From owner-freebsd-net@freebsd.org Sun Dec 22 00:02:39 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 60A181E041F for ; Sun, 22 Dec 2019 00:02:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47gN331zt8z3Hxj for ; Sun, 22 Dec 2019 00:02:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 442FD1E041E; Sun, 22 Dec 2019 00:02:39 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 43FAA1E041D for ; Sun, 22 Dec 2019 00:02:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47gN3319fKz3Hxh for ; Sun, 22 Dec 2019 00:02:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 23D4C1F181 for ; Sun, 22 Dec 2019 00:02:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBM02dGJ048308 for ; Sun, 22 Dec 2019 00:02:39 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBM02dkf048305 for net@FreeBSD.org; Sun, 22 Dec 2019 00:02:39 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242784] arp segfault Date: Sun, 22 Dec 2019 00:02:38 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Dec 2019 00:02:39 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242784 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |net@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sun Dec 22 08:58:36 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D83931CD956 for ; Sun, 22 Dec 2019 08:58:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47gbxS5R37z4CCT for ; Sun, 22 Dec 2019 08:58:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id BA77F1CD955; Sun, 22 Dec 2019 08:58:36 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BA3FE1CD953 for ; Sun, 22 Dec 2019 08:58:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47gbxS4b5Wz4CCS for ; Sun, 22 Dec 2019 08:58:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 98D13251AA for ; Sun, 22 Dec 2019 08:58:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBM8wa68041126 for ; Sun, 22 Dec 2019 08:58:36 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBM8watT041125 for net@FreeBSD.org; Sun, 22 Dec 2019 08:58:36 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sun, 22 Dec 2019 08:58:34 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vas@sibptus.ru X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Dec 2019 08:58:36 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #17 from Victor Sudakov --- (In reply to Eugene Grosbein from comment #16) Eugene, could you make "no DF bit" the default behavior? Without the DF bit, transport mode will work "out of the box" in a vanilla configuration. If someone somewhere needs the DF flag on ESP packets, no doubt for obscure= and sinister purposes, they could reenable it for themselves. Remember that net.inet.ipsec.dfbit=3D0 by default. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sun Dec 22 21:00:48 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EF9C81DD16B for ; Sun, 22 Dec 2019 21:00:48 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47gvym64kzz3Mkm for ; Sun, 22 Dec 2019 21:00:48 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.nyi.freebsd.org (Postfix) id CFB4D1DD161; Sun, 22 Dec 2019 21:00:48 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CF7AE1DD160 for ; Sun, 22 Dec 2019 21:00:48 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47gvym55B4z3MkY for ; Sun, 22 Dec 2019 21:00:48 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A94A75587 for ; Sun, 22 Dec 2019 21:00:48 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBML0mon068647 for ; Sun, 22 Dec 2019 21:00:48 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBML0m2N068632 for net@FreeBSD.org; Sun, 22 Dec 2019 21:00:48 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201912222100.xBML0m2N068632@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: net@FreeBSD.org Subject: Problem reports for net@FreeBSD.org that need special attention Date: Sun, 22 Dec 2019 21:00:48 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Dec 2019 21:00:49 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- In Progress | 221146 | [ixgbe] Problem with second laggport In Progress | 235700 | oce(4) driver causes fatal trap 12 on boot with e New | 204438 | setsockopt() handling of kern.ipc.maxsockbuf limi New | 205592 | TCP processing in IPSec causes kernel panic New | 213410 | [carp] service netif restart causes hang only whe Open | 193452 | Dell PowerEdge 210 II -- Kernel panic bce (broadc Open | 194485 | Userland cannot add IPv6 prefix routes Open | 200319 | Bridge+CARP crashes/freezes Open | 202510 | [CARP] advertisements sourced from CARP IP cause Open | 210726 | tcp connect() can return invalid EADDRINUSE (Eg: Open | 222273 | igb(4): Kernel panic (fatal trap 12) due to netwo Open | 225438 | panic in6_unlink_ifa() due to race Open | 225792 | ECMP is broken since tryforward() Open | 227720 | Kernel panic in ppp server Open | 235524 | igb(4): Ethernet interface loses active link stat Open | 236888 | ppp daemon: Allow MTU to be overridden for PPPoE Open | 236983 | bnxt(4) VLAN not operational unless explicit "ifc Open | 237072 | netgraph(4): performance issue [on HardenedBSD]? Open | 237391 | route get returns no result for network addresses Open | 237840 | Removed dummynet dependency on ipfw Open | 238324 | Add XG-C100C/AQtion AQC107 10GbE NIC driver Open | 240530 | netgraph/ng_source: Allow ng_source to inject int Open | 240608 | if_vmx(4): iflib - Panic with INVARIANTS: Memory Open | 240944 | em(4): Crash with Intel 82571EB NIC with AMD Pile Open | 240969 | netinet6: Neighbour reachability detection broken Open | 241106 | tun/ppp: panic: vm_fault: fault on nofault entry Open | 241162 | Panic in closefp() triggered by nginx (uwsgi with Open | 241191 | route flush panic with RADIX_MPATH 28 problems total for which you should take action. From owner-freebsd-net@freebsd.org Sun Dec 22 23:04:11 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 097721DF98E for ; Sun, 22 Dec 2019 23:04:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47gyj66bP5z3yWs for ; Sun, 22 Dec 2019 23:04:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id E04031DF98C; Sun, 22 Dec 2019 23:04:10 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DEE401DF98B for ; Sun, 22 Dec 2019 23:04:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47gyj65TgXz3yWq for ; Sun, 22 Dec 2019 23:04:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B694D6D1B for ; Sun, 22 Dec 2019 23:04:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBMN4AR3050464 for ; Sun, 22 Dec 2019 23:04:10 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBMN4AKS050463 for net@FreeBSD.org; Sun, 22 Dec 2019 23:04:10 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Sun, 22 Dec 2019 23:04:09 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: dewayne@heuristicsystems.com.au X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Dec 2019 23:04:11 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #18 from dewayne@heuristicsystems.com.au --- (In reply to Eugene Grosbein from comment #16) I thought that there was a convention regarding sysctl naming format. Shou= ld=20 net.inet.ipsec.trans.cleardf be net.inet.ipsec.trans_cleardf, or are there plans for the trans sub-branch? As it might help people coming into ipsec in the future. Is it possible to = have a crisp (clear) description that distinguishes=20 net.inet.ipsec.trans.cleardf: "Clear do not fragment bit for outgoing trans= port mode packets." and net.inet.ipsec.dfbit=3DDo not fragment bit on encap. Suggestion net.inet.ipsec.dfbit=3D"Do not fragment bit on tunnel encap." ^ (I'd personally prefer net.inet.ipsec.tunnel_cleardf, and obsolete, in the future, ipsec.dfbit as it doesn't do as currently stated. Perhaps worth consideration?) --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Dec 23 04:15:26 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B365A1E3B0C for ; Mon, 23 Dec 2019 04:15:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47h5cG4M92z4BH7 for ; Mon, 23 Dec 2019 04:15:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 937871E3B0B; Mon, 23 Dec 2019 04:15:26 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 922B11E3B0A for ; Mon, 23 Dec 2019 04:15:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47h5cG3HWMz4BH6 for ; Mon, 23 Dec 2019 04:15:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6C651A3F7 for ; Mon, 23 Dec 2019 04:15:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBN4FQw4060492 for ; Mon, 23 Dec 2019 04:15:26 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBN4FQ0Q060491 for net@FreeBSD.org; Mon, 23 Dec 2019 04:15:26 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Mon, 23 Dec 2019 04:15:24 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 04:15:26 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #19 from Eugene Grosbein --- (In reply to dewayne from comment #18) Yes, the sysctl is somewhat misnamed but it's for testing only, not conside= red as permanent solution. I still wait for testing results from Victor. If we = get good results and agreement with other developers, we ought just clear DF unconditionally. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Mon Dec 23 09:41:26 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 646301EB015 for ; Mon, 23 Dec 2019 09:41:26 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward101p.mail.yandex.net (forward101p.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47hDrP3fz5z4RJf for ; Mon, 23 Dec 2019 09:41:25 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback21j.mail.yandex.net (mxback21j.mail.yandex.net [IPv6:2a02:6b8:0:1619::221]) by forward101p.mail.yandex.net (Yandex) with ESMTP id D35FD3281455; Mon, 23 Dec 2019 12:41:21 +0300 (MSK) Received: from sas2-b157fac3b6f2.qloud-c.yandex.net (sas2-b157fac3b6f2.qloud-c.yandex.net [2a02:6b8:c08:b282:0:640:b157:fac3]) by mxback21j.mail.yandex.net (mxback/Yandex) with ESMTP id E7BaAgFmsP-fL48xmTo; Mon, 23 Dec 2019 12:41:21 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1577094081; bh=AVZbgIBIwimAfNgllVzOOQ6NSlaW2iLCvvM64D5XQT8=; h=In-Reply-To:From:Date:References:To:Subject:Message-ID; b=ZYzCOE9iXtBa2ytM0Ef4x4DhUFRgUmyfBhqX7FyyCz1HpxdMxDpxMEyiAggI+fnmK kK6TTQCuCLtzfZqMfzGsn3raXk5D64wWZAzhSn6eMDU6Zdi2LDDqnliFd0XSzCpXjO YIHxwUhcprtv2Gb4xwQLOE6UV1U6jlHxFFlI1voc= Received: by sas2-b157fac3b6f2.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id zWT6KIfgVu-fL0KPuac; Mon, 23 Dec 2019 12:41:21 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) Subject: Re: IPSec transport mode, mtu, fragmentation... To: Victor Sudakov , freebsd-net@freebsd.org References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> <20191220162233.GA56815@admin.sibptus.ru> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= mQENBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAG0JUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT6JATgEEwECACIFAkwB F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+ +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAy5AQ0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAYkBHwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> Date: Mon, 23 Dec 2019 12:39:49 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20191220162233.GA56815@admin.sibptus.ru> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ITUETDXWxeuTRpi5N7M4pI9RZI0vgaBPc" X-Rspamd-Queue-Id: 47hDrP3fz5z4RJf X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.ru header.s=mail header.b=ZYzCOE9i; dmarc=pass (policy=none) header.from=yandex.ru; spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates 2a02:6b8:0:1472:2741:0:8b7:101 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru X-Spamd-Result: default: False [-6.20 / 15.00]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[yandex.ru]; R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0:1000::/52:c]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[yandex.ru:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-9.41), ipnet: 2a02:6b8::/32(-4.71), asn: 13238(-3.79), country: RU(0.01)]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[1.0.1.0.7.b.8.0.0.0.0.0.1.4.7.2.2.7.4.1.0.0.0.0.8.b.6.0.2.0.a.2.list.dnswl.org : 127.0.5.1]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; RCVD_TLS_LAST(0.00)[]; IP_SCORE_FREEMAIL(0.00)[]; DWL_DNSWL_LOW(-1.00)[yandex.ru.dwl.dnswl.org : 127.0.5.1]; TO_MATCH_ENVRCPT_SOME(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 09:41:26 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --ITUETDXWxeuTRpi5N7M4pI9RZI0vgaBPc Content-Type: multipart/mixed; boundary="KKEA1ap2Sg9vg36OBH6ZLzw0AfAni5C4u"; protected-headers="v1" From: "Andrey V. Elsukov" To: Victor Sudakov , freebsd-net@freebsd.org Message-ID: <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> Subject: Re: IPSec transport mode, mtu, fragmentation... References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> <20191220162233.GA56815@admin.sibptus.ru> In-Reply-To: <20191220162233.GA56815@admin.sibptus.ru> --KKEA1ap2Sg9vg36OBH6ZLzw0AfAni5C4u Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 20.12.2019 19:22, Victor Sudakov wrote: >> What's the root of the problem? ESP packets cannot get fragmented or >> what?=20 >=20 > Wireshark has shown that the "Don't Fragment" flag is set on all ESP > (protocol 50) packets. Who does this, why, and how can I switch it off > globally? Hi, I think this DF flag is originally from TCP packet. ESP xform for transport mode just replaces protocol in IP header and adds some info to the end of a packet. --=20 WBR, Andrey V. Elsukov --KKEA1ap2Sg9vg36OBH6ZLzw0AfAni5C4u-- --ITUETDXWxeuTRpi5N7M4pI9RZI0vgaBPc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl4Ai2UACgkQAcXqBBDI oXqtPgf/b2NFeZqR3oD2Bxtm1fok4ZOPVgfjHc1qHAcGdxsvCG++vKMKDYO9pl8o 17y4i05qffE/qMqJOIL0TB2ezn/tdIbwBxZSKdOc6hsfjl7Vdw+eVG5UbBoo9/le PjUC1rQKr0BcFlbGof8FSJncodmA+Lw9tstwni056RGwLim0aUPlFZ53BLidP7z4 F2VGqXRHTgPuGBhVeeYTdKK+pwVJLHIfys/dahn/ugBvKQH+JmY0QzFB9s64QI2/ PE4CxpEqjKGg1FYCZVWk3TKL5dUuMDVc+eZqiaszLC4Si3CCkrNnwHEiMUCnscnK TO/jYFY+tbNinkj0vqpYpgoOe0WIUQ== =cxAY -----END PGP SIGNATURE----- --ITUETDXWxeuTRpi5N7M4pI9RZI0vgaBPc-- From owner-freebsd-net@freebsd.org Mon Dec 23 09:46:00 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F28BF1EB121 for ; Mon, 23 Dec 2019 09:46:00 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward100p.mail.yandex.net (forward100p.mail.yandex.net [77.88.28.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47hDxg3LPvz4RbJ for ; Mon, 23 Dec 2019 09:45:59 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback28g.mail.yandex.net (mxback28g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:328]) by forward100p.mail.yandex.net (Yandex) with ESMTP id E9DF35980C9D; Mon, 23 Dec 2019 12:45:56 +0300 (MSK) Received: from iva7-d5f903270d57.qloud-c.yandex.net (iva7-d5f903270d57.qloud-c.yandex.net [2a02:6b8:c0c:6e00:0:640:d5f9:327]) by mxback28g.mail.yandex.net (mxback/Yandex) with ESMTP id BgtVbaVaGe-juv8SFXC; Mon, 23 Dec 2019 12:45:56 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1577094356; bh=I9kLkUw1L3O7Nezobj3m8CZWWSuEVRCgxsRy8MkEHKI=; h=In-Reply-To:To:From:Subject:Date:References:Message-ID; b=HeLcEi/n+w4puYVaFIiEYvjdM3QkjQ5Q52hV+YJtoFGlstGehZKtqZh9vAKaItl+s cOZcxUBXNbvCPtARFkPw+tiHEk9X8Di/s1VGTtAdbiM7zCqMkIpK/rv1MxYG42ddV6 KNNcWft7XovpE1SJN62cMlzAbJsK10/TG01R/v5U= Received: by iva7-d5f903270d57.