7iSe/wjPae+q32whoncJHRgE4NtEb oS72bXA2xYDuK5O2nLWlrYw0sstGMuN3m390PshzsYYk X-Google-Smtp-Source: AH8x226eKIu4hAh3D0/3eSoceNoSLryiIV3/EvsNH5G6FjojXBViY0AeUQ9f0g2143t8ioOHlF/wvS8016MgCqEGsiw= X-Received: by 10.200.49.226 with SMTP id i31mr11598697qte.42.1519313293699; Thu, 22 Feb 2018 07:28:13 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.81.201 with HTTP; Thu, 22 Feb 2018 07:28:13 -0800 (PST) In-Reply-To: <9db09caa-010f-facb-778b-4a1a82cbb0b7@yandex.ru> References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> <5A8E7642.2020509@grosbein.net> <182ad344-6d2d-418f-02c6-1ba11dd3c2cd@yandex.ru> <9db09caa-010f-facb-778b-4a1a82cbb0b7@yandex.ru> From: Misak Khachatryan Date: Thu, 22 Feb 2018 19:28:13 +0400 Message-ID: Subject: Re: Racoon and setkey problems To: "Andrey V. Elsukov" Cc: freebsd-net@freebsd.org, Eugene Grosbein Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 15:28:14 -0000 # dtrace -s key.d dtrace: script 'key.d' matched 14 probes CPU ID FUNCTION:NAME 2 25400 soreserve:entry 2048 4096 kernel`uipc_attach+0x76 kernel`socreate+0x1af kernel`sys_socket+0xf7 3 25400 soreserve:entry 32768 65536 kernel`sonewconn+0x1b1 kernel`syncache_expand+0x6e1 kernel`tcp_input+0xdc4 3 25400 soreserve:entry 32768 65536 kernel`sonewconn+0x1b1 kernel`syncache_expand+0x6e1 kernel`tcp_input+0xdc4 4 25400 soreserve:entry 8192 8192 kernel`raw_attach+0x2a kernel`key_attach+0x57 kernel`socreate+0x1af 4 7957 key_attach:return 0 4 6405 sbappendaddr_locked_internal:return 1 kernel`sbappendaddr_locked+0x90 kernel`sbappendaddr+0x61 kernel`key_sendup0+0xee 4 24460 sbappendaddr_locked:return 1 kernel`sbappendaddr+0x61 kernel`key_sendup0+0xee kernel`key_sendup_mbuf+0x14b 4 12872 sbappendaddr:return 1 kernel`key_sendup0+0xee kernel`key_sendup_mbuf+0x14b kernel`key_parse+0x87f 4 7969 key_sendup0:return 0 kernel`key_sendup_mbuf+0x14b kernel`key_parse+0x87f kernel`sosend_generic+0x476 4 24460 sbappendaddr_locked:return 0 kernel`sbappendaddr+0x61 kernel`key_sendup0+0xee kernel`key_sendup_mbuf+0x1e6 4 12872 sbappendaddr:return 0 kernel`key_sendup0+0xee kernel`key_sendup_mbuf+0x1e6 kernel`key_parse+0x87f 4 7969 key_sendup0:return 55 kernel`key_sendup_mbuf+0x1e6 kernel`key_parse+0x87f kernel`sosend_generic+0x476 4 24402 key_sendup_mbuf:return 55 kernel`key_parse+0x87f kernel`sosend_generic+0x476 kernel`kern_sendit+0x245 4 11197 key_parse:return 55 ^C # Best regards, Misak Khachatryan On Thu, Feb 22, 2018 at 5:54 PM, Andrey V. Elsukov wrote: > On 22.02.2018 16:27, Misak Khachatryan wrote: >> Here is the result: >> >> # dtrace -s key.d >> dtrace: script 'key.d' matched 8 probes >> CPU ID FUNCTION:NAME >> 3 25400 soreserve:entry 32768 65536 > > I hope the last update, to understand what is going on. > > -- > WBR, Andrey V. Elsukov From owner-freebsd-net@freebsd.org Thu Feb 22 16:35:53 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 82FAEF14B57 for ; Thu, 22 Feb 2018 16:35:53 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward101o.mail.yandex.net (forward101o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::601]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EDB386C585 for ; Thu, 22 Feb 2018 16:35:52 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback13g.mail.yandex.net (mxback13g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:92]) by forward101o.mail.yandex.net (Yandex) with ESMTP id 2220813431CD; Thu, 22 Feb 2018 19:35:50 +0300 (MSK) Received: from smtp4o.mail.yandex.net (smtp4o.mail.yandex.net [2a02:6b8:0:1a2d::28]) by mxback13g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id gmE4ZFV0or-ZnWafKA0; Thu, 22 Feb 2018 19:35:50 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1519317350; bh=rCBqfuMKxifcMUUkjHc/p+VebNFSpA9nuel1BerYzFw=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=m/UQ5zw2cohaj+p9yXFrUZ8Vzr6lHYXlFJRrlqpYDAoa/kdE4+aStvL5akuBcVaQr WVL7zCX3qIJwnbW798ImzY2jvXfP+m/6+ZtbwcKC53ptfzVxgf4vKgePrNExgnuANR gYiwLlNRWRGTBuYlqz07Jamyij2ILAi8/a0+zZl0= Received: by smtp4o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id WsASbDG5CG-Zn4WxZi4; Thu, 22 Feb 2018 19:35:49 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1519317349; bh=rCBqfuMKxifcMUUkjHc/p+VebNFSpA9nuel1BerYzFw=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=N/4FT+kBZiSFb3lefNqCnj4uIggnt7ZUFB3YmAPX6yURt+C34Zzq/1dh6z/xFZMQn fhtRYwpNjXLU2uSeDe/TekVMrcWgKECbBAifo+2vOUPCXm7rfSXhBfxKrUumCjCqRq WhSVIFQlFlc0bVqWb50TIGGWGRHLak1zf1vuBX2w= Authentication-Results: smtp4o.mail.yandex.net; dkim=pass header.i=@yandex.ru Subject: Re: Racoon and setkey problems To: Misak Khachatryan Cc: freebsd-net@freebsd.org, Eugene Grosbein References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> <5A8E7642.2020509@grosbein.net> <182ad344-6d2d-418f-02c6-1ba11dd3c2cd@yandex.ru> <9db09caa-010f-facb-778b-4a1a82cbb0b7@yandex.ru> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Message-ID: <300530ba-f2b2-f31c-881e-4841c9c8ec12@yandex.ru> Date: Thu, 22 Feb 2018 19:34:38 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="z2K2N4zY0bvK21nRhWdsWcwOBSvFRtQZC" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 16:35:53 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --z2K2N4zY0bvK21nRhWdsWcwOBSvFRtQZC Content-Type: multipart/mixed; boundary="ZxdVqSwfCia7zv4bwY5gi9neEIKio8lUN"; protected-headers="v1" From: "Andrey V. Elsukov" To: Misak Khachatryan Cc: freebsd-net@freebsd.org, Eugene Grosbein Message-ID: <300530ba-f2b2-f31c-881e-4841c9c8ec12@yandex.ru> Subject: Re: Racoon and setkey problems References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> <5A8E7642.2020509@grosbein.net> <182ad344-6d2d-418f-02c6-1ba11dd3c2cd@yandex.ru> <9db09caa-010f-facb-778b-4a1a82cbb0b7@yandex.ru> In-Reply-To: --ZxdVqSwfCia7zv4bwY5gi9neEIKio8lUN Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 22.02.2018 18:28, Misak Khachatryan wrote: > # dtrace -s key.d > dtrace: script 'key.d' matched 14 probes > CPU ID FUNCTION:NAME So, what I can say: > 4 25400 soreserve:entry 8192 8192 > kernel`raw_attach+0x2a > kernel`key_attach+0x57 > kernel`socreate+0x1af First of try to increase both values of net.raw: # sysctl net.raw net.raw.recvspace: 65535 net.raw.sendspace: 65535 >=20 > 4 24460 sbappendaddr_locked:return 0 > kernel`sbappendaddr+0x61 > kernel`key_sendup0+0xee > kernel`key_sendup_mbuf+0x1e6 >=20 > 4 12872 sbappendaddr:return 0 > kernel`key_sendup0+0xee > kernel`key_sendup_mbuf+0x1e6 > kernel`key_parse+0x87f >=20 Then probably this output will be changed. --=20 WBR, Andrey V. Elsukov --ZxdVqSwfCia7zv4bwY5gi9neEIKio8lUN-- --z2K2N4zY0bvK21nRhWdsWcwOBSvFRtQZC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlqO8R4ACgkQAcXqBBDI oXpyUQf+LnrpNo6G43Vh26uXPLa6dn11a8BiP907sOyMuUtHp5CZfwYsIBmdTWAS qk+8ZI5p/72i8wFckHECwMhAwW+lLQ48/tWKvbkzdz6mYDt9wcXY5qynodwV0xkf Qf6vcyC7rCrbZ1IZoovDXox233W4t1BHGhDXBSAgbfD5DGlhAngPwXx6/lDMmBHf PLHkCHDUZ79KnpAVcY1c59L0aLIPnPzsu06RPVvxX9laF4/XEfAZISPFOaGuDxHP aRFZ9mPzbRUYFLRYYQZ6H29fnGZggXQZ6l0NecGBvmXQqbVuyiS7NThP5LDwO1B0 5oVs2VLcrrV/IX90BQiXaJpNRg1WKA== =dZe9 -----END PGP SIGNATURE----- --z2K2N4zY0bvK21nRhWdsWcwOBSvFRtQZC-- From owner-freebsd-net@freebsd.org Thu Feb 22 19:12:01 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C5495F22675 for ; Thu, 22 Feb 2018 19:12:01 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: from mail-qk0-x22f.google.com (mail-qk0-x22f.google.com [IPv6:2607:f8b0:400d:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 633D57341E for ; Thu, 22 Feb 2018 19:12:01 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: by mail-qk0-x22f.google.com with SMTP id g2so7820691qkd.12 for ; Thu, 22 Feb 2018 11:12:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=JAAZdsaYCq2vrsj3Llg1UCYT/GZkG4GAnkNfR6ypsI8=; b=VBplFvCCZJWkTUj5am075HT5D1VPZXeJIhgkajmDfNKhuAzEV/YH6YeP8+PhQ7yLdH VxesetktSC4jV0LbgFud3MqpQjiZjcVwbeXcet62RqySKronu/HRAgkwFdHiaLDrkLap hAGW3IoBUv+iAWUWGxGRpBmxtW700FhY6aftmqRoQhBXZ1MXjpGPBmPnrRq1MiKlzl9f ATI3ei4ck2UQYi/Ikm26PSxmVprbXOrLKIMfHwPT+q0Xpup+e0qYF8SFbdVJsxQ51b7V S+/E+1MtRWLWy67hEx90yD2uXlQbsbkA6zcqMN4xo+knv0U+M3s1axsCiGndrPBxaMBA /5Vg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=JAAZdsaYCq2vrsj3Llg1UCYT/GZkG4GAnkNfR6ypsI8=; b=o1gLGCNlW6IhKbgNeTQXzSICB/3kZhlePJxnZg/1q8EWQ18B4j0axYGVroc6R32v3d NXpPNnwlFAI8hk3uf/QHaGSkejCZ1ENnI3OJl1yl56pC4CPs4u/SNzZZAWihNUtFwjmG qQOTtKOQ+9P86w+lShgGcWmkeoi/L8Z5hEJPDduAvgHIuRh/G+tHV9VOmgv/iX+lguXV 35G6RO9oPgi7M5n1R4qmKjMtcZDZq5qu2HptCL16Rs5ryfYaxKykUmwztdRTSIz6gjm9 tYpJ9eJ3gnb8mKyPx2pXlvY21bTsglG/RQcWoK4Yi2V7bRIScEoLwwDw5l+L0f6/GfXN D5pQ== X-Gm-Message-State: APf1xPCQhCJrsOLShOKfIKBcwVoHrf6Hfk7FrMs+PsqXxSYEEPJmFGmo 9AKoKSx4q6moc/vNHbEZOe39rdU35IwQdRTkgTcGPIOH X-Google-Smtp-Source: AG47ELv/I0oBt2O9T5+iFempIlj0sV4NvGzgXcLD8r3Xkc9cgqPPBzBtsO/TwuzDtx29AWtjX3XNG5zcbNrRphClT1w= X-Received: by 10.233.214.18 with SMTP id r18mr12311229qkk.175.1519326720897; Thu, 22 Feb 2018 11:12:00 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.81.201 