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id 48MQTkya9r-juUe5REI; Mon, 23 Dec 2019 12:45:56 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) Subject: Re: IPSec transport mode, mtu, fragmentation... From: "Andrey V. Elsukov" To: Victor Sudakov , freebsd-net@freebsd.org References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> <20191220162233.GA56815@admin.sibptus.ru> <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= mQENBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAG0JUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT6JATgEEwECACIFAkwB F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+ +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAy5AQ0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAYkBHwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <7cc2f101-c870-c517-8e01-d656079a75be@yandex.ru> Date: Mon, 23 Dec 2019 12:44:25 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="HIqi4YVaYla9a0DB6sND85RxRSVBk6vJ9" X-Rspamd-Queue-Id: 47hDxg3LPvz4RbJ X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.ru header.s=mail header.b=HeLcEi/n; dmarc=pass (policy=none) header.from=yandex.ru; spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates 77.88.28.100 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru X-Spamd-Result: default: False [-6.20 / 15.00]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:77.88.0.0/18]; FREEMAIL_FROM(0.00)[yandex.ru]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[yandex.ru:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[100.28.88.77.list.dnswl.org : 127.0.5.1]; ASN(0.00)[asn:13238, ipnet:77.88.0.0/18, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail]; FROM_HAS_DN(0.00)[]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; IP_SCORE(0.00)[ipnet: 77.88.0.0/18(-4.78), asn: 13238(-3.79), country: RU(0.01)]; IP_SCORE_FREEMAIL(0.00)[]; DWL_DNSWL_LOW(-1.00)[yandex.ru.dwl.dnswl.org : 127.0.5.1]; TO_MATCH_ENVRCPT_SOME(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 09:46:01 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --HIqi4YVaYla9a0DB6sND85RxRSVBk6vJ9 Content-Type: multipart/mixed; boundary="ssEhZlwYdO6WvTXOoOpmRuCelT03eakSl"; protected-headers="v1" From: "Andrey V. Elsukov" To: Victor Sudakov , freebsd-net@freebsd.org Message-ID: <7cc2f101-c870-c517-8e01-d656079a75be@yandex.ru> Subject: Re: IPSec transport mode, mtu, fragmentation... References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> <20191220162233.GA56815@admin.sibptus.ru> <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> In-Reply-To: <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> --ssEhZlwYdO6WvTXOoOpmRuCelT03eakSl Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 23.12.2019 12:39, Andrey V. Elsukov wrote: > On 20.12.2019 19:22, Victor Sudakov wrote: >>> What's the root of the problem? ESP packets cannot get fragmented or >>> what?=20 >> >> Wireshark has shown that the "Don't Fragment" flag is set on all ESP >> (protocol 50) packets. Who does this, why, and how can I switch it off= >> globally? >=20 > Hi, >=20 > I think this DF flag is originally from TCP packet. > ESP xform for transport mode just replaces protocol in IP header and > adds some info to the end of a packet. This is controlled by net.inet.tcp.path_mtu_discovery variable. TCP won't set IP_DF flag if you disable this feature. --=20 WBR, Andrey V. Elsukov --ssEhZlwYdO6WvTXOoOpmRuCelT03eakSl-- --HIqi4YVaYla9a0DB6sND85RxRSVBk6vJ9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl4AjHkACgkQAcXqBBDI oXpOlgf/cwFzaD6WBc5EEDXhKazEd08nXOUh1m+eVqNyZWOMN2FiMcXxr4yrscNO I70cOEVia5SIcV/LtiwK0PnMptj5/eIGkPn8nyX7SslfmQHD1DCBnPaNnjiPBnYI IxD1kSRWgbHlqakUSka375Em3E8ilGkQVUqDVMSM0o29bXkklIxLn/9T1595tBkf +zp8iLOqvfGgKSMcxKjQ4wxbBcAK5RMjjqn2A9+/bvFJ7jSUKTt8KX2oRT2okW8/ 3a/3Eporov8OAjszpTds6GAfz91uQMbnnzFyrxflEJ0+0+ep+/0B6FuWWVx+CQ8p 76qJ24VyePcsKnzT6LE+wofzNNOgVQ== =I2/t -----END PGP SIGNATURE----- --HIqi4YVaYla9a0DB6sND85RxRSVBk6vJ9-- From owner-freebsd-net@freebsd.org Mon Dec 23 10:06:15 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9C5101EB8D0 for ; Mon, 23 Dec 2019 10:06:15 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hFP21jDbz4SpW for ; Mon, 23 Dec 2019 10:06:13 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id xBNA5w4D049889 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 23 Dec 2019 10:06:01 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: bu7cher@yandex.ru Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id xBNA5uUs089091 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 23 Dec 2019 17:05:56 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: IPSec transport mode, mtu, fragmentation... To: "Andrey V. Elsukov" , Victor Sudakov , freebsd-net@freebsd.org References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> <20191220162233.GA56815@admin.sibptus.ru> <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> <7cc2f101-c870-c517-8e01-d656079a75be@yandex.ru> From: Eugene Grosbein Message-ID: Date: Mon, 23 Dec 2019 17:05:48 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <7cc2f101-c870-c517-8e01-d656079a75be@yandex.ru> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 47hFP21jDbz4SpW X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-3.81 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(-1.71)[ip: (-4.56), ipnet: 2a01:4f8::/29(-2.43), asn: 24940(-1.55), country: DE(-0.02)]; FREEMAIL_TO(0.00)[yandex.ru]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 10:06:15 -0000 23.12.2019 16:44, Andrey V. Elsukov wrote: > On 23.12.2019 12:39, Andrey V. Elsukov wrote: >> On 20.12.2019 19:22, Victor Sudakov wrote: >>>> What's the root of the problem? ESP packets cannot get fragmented or >>>> what? >>> >>> Wireshark has shown that the "Don't Fragment" flag is set on all ESP >>> (protocol 50) packets. Who does this, why, and how can I switch it off >>> globally? >> >> Hi, >> >> I think this DF flag is originally from TCP packet. >> ESP xform for transport mode just replaces protocol in IP header and >> adds some info to the end of a packet. > > This is controlled by net.inet.tcp.path_mtu_discovery variable. > TCP won't set IP_DF flag if you disable this feature. Disabling PMTUD globally results in small outgoing TCP packets for all connections, encrypted or not. Performance may degrade. From owner-freebsd-net@freebsd.org Mon Dec 23 10:07:04 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 79CA71EB9FA for ; Mon, 23 Dec 2019 10:07:04 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47hFPz355Fz4T1P for ; Mon, 23 Dec 2019 10:07:03 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=d+mgp4jhvv0NJHHXmJPmIfkKq+Nrqopp4kI6v8I30zM=; b=XNy48Ach4/QiCzjQJL9/IW9igE UsWmSeiigY7mr7zEbRi9wvThT6z/3ZgzuXHzSSG4AZFdfMAPyhVMcoC/zCSHI2pdWp4TMD0/OSLIS roTnUXNH/xl88gzPHpKqDhUjCzNK5iO66MuvEvu6thrpAniNLzb8wz9M4p8K/nLnzpOw=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1ijKc3-000Awh-Sb; Mon, 23 Dec 2019 17:06:55 +0700 Date: Mon, 23 Dec 2019 17:06:55 +0700 From: Victor Sudakov To: "Andrey V. Elsukov" Cc: freebsd-net@freebsd.org Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <20191223100655.GA41651@admin.sibptus.ru> References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> <20191220162233.GA56815@admin.sibptus.ru> <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="bg08WKrSYDhXBjb5" Content-Disposition: inline In-Reply-To: <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 47hFPz355Fz4T1P X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=XNy48Ach; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.33 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; IP_SCORE(-3.23)[ip: (-9.88), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.30), country: US(-0.05)]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FREEMAIL_TO(0.00)[yandex.ru]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 10:07:04 -0000 --bg08WKrSYDhXBjb5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Andrey V. Elsukov wrote: > On 20.12.2019 19:22, Victor Sudakov wrote: > >> What's the root of the problem? ESP packets cannot get fragmented or > >> what?=20 > >=20 > > Wireshark has shown that the "Don't Fragment" flag is set on all ESP > > (protocol 50) packets. Who does this, why, and how can I switch it off > > globally? >=20 > Hi, >=20 > I think this DF flag is originally from TCP packet. You are probably right. I did not think of this. > ESP xform for transport mode just replaces protocol in IP header and > adds some info to the end of a packet. It is rather easy to verify your theory. If you are right, then disabling net.inet.tcp.path_mtu_discovery globally should remove the DF flags from the ESP packets too, right? Of course, net.inet.tcp.path_mtu_discovery=3D0 is not a solution, it's just a way to check the origin of the DF flag. And if you are right, what does it mean to us? Did you see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 already ? My ultimate wish is to make transport mode work out of the box, without any workarounds like additional host routes or firewall rules. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --bg08WKrSYDhXBjb5 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeAJG/AAoJEA2k8lmbXsY09eIH/1ks80UCQRMabR9sMOtovodu w+dk0HSX+sknioThIl6LllJdZ7a1EloHnIgWL1nltVUjMJtDU2cON8A+q5g+BEn7 BIxSX/giuELv2PdXrqOT6dZf2WCD+mPbMLTapXo2J2tXzvtuje4eDOvqkfgoTHtP 5TZrvsfoDJjviIzlJl08Gw3D5NWxxfNIVdL5adboaKNI54UYkvSJp2kpxCYKHb1G sM7OCf6F6BJHYrwzrSjVprKycNJTyWU4xSia4LJoujks28uXYhtWfjI+lJbOVJLv 00bzQKJjL19ga1ysLBkHUz5ToVWcGQKLBIilsd5+JlGFbVBCKaUGZ1/n68wO9lM= =BFmJ -----END PGP SIGNATURE----- --bg08WKrSYDhXBjb5-- From owner-freebsd-net@freebsd.org Mon Dec 23 10:47:36 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5E9B61EC1E0 for ; Mon, 23 Dec 2019 10:47:36 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward100p.mail.yandex.net (forward100p.mail.yandex.net [77.88.28.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47hGJk5tfWz4VD8; Mon, 23 Dec 2019 10:47:34 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback7o.mail.yandex.net (mxback7o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::21]) by forward100p.mail.yandex.net (Yandex) with ESMTP id 032F1598122C; Mon, 23 Dec 2019 13:47:31 +0300 (MSK) Received: from sas1-5ebd8269dbc4.qloud-c.yandex.net (sas1-5ebd8269dbc4.qloud-c.yandex.net [2a02:6b8:c14:3611:0:640:5ebd:8269]) by mxback7o.mail.yandex.net (mxback/Yandex) with ESMTP id k1H6H00fii-lUI0Mnx2; Mon, 23 Dec 2019 13:47:30 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1577098050; bh=HsdSe59U530vw6FP46bEHbB+KENGRQhbC1LWZc+Rlck=; h=In-Reply-To:From:To:Subject:Cc:Date:References:Message-ID; b=njBdeSWvgT4dWssKluOqnQFh/vMspCsMgjEuoOAe3DYgeb85Pcan4loSrGflf/uG2 ZyITYZurkNK5GmiOGQdCHD/yPnVpH6hVqCraaD31EFvTiRfof2ImKvAX83hnGXitEv vBbO9hoaI74AnCnbNl4HZalXyYpjRS9ehQ4bg2Ts= Received: by sas1-5ebd8269dbc4.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id nglXsJCZfT-lUWmNvOj; Mon, 23 Dec 2019 13:47:30 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) Subject: Re: IPSec transport mode, mtu, fragmentation... To: Victor Sudakov Cc: freebsd-net@freebsd.org, Michael Tuexen References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> <20191220162233.GA56815@admin.sibptus.ru> <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> <20191223100655.GA41651@admin.sibptus.ru> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= mQENBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAG0JUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT6JATgEEwECACIFAkwB F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+ +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAy5AQ0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAYkBHwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <3edbc7ad-a760-48c7-3222-202d7a835fe5@yandex.ru> Date: Mon, 23 Dec 2019 13:45:54 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20191223100655.GA41651@admin.sibptus.ru> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="vB3DVENdtGX0RyZxIniKZqEz8ABXtOwnL" X-Rspamd-Queue-Id: 47hGJk5tfWz4VD8 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.ru header.s=mail header.b=njBdeSWv; dmarc=pass (policy=none) header.from=yandex.ru; spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates 77.88.28.100 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru X-Spamd-Result: default: False [-6.20 / 15.00]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[yandex.ru]; R_SPF_ALLOW(-0.20)[+ip4:77.88.0.0/18]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[yandex.ru:+]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[100.28.88.77.list.dnswl.org : 127.0.5.1]; ASN(0.00)[asn:13238, ipnet:77.88.0.0/18, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; IP_SCORE(0.00)[ipnet: 77.88.0.0/18(-4.78), asn: 13238(-3.79), country: RU(0.01)]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; IP_SCORE_FREEMAIL(0.00)[]; DWL_DNSWL_LOW(-1.00)[yandex.ru.dwl.dnswl.org : 127.0.5.1]; TO_MATCH_ENVRCPT_SOME(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 10:47:36 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --vB3DVENdtGX0RyZxIniKZqEz8ABXtOwnL Content-Type: multipart/mixed; boundary="twKPYtdNEZrAzN9RFIOq1SQGc0c2QckI4"; protected-headers="v1" From: "Andrey V. Elsukov" To: Victor Sudakov Cc: freebsd-net@freebsd.org, Michael Tuexen Message-ID: <3edbc7ad-a760-48c7-3222-202d7a835fe5@yandex.ru> Subject: Re: IPSec transport mode, mtu, fragmentation... References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> <20191220162233.GA56815@admin.sibptus.ru> <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> <20191223100655.GA41651@admin.sibptus.ru> In-Reply-To: <20191223100655.GA41651@admin.sibptus.ru> --twKPYtdNEZrAzN9RFIOq1SQGc0c2QckI4 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 23.12.2019 13:06, Victor Sudakov wrote: >> ESP xform for transport mode just replaces protocol in IP header and >> adds some info to the end of a packet. >=20 > It is rather easy to verify your theory. If you are right, then > disabling net.inet.tcp.path_mtu_discovery globally should remove the DF= > flags from the ESP packets too, right? >=20 > Of course, net.inet.tcp.path_mtu_discovery=3D0 is not a solution, it's = just > a way to check the origin of the DF flag. >=20 > And if you are right, what does it mean to us? Did you see > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 already ? >=20 > My ultimate wish is to make transport mode work out of the box, without= > any workarounds like additional host routes or firewall rules. I think the real problem is that PMTUD doesn't work correctly with IPsec. Linux has special sysctl variabl ip_no_pmtu_disc and flag SADB_SAFLAGS_NOPMTUDISC for SA that can disable PMTUD for IPv4 and IP_DF flag will not be set. We can add some similar quirks, but it would be better to fix PMTUD. We already have hundreds sysctl in our system and remembering all them is a problem too. --=20 WBR, Andrey V. Elsukov --twKPYtdNEZrAzN9RFIOq1SQGc0c2QckI4-- --vB3DVENdtGX0RyZxIniKZqEz8ABXtOwnL Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl4AmuIACgkQAcXqBBDI oXqDJQgAniobFwJiQ4k7VKwX0hVcjsaBmtM2b9b0lvzCCzZ2QW3Y6UGGmjCFoyWB pq1f+4iykGmSkMpVwkP5PTpzjqLw7R2Lqs3zHmPEG7gGOgbZ0PUGHkBuBKD9AC88 FAF863H3DqghTBqcjaXsEiQfUYIrhyXlnCjIHhVHgjtpIqJ2kd84ma+El5c+HZrN UcINPcSKmY7mEfC78uwsz5XH7g7qA7LkA39fLXT6gGP23VSKQpIO/w3IA5Vm+bOF 5YQEZUAz+ux9bqesmqNmQ9wqyRR6L+BjOq1HKbyilE8vhD2JA4vXIcSkLtknbbzn yaR8zy4VmC81fhft2NWtJzaKB1x7Wg== =zzD1 -----END PGP SIGNATURE----- --vB3DVENdtGX0RyZxIniKZqEz8ABXtOwnL-- From owner-freebsd-net@freebsd.org Mon Dec 23 10:55:39 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 11A891EC566 for ; Mon, 23 Dec 2019 10:55:39 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hGV21m7pz4Vjr; Mon, 23 Dec 2019 10:55:37 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id xBNAtVJN050481 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 23 Dec 2019 10:55:32 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: bu7cher@yandex.ru Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id xBNAtUkX089469 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 23 Dec 2019 17:55:30 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: IPSec transport mode, mtu, fragmentation... To: "Andrey V. Elsukov" , Victor Sudakov References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> <20191220162233.GA56815@admin.sibptus.ru> <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> <20191223100655.GA41651@admin.sibptus.ru> <3edbc7ad-a760-48c7-3222-202d7a835fe5@yandex.ru> Cc: freebsd-net@freebsd.org, Michael Tuexen From: Eugene Grosbein Message-ID: <35fd51d5-c171-c97c-5bb2-529912d75844@grosbein.net> Date: Mon, 23 Dec 2019 17:55:22 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <3edbc7ad-a760-48c7-3222-202d7a835fe5@yandex.ru> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 47hGV21m7pz4Vjr X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-3.81 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(-1.71)[ip: (-4.57), ipnet: 2a01:4f8::/29(-2.43), asn: 24940(-1.55), country: DE(-0.02)]; FREEMAIL_TO(0.00)[yandex.ru]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 10:55:39 -0000 23.12.2019 17:45, Andrey V. Elsukov wrote: > On 23.12.2019 13:06, Victor Sudakov wrote: >>> ESP xform for transport mode just replaces protocol in IP header and >>> adds some info to the end of a packet. >> >> It is rather easy to verify your theory. If you are right, then >> disabling net.inet.tcp.path_mtu_discovery globally should remove the DF >> flags from the ESP packets too, right? >> >> Of course, net.inet.tcp.path_mtu_discovery=0 is not a solution, it's just >> a way to check the origin of the DF flag. >> >> And if you are right, what does it mean to us? Did you see >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242744 already ? >> >> My ultimate wish is to make transport mode work out of the box, without >> any workarounds like additional host routes or firewall rules. > > I think the real problem is that PMTUD doesn't work correctly with > IPsec. Linux has special sysctl variabl ip_no_pmtu_disc and flag > SADB_SAFLAGS_NOPMTUDISC for SA that can disable PMTUD for IPv4 and IP_DF > flag will not be set. We can add some similar quirks, but it would be > better to fix PMTUD. We already have hundreds sysctl in our system and > remembering all them is a problem too. It's true that PMTUD does not work with IPSec transport mode. I think we could just clear DF bit off encapsulated transport mode packets unconditionally, please take a look at last chunk of sample patch in the PR 242744: https://bz-attachments.freebsd.org/attachment.cgi?id=210122 Sample patch creates another sysctl but we should do it unconditionally, don't we? From owner-freebsd-net@freebsd.org Mon Dec 23 11:02:06 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8D41A1EC8CA for ; Mon, 23 Dec 2019 11:02:06 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward104j.mail.yandex.net (forward104j.mail.yandex.net [IPv6:2a02:6b8:0:801:2::107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47hGdT3KfKz4W86; Mon, 23 Dec 2019 11:02:04 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback18j.mail.yandex.net (mxback18j.mail.yandex.net [IPv6:2a02:6b8:0:1619::94]) by forward104j.mail.yandex.net (Yandex) with ESMTP id 8B3E04A14F3; Mon, 23 Dec 2019 14:01:53 +0300 (MSK) Received: from sas8-6bf5c5d991b2.qloud-c.yandex.net (sas8-6bf5c5d991b2.qloud-c.yandex.net [2a02:6b8:c1b:2a1f:0:640:6bf5:c5d9]) by mxback18j.mail.yandex.net (mxback/Yandex) with ESMTP id X3FQbowLMn-1qOuXXva; Mon, 23 Dec 2019 14:01:53 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1577098913; bh=38h/PgsX4rFRARWQ/v5jJNGPSqzqZbsoOROgVaMxrTQ=; h=In-Reply-To:From:To:Subject:Cc:Date:References:Message-ID; b=O165HTmfKZ5oGocT7ukybxOeTXcBiyLGOrO8fJo5wa7wxJBAvdd29XX4fmAgznX+J qwdpY2bVtFsVYAs4ZswcOMKBjgJMSKPRl7aY8/OEUYRwiF1dQ+mHY0n0yahQTeznaq 8HkkPpfu7dpE5XZhUaNIBvp+ZPon3wpYqNQXXOXs= Received: by sas8-6bf5c5d991b2.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id e4jnaySn9K-1qWu4Tu7; Mon, 23 Dec 2019 14:01:52 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) Subject: Re: IPSec transport mode, mtu, fragmentation... To: Eugene Grosbein , Victor Sudakov Cc: freebsd-net@freebsd.org, Michael Tuexen References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> <20191220162233.GA56815@admin.sibptus.ru> <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> <20191223100655.GA41651@admin.sibptus.ru> <3edbc7ad-a760-48c7-3222-202d7a835fe5@yandex.ru> <35fd51d5-c171-c97c-5bb2-529912d75844@grosbein.net> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= mQENBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAG0JUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT6JATgEEwECACIFAkwB F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+ +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAy5AQ0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAYkBHwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: Date: Mon, 23 Dec 2019 14:00:16 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <35fd51d5-c171-c97c-5bb2-529912d75844@grosbein.net> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="UCStypbEvRrpA0iymJIG0giG88It5b8oJ" X-Rspamd-Queue-Id: 47hGdT3KfKz4W86 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.ru header.s=mail header.b=O165HTmf; dmarc=pass (policy=none) header.from=yandex.ru; spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates 2a02:6b8:0:801:2::107 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru X-Spamd-Result: default: False [-6.20 / 15.00]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[yandex.ru]; R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0::/52:c]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[yandex.ru:+]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-9.58), ipnet: 2a02:6b8::/32(-4.71), asn: 13238(-3.79), country: RU(0.01)]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[7.0.1.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.8.0.0.0.0.0.8.b.6.0.2.0.a.2.list.dnswl.org : 127.0.5.1]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; RCVD_TLS_LAST(0.00)[]; IP_SCORE_FREEMAIL(0.00)[]; DWL_DNSWL_LOW(-1.00)[yandex.ru.dwl.dnswl.org : 127.0.5.1]; TO_MATCH_ENVRCPT_SOME(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 11:02:06 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --UCStypbEvRrpA0iymJIG0giG88It5b8oJ Content-Type: multipart/mixed; boundary="BjGOyLNd8gyyJel40COoVHXrSIwzmhsdG"; protected-headers="v1" From: "Andrey V. Elsukov" To: Eugene Grosbein , Victor Sudakov Cc: freebsd-net@freebsd.org, Michael Tuexen Message-ID: Subject: Re: IPSec transport mode, mtu, fragmentation... References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> <20191220162233.GA56815@admin.sibptus.ru> <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> <20191223100655.GA41651@admin.sibptus.ru> <3edbc7ad-a760-48c7-3222-202d7a835fe5@yandex.ru> <35fd51d5-c171-c97c-5bb2-529912d75844@grosbein.net> In-Reply-To: <35fd51d5-c171-c97c-5bb2-529912d75844@grosbein.net> --BjGOyLNd8gyyJel40COoVHXrSIwzmhsdG Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 23.12.2019 13:55, Eugene Grosbein wrote: >> I think the real problem is that PMTUD doesn't work correctly with >> IPsec. Linux has special sysctl variabl ip_no_pmtu_disc and flag >> SADB_SAFLAGS_NOPMTUDISC for SA that can disable PMTUD for IPv4 and IP_= DF >> flag will not be set. We can add some similar quirks, but it would be >> better to fix PMTUD. We already have hundreds sysctl in our system and= >> remembering all them is a problem too. >=20 > It's true that PMTUD does not work with IPSec transport mode. >=20 > I think we could just clear DF bit off encapsulated transport mode pack= ets unconditionally, > please take a look at last chunk of sample patch in the PR 242744: > https://bz-attachments.freebsd.org/attachment.cgi?id=3D210122 >=20 > Sample patch creates another sysctl but we should do it unconditionally= , don't we? As I said I didn't find that other OSes do this. Linux has enabled by PMTUD by default, strongswan doesn't set SADB_SAFLAGS_NOPMTUDISC flag, OpenBSD hasn't such quirk. Why should we add this instead of try to fix PMTUD? --=20 WBR, Andrey V. Elsukov --BjGOyLNd8gyyJel40COoVHXrSIwzmhsdG-- --UCStypbEvRrpA0iymJIG0giG88It5b8oJ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEyBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl4AnkAACgkQAcXqBBDI oXrJXQf4qb/Ev25S+z0C1LTleyhJoiGsCJGtOeAufeEzdDYaVLM5VlAVlsO6jNsO /fkZxq+TMSaAYTdOn6WxRhDHC6aiNkBOP34X+OvIaDULJ+eMQf0t/O3UZtQ1j7ev NuxZwSBwKPh/dC0fDD+fNjMa0DkrqOM3C5jYyD9B00G3yywLisD1GgZtBj1qghC0 nvmGAoZpnfodmBUPWjhihICHFa1Vff2xDVQu+7ez+kB1glNp5qWVf8DcCrCwpIB7 Ah9Kmo7EpBLTEMME3/MQPfN9J0xkpajGdUL7gWKMjQzYjQjBHYF7eE4T5ZSQps+c S035jVxaOe6VuXbdih7hlG9up1Hk =HaMU -----END PGP SIGNATURE----- --UCStypbEvRrpA0iymJIG0giG88It5b8oJ-- From owner-freebsd-net@freebsd.org Mon Dec 23 11:08:38 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BDB1C1ECAD6 for ; Mon, 23 Dec 2019 11:08:38 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hGn11Ct3z4WVl; Mon, 23 Dec 2019 11:08:36 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id xBNB8SYX050679 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 23 Dec 2019 11:08:31 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: bu7cher@yandex.ru Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id xBNB8OZr089706 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 23 Dec 2019 18:08:24 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: IPSec transport mode, mtu, fragmentation... To: "Andrey V. Elsukov" , Victor Sudakov References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> <20191220162233.GA56815@admin.sibptus.ru> <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> <20191223100655.GA41651@admin.sibptus.ru> <3edbc7ad-a760-48c7-3222-202d7a835fe5@yandex.ru> <35fd51d5-c171-c97c-5bb2-529912d75844@grosbein.net> Cc: freebsd-net@freebsd.org, Michael Tuexen From: Eugene Grosbein Message-ID: Date: Mon, 23 Dec 2019 18:08:16 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 47hGn11Ct3z4WVl X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-3.82 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(-1.72)[ip: (-4.59), ipnet: 2a01:4f8::/29(-2.43), asn: 24940(-1.55), country: DE(-0.02)]; FREEMAIL_TO(0.00)[yandex.ru]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 11:08:38 -0000 23.12.2019 18:00, Andrey V. Elsukov wrote: > On 23.12.2019 13:55, Eugene Grosbein wrote: >>> I think the real problem is that PMTUD doesn't work correctly with >>> IPsec. Linux has special sysctl variabl ip_no_pmtu_disc and flag >>> SADB_SAFLAGS_NOPMTUDISC for SA that can disable PMTUD for IPv4 and IP_DF >>> flag will not be set. We can add some similar quirks, but it would be >>> better to fix PMTUD. We already have hundreds sysctl in our system and >>> remembering all them is a problem too. >> >> It's true that PMTUD does not work with IPSec transport mode. >> >> I think we could just clear DF bit off encapsulated transport mode packets unconditionally, >> please take a look at last chunk of sample patch in the PR 242744: >> https://bz-attachments.freebsd.org/attachment.cgi?id=210122 >> >> Sample patch creates another sysctl but we should do it unconditionally, don't we? > > As I said I didn't find that other OSes do this. Linux has enabled by > PMTUD by default, strongswan doesn't set SADB_SAFLAGS_NOPMTUDISC flag, > OpenBSD hasn't such quirk. Why should we add this instead of try to fix > PMTUD? RFC 2401 Appendix B https://tools.ietf.org/html/rfc2401#page-1-48 states that packets generated by IPSec transport mode must be "fragmentable" over the path and this is incompatible with DF=1. From owner-freebsd-net@freebsd.org Mon Dec 23 11:29:59 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 332151ED0B8 for ; Mon, 23 Dec 2019 11:29:59 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward101p.mail.yandex.net (forward101p.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47hHFd6mdmz4X8Q; Mon, 23 Dec 2019 11:29:57 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward101q.mail.yandex.net (forward101q.mail.yandex.net [IPv6:2a02:6b8:c0e:4b:0:640:4012:bb98]) by forward101p.mail.yandex.net (Yandex) with ESMTP id 7AE873280E8F; Mon, 23 Dec 2019 14:29:54 +0300 (MSK) Received: from mxback1q.mail.yandex.net (mxback1q.mail.yandex.net [IPv6:2a02:6b8:c0e:39:0:640:25b3:aea5]) by forward101q.mail.yandex.net (Yandex) with ESMTP id 78674CF40019; Mon, 23 Dec 2019 14:29:54 +0300 (MSK) Received: from vla5-445dc1c4c112.qloud-c.yandex.net (vla5-445dc1c4c112.qloud-c.yandex.net [2a02:6b8:c18:3609:0:640:445d:c1c4]) by mxback1q.mail.yandex.net (mxback/Yandex) with ESMTP id fZuSZMqCRP-TsvK4FKf; Mon, 23 Dec 2019 14:29:54 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1577100594; bh=hDxsZ9WwlBd7l5lPAzMk/VphlduIA98NuaIwGkUU3tw=; h=In-Reply-To:From:To:Subject:Cc:Date:References:Message-ID; b=NIGd06bEGNmJQA0BRP9EerICVBv9c2wNcw7JGPIHcUo//O+o503FQQCu1exoQPGnj zuKhnyzsQMHPug4alKI9q7uycP+/IW33vflpuOc5A4QGd52Mlt7xScpcGVoZEN4mzl FlVchm+UuWWGvo0li8tmJJMfnsdNUtGUslWXCCNI= Received: by vla5-445dc1c4c112.