with HTTP; Thu, 22 Feb 2018 11:12:00 -0800 (PST) In-Reply-To: <300530ba-f2b2-f31c-881e-4841c9c8ec12@yandex.ru> References: <5A8A97EC.4040103@grosbein.net> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> <5A8E7642.2020509@grosbein.net> <182ad344-6d2d-418f-02c6-1ba11dd3c2cd@yandex.ru> <9db09caa-010f-facb-778b-4a1a82cbb0b7@yandex.ru> <300530ba-f2b2-f31c-881e-4841c9c8ec12@yandex.ru> From: Misak Khachatryan Date: Thu, 22 Feb 2018 23:12:00 +0400 Message-ID: Subject: Re: Racoon and setkey problems To: "Andrey V. Elsukov" Cc: freebsd-net@freebsd.org, Eugene Grosbein Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 19:12:02 -0000 Here is changed output: # sysctl net.raw net.raw.recvspace: 8192 net.raw.sendspace: 8192 # sysctl net.raw.recvspace=65535 net.raw.recvspace: 8192 -> 65535 # sysctl net.raw.sendspace=65535 net.raw.sendspace: 8192 -> 65535 # # # # setkey -x setkey: send: No buffer space available # dtrace -s /tmp/key.d dtrace: script '/tmp/key.d' matched 14 probes CPU ID FUNCTION:NAME 3 25400 soreserve:entry 32768 65536 kernel`sonewconn+0x1b1 kernel`syncache_expand+0x6e1 kernel`tcp_input+0xdc4 5 25400 soreserve:entry 65535 65535 kernel`raw_attach+0x2a kernel`key_attach+0x57 kernel`socreate+0x1af 5 7957 key_attach:return 0 5 6405 sbappendaddr_locked_internal:return 1 kernel`sbappendaddr_locked+0x90 kernel`sbappendaddr+0x61 kernel`key_sendup0+0xee 5 24460 sbappendaddr_locked:return 1 kernel`sbappendaddr+0x61 kernel`key_sendup0+0xee kernel`key_sendup_mbuf+0x14b 5 12872 sbappendaddr:return 1 kernel`key_sendup0+0xee kernel`key_sendup_mbuf+0x14b kernel`key_parse+0x87f 5 7969 key_sendup0:return 0 kernel`key_sendup_mbuf+0x14b kernel`key_parse+0x87f kernel`sosend_generic+0x476 5 24460 sbappendaddr_locked:return 0 kernel`sbappendaddr+0x61 kernel`key_sendup0+0xee kernel`key_sendup_mbuf+0x1e6 5 12872 sbappendaddr:return 0 kernel`key_sendup0+0xee kernel`key_sendup_mbuf+0x1e6 kernel`key_parse+0x87f 5 7969 key_sendup0:return 55 kernel`key_sendup_mbuf+0x1e6 kernel`key_parse+0x87f kernel`sosend_generic+0x476 5 24402 key_sendup_mbuf:return 55 kernel`key_parse+0x87f kernel`sosend_generic+0x476 kernel`kern_sendit+0x245 5 11197 key_parse:return 55 ^C # Best regards, Misak Khachatryan On Thu, Feb 22, 2018 at 8:34 PM, Andrey V. Elsukov wrote: > On 22.02.2018 18:28, Misak Khachatryan wrote: >> # dtrace -s key.d >> dtrace: script 'key.d' matched 14 probes >> CPU ID FUNCTION:NAME > > So, what I can say: > >> 4 25400 soreserve:entry 8192 8192 >> kernel`raw_attach+0x2a >> kernel`key_attach+0x57 >> kernel`socreate+0x1af > > First of try to increase both values of net.raw: > > # sysctl net.raw > net.raw.recvspace: 65535 > net.raw.sendspace: 65535 > >> >> 4 24460 sbappendaddr_locked:return 0 >> kernel`sbappendaddr+0x61 >> kernel`key_sendup0+0xee >> kernel`key_sendup_mbuf+0x1e6 >> >> 4 12872 sbappendaddr:return 0 >> kernel`key_sendup0+0xee >> kernel`key_sendup_mbuf+0x1e6 >> kernel`key_parse+0x87f >> > > Then probably this output will be changed. > > -- > WBR, Andrey V. Elsukov > From owner-freebsd-net@freebsd.org Fri Feb 23 20:20:03 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3088BF1A483 for ; Fri, 23 Feb 2018 20:20:03 +0000 (UTC) (envelope-from longwitz@incore.de) Received: from dss.incore.de (dss.incore.de [195.145.1.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BF7517671D for ; Fri, 23 Feb 2018 20:20:02 +0000 (UTC) (envelope-from longwitz@incore.de) Received: from inetmail.dmz (inetmail.dmz [10.3.0.3]) by dss.incore.de (Postfix) with ESMTP id AA2116E1 for ; Fri, 23 Feb 2018 21:13:00 +0100 (CET) X-Virus-Scanned: amavisd-new at incore.de Received: from dss.incore.de ([10.3.0.3]) by inetmail.dmz (inetmail.dmz [10.3.0.3]) (amavisd-new, port 10024) with LMTP id EGeOIRvLiiOK for ; Fri, 23 Feb 2018 21:12:59 +0100 (CET) Received: from mail.local.incore (fwintern.dmz [10.0.0.253]) by dss.incore.de (Postfix) with ESMTP id A21D7126 for ; Fri, 23 Feb 2018 21:12:59 +0100 (CET) Received: from bsdmhs.longwitz (unknown [192.168.99.6]) by mail.local.incore (Postfix) with ESMTP id 7251C508D1 for ; Fri, 23 Feb 2018 21:12:59 +0100 (CET) Message-ID: <5A9075CB.10408@incore.de> Date: Fri, 23 Feb 2018 21:12:59 +0100 From: Andreas Longwitz User-Agent: Thunderbird 2.0.0.19 (X11/20090113) MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: loopback routes pinned by commit r326012 for FreeBSD 10 cannot be deleted Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2018 