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id jALc6RaGtC-TrUGTaxa; Mon, 23 Dec 2019 14:29:53 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) Subject: Re: IPSec transport mode, mtu, fragmentation... To: Eugene Grosbein , Victor Sudakov Cc: freebsd-net@freebsd.org, Michael Tuexen References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> <20191220162233.GA56815@admin.sibptus.ru> <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> <20191223100655.GA41651@admin.sibptus.ru> <3edbc7ad-a760-48c7-3222-202d7a835fe5@yandex.ru> <35fd51d5-c171-c97c-5bb2-529912d75844@grosbein.net> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= mQENBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAG0JUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT6JATgEEwECACIFAkwB F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+ +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAy5AQ0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAYkBHwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <5793a8ad-bf37-f2f2-29d8-29497d782651@yandex.ru> Date: Mon, 23 Dec 2019 14:28:18 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="BEnHe38VRz5HNzzA6cCprobamzcnlgn5y" X-Rspamd-Queue-Id: 47hHFd6mdmz4X8Q X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.ru header.s=mail header.b=NIGd06bE; dmarc=pass (policy=none) header.from=yandex.ru; spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates 2a02:6b8:0:1472:2741:0:8b7:101 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru X-Spamd-Result: default: False [-6.20 / 15.00]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0:1000::/52]; FREEMAIL_FROM(0.00)[yandex.ru]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[yandex.ru:+]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[1.0.1.0.7.b.8.0.0.0.0.0.1.4.7.2.2.7.4.1.0.0.0.0.8.b.6.0.2.0.a.2.list.dnswl.org : 127.0.5.1]; ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; IP_SCORE(0.00)[ip: (-9.47), ipnet: 2a02:6b8::/32(-4.71), asn: 13238(-3.80), country: RU(0.01)]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; IP_SCORE_FREEMAIL(0.00)[]; DWL_DNSWL_LOW(-1.00)[yandex.ru.dwl.dnswl.org : 127.0.5.1]; TO_MATCH_ENVRCPT_SOME(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 11:29:59 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --BEnHe38VRz5HNzzA6cCprobamzcnlgn5y Content-Type: multipart/mixed; boundary="7iawAjGC5uwbU4rYCyLICy3OgMyxe9W0Y"; protected-headers="v1" From: "Andrey V. Elsukov" To: Eugene Grosbein , Victor Sudakov Cc: freebsd-net@freebsd.org, Michael Tuexen Message-ID: <5793a8ad-bf37-f2f2-29d8-29497d782651@yandex.ru> Subject: Re: IPSec transport mode, mtu, fragmentation... References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> <20191220162233.GA56815@admin.sibptus.ru> <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> <20191223100655.GA41651@admin.sibptus.ru> <3edbc7ad-a760-48c7-3222-202d7a835fe5@yandex.ru> <35fd51d5-c171-c97c-5bb2-529912d75844@grosbein.net> In-Reply-To: --7iawAjGC5uwbU4rYCyLICy3OgMyxe9W0Y Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 23.12.2019 14:08, Eugene Grosbein wrote: >>> Sample patch creates another sysctl but we should do it unconditional= ly, don't we? >> >> As I said I didn't find that other OSes do this. Linux has enabled by >> PMTUD by default, strongswan doesn't set SADB_SAFLAGS_NOPMTUDISC flag,= >> OpenBSD hasn't such quirk. Why should we add this instead of try to fi= x >> PMTUD? >=20 > RFC 2401 Appendix B https://tools.ietf.org/html/rfc2401#page-1-48 state= s > that packets generated by IPSec transport mode must be "fragmentable" o= ver the path > and this is incompatible with DF=3D1. I don't see such requirements here, I think you read this somewhere between lines :-) "If required, IP fragmentation occurs after IPsec processing within an IPsec implementation. Thus, transport mode AH or ESP is applied only to whole IP datagrams (not to IP fragments)." This is exactly how it works now. IPsec does encryption and passes ESP packet to IP stack, then it can be fragmented if it is allowed (i.e. no DF bit set). "An IP packet to which AH or ESP has been applied may itself be fragmented by routers en route, and such fragments MUST be reassembled prior to IPsec processing at a receiver." If fragmentation was allowed at previous step, the receiver will have several fragments that will be reassembled into single ESP packet, and then it will be decrypted and passed to IP stack. I.e. IPsec will not try to decrypt each fragment before reassembly. --=20 WBR, Andrey V. Elsukov --7iawAjGC5uwbU4rYCyLICy3OgMyxe9W0Y-- --BEnHe38VRz5HNzzA6cCprobamzcnlgn5y Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl4ApNIACgkQAcXqBBDI oXqdfAgAurCgU4sjl/SETzuOtTmFA2IUM4usF949qtzikSMSmNqsF3qAIERbxgBH Pr+9eG2AnKR7FKEDP4J8DWl9AtAmHaB9GbUYL/rhk3XJD0xRxZVyZawtL4uSSAqm Zlx8A5lI47OYUgFT/8/9qQiM346GulyiUlOQKpZGAr5qJaI7zjEx7ZiFodJHb4zM gH55edOdH4iBfrAZZYGWlku9W0khhns1EUK75O5eDV6dWyQ+qYObb5abwoBbtN2o XoUzNyrGjThL+FPJKHyekr3q6yVcHVfBjQPnZniRiRd+UYpEbNVbwkxTON9tr36h gCPboiMvNyKJtl6U9EpSlcDPo0dlWg== =2yWo -----END PGP SIGNATURE----- --BEnHe38VRz5HNzzA6cCprobamzcnlgn5y-- From owner-freebsd-net@freebsd.org Mon Dec 23 12:02:06 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0F9711EE680 for ; Mon, 23 Dec 2019 12:02:06 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward104p.mail.yandex.net (forward104p.mail.yandex.net [77.88.28.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47hHyh4sTfz4Z2T; Mon, 23 Dec 2019 12:02:04 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback1o.mail.yandex.net (mxback1o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1b]) by forward104p.mail.yandex.net (Yandex) with ESMTP id C622C4B0144F; Mon, 23 Dec 2019 15:02:01 +0300 (MSK) Received: from sas2-b157fac3b6f2.qloud-c.yandex.net (sas2-b157fac3b6f2.qloud-c.yandex.net [2a02:6b8:c08:b282:0:640:b157:fac3]) by mxback1o.mail.yandex.net (mxback/Yandex) with ESMTP id t10LpBVOk4-21AGmRlD; Mon, 23 Dec 2019 15:02:01 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1577102521; bh=hV7dY9mgyiZggNzRG8Q1K/RDlkOG/vdlt2IuZUpXACM=; h=In-Reply-To:From:Cc:Date:References:To:Subject:Message-ID; b=wxafEfJLfR+DeSDQTfiI3TrvXRQZNxNBljsYQcugtcUStYrdAfbrSGXrR0g6pKXs3 QIC5h+jusJwHjsAoXWI9lJWyyJ4zyQAhr72mZbsqOgmboFEjtOqV+sJW9gDALcHEiD AAFcBbUX3yfUk4q8SX+RyL9zmH5dBfVVxQqnyV8E= Received: by sas2-b157fac3b6f2.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id 3HkCvKRXHB-200Gm3LF; Mon, 23 Dec 2019 15:02:01 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) Subject: Re: IPSec transport mode, mtu, fragmentation... To: Victor Sudakov , freebsd-net@freebsd.org References: <20191220152314.GA55278@admin.sibptus.ru> Cc: Michael Tuexen From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= mQENBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAG0JUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT6JATgEEwECACIFAkwB F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+ +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAy5AQ0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAYkBHwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> Date: Mon, 23 Dec 2019 15:00:25 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20191220152314.GA55278@admin.sibptus.ru> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3TsaGJrjHF4YUPYrQg9oZwt19HepEHhSe" X-Rspamd-Queue-Id: 47hHyh4sTfz4Z2T X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.ru header.s=mail header.b=wxafEfJL; dmarc=pass (policy=none) header.from=yandex.ru; spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates 77.88.28.107 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru X-Spamd-Result: default: False [-6.20 / 15.00]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[yandex.ru]; R_SPF_ALLOW(-0.20)[+ip4:77.88.0.0/18]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[yandex.ru:+]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[107.28.88.77.list.dnswl.org : 127.0.5.1]; ASN(0.00)[asn:13238, ipnet:77.88.0.0/18, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; IP_SCORE(0.00)[ipnet: 77.88.0.0/18(-4.79), asn: 13238(-3.80), country: RU(0.01)]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; IP_SCORE_FREEMAIL(0.00)[]; DWL_DNSWL_LOW(-1.00)[yandex.ru.dwl.dnswl.org : 127.0.5.1]; TO_MATCH_ENVRCPT_SOME(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 12:02:06 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --3TsaGJrjHF4YUPYrQg9oZwt19HepEHhSe Content-Type: multipart/mixed; boundary="Yi6DuFh0QyUTTfo4HwEcTWxLYjtZuTRYO"; protected-headers="v1" From: "Andrey V. Elsukov" To: Victor Sudakov , freebsd-net@freebsd.org Cc: Michael Tuexen Message-ID: <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> Subject: Re: IPSec transport mode, mtu, fragmentation... References: <20191220152314.GA55278@admin.sibptus.ru> In-Reply-To: <20191220152314.GA55278@admin.sibptus.ru> --Yi6DuFh0QyUTTfo4HwEcTWxLYjtZuTRYO Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 20.12.2019 18:23, Victor Sudakov wrote: > Dear Colleagues, >=20 > I've set up IPSec in transport mode between two regular FreeBSD hosts, > for testing. Now TCP sessions between those hosts don't work normally > any more. For example, scp is stalled almost immediately after starting= > a file transfer, and so is interactive ssh eventually. >=20 > I feel that the problem is somehow related to MTU, MSS and fragmentatio= n > of ESP packets, because: >=20 > 1. When IPSec is disabled, I can "ping -s1472 -D" the remote host all > right.=20 >=20 > 2. When IPSec is enabled, the maximum packet size I've been able to sen= d > through is "ping -s1414 -D". ("ping -s1415 -D host-b" already disappear= s > in the void). I think the silence from ping is due to IPsec works asynchronously. I.e. when application sends data to the stack, it receives good feedback and thinks that data was send successful then it waits for reply. But IPsec consumes the data and then encrypted data will be send from crypto thread via callback. And now they can not be fragmented due to IP_DF bit, but there are no app waiting for this error code. Similar problem is with TCP. Probably we can try to send PRC_MSGSIZE notify when EMSGSIZE is returned from ip_output(). At least for TCP. --=20 WBR, Andrey V. Elsukov --Yi6DuFh0QyUTTfo4HwEcTWxLYjtZuTRYO-- --3TsaGJrjHF4YUPYrQg9oZwt19HepEHhSe Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl4ArFkACgkQAcXqBBDI oXrCjQf/RX5mgwY7WgtglYDxlzuM9aS662LtbrgbRjshs2HkMUMd6FGj68/yy0P7 fdu/F2XUsXxu76UwF84u6F7NXA3wXJVuBHeG0wcY+WzN/XFjCyvPPaV+XiCEG8xW Fe4eNKukkhGhjJDa32V6gJZt8XP4uWefCK6lATwZATVm8uGN/8MW789Gns1sKq7H 4u7hNSPobhntDiDZ1L/lrAbwVBtznWDzye28zzD9YCU0okqyH2emx7tzmTtfT/Uf QorihC/bjBH2CX28d10s3xzDG5USrdcj6V35yNO/VKh9JjLcVdLUOLgcFvdiJvgj DWEDvyYprAAxIXzWMcQCdhE4yCON2Q== =PgZu -----END PGP SIGNATURE----- --3TsaGJrjHF4YUPYrQg9oZwt19HepEHhSe-- From owner-freebsd-net@freebsd.org Mon Dec 23 12:02:36 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 54C1D1EE770 for ; Mon, 23 Dec 2019 12:02:36 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from kagate.punkt.de (kagate.punkt.de [217.29.33.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47hHzH1zdwz4Z7G; Mon, 23 Dec 2019 12:02:34 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from hugo10.ka.punkt.de (hugo10.ka.punkt.de [217.29.44.10]) by gate1.intern.punkt.de with ESMTP id xBNC2XcN003236; Mon, 23 Dec 2019 13:02:33 +0100 (CET) Received: from [217.29.44.222] ([217.29.44.222]) by hugo10.ka.punkt.de (8.14.2/8.14.2) with ESMTP id xBNC2Xql037647; Mon, 23 Dec 2019 13:02:33 +0100 (CET) (envelope-from hausen@punkt.de) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Subject: Re: IPSec transport mode, mtu, fragmentation... From: "Patrick M. Hausen" In-Reply-To: <5793a8ad-bf37-f2f2-29d8-29497d782651@yandex.ru> Date: Mon, 23 Dec 2019 13:02:32 +0100 Cc: Eugene Grosbein , Victor Sudakov , freebsd-net@freebsd.org, Michael Tuexen Content-Transfer-Encoding: quoted-printable Message-Id: References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> <20191220162233.GA56815@admin.sibptus.ru> <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> <20191223100655.GA41651@admin.sibptus.ru> <3edbc7ad-a760-48c7-3222-202d7a835fe5@yandex.ru> <35fd51d5-c171-c97c-5bb2-529912d75844@grosbein.net> <5793a8ad-bf37-f2f2-29d8-29497d782651@yandex.ru> To: "Andrey V. Elsukov" X-Mailer: Apple Mail (2.3445.104.11) X-Rspamd-Queue-Id: 47hHzH1zdwz4Z7G X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of hausen@punkt.de designates 217.29.33.131 as permitted sender) smtp.mailfrom=hausen@punkt.de X-Spamd-Result: default: False [-2.15 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.994,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:217.29.32.0/20:c]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[punkt.de]; RCPT_COUNT_FIVE(0.00)[5]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[131.33.29.217.list.dnswl.org : 127.0.10.0]; IP_SCORE(-0.36)[ip: (-0.33), ipnet: 217.29.32.0/20(-0.80), asn: 16188(-0.63), country: DE(-0.02)]; FREEMAIL_TO(0.00)[yandex.ru]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:16188, ipnet:217.29.32.0/20, country:DE]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 12:02:36 -0000 Hi all, > Am 23.12.2019 um 12:28 schrieb Andrey V. Elsukov : > "If required, IP fragmentation occurs after IPsec processing within an > IPsec implementation. Thus, transport mode AH or ESP is applied only > to whole IP datagrams (not to IP fragments)." >=20 > This is exactly how it works now. IPsec does encryption and passes ESP > packet to IP stack, then it can be fragmented if it is allowed (i.e. = no > DF bit set). >=20 > "An IP packet to which AH or ESP has been applied may itself be > fragmented by routers en route, and such fragments MUST be reassembled > prior to IPsec processing at a receiver." >=20 > If fragmentation was allowed at previous step, the receiver will have > several fragments that will be reassembled into single ESP packet, and > then it will be decrypted and passed to IP stack. I.e. IPsec will not > try to decrypt each fragment before reassembly. I'm with Andrey on this one. Shouldn't the encryption and encapsulation layer send back a "fragmentation needed but DF set" ICMP to the sender? It surely would if - the system was a router - the traffic was passing through the box instead of originating locally - the SA was in in tunnel mode or - there was an interface for the encrypted connection with lower MTU Looks like an oversight for transport mode and locally originating = traffic to me. Kind regards, Patrick --=20 punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de info@punkt.de AG Mannheim 108285 Gesch=C3=A4ftsf=C3=BChrer: J=C3=BCrgen Egeling, Daniel Lienert, Fabian = Stein From owner-freebsd-net@freebsd.org Mon Dec 23 12:12:43 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DDBC51EEA9A for ; Mon, 23 Dec 2019 12:12:43 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hJBy5nMwz4ZX4; Mon, 23 Dec 2019 12:12:42 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id xBNCCXEe051455 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 23 Dec 2019 12:12:36 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: bu7cher@yandex.ru Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id xBNCCVZi090218 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 23 Dec 2019 19:12:31 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: IPSec transport mode, mtu, fragmentation... To: "Andrey V. Elsukov" , Victor Sudakov , freebsd-net@freebsd.org References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> Cc: Michael Tuexen From: Eugene Grosbein Message-ID: <1c58795b-4f9f-1921-9057-500aef442ae2@grosbein.net> Date: Mon, 23 Dec 2019 19:12:23 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 47hJBy5nMwz4ZX4 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-3.82 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(-1.72)[ip: (-4.60), ipnet: 2a01:4f8::/29(-2.43), asn: 24940(-1.55), country: DE(-0.02)]; FREEMAIL_TO(0.00)[yandex.ru]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 12:12:43 -0000 23.12.2019 19:00, Andrey V. Elsukov wrote: > I think the silence from ping is due to IPsec works asynchronously. > I.e. when application sends data to the stack, it receives good feedback > and thinks that data was send successful then it waits for reply. > But IPsec consumes the data and then encrypted data will be send from > crypto thread via callback. And now they can not be fragmented due to > IP_DF bit, but there are no app waiting for this error code. > > Similar problem is with TCP. Probably we can try to send PRC_MSGSIZE > notify when EMSGSIZE is returned from ip_output(). At least for TCP. What is "an application" in this case? Userland app dealing with sockets? Another part of the kernel? Some system daemon similar to natd? From owner-freebsd-net@freebsd.org Mon Dec 23 12:19:11 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 727091EEC6D for ; Mon, 23 Dec 2019 12:19:11 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward105j.mail.yandex.net (forward105j.mail.yandex.net [IPv6:2a02:6b8:0:801:2::108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47hJLQ0Znbz4ZyL; Mon, 23 Dec 2019 12:19:09 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback28g.mail.yandex.net (mxback28g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:328]) by forward105j.mail.yandex.net (Yandex) with ESMTP id 3D7FDB213F6; Mon, 23 Dec 2019 15:19:06 +0300 (MSK) Received: from sas2-ee0cb368bd51.qloud-c.yandex.net (sas2-ee0cb368bd51.qloud-c.yandex.net [2a02:6b8:c08:b7a3:0:640:ee0c:b368]) by mxback28g.mail.yandex.net (mxback/Yandex) with ESMTP id jzrIlWXA5j-J6v4qD2J; Mon, 23 Dec 2019 15:19:06 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1577103546; bh=fPiDDtzyBWcKokDa/iho897O3ukDPrOgzpgWWZlqOQM=; h=In-Reply-To:From:To:Subject:Cc:Date:References:Message-ID; b=V+OCrxFH/2GOGTEqfEJvLj2cjUkwqEQ75vOlNr1NNrFr4QYxAzAqyDY2RUzpqNJDY EN2lNwKwJB3ns8ZQG2SAGYzldRG4SZE4wQjhjU3HU9L/JLP9AY/OKtpTQqw5l2WxzS hwUOiPI6snXHJe337LEQcnj7xDBa5KDbC6yJXSV8= Received: by sas2-ee0cb368bd51.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id q7ywT2dvyk-J5Wu3541; Mon, 23 Dec 2019 15:19:05 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) Subject: Re: IPSec transport mode, mtu, fragmentation... To: Eugene Grosbein , Victor Sudakov , freebsd-net@freebsd.org Cc: Michael Tuexen References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <1c58795b-4f9f-1921-9057-500aef442ae2@grosbein.net> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= mQENBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAG0JUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT6JATgEEwECACIFAkwB F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+ +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAy5AQ0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAYkBHwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <6eeadbcf-1b0c-1116-adfa-279690f2be58@yandex.ru> Date: Mon, 23 Dec 2019 15:17:29 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <1c58795b-4f9f-1921-9057-500aef442ae2@grosbein.net> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="KeMw8o3QvWPkECmJzYiZMt0LxxAFjF6x6" X-Rspamd-Queue-Id: 47hJLQ0Znbz4ZyL X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.ru header.s=mail header.b=V+OCrxFH; dmarc=pass (policy=none) header.from=yandex.ru; spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates 2a02:6b8:0:801:2::108 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru X-Spamd-Result: default: False [-6.20 / 15.00]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0::/52]; FREEMAIL_FROM(0.00)[yandex.ru]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[yandex.ru:+]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[8.0.1.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.8.0.0.0.0.0.8.b.6.0.2.0.a.2.list.dnswl.org : 127.0.5.1]; ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; IP_SCORE(0.00)[ip: (-9.31), ipnet: 2a02:6b8::/32(-4.71), asn: 13238(-3.80), country: RU(0.01)]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; IP_SCORE_FREEMAIL(0.00)[]; DWL_DNSWL_LOW(-1.00)[yandex.ru.dwl.dnswl.org : 127.0.5.1]; TO_MATCH_ENVRCPT_SOME(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 12:19:11 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --KeMw8o3QvWPkECmJzYiZMt0LxxAFjF6x6 Content-Type: multipart/mixed; boundary="hSvyhLUmzz7d0PegKimjjnUoh7YyAkQWb"; protected-headers="v1" From: "Andrey V. Elsukov" To: Eugene Grosbein , Victor Sudakov , freebsd-net@freebsd.org Cc: Michael Tuexen Message-ID: <6eeadbcf-1b0c-1116-adfa-279690f2be58@yandex.ru> Subject: Re: IPSec transport mode, mtu, fragmentation... References: <20191220152314.GA55278@admin.sibptus.ru> <4cc83b85-dd30-8c0d-330e-aa549ce98c98@yandex.ru> <1c58795b-4f9f-1921-9057-500aef442ae2@grosbein.net> In-Reply-To: <1c58795b-4f9f-1921-9057-500aef442ae2@grosbein.net> --hSvyhLUmzz7d0PegKimjjnUoh7YyAkQWb Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 23.12.2019 15:12, Eugene Grosbein wrote: > 23.12.2019 19:00, Andrey V. Elsukov wrote: >=20 >> I think the silence from ping is due to IPsec works asynchronously. >> I.e. when application sends data to the stack, it receives good feedba= ck >> and thinks that data was send successful then it waits for reply. >> But IPsec consumes the data and then encrypted data will be send from >> crypto thread via callback. And now they can not be fragmented due to >> IP_DF bit, but there are no app waiting for this error code. >> >> Similar problem is with TCP. Probably we can try to send PRC_MSGSIZE >> notify when EMSGSIZE is returned from ip_output(). At least for TCP. >=20 > What is "an application" in this case? Userland app dealing with socket= s? > Another part of the kernel? Some system daemon similar to natd? TCP tries to automatically adjust MSS to avoid segments loss. It can interoperate with ICMP to handle ICMP UNREACH messages. AFAIR, it works via host cache. I need some time to remember how it works. --=20 WBR, Andrey V. Elsukov --hSvyhLUmzz7d0PegKimjjnUoh7YyAkQWb-- --KeMw8o3QvWPkECmJzYiZMt0LxxAFjF6x6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl4AsFkACgkQAcXqBBDI oXq7aQf+LsKqwUSsp0IXc4LAEISZWcjZqODCieRnUxVlhOJJEfsTJOtAjQFtCxcA sqx2vignPecSbd8XRKlI7leEwSFrpaCTYAA5ubqjgsYb+fL01vbDHRp9st1OZCI7 Ks9zuTlopcwG7uDF6CCq75Cg59l0bIifeskUz6KcNm6IdgEVFW3+Xu3lcGvexAPN A3F5O0Q5j8e6pF1ekzPb0PkNN3am3Dqvy/QS+S6Nl0EtiUkLpqJEdosBX1cbqF1N ID6TlWjTzqlVUI7h5hIXvhZ7ObYHvmOysxEymZvh7n+Nk+4nInMD5GKRNPhg5syw VKRUFzcQ1/ueHL8mS+BptVq+8xdVAw== =HHwU -----END PGP SIGNATURE----- --KeMw8o3QvWPkECmJzYiZMt0LxxAFjF6x6-- From owner-freebsd-net@freebsd.org Mon Dec 23 16:35:42 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0014C1CB81D for ; Mon, 23 Dec 2019 16:35:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47hQ2P6GVbz3LS5 for ; Mon, 23 Dec 2019 16:35:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id D546B1CB81B; Mon, 23 Dec 2019 16:35:41 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D50591CB81A for ; Mon, 23 Dec 2019 16:35:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hQ2P5Kkwz3LS4 for ; Mon, 23 Dec 2019 16:35:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B29661A890 for ; Mon, 23 Dec 2019 16:35:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBNGZf9C027561 for ; Mon, 23 Dec 2019 16:35:41 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBNGZfQT027560 for net@FreeBSD.org; Mon, 23 Dec 2019 16:35:41 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242712] Networking device detach leaks memory Date: Mon, 23 Dec 2019 16:35:40 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: markj@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 16:35:42 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242712 --- Comment #4 from commit-hook@freebsd.org --- A commit references this bug: Author: markj Date: Mon Dec 23 16:34:40 UTC 2019 New revision: 356037 URL: https://svnweb.freebsd.org/changeset/base/356037 Log: MFC r355938: Fix a memory leak in if_delgroups() introduced in r334118. PR: 242712 Changes: _U stable/12/ stable/12/sys/net/if.c --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Dec 23 16:43:21 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1AF761CBACB for ; Mon, 23 Dec 2019 16:43:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47hQCD72s5z3Lnc for ; Mon, 23 Dec 2019 16:43:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id F1B521CBACA; Mon, 23 Dec 2019 16:43:20 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F06471CBAC9 for ; Mon, 23 Dec 2019 16:43:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hQCD65PPz3LnY for ; Mon, 23 Dec 2019 16:43:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CCAA91AA66 for ; Mon, 23 Dec 2019 16:43:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBNGhKRd048306 for ; Mon, 23 Dec 2019 16:43:20 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBNGhKYp048305 for net@FreeBSD.org; Mon, 23 Dec 2019 16:43:20 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242712] Networking device detach leaks memory Date: Mon, 23 Dec 2019 16:43:20 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: markj@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: markj@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 16:43:21 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242712 Mark Johnston changed: What |Removed |Added ---------------------------------------------------------------------------- Status|In Progress |Closed Resolution|--- |FIXED --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Dec 23 16:48:05 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4FC661CBC57 for ; Mon, 23 Dec 2019 16:48:05 +0000 (UTC) (envelope-from artem@viklenko.net) Received: from alf.viklenko.net (alf.viklenko.net [IPv6:2001:470:71:d72::61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "www.viklenko.net", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hQJg70Fpz3Ly7 for ; Mon, 23 Dec 2019 16:48:03 +0000 (UTC) (envelope-from artem@viklenko.net) Received: from [10.0.31.12] (ua1.etadirect.net [91.198.140.16] (may be forged)) (authenticated bits=0) by alf.viklenko.net (8.15.2/8.15.2) with ESMTPSA id xBNGlpSu036051 (version=TLSv1.2 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 23 Dec 2019 18:47:56 +0200 (EET) (envelope-from artem@viklenko.net) To: freebsd-net@freebsd.org From: Artem Viklenko Subject: ipfilter nat rewrite Organization: Art&Co. Message-ID: Date: Mon, 23 Dec 2019 18:47:50 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (alf.viklenko.net [192.168.32.61]); Mon, 23 Dec 2019 18:47:56 +0200 (EET) X-Rspamd-Queue-Id: 47hQJg70Fpz3Ly7 X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.66 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[viklenko.net:s=alf-mail]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; DKIM_TRACE(0.00)[viklenko.net:+]; DMARC_POLICY_ALLOW(-0.50)[viklenko.net,reject]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-1.66)[ipnet: 2001:470::/32(-4.66), asn: 6939(-3.56), country: US(-0.05)]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 16:48:05 -0000 Hi, All! Sorry if this list is wrong place for questions about IPFilter (didn't found more appropriate freebsd mailling list and one mentioned in some docs seems to be dead). But maybe someone can answer it or point in right direction. I need to rewrite source and destination IPs on packet sent via ipsec interface. Ipnat part is ok. But after rewrite packet I need the route entry for rewrited destination IP to point to desired ipsec interface. Without this route entry packet goes via default route. Is there any way using ipfilter to force packet to be sent via desired interface? Or I need to combine ipnat with some other firewall like pf (route-to) or ipfw (fwd)? Thanks in advance! -- Regards! From owner-freebsd-net@freebsd.org Mon Dec 23 17:02:17 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 54EBF1CC373 for ; Mon, 23 Dec 2019 17:02:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47hQd51bbqz3Mgn for ; Mon, 23 Dec 2019 17:02:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 34C801CC372; Mon, 23 Dec 2019 17:02:17 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 348E01CC370 for ; Mon, 23 Dec 2019 17:02:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hQd50k9Kz3Mgm for ; Mon, 23 Dec 2019 17:02:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1449E1ADE8 for ; Mon, 23 Dec 2019 17:02:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBNH2GP0095456 for ; Mon, 23 Dec 2019 17:02:16 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBNH2GUm095455 for net@FreeBSD.org; Mon, 23 Dec 2019 17:02:16 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242746] ifconfig: Deleting (or re-setting) an IP address holds (leaks?) memory Date: Mon, 23 Dec 2019 17:02:16 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: needs-patch, needs-qa X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: markj@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: markj@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: cc assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 17:02:17 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242746 Mark Johnston changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |markj@FreeBSD.org Assignee|net@FreeBSD.org |markj@FreeBSD.org --- Comment #1 from Mark Johnston --- I'll take a look at this. --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Dec 23 19:01:45 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DFF071CE154 for ; Mon, 23 Dec 2019 19:01:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47hTGx5hLWz3x3r for ; Mon, 23 Dec 2019 19:01:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id C32871CE151; Mon, 23 Dec 2019 19:01:45 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C2EF01CE150 for ; Mon, 23 Dec 2019 19:01:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hTGx4pjvz3x3q for ; Mon, 23 Dec 2019 19:01:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A0A561C353 for ; Mon, 23 Dec 2019 19:01:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBNJ1jX7046847 for ; Mon, 23 Dec 2019 19:01:45 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBNJ1jO5046846 for net@FreeBSD.org; Mon, 23 Dec 2019 19:01:45 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242746] ifconfig: Deleting (or re-setting) an IP address holds (leaks?) memory Date: Mon, 23 Dec 2019 19:01:45 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: needs-patch, needs-qa X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: markj@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: markj@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 19:01:45 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242746 --- Comment #2 from Mark Johnston --- Created attachment 210181 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D210181&action= =3Dedit patch This patch fixes the problem in my own testing - would you be willing to try it? --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Dec 23 19:02:04 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 78C611CE1C9 for ; Mon, 23 Dec 2019 19:02:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47hTHJ2hfkz3x7w for ; Mon, 23 Dec 2019 19:02:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 5C6A41CE1C6; Mon, 23 Dec 2019 19:02:04 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5C3181CE1C5 for ; Mon, 23 Dec 2019 19:02:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hTHJ1tQQz3x7t for ; Mon, 23 Dec 2019 19:02:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3C10D1C36E for ; Mon, 23 Dec 2019 19:02:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBNJ24EL047278 for ; Mon, 23 Dec 2019 19:02:04 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBNJ24LG047277 for net@FreeBSD.org; Mon, 23 Dec 2019 19:02:04 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242746] ifconfig: Deleting (or re-setting) an IP address holds (leaks?) memory Date: Mon, 23 Dec 2019 19:02:04 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: needs-patch, needs-qa X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: markj@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: markj@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 19:02:04 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242746 Mark Johnston changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Open |In Progress --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Dec 23 19:10:20 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 701F01CE49F for ; Mon, 23 Dec 2019 19:10:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47hTSr2LWDz3xcF for ; Mon, 23 Dec 2019 19:10:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 506DF1CE49E; Mon, 23 Dec 2019 19:10:20 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 503271CE49D for ; Mon, 23 Dec 2019 19:10:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hTSr1WRCz3xcD for ; Mon, 23 Dec 2019 19:10:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2F8261C3ED for ; Mon, 23 Dec 2019 19:10:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBNJAKKf059746 for ; Mon, 23 Dec 2019 19:10:20 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBNJAKM0059745 for net@FreeBSD.org; Mon, 23 Dec 2019 19:10:20 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242746] ifconfig: Deleting (or re-setting) an IP address holds (leaks?) memory Date: Mon, 23 Dec 2019 19:10:20 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: needs-patch, needs-qa X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: markj@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: markj@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 19:10:20 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242746 --- Comment #3 from Mark Johnston --- https://reviews.freebsd.org/D22912 --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Dec 23 19:16:20 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0E14D1CE7DF for ; Mon, 23 Dec 2019 19:16:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47hTbl6gPJz3y2N for ; Mon, 23 Dec 2019 19:16:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id E30B61CE7DC; Mon, 23 Dec 2019 19:16:19 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E1B831CE7DA for ; Mon, 23 Dec 2019 19:16:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hTbl5ZdQz3y2M for ; Mon, 23 Dec 2019 19:16:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BAE7A1C5BD for ; Mon, 23 Dec 2019 19:16:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBNJGJIE079108 for ; Mon, 23 Dec 2019 19:16:19 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBNJGJqw079107 for net@FreeBSD.org; Mon, 23 Dec 2019 19:16:19 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242746] ifconfig: Deleting (or re-setting) an IP address holds (leaks?) memory Date: Mon, 23 Dec 2019 19:16:19 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: needs-patch, needs-qa X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: ghuckriede@blackberry.com X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: markj@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 19:16:20 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242746 --- Comment #4 from ghuckriede@blackberry.com --- Sure I'll try it. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Dec 23 20:31:42 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5884C1CFD9F for ; Mon, 23 Dec 2019 20:31:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47hWGk1MtCz42Mp for ; Mon, 23 Dec 2019 20:31:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 2F0161CFD9E; Mon, 23 Dec 2019 20:31:42 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2EC031CFD9D for ; Mon, 23 Dec 2019 20:31:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hWGj75Pnz42Mn for ; Mon, 23 Dec 2019 20:31:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EEF491D3B5 for ; Mon, 23 Dec 2019 20:31:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBNKVfBC003889 for ; Mon, 23 Dec 2019 20:31:41 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBNKVf1N003880 for net@FreeBSD.org; Mon, 23 Dec 2019 20:31:41 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242746] ifconfig: Deleting (or re-setting) an IP address holds (leaks?) memory Date: Mon, 23 Dec 2019 20:31:42 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: needs-patch, needs-qa X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: ghuckriede@blackberry.com X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: markj@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 20:31:42 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242746 --- Comment #5 from ghuckriede@blackberry.com --- A HEAD dev environment was not available, so the patch was tested on a 12.1 based build (which was where this issue was discovered). The reported leak was gone with the provided patch. Also tested detaching em interface while receiving traffic. No crash nor memory leak was observed. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Dec 23 23:53:50 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 36E291D30A7 for ; Mon, 23 Dec 2019 23:53:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47hbly0mW1z4C7K for ; Mon, 23 Dec 2019 23:53:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 1A5091D30A6; Mon, 23 Dec 2019 23:53:50 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1A1141D30A3 for ; Mon, 23 Dec 2019 23:53:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hblx6zF1z4C7J for ; Mon, 23 Dec 2019 23:53:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EAC8B1F83F for ; Mon, 23 Dec 2019 23:53:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBNNrnbg082173 for ; Mon, 23 Dec 2019 23:53:49 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBNNrnU5082172 for net@FreeBSD.org; Mon, 23 Dec 2019 23:53:49 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242746] ifconfig: Deleting (or re-setting) an IP address holds (leaks?) memory Date: Mon, 23 Dec 2019 23:53:50 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: markj@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: keywords bug_file_loc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 23:53:50 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242746 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs-patch, needs-qa | URL| |https://reviews.freebsd.org | |/D22912 --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Mon Dec 23 23:57:07 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E9D6B1D338F for ; Mon, 23 Dec 2019 23:57:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47hbql5zSfz4CCs for ; Mon, 23 Dec 2019 23:57:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id CD3B81D338E; Mon, 23 Dec 2019 23:57:07 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CD0081D338D for ; Mon, 23 Dec 2019 23:57:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hbql52zvz4CCq for ; Mon, 23 Dec 2019 23:57:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A3E261F844 for ; Mon, 23 Dec 2019 23:57:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBNNv7rv086086 for ; Mon, 23 Dec 2019 23:57:07 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBNNv7Uo086083 for net@FreeBSD.org; Mon, 23 Dec 2019 23:57:07 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242712] Networking device detach leaks memory after base r334118 Date: Mon, 23 Dec 2019 23:57:07 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: markj@FreeBSD.org X-Bugzilla-Flags: mfc-stable12+ mfc-stable11- X-Bugzilla-Changed-Fields: short_desc keywords flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Dec 2019 23:57:08 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242712 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Networking device detach |Networking device detach |leaks memory |leaks memory after base | |r334118 Keywords|patch |regression Flags| |mfc-stable12+, | |mfc-stable11- --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 24 00:00:49 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BBE771D3621 for ; Tue, 24 Dec 2019 00:00:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47hbw14SWyz4CLR for ; Tue, 24 Dec 2019 00:00:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 8B54B1D360A; Tue, 24 Dec 2019 00:00:49 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8AEF21D3609 for ; Tue, 24 Dec 2019 00:00:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hbw13Cn5z4CLM for ; Tue, 24 Dec 2019 00:00:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 516B11F973 for ; Tue, 24 Dec 2019 00:00:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBO00nAO000864 for ; Tue, 24 Dec 2019 00:00:49 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBO00n4n000840 for net@FreeBSD.org; Tue, 24 Dec 2019 00:00:49 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242784] arp: segfault on service netif restart Date: Tue, 24 Dec 2019 00:00:48 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: crash, needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: short_desc bug_status keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Dec 2019 00:00:49 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242784 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|arp segfault |arp: segfault on service | |netif restart Status|New |Open Keywords| |crash, needs-qa --- Comment #1 from Kubilay Kocak --- @Corvid Can you provide some additional information, including: - Exact FreeBSD version (uname -a) - /var/run/dmesg.boot (as an attachment) - Complete network configuration (/etc/rc.conf and others, sanitized where necessary) Also, can you describe the reproducibility of this issue. Is it always reproducible? Sometimes? Once? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 24 00:09:02 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A3E491D39CC for ; Tue, 24 Dec 2019 00:09:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47hc5V3nF3z4Cjg for ; Tue, 24 Dec 2019 00:09:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 7FFB31D39CB; Tue, 24 Dec 2019 00:09:02 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7FBE31D39CA for ; Tue, 24 Dec 2019 00:09:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hc5V2vFGz4Cjd for ; Tue, 24 Dec 2019 00:09:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5E31B1FA14 for ; Tue, 24 Dec 2019 00:09:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBO092g3036537 for ; Tue, 24 Dec 2019 00:09:02 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBO092aa036524 for net@FreeBSD.org; Tue, 24 Dec 2019 00:09:02 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 207261] netmap: Doesn't do TX sync with kqueue Date: Tue, 24 Dec 2019 00:09:01 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.2-STABLE X-Bugzilla-Keywords: needs-patch, needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? mfc-stable10? X-Bugzilla-Changed-Fields: flagtypes.name bug_status short_desc keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Dec 2019 00:09:02 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D207261 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |mfc-stable12?, | |mfc-stable11?, | |mfc-stable10? Status|In Progress |Open Summary|NETMAP don't do TX sync |netmap: Doesn't do TX sync |with kqueue |with kqueue Keywords| |needs-patch, needs-qa --- Comment #7 from Kubilay Kocak --- @Vincenzo Since no stable/10 and no 10.x-RELEASE's versions are supported a= ny longer, what does the anticipated resolution look like with regard to mergi= ng, if and when we have a patch Ideally (and if you don't mind), merges to all stable branches (including 1= 0) would be nice If stable/10 wont be included in the merge set, please set the mfc-stable10 flag to ^Triage:=20 - Reset status (no In Progress without an Assignee) - Needs patch and qa (review) to progress --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 24 00:11:36 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 31B151D3BFF for ; Tue, 24 Dec 2019 00:11:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47hc8S0cB2z4CyL for ; Tue, 24 Dec 2019 00:11:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 14C6B1D3BFE; Tue, 24 Dec 2019 00:11:36 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 148571D3BFD for ; Tue, 24 Dec 2019 00:11:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hc8R6s7Bz4CyK for ; Tue, 24 Dec 2019 00:11:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E6EA51FB85 for ; Tue, 24 Dec 2019 00:11:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBO0BZmm068455 for ; Tue, 24 Dec 2019 00:11:35 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBO0BZkU068452 for net@FreeBSD.org; Tue, 24 Dec 2019 00:11:35 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242677] multicast: setsockopt(...IP_DROP_MEMBERSHIP...) doesn't lead to sending IGMP packet after base r349369 Date: Tue, 24 Dec 2019 00:11:34 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: hselasky@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11- X-Bugzilla-Changed-Fields: keywords short_desc bug_file_loc flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Dec 2019 00:11:36 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242677 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |regression Summary|multicast: |multicast: |setsockopt(...IP_DROP_MEMBE |setsockopt(...IP_DROP_MEMBE |RSHIP...) doesn't lead to |RSHIP...) doesn't lead to |sending IGMP packet. |sending IGMP packet after | |base r349369 URL| |https://reviews.freebsd.org | |/D22848 Flags| |mfc-stable12?, | |mfc-stable11- --- Comment #9 from Kubilay Kocak --- ^Triage:=20 - Re-open pending MFC - Set mfc-stable11 to (assuming only stable/12 regressed). If incorrect, pl= ease set flag to ? and + on merge to stable/11 --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 24 13:44:52 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5319A1E8CA1 for ; Tue, 24 Dec 2019 13:44:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47hyBr1VbQz3Myx for ; Tue, 24 Dec 2019 13:44:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 336941E8CA0; Tue, 24 Dec 2019 13:44:52 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3327E1E8C9F for ; Tue, 24 Dec 2019 13:44:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hyBr0YjMz3Myv for ; Tue, 24 Dec 2019 13:44:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0E8A6FD8 for ; Tue, 24 Dec 2019 13:44:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBODipOH051774 for ; Tue, 24 Dec 2019 13:44:51 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBODipnk051773 for net@FreeBSD.org; Tue, 24 Dec 2019 13:44:51 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 207261] netmap: Doesn't do TX sync with kqueue Date: Tue, 24 Dec 2019 13:44:51 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.2-STABLE X-Bugzilla-Keywords: needs-patch, needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: slw@zxy.spb.ru X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? mfc-stable10? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Dec 2019 13:44:52 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D207261 --- Comment #8 from slw@zxy.spb.ru --- (In reply to Kubilay Kocak from comment #7) Latest test I am do on stable/11. I mean stable/12 and current have same behavior and this is kqueue related. I.e. txsync do on poll event, poll event cused by kqueue change list proces= sing or kqueue waited events processing. No input packets case don't fire poll events and don't cause txsync. Additional notice: multiple received packets cause massive fire of taskqueue enque fire and very high overhead (system loaded x3-x4 more comapred to pol= l()) --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 24 14:20:59 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 60A641E95C8 for ; Tue, 24 Dec 2019 14:20:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47hz0W222cz3PBK for ; Tue, 24 Dec 2019 14:20:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 459BE1E95C7; Tue, 24 Dec 2019 14:20:59 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 455DF1E95C6 for ; Tue, 24 Dec 2019 14:20:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hz0W19J9z3PBJ for ; Tue, 24 Dec 2019 14:20:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 239401589 for ; Tue, 24 Dec 2019 14:20:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBOEKxuK085366 for ; Tue, 24 Dec 2019 14:20:59 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBOEKxjR085256 for net@FreeBSD.org; Tue, 24 Dec 2019 14:20:59 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Tue, 24 Dec 2019 14:20:58 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vas@sibptus.ru X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Dec 2019 14:20:59 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #20 from Victor Sudakov --- (In reply to Eugene Grosbein from comment #15) I've made a quick and dirty script which I run from the remote block. It seems that this workaround does work. #!