20:20:03 -0000 When an IP address is being added to an interface, the kernel installs loopback route: After "ifconfig fxp0 inet 10.0.0.100 netmask 255.255.255.0" the command "netstat -rn" gives Internet: Destination Gateway Flags Refs Use Netif default 192.168.14.242 UGS 1 91639 msk0 10.0.0.0/24 link#8 U 0 6 fxp0 10.0.0.100 link#8 UHS 0 0 lo0 127.0.0.1 link#21 UH 0 6366 lo0 After "ifconfig fxp0 delete" in FreeBSD 10 before r326012 the kernel deletes the loopback route and output of "netstat -rn" gives Internet: Destination Gateway Flags Refs Use Netif default 192.168.14.242 UGS 1 91639 msk0 127.0.0.1 link#21 UH 0 6366 lo0 After r326012 we see Internet: Destination Gateway Flags Refs Use Netif default 192.168.14.242 UGS 1 91639 msk0 10.0.0.100 link#8 UHS 0 0 lo0 127.0.0.1 link#21 UH 0 6366 lo0 Also the loopback route can not be deleted manually: route delete 10.0.0.100 --> route: writing to routing socket: Address already in use delete host 10.0.0.100 fib 0: gateway uses the same route -- Andreas Longwitz From owner-freebsd-net@freebsd.org Sat Feb 24 00:23:53 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 60099F01B7B for ; Sat, 24 Feb 2018 00:23:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EAF7A817A5 for ; Sat, 24 Feb 2018 00:23:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 2947C3DF9 for ; Sat, 24 Feb 2018 00:23:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w1O0NqvE077734 for ; Sat, 24 Feb 2018 00:23:52 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w1O0NqTZ077733 for freebsd-net@FreeBSD.org; Sat, 24 Feb 2018 00:23:52 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 218919] setsockopt() accepts too long arguments allowing programmer errors Date: Sat, 24 Feb 2018 00:23:52 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: brooks@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2018 00:23:53 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D218919 --- Comment #4 from Brooks Davis --- I did a quick scan of sooptcopyin() use and only a tiny portion of callers = call with a minlength less than length. We should likely separate the two useca= ses. Separately, only one case seems to use the support for overly long argument= s.=20 If most cases that support seems harmful since it allows userspace programm= ing errors to be hidden. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Feb 24 00:38:54 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B8C5AF02E9E for ; Sat, 24 Feb 2018 00:38:54 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 3E2EE82193 for ; Sat, 24 Feb 2018 00:38:53 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id w1O0ceLO020012 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 24 Feb 2018 01:38:40 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: longwitz@incore.de Received: from [10.58.0.4] (dadv@[10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id w1O0cZ7d044238 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sat, 24 Feb 2018 07:38:36 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: loopback routes pinned by commit r326012 for FreeBSD 10 cannot be deleted To: Andreas Longwitz , freebsd-net@freebsd.org References: <5A9075CB.10408@incore.de> From: Eugene Grosbein Message-ID: <5A90B40C.5030607@grosbein.net> Date: Sat, 24 Feb 2018 07:38:36 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <5A9075CB.10408@incore.de> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=4.2 required=5.0 tests=BAYES_00, DATE_IN_FUTURE_24_48, LOCAL_FROM,RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * 2.0 DATE_IN_FUTURE_24_48 Date: is 24 to 48 hours after Received: date * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.6 LOCAL_FROM From my domains X-Spam-Level: **** X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2018 00:38:54 -0000 24.02.2018 3:12, Andreas Longwitz wrote: > After r326012 we see > > Internet: > Destination Gateway Flags Refs Use Netif > default 192.168.14.242 UGS 1 91639 msk0 > 10.0.0.100 link#8 UHS 0 0 lo0 > 127.0.0.1 link#21 UH 0 6366 lo0 > > Also the loopback route can not be deleted manually: > > route delete 10.0.0.100 --> > route: writing to routing socket: Address already in use > delete host 10.0.0.100 fib 0: gateway uses the same route Thank you for notification. I'll check and respond. From owner-freebsd-net@freebsd.org Sat Feb 24 04:13:58 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CFB7CF12396 for ; Sat, 24 Feb 2018 04:13:58 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 53D0E6BF8F for ; Sat, 24 Feb 2018 04:13:57 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id w1O4DoKV022075 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 24 Feb 2018 05:13:51 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: longwitz@incore.de Received: from [10.58.0.4] (dadv@[10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id w1O4Dk2X002543 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sat, 24 Feb 2018 11:13:46 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: loopback routes pinned by commit r326012 for FreeBSD 10 cannot be deleted To: Andreas Longwitz , freebsd-net@freebsd.org References: <5A9075CB.10408@incore.de> From: Eugene Grosbein Message-ID: <5A90E679.3030106@grosbein.net> Date: Sat, 24 Feb 2018 11:13:45 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <5A9075CB.10408@incore.de> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.6 LOCAL_FROM From my domains X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2018 04:13:59 -0000 24.02.2018 3:12, Andreas Longwitz wrote: > Also the loopback route can not be deleted manually: > > route delete 10.0.0.100 --> > route: writing to routing socket: Address already in use > delete host 10.0.0.100 fib 0: gateway uses the same route Please test the follwoind patch for the kernel: --- sys/net/if.c.orig 2018-02-24 08:00:34.578670000 +0700 +++ sys/net/if.c 2018-02-24 11:07:57.014318000 +0700 @@ -1699,7 +1699,7 @@ ifa_del_loopback_route(struct ifaddr *if null_sdl.sdl_type = ifa->ifa_ifp->if_type; null_sdl.sdl_index = ifa->ifa_ifp->if_index; bzero(&info, sizeof(info)); - info.rti_flags = ifa->ifa_flags | RTF_HOST | RTF_STATIC; + info.rti_flags = ifa->ifa_flags | RTF_HOST | RTF_STATIC | RTF_PINNED; info.rti_info[RTAX_DST] = ia; info.rti_info[RTAX_GATEWAY] = (struct sockaddr *)&null_sdl; error = rtrequest1_fib(RTM_DELETE, &info, NULL, ifa->ifa_ifp->if_fib); From owner-freebsd-net@freebsd.org Sat Feb 24 05:15:37 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 44A74F155E8 for ; Sat, 24 Feb 2018 05:15:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D62E36E4C4 for ; Sat, 24 Feb 2018 05:15:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 277D9676C for ; Sat, 24 Feb 2018 05:15:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w1O5Fa80029036 for ; Sat, 24 Feb 2018 05:15:36 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w1O5Fa5l029035 for freebsd-net@FreeBSD.org; Sat, 24 Feb 2018 05:15:36 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 218517] ppp fails adding route with error Value too large to be stored in data type Date: Sat, 24 Feb 2018 05:15:35 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 11.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: eugen@freebsd.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2018 05:15:37 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D218517 --- Comment #30 from Eugene Grosbein --- Created attachment 190932 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D190932&action= =3Dedit Fix for stable/10 after incomplete MFC r326012 Please re-test with this kernel patch applied. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Sat Feb 24 03:13:51 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4FB02F0EB75 for ; Sat, 24 Feb 2018 03:13:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E358B6921B for ; Sat, 24 Feb 2018 03:13:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 4065D5644 for ; Sat, 24 Feb 2018 03:13:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w1O3DoNj087489 for ; Sat, 24 Feb 2018 03:13:50 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w1O3DoDS087477 for freebsd-net@FreeBSD.org; Sat, 24 Feb 2018 03:13:50 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 211062] [ixv] sr-iov virtual function driver fails to attach Date: Sat, 24 Feb 2018 03:13:50 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: IntelNetworking, needs-patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: erj@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2018 03:13:51 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211062 --- Comment #11 from Eric Joyner --- (In reply to Richard Gallamore from comment #10) In regards to the 63 VF limit, the card supports up to 64 (fixed) queue poo= ls, but the current implementation always assigns one to the PF interface, so y= ou get the 63 VF limit. If it were changed to not give the PF interface any queues, then you could have 64 VFs. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sat Feb 24 12:37:56 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 28949F0ADAA for ; Sat, 24 Feb 2018 12:37:56 +0000 (UTC) (envelope-from longwitz@incore.de) Received: from dss.incore.de (dss.incore.de [195.145.1.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B65F580064 for ; Sat, 24 Feb 2018 12:37:55 +0000 (UTC) (envelope-from longwitz@incore.de) Received: from inetmail.dmz (inetmail.dmz [10.3.0.3]) by dss.incore.de (Postfix) with ESMTP id F193B2D9; Sat, 24 Feb 2018 13:37:53 +0100 (CET) X-Virus-Scanned: amavisd-new at incore.de Received: from dss.incore.de ([10.3.0.3]) by inetmail.dmz (inetmail.dmz [10.3.0.3]) (amavisd-new, port 10024) with LMTP id suyR9LjJP4YZ; Sat, 24 Feb 2018 13:37:53 +0100 (CET) Received: from mail.local.incore (fwintern.dmz [10.0.0.253]) by dss.incore.de (Postfix) with ESMTP id 11D4F1D2; Sat, 24 Feb 2018 13:37:53 +0100 (CET) Received: from bsdmhs.longwitz (unknown [192.168.99.6]) by mail.local.incore (Postfix) with ESMTP id D51C9508A1; Sat, 24 Feb 2018 13:37:52 +0100 (CET) Message-ID: <5A915C9D.7020000@incore.de> Date: Sat, 24 Feb 2018 13:37:49 +0100 From: Andreas Longwitz User-Agent: Thunderbird 2.0.0.19 (X11/20090113) MIME-Version: 1.0 To: Eugene Grosbein CC: freebsd-net@freebsd.org Subject: Re: loopback routes pinned by commit r326012 for FreeBSD 10 cannot be deleted References: <5A9075CB.10408@incore.de> <5A90E679.3030106@grosbein.net> In-Reply-To: <5A90E679.3030106@grosbein.net> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2018 12:37:56 -0000 > Please test the follwoind patch for the kernel: > > --- sys/net/if.c.orig 2018-02-24 08:00:34.578670000 +0700 > +++ sys/net/if.c 2018-02-24 11:07:57.014318000 +0700 > @@ -1699,7 +1699,7 @@ ifa_del_loopback_route(struct ifaddr *if > null_sdl.sdl_type = ifa->ifa_ifp->if_type; > null_sdl.sdl_index = ifa->ifa_ifp->if_index; > bzero(&info, sizeof(info)); > - info.rti_flags = ifa->ifa_flags | RTF_HOST | RTF_STATIC; > + info.rti_flags = ifa->ifa_flags | RTF_HOST | RTF_STATIC | RTF_PINNED; > info.rti_info[RTAX_DST] = ia; > info.rti_info[RTAX_GATEWAY] = (struct sockaddr *)&null_sdl; > error = rtrequest1_fib(RTM_DELETE, &info, NULL, ifa->ifa_ifp->if_fib); > This patch patch solves the problem for "ifconfig fxp0 delete": now the kernel removes the loopback route, tested on FreeBSD 10 r328260. But deleting the loopback route manually does not work anymore, is this intended behaviour ? I would like to control the routing table as much as possible. Andreas Longwitz From owner-freebsd-net@freebsd.org Sat Feb 24 13:04:32 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5F61EF0F5A9 for ; Sat, 24 Feb 2018 13:04:32 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id DBA4881177 for ; Sat, 24 Feb 2018 13:04:31 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id w1OD4Mjw026105 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 24 Feb 2018 14:04:23 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: longwitz@incore.de Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id w1OD4EhL005675 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sat, 24 Feb 2018 20:04:14 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: loopback routes pinned by commit r326012 for FreeBSD 10 cannot be deleted To: Andreas Longwitz References: <5A9075CB.10408@incore.de> <5A90E679.3030106@grosbein.net> <5A915C9D.7020000@incore.de> Cc: freebsd-net@freebsd.org From: Eugene Grosbein Message-ID: <5A9162C9.5050206@grosbein.net> Date: Sat, 24 Feb 2018 20:04:09 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <5A915C9D.7020000@incore.de> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.6 LOCAL_FROM From my domains X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2018 13:04:32 -0000 24.02.2018 19:37, Andreas Longwitz wrote: >> Please test the follwoind patch for the kernel: >> >> --- sys/net/if.c.orig 2018-02-24 08:00:34.578670000 +0700 >> +++ sys/net/if.c 2018-02-24 11:07:57.014318000 +0700 >> @@ -1699,7 +1699,7 @@ ifa_del_loopback_route(struct ifaddr *if >> null_sdl.sdl_type = ifa->ifa_ifp->if_type; >> null_sdl.sdl_index = ifa->ifa_ifp->if_index; >> bzero(&info, sizeof(info)); >> - info.rti_flags = ifa->ifa_flags | RTF_HOST | RTF_STATIC; >> + info.rti_flags = ifa->ifa_flags | RTF_HOST | RTF_STATIC | RTF_PINNED; >> info.rti_info[RTAX_DST] = ia; >> info.rti_info[RTAX_GATEWAY] = (struct sockaddr *)&null_sdl; >> error = rtrequest1_fib(RTM_DELETE, &info, NULL, ifa->ifa_ifp->if_fib); >> > > This patch patch solves the problem for "ifconfig fxp0 delete": now the > kernel removes the loopback route, tested on FreeBSD 10 r328260. Glad to know that. > But deleting the loopback route manually does not work anymore, is this > intended behaviour ? > > I would like to control the routing table as much as possible. This is side effect of loopback routes being intentionally protected with RTF_PINNED flag in recent FreeBSD versions so that link routes can override ones installed by routing daemons. Perhaps, ifconfig(8) utility should be extended to use RTF_PINNED to be able to modify such routes. From owner-freebsd-net@freebsd.org Sat Feb 24 13:22:17 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E0A28F11222 for ; Sat, 24 Feb 2018 13:22:17 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 6B20381E72 for ; Sat, 24 Feb 2018 13:22:17 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id w1ODM9EL026236 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 24 Feb 2018 14:22:10 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: longwitz@incore.de Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id w1ODM1WQ005831 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sat, 24 Feb 2018 20:22:01 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: loopback routes pinned by commit r326012 for FreeBSD 10 cannot be deleted To: Andreas Longwitz References: <5A9075CB.10408@incore.de> <5A90E679.3030106@grosbein.net> <5A915C9D.7020000@incore.de> <5A9162C9.5050206@grosbein.net> Cc: freebsd-net@freebsd.org From: Eugene Grosbein Message-ID: <5A9166F4.1080100@grosbein.net> Date: Sat, 24 Feb 2018 20:21:56 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <5A9162C9.5050206@grosbein.net> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.6 LOCAL_FROM From my domains X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2018 13:22:18 -0000 24.02.2018 20:04, Eugene Grosbein wrote: >> But deleting the loopback route manually does not work anymore, is this >> intended behaviour ? >> >> I would like to control the routing table as much as possible. > > This is side effect of loopback routes being intentionally protected with RTF_PINNED flag > in recent FreeBSD versions so that link routes can override ones installed by routing daemons. > > Perhaps, ifconfig(8) utility should be extended to use RTF_PINNED to be able to modify such routes. I mean, route(8). Please try this patch that restores its ability to manually remove such routes. Index: sbin/route/route.c =================================================================== --- sbin/route/route.c (revision 329903) +++ sbin/route/route.c (working copy) @@ -1535,8 +1535,10 @@ rtmsg(int cmd, int flags, int fib) so[RTAX_IFP].ss_len = sizeof(struct sockaddr_dl); rtm_addrs |= RTA_IFP; } - } else + } else { cmd = RTM_DELETE; + flags |= RTF_PINNED; + } #define rtm m_rtmsg.m_rtm rtm.rtm_type = cmd; rtm.rtm_flags = flags; From owner-freebsd-net@freebsd.org Sat Feb 24 15:15:37 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E0A94F2710F for ; Sat, 24 Feb 2018 15:15:37 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4A9D8685F4 for ; Sat, 24 Feb 2018 15:15:36 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (localhost [127.0.0.1]) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3) with ESMTP id w1OFFRnb001283; Sat, 24 Feb 2018 07:15:27 -0800 (PST) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: (from freebsd-rwg@localhost) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3/Submit) id w1OFFRKw001282; Sat, 24 Feb 2018 07:15:27 -0800 (PST) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <201802241515.w1OFFRKw001282@pdx.rh.CN85.dnsmgr.net> Subject: Re: loopback routes pinned by commit r326012 for FreeBSD 10 cannot be deleted In-Reply-To: <5A9162C9.5050206@grosbein.net> To: Eugene Grosbein Date: Sat, 24 Feb 2018 07:15:27 -0800 (PST) CC: Andreas Longwitz , freebsd-net@freebsd.