/bin/sh if echo $REMOTE_ADDR | grep -q ":" ; then gw=3D$(route -6 -n get "$REMOTE_ADDR" | awk '/gateway: / {print $2}= ') else gw=3D$(route -4 -n get "$REMOTE_ADDR" | awk '/gateway: / {print $2}= ') fi case "${1}" in phase1_up) route add -host $REMOTE_ADDR -mtu 1200 $gw ;; *) route delete -host $REMOTE_ADDR ;; esac --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 24 14:31:24 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C68E71E9B7E for ; Tue, 24 Dec 2019 14:31:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47hzDX4cdVz3PsL for ; Tue, 24 Dec 2019 14:31:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 9E60E1E9B7B; Tue, 24 Dec 2019 14:31:24 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9E2781E9B7A for ; Tue, 24 Dec 2019 14:31:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47hzDX3nDcz3PsK for ; Tue, 24 Dec 2019 14:31:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7D44C1778 for ; Tue, 24 Dec 2019 14:31:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBOEVO3F082684 for ; Tue, 24 Dec 2019 14:31:24 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBOEVOjJ082683 for net@FreeBSD.org; Tue, 24 Dec 2019 14:31:24 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Tue, 24 Dec 2019 14:31:23 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Dec 2019 14:31:24 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ae@FreeBSD.org --- Comment #21 from Andrey V. Elsukov --- I have the not yet fully thought idea how to fix this problem. I'll try to implement it during coming holidays. There are still unimplemented IPsec method IPSEC_CTLINPUT and unused hdrsz field in the struct inpcbpolicy. We can use them to handle inbound ICMP NEEDFRAG messages and adjust required room for TCP protocol. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 24 15:28:40 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 841D61EABE7 for ; Tue, 24 Dec 2019 15:28:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47j0Vc31x0z3x5s for ; Tue, 24 Dec 2019 15:28:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 660131EABE6; Tue, 24 Dec 2019 15:28:40 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 65C681EABE5 for ; Tue, 24 Dec 2019 15:28:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47j0Vc28qVz3x5q for ; Tue, 24 Dec 2019 15:28:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 414DD21D1 for ; Tue, 24 Dec 2019 15:28:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBOFSeGB061811 for ; Tue, 24 Dec 2019 15:28:40 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBOFSe1U061810 for net@FreeBSD.org; Tue, 24 Dec 2019 15:28:40 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Tue, 24 Dec 2019 15:28:38 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vas@sibptus.ru X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Dec 2019 15:28:40 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #22 from Victor Sudakov --- (In reply to Eugene Grosbein from comment #8) > Can you enable some TCP service at FreeBSD side (f.e. inetd/echo or ftpd) > and check it out if Windows sets DF=3D1 for initial encrypted TCP SYN=20 > when you connect from Windows to FreeBSD over such IPSec transport=20 > mode configuration? I've finally found time to do that. 192.168.3.80 is a Windows 2012 server, 192.168.3.1 is FreeBSD with daytime and ftpd services enabled. As you see f= rom the packet dump, all ESP packets have the DF flag set. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 24 15:29:33 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 57EA21EAC98 for ; Tue, 24 Dec 2019 15:29:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47j0Wd1kSBz3x9v for ; Tue, 24 Dec 2019 15:29:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 3B40A1EAC96; Tue, 24 Dec 2019 15:29:33 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3B04C1EAC95 for ; Tue, 24 Dec 2019 15:29:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47j0Wd0p6rz3x9r for ; Tue, 24 Dec 2019 15:29:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1701321D7 for ; Tue, 24 Dec 2019 15:29:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBOFTWe4062838 for ; Tue, 24 Dec 2019 15:29:32 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBOFTWEt062837 for net@FreeBSD.org; Tue, 24 Dec 2019 15:29:32 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Tue, 24 Dec 2019 15:29:32 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vas@sibptus.ru X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Dec 2019 15:29:33 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #23 from Victor Sudakov --- Created attachment 210202 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D210202&action= =3Dedit ESP from Windows server to FreeBSD --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 24 20:00:02 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4A4051EF55A for ; Tue, 24 Dec 2019 20:00:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47j6Wk1LB8z48xq for ; Tue, 24 Dec 2019 20:00:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 2DECE1EF558; Tue, 24 Dec 2019 20:00:02 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2DB4F1EF556 for ; Tue, 24 Dec 2019 20:00:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47j6Wk0Vyvz48xp for ; Tue, 24 Dec 2019 20:00:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0D0225439 for ; Tue, 24 Dec 2019 20:00:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBOK01xS015598 for ; Tue, 24 Dec 2019 20:00:01 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBOK0184015597 for net@FreeBSD.org; Tue, 24 Dec 2019 20:00:01 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242841] Unkillable process when attempting to destroy an open tun device Date: Tue, 24 Dec 2019 20:00:01 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Dec 2019 20:00:02 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242841 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |net@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Tue Dec 24 20:11:02 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 848BA1EF9C4 for ; Tue, 24 Dec 2019 20:11:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47j6mQ30hsz49Xx for ; Tue, 24 Dec 2019 20:11:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 670FB1EF9C3; Tue, 24 Dec 2019 20:11:02 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 66D241EF9C2 for ; Tue, 24 Dec 2019 20:11:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47j6mQ26vSz49Xw for ; Tue, 24 Dec 2019 20:11:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 443FF5634 for ; Tue, 24 Dec 2019 20:11:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBOKB2bI043532 for ; Tue, 24 Dec 2019 20:11:02 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBOKB2xr043516 for net@FreeBSD.org; Tue, 24 Dec 2019 20:11:02 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242841] Unkillable process when attempting to destroy an open tun device Date: Tue, 24 Dec 2019 20:11:01 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kevans@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: kevans@freebsd.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Dec 2019 20:11:02 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242841 Kyle Evans changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|net@FreeBSD.org |kevans@freebsd.org CC| |kevans@freebsd.org, | |net@FreeBSD.org --- Comment #1 from Kyle Evans --- Taking as one of the last to touch tuntap. I don't see any reason not to do this. We do in general have a problem with applications not actually keeping the owner pid up to date, but it would at least catch the common case. --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Dec 25 03:03:29 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 22DE61D0229 for ; Wed, 25 Dec 2019 03:03:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47jHwK0BTcz4SLH for ; Wed, 25 Dec 2019 03:03:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 067EA1D0224; Wed, 25 Dec 2019 03:03:29 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 064521D0222 for ; Wed, 25 Dec 2019 03:03:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47jHwJ6Rj0z4SLG for ; Wed, 25 Dec 2019 03:03:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D7760A170 for ; Wed, 25 Dec 2019 03:03:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBP33SLF000491 for ; Wed, 25 Dec 2019 03:03:28 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBP33Ssh000490 for net@FreeBSD.org; Wed, 25 Dec 2019 03:03:28 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Wed, 25 Dec 2019 03:03:25 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vas@sibptus.ru X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Dec 2019 03:03:29 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #24 from Victor Sudakov --- (In reply to Eugene Grosbein from comment #19) > I still wait for testing results from Victor.=20 > If we get good results and agreement with other developers, we ought just= clear DF unconditionally. I'm beginning to feel that the solution is not as simple as clearing the DF flag unconditionally. Windows does not do that as seen from the packet dump= I attached yesterday https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D21= 0202 , and still FTP from a Windows host works over a IPSec transport mode. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Dec 25 09:26:18 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 56EEB1D78C2 for ; Wed, 25 Dec 2019 09:26:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47jSQ21fZZz3DNn for ; Wed, 25 Dec 2019 09:26:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 38A6E1D78C1; Wed, 25 Dec 2019 09:26:18 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 386901D78BF for ; Wed, 25 Dec 2019 09:26:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47jSQ20ncTz3DNm for ; Wed, 25 Dec 2019 09:26:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 16A37E610 for ; Wed, 25 Dec 2019 09:26:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBP9QHCw032078 for ; Wed, 25 Dec 2019 09:26:17 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBP9QHXK032075 for net@FreeBSD.org; Wed, 25 Dec 2019 09:26:17 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242677] multicast: setsockopt(...IP_DROP_MEMBERSHIP...) doesn't lead to sending IGMP packet after base r349369 Date: Wed, 25 Dec 2019 09:26:17 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: hselasky@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Dec 2019 09:26:18 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242677 --- Comment #10 from commit-hook@freebsd.org --- A commit references this bug: Author: hselasky Date: Wed Dec 25 09:25:21 UTC 2019 New revision: 356069 URL: https://svnweb.freebsd.org/changeset/base/356069 Log: MFC r355881: Leave multicast group before reaping and committing state for both IPv4 and IPv6. This fixes a regression issue after r349369. When trying to exit a multicast group before closing the socket, a multicast leave packet should be sent. Differential Revision: https://reviews.freebsd.org/D22848 PR: 242677 Reviewed by: bz (network) Tested by: Aleksandr Fedorov Sponsored by: Mellanox Technologies Changes: _U stable/12/ stable/12/sys/netinet/in_mcast.c stable/12/sys/netinet6/in6_mcast.c --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Wed Dec 25 09:35:55 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EE7C11D8626 for ; Wed, 25 Dec 2019 09:35:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47jSd766btz3Fml for ; Wed, 25 Dec 2019 09:35:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id D016B1D8625; Wed, 25 Dec 2019 09:35:55 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CFD6A1D8624 for ; Wed, 25 Dec 2019 09:35:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47jSd75FB5z3Fmj for ; Wed, 25 Dec 2019 09:35:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AB21AE7E8 for ; Wed, 25 Dec 2019 09:35:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBP9ZtmD062452 for ; Wed, 25 Dec 2019 09:35:55 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBP9Zt8a062451 for net@FreeBSD.org; Wed, 25 Dec 2019 09:35:55 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242677] multicast: setsockopt(...IP_DROP_MEMBERSHIP...) doesn't lead to sending IGMP packet after base r349369 Date: Wed, 25 Dec 2019 09:35:55 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: hselasky@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: hselasky@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Dec 2019 09:35:56 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242677 --- Comment #11 from Hans Petter Selasky --- I think only FreeBSD 12-stable is relevant for this patch. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Wed Dec 25 12:55:38 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EEC821DC85F for ; Wed, 25 Dec 2019 12:55:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47jY3Z67S8z3PJv for ; Wed, 25 Dec 2019 12:55:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id D26121DC85E; Wed, 25 Dec 2019 12:55:38 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D22441DC85D for ; Wed, 25 Dec 2019 12:55:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47jY3Z5GCSz3PJr for ; Wed, 25 Dec 2019 12:55:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B028C18C3D for ; Wed, 25 Dec 2019 12:55:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBPCtcGk091044 for ; Wed, 25 Dec 2019 12:55:38 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBPCtcrZ091043 for net@FreeBSD.org; Wed, 25 Dec 2019 12:55:38 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242744] IPSec in transport mode between FreeBSD hosts blackholes TCP traffic Date: Wed, 25 Dec 2019 12:55:36 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vas@sibptus.ru X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Dec 2019 12:55:39 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242744 --- Comment #25 from Victor Sudakov --- The more I think of it, the more I feel that the idea of removing the DF fl= ag from ESP packets is incorrect. Because in IPv6, there is no flag to remove.= If an IPv6 packet was not fragmented by the originator, there is nothing to be done in transit. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Dec 25 16:49:36 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F2C401E087D for ; Wed, 25 Dec 2019 16:49:36 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47jfFW5Ldgz44DZ for ; Wed, 25 Dec 2019 16:49:35 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=SGMLReBsoV01VdekeNCPGFIkMFy8RQKBhyYxdSKrTcg=; b=UDVazIrSrW2rE3w+Xni7xi7RUt CNMhgYrbRz1DTg5JSrrPC94olNse9cnkLJsvHaywIG2diMFlVUkQQuTC9dxO+ra/wgUHfaNKAgiux gDFkZGAt7B/0CpIpY+LqSPdWRV7iZByx+2A1Dz95BDsvP2qmeKU/UGCMxqYfGDAodyeg=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1ik9qm-00032o-Hw for freebsd-net@freebsd.org; Wed, 25 Dec 2019 23:49:32 +0700 Date: Wed, 25 Dec 2019 23:49:32 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: Re: IPSec transport mode, mtu, fragmentation... Message-ID: <20191225164932.GA11670@admin.sibptus.ru> References: <20191220152314.GA55278@admin.sibptus.ru> <20191220160357.GB56081@admin.sibptus.ru> <20191220162233.GA56815@admin.sibptus.ru> <55eeca4c-9633-339a-f521-b0db462cc1d6@yandex.ru> <20191223100655.GA41651@admin.sibptus.ru> <3edbc7ad-a760-48c7-3222-202d7a835fe5@yandex.ru> <35fd51d5-c171-c97c-5bb2-529912d75844@grosbein.