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2018 15:15:38 -0000 > 24.02.2018 19:37, Andreas Longwitz wrote: > > >> Please test the follwoind patch for the kernel: > >> > >> --- sys/net/if.c.orig 2018-02-24 08:00:34.578670000 +0700 > >> +++ sys/net/if.c 2018-02-24 11:07:57.014318000 +0700 > >> @@ -1699,7 +1699,7 @@ ifa_del_loopback_route(struct ifaddr *if > >> null_sdl.sdl_type = ifa->ifa_ifp->if_type; > >> null_sdl.sdl_index = ifa->ifa_ifp->if_index; > >> bzero(&info, sizeof(info)); > >> - info.rti_flags = ifa->ifa_flags | RTF_HOST | RTF_STATIC; > >> + info.rti_flags = ifa->ifa_flags | RTF_HOST | RTF_STATIC | RTF_PINNED; > >> info.rti_info[RTAX_DST] = ia; > >> info.rti_info[RTAX_GATEWAY] = (struct sockaddr *)&null_sdl; > >> error = rtrequest1_fib(RTM_DELETE, &info, NULL, ifa->ifa_ifp->if_fib); > >> > > > > This patch patch solves the problem for "ifconfig fxp0 delete": now the > > kernel removes the loopback route, tested on FreeBSD 10 r328260. > > Glad to know that. > > > But deleting the loopback route manually does not work anymore, is this > > intended behaviour ? > > > > I would like to control the routing table as much as possible. > > This is side effect of loopback routes being intentionally protected with RTF_PINNED flag > in recent FreeBSD versions so that link routes can override ones installed by routing daemons. > > Perhaps, ifconfig(8) utility should be extended to use RTF_PINNED to be able to modify such routes. Perhaps it is a rather serious and undesired side effect to have such routes without simple user ability to control them. I am going to write a patch that wraps whis whole loopback_route management in a kernel compile time option, which well leaves things as they are now, but allow a user to remove this non-sensical route policy code from there kernel. It shall also have a sysctl that can turn these routes off so that a GENERIC kernel can be used without this non-sense kernel routing policy. The default of this sysctl shall leave things as they are now. -- Rod Grimes rgrimes@freebsd.org From owner-freebsd-net@freebsd.org Sat Feb 24 15:53:17 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6CBFEF2A079 for ; Sat, 24 Feb 2018 15:53:17 +0000 (UTC) (envelope-from longwitz@incore.de) Received: from dss.incore.de (dss.incore.de [195.145.1.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 03F4A69E81 for ; Sat, 24 Feb 2018 15:53:16 +0000 (UTC) (envelope-from longwitz@incore.de) Received: from inetmail.dmz (inetmail.dmz [10.3.0.3]) by dss.incore.de (Postfix) with ESMTP id 8BDEC3AF; Sat, 24 Feb 2018 16:53:15 +0100 (CET) X-Virus-Scanned: amavisd-new at incore.de Received: from dss.incore.de ([10.3.0.3]) by inetmail.dmz (inetmail.dmz [10.3.0.3]) (amavisd-new, port 10024) with LMTP id Pnc9KYG8lbJt; Sat, 24 Feb 2018 16:53:14 +0100 (CET) Received: from mail.local.incore (fwintern.dmz [10.0.0.253]) by dss.incore.de (Postfix) with ESMTP id 89BCD37B; Sat, 24 Feb 2018 16:53:14 +0100 (CET) Received: from bsdmhs.longwitz (unknown [192.168.99.6]) by mail.local.incore (Postfix) with ESMTP id 58714508A1; Sat, 24 Feb 2018 16:53:14 +0100 (CET) Message-ID: <5A918A69.6040801@incore.de> Date: Sat, 24 Feb 2018 16:53:13 +0100 From: Andreas Longwitz User-Agent: Thunderbird 2.0.0.19 (X11/20090113) MIME-Version: 1.0 To: Eugene Grosbein CC: freebsd-net@freebsd.org Subject: Re: loopback routes pinned by commit r326012 for FreeBSD 10 cannot be deleted References: <5A9075CB.10408@incore.de> <5A90E679.3030106@grosbein.net> <5A915C9D.7020000@incore.de> <5A9162C9.5050206@grosbein.net> <5A9166F4.1080100@grosbein.net> In-Reply-To: <5A9166F4.1080100@grosbein.net> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2018 15:53:17 -0000 > I mean, route(8). Please try this patch that restores its ability to manually remove such routes. > > Index: sbin/route/route.c > =================================================================== > --- sbin/route/route.c (revision 329903) > +++ sbin/route/route.c (working copy) > @@ -1535,8 +1535,10 @@ rtmsg(int cmd, int flags, int fib) > so[RTAX_IFP].ss_len = sizeof(struct sockaddr_dl); > rtm_addrs |= RTA_IFP; > } > - } else > + } else { > cmd = RTM_DELETE; > + flags |= RTF_PINNED; > + } > #define rtm m_rtmsg.m_rtm > rtm.rtm_type = cmd; > rtm.rtm_flags = flags; > OK, that works: netstat -rn --> Internet: Destination Gateway Flags Netif Expire default 192.168.0.250 UGS em0 10.1.2.0/24 link#2 U em1 10.1.2.3 link#2 UHS lo0 127.0.0.1 link#13 UH lo0 192.168.0.0/24 link#1 U em0 192.168.0.114 link#1 UHS lo0 route delete 10.1.2.3 --> delete host 10.1.2.3 fib 0 netstat -rn --> Internet: Destination Gateway Flags Netif Expire default 192.168.0.250 UGS em0 10.1.2.0/24 link#2 U em1 127.0.0.1 link#13 UH lo0 192.168.0.0/24 link#1 U em0 192.168.0.114 link#1 UHS lo0 Andreas Longwitz