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="WIyZ46R2i8wDzkSu" Content-Disposition: inline In-Reply-To: <35fd51d5-c171-c97c-5bb2-529912d75844@grosbein.net> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 47jfFW5Ldgz44DZ X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=UDVazIrS; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.34 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.24)[ip: (-9.88), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.32), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Dec 2019 16:49:37 -0000 --WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Eugene Grosbein wrote: >=20 > I think we could just clear DF bit off encapsulated transport mode packet= s unconditionally, > please take a look at last chunk of sample patch in the PR 242744: > https://bz-attachments.freebsd.org/attachment.cgi?id=3D210122 >=20 > Sample patch creates another sysctl but we should do it unconditionally, = don't we? The more I think of it, the more I feel that the idea of removing the DF flag from ESP packets is incorrect. Because in IPv6, there is no flag to remove. If an IPv6 packet was not fragmented by the originator, there is nothing to be done in transit. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --WIyZ46R2i8wDzkSu Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeA5McAAoJEA2k8lmbXsY0TU0IAJvLjZX5Fa79Un5XRRj2X1wu kqW5RFg05I94sskURZtMpJUcFP46jkV4v5JBIR5NvEl8Bz3ILd9lgz+Tw1JZjCEx Oo7IZnv9pFsRsmPDaKFqTwPpb8OCzU7olW4ypSFQ1Gr0/nD/9lGfrhxl91R42WPK YJNS7G8cdBA0CY8SX+ysI9k1kIZjO2BvncGLbs8wklVXiWOnQpaZ1pFbj4f6Liae DkiQRR/nDSKXoCobe3X+13QxVaFRCeoyVUbPtE/VQKqWlLc2eSll/6Jjno6tZZWI vh4lFAiSOfGKzB4UpRtAm6bBLPIhpuTOmqldFqcix+YgRSzmbgTgSMuyWe+WPOs= =RsQB -----END PGP SIGNATURE----- --WIyZ46R2i8wDzkSu-- From owner-freebsd-net@freebsd.org Thu Dec 26 09:53:01 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 15C771CBF56 for ; Thu, 26 Dec 2019 09:53:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47k4yN6s7hz3HM4 for ; Thu, 26 Dec 2019 09:53:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id EB60D1CBF54; Thu, 26 Dec 2019 09:53:00 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EB29D1CBF53 for ; Thu, 26 Dec 2019 09:53:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47k4yN62PKz3HM3 for ; Thu, 26 Dec 2019 09:53:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CA67626E1F for ; Thu, 26 Dec 2019 09:53:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBQ9r0SL024358 for ; Thu, 26 Dec 2019 09:53:00 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBQ9r0BM024357 for net@FreeBSD.org; Thu, 26 Dec 2019 09:53:00 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242890] vmxnet3 problem when RSS option is configured Date: Thu, 26 Dec 2019 09:53:00 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: avg@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Dec 2019 09:53:01 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242890 Andriy Gapon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |net@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Dec 26 10:01:29 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E03551CC3F5 for ; Thu, 26 Dec 2019 10:01:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47k5895hsLz3Hf4 for ; Thu, 26 Dec 2019 10:01:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id C37E41CC3F4; Thu, 26 Dec 2019 10:01:29 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C344B1CC3F1 for ; Thu, 26 Dec 2019 10:01:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47k5894rD5z3Hf3 for ; Thu, 26 Dec 2019 10:01:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A19CF26EA0 for ; Thu, 26 Dec 2019 10:01:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBQA1TvP040420 for ; Thu, 26 Dec 2019 10:01:29 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBQA1TUY040419 for net@FreeBSD.org; Thu, 26 Dec 2019 10:01:29 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242890] vmxnet3 problem when RSS option is configured Date: Thu, 26 Dec 2019 10:01:29 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: avg@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Dec 2019 10:01:29 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242890 Andriy Gapon changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pkelsey@freebsd.org --- Comment #1 from Andriy Gapon --- I see that base r343291, in addition to converting vmx to iflib, enabled previously ifdef-ed out code that sets packet's rsstype based on the hardwa= re reported rss_type. Before that commit rsstype was always set M_HASHTYPE_OPAQUE_HASH. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Dec 26 10:08:45 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 42F0E1CC852 for ; Thu, 26 Dec 2019 10:08:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47k5JY153rz3J3Z for ; Thu, 26 Dec 2019 10:08:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 235B11CC850; Thu, 26 Dec 2019 10:08:45 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 232111CC84C for ; Thu, 26 Dec 2019 10:08:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47k5JY0BrHz3J3Y for ; Thu, 26 Dec 2019 10:08:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 022D227003 for ; Thu, 26 Dec 2019 10:08:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBQA8iuj057514 for ; Thu, 26 Dec 2019 10:08:44 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBQA8iH2057513 for net@FreeBSD.org; Thu, 26 Dec 2019 10:08:44 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242890] vmxnet3 problem when RSS option is configured Date: Thu, 26 Dec 2019 10:08:44 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: avg@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Dec 2019 10:08:45 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242890 Andriy Gapon changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |shurd@FreeBSD.org --- Comment #2 from Andriy Gapon --- I see that vmxnet3_reinit_rss_shared_data() uses an RSS key that's different from the system RSS key defined sys/net/rss_config.c. I think that the different keys can result in in_pcblookup_mbuf() failure because of mismatc= hing hash values. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Dec 26 19:04:30 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1787C1D70D7 for ; Thu, 26 Dec 2019 19:04:30 +0000 (UTC) (envelope-from agapon@gmail.com) Received: from mail-lf1-f41.google.com (mail-lf1-f41.google.com [209.85.167.41]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47kKBh4RYHz4Dmx for ; Thu, 26 Dec 2019 19:04:28 +0000 (UTC) (envelope-from agapon@gmail.com) Received: by mail-lf1-f41.google.com with SMTP id 15so19095057lfr.2 for ; Thu, 26 Dec 2019 11:04:28 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:openpgp:autocrypt:message-id :date:user-agent:mime-version:content-language :content-transfer-encoding; bh=v+I1Q95yxBUM6PvojmDDU+s5bqGBXB4fVo1dGC5q8VU=; b=Sxv+knGlET8A1UweMDXR/QW3DgVHJsSSgMYLPWzdtBcltn6zq41+hpMm5cJmOfhYHu kO3Wn0tNNwkgd4mgZ4rS+WjdqpJoP216j3b+qwHn5UF1BxX9Dye1iMsMBgixr1/pf4bL anYis0/2Y5ZU8R5GbNIyAGdVAsiGASBkxBe80PqT5REKwJ1Ajk5o+PN1nnxv7O8Ka+XJ lMqygGTaqmqsRANiS2IDmURxpfsA1zld8OKTRn6AJN7eCejs57vB85TIg0wCFD31gYUn chPpSo3XqUVhScn3Cb3EE5ocUO8s/5knkqb95HfM80ndRVLNQXXw7MQbd7kXVJnJPzFF 3+Kg== X-Gm-Message-State: APjAAAWwcE+9aaXbuP8h2o9ZcSIXC2ggtt4AtGKXbKdRLVNcuIK1uD97 r2uctsyWrcohCjg/UqFMwTlkSUoN X-Google-Smtp-Source: APXvYqyGA328iCuNydR5BR7l+aPShyzipG4YX7a4GpCNaG4IbHKzjfvigMBPF9qWG31ohmpSatpaUA== X-Received: by 2002:ac2:59dd:: with SMTP id x29mr25895032lfn.95.1577387066318; Thu, 26 Dec 2019 11:04:26 -0800 (PST) Received: from [192.168.0.88] (east.meadow.volia.net. [93.72.151.96]) by smtp.googlemail.com with ESMTPSA id i4sm12645806ljg.102.2019.12.26.11.04.24 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 26 Dec 2019 11:04:25 -0800 (PST) To: freebsd-net From: Andriy Gapon Subject: vmx: strange issue, related to to tso? Openpgp: preference=signencrypt Autocrypt: addr=avg@FreeBSD.org; prefer-encrypt=mutual; keydata= mQINBFm4LIgBEADNB/3lT7f15UKeQ52xCFQx/GqHkSxEdVyLFZTmY3KyNPQGBtyvVyBfprJ7 mAeXZWfhat6cKNRAGZcL5EmewdQuUfQfBdYmKjbw3a9GFDsDNuhDA2QwFt8BmkiVMRYyvI7l N0eVzszWCUgdc3qqM6qqcgBaqsVmJluwpvwp4ZBXmch5BgDDDb1MPO8AZ2QZfIQmplkj8Y6Z AiNMknkmgaekIINSJX8IzRzKD5WwMsin70psE8dpL/iBsA2cpJGzWMObVTtCxeDKlBCNqM1i gTXta1ukdUT7JgLEFZk9ceYQQMJJtUwzWu1UHfZn0Fs29HTqawfWPSZVbulbrnu5q55R4PlQ /xURkWQUTyDpqUvb4JK371zhepXiXDwrrpnyyZABm3SFLkk2bHlheeKU6Yql4pcmSVym1AS4 dV8y0oHAfdlSCF6tpOPf2+K9nW1CFA8b/tw4oJBTtfZ1kxXOMdyZU5fiG7xb1qDgpQKgHUX8 7Rd2T1UVLVeuhYlXNw2F+a2ucY+cMoqz3LtpksUiBppJhw099gEXehcN2JbUZ2TueJdt1FdS ztnZmsHUXLxrRBtGwqnFL7GSd6snpGIKuuL305iaOGODbb9c7ne1JqBbkw1wh8ci6vvwGlzx rexzimRaBzJxlkjNfMx8WpCvYebGMydNoeEtkWldtjTNVsUAtQARAQABtB5BbmRyaXkgR2Fw b24gPGF2Z0BGcmVlQlNELm9yZz6JAlQEEwEIAD4WIQS+LEO7ngQnXA4Bjr538m7TUc1yjwUC WbgsiAIbIwUJBaOagAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRB38m7TUc1yj+JAEACV l9AK/nOWAt/9cufV2fRj0hdOqB1aCshtSrwHk/exXsDa4/FkmegxXQGY+3GWX3deIyesbVRL rYdtdK0dqJyT1SBqXK1h3/at9rxr9GQA6KWOxTjUFURsU7ok/6SIlm8uLRPNKO+yq0GDjgaO LzN+xykuBA0FlhQAXJnpZLcVfPJdWv7sSHGedL5ln8P8rxR+XnmsA5TUaaPcbhTB+mG+iKFj GghASDSfGqLWFPBlX/fpXikBDZ1gvOr8nyMY9nXhgfXpq3B6QCRYKPy58ChrZ5weeJZ29b7/ QdEO8NFNWHjSD9meiLdWQaqo9Y7uUxN3wySc/YUZxtS0bhAd8zJdNPsJYG8sXgKjeBQMVGuT eCAJFEYJqbwWvIXMfVWop4+O4xB+z2YE3jAbG/9tB/GSnQdVSj3G8MS80iLS58frnt+RSEw/ psahrfh0dh6SFHttE049xYiC+cM8J27Aaf0i9RflyITq57NuJm+AHJoU9SQUkIF0nc6lfA+o JRiyRlHZHKoRQkIg4aiKaZSWjQYRl5Txl0IZUP1dSWMX4s3XTMurC/pnja45dge/4ESOtJ9R 8XuIWg45Oq6MeIWdjKddGhRj3OohsltKgkEU3eLKYtB6qRTQypHHUawCXz88uYt5e3w4V16H lCpSTZV/EVHnNe45FVBlvK7k7HFfDDkryLkCDQRZuCyIARAAlq0slcsVboY/+IUJdcbEiJRW be9HKVz4SUchq0z9MZPX/0dcnvz/gkyYA+OuM78dNS7Mbby5dTvOqfpLJfCuhaNYOhlE0wY+ 1T6Tf1f4c/uA3U/YiadukQ3+6TJuYGAdRZD5EqYFIkreARTVWg87N9g0fT9BEqLw9lJtEGDY EWUE7L++B8o4uu3LQFEYxcrb4K/WKmgtmFcm77s0IKDrfcX4doV92QTIpLiRxcOmCC/OCYuO jB1oaaqXQzZrCutXRK0L5XN1Y1PYjIrEzHMIXmCDlLYnpFkK+itlXwlE2ZQxkfMruCWdQXye syl2fynAe8hvp7Mms9qU2r2K9EcJiR5N1t1C2/kTKNUhcRv7Yd/vwusK7BqJbhlng5ZgRx0m WxdntU/JLEntz3QBsBsWM9Y9wf2V4tLv6/DuDBta781RsCB/UrU2zNuOEkSixlUiHxw1dccI 6CVlaWkkJBxmHX22GdDFrcjvwMNIbbyfQLuBq6IOh8nvu9vuItup7qemDG3Ms6TVwA7BD3j+ 3fGprtyW8Fd/RR2bW2+LWkMrqHffAr6Y6V3h5kd2G9Q8ZWpEJk+LG6Mk3fhZhmCnHhDu6CwN MeUvxXDVO+fqc3JjFm5OxhmfVeJKrbCEUJyM8ESWLoNHLqjywdZga4Q7P12g8DUQ1mRxYg/L HgZY3zfKOqcAEQEAAYkCPAQYAQgAJhYhBL4sQ7ueBCdcDgGOvnfybtNRzXKPBQJZuCyIAhsM BQkFo5qAAAoJEHfybtNRzXKPBVwQAKfFy9P7N3OsLDMB56A4Kf+ZT+d5cIx0Yiaf4n6w7m3i ImHHHk9FIetI4Xe54a2IXh4Bq5UkAGY0667eIs+Z1Ea6I2i27Sdo7DxGwq09Qnm/Y65ADvXs 3aBvokCcm7FsM1wky395m8xUos1681oV5oxgqeRI8/76qy0hD9WR65UW+HQgZRIcIjSel9vR XDaD2HLGPTTGr7u4v00UeTMs6qvPsa2PJagogrKY8RXdFtXvweQFz78NbXhluwix2Tb9ETPk LIpDrtzV73CaE2aqBG/KrboXT2C67BgFtnk7T7Y7iKq4/XvEdDWscz2wws91BOXuMMd4c/c4 OmGW9m3RBLufFrOag1q5yUS9QbFfyqL6dftJP3Zq/xe+mr7sbWbhPVCQFrH3r26mpmy841ym dwQnNcsbIGiBASBSKksOvIDYKa2Wy8htPmWFTEOPRpFXdGQ27awcjjnB42nngyCK5ukZDHi6 w0qK5DNQQCkiweevCIC6wc3p67jl1EMFY5+z+zdTPb3h7LeVnGqW0qBQl99vVFgzLxchKcl0 R/paSFgwqXCZhAKMuUHncJuynDOP7z5LirUeFI8qsBAJi1rXpQoLJTVcW72swZ42IdPiboqx NbTMiNOiE36GqMcTPfKylCbF45JNX4nF9ElM0E+Y8gi4cizJYBRr2FBJgay0b9Cp Message-ID: <67dc1ce9-274c-7e70-30dc-97e2d5767237@FreeBSD.org> Date: Thu, 26 Dec 2019 21:04:24 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Firefox/60.0 Thunderbird/60.9.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47kKBh4RYHz4Dmx X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of agapon@gmail.com designates 209.85.167.41 as permitted sender) smtp.mailfrom=agapon@gmail.com X-Spamd-Result: default: False [-2.09 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; FORGED_SENDER(0.30)[avg@FreeBSD.org,agapon@gmail.com]; RECEIVED_SPAMHAUS_PBL(0.00)[96.151.72.93.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; SUBJECT_ENDS_QUESTION(1.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; R_DKIM_NA(0.00)[]; FROM_NEQ_ENVFROM(0.00)[avg@FreeBSD.org,agapon@gmail.com]; TO_DOM_EQ_FROM_DOM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; DMARC_NA(0.00)[FreeBSD.org]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; RCVD_IN_DNSWL_NONE(0.00)[41.167.85.209.list.dnswl.org : 127.0.5.0]; IP_SCORE(-1.09)[ip: (-0.43), ipnet: 209.85.128.0/17(-3.11), asn: 15169(-1.88), country: US(-0.05)]; RWL_MAILSPIKE_POSSIBLE(0.00)[41.167.85.209.rep.mailspike.net : 127.0.0.17]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Dec 2019 19:04:30 -0000 Maybe someone would have any pointers for me with the following problem. This happens with CURRENT as of the beginning of September. I connect via ssh to a VM running on VMware, it has a single vmx0 interface. The problem is that when I print a moderately large amount of text to the terminal (e.g., tail -100 /var/log/messages) I literally see it printed in chunks with noticeable pauses between chunks. It takes several seconds for all lines to get shown. This happens every time I do it. There is an interesting twist. If I disable TSO with ifconfig vmx0 -tso and print the same output in the same ssh session, then the output is smooth and fast as I would expect it. The lines scroll by almost instantly. If then I re-enable TSO and again produce the same output in the same ssh, then it is still fast. It appears that the TCP connection gets tuned to some very sub-optimal parameters when TSO is enabled. When I disable TSO, the parameters get re-tuned to better values and the values stick when I re-enable TSO. This is just a conjecture, of course. I have some tcpdump captures, but I do not see anything that would really stand out. One difference is that in the slow case only "full sized" packets are sent while in the fast case there are shorter packets with push flag. Some packets for the slow case: 00:00:00.453202 IP 10.180.106.180.22 > 10.180.1.29.25490: Flags [.], seq 37:1485, ack 36, win 128, options [nop,nop,TS val 1403195134 ecr 4966311], length 1448 00:00:00.096859 IP 10.180.1.29.25490 > 10.180.106.180.22: Flags [.], ack 1485, win 1026, options [nop,nop,TS val 4966864 ecr 1403195134], length 0 00:00:00.442963 IP 10.180.106.180.22 > 10.180.1.29.25490: Flags [.], seq 1485:2933, ack 36, win 128, options [nop,nop,TS val 1403195664 ecr 4966864], length 1448 00:00:00.092677 IP 10.180.1.29.25490 > 10.180.106.180.22: Flags [.], ack 2933, win 1026, options [nop,nop,TS val 4967400 ecr 1403195664], length 0 00:00:00.437336 IP 10.180.106.180.22 > 10.180.1.29.25490: Flags [.], seq 2933:4381, ack 36, win 128, options [nop,nop,TS val 1403196194 ecr 4967400], length 1448 00:00:00.097190 IP 10.180.1.29.25490 > 10.180.106.180.22: Flags [.], ack 4381, win 1026, options [nop,nop,TS val 4967934 ecr 1403196194], length 0 Some packets after the TSO dance: 00:00:00.000450 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [.], seq 4077:5525, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr 21706510], length 1448 00:00:00.000016 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [P.], seq 5525:6097, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr 21706510], length 572 00:00:00.000009 IP 10.180.1.29.25369 > 10.180.106.180.22: Flags [.], ack 5525, win 1003, options [nop,nop,TS val 21706510 ecr 2124310129], length 0 00:00:00.000303 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [.], seq 6097:7545, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr 21706510], length 1448 00:00:00.000019 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [P.], seq 7545:8117, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr 21706510], length 572 00:00:00.000013 IP 10.180.1.29.25369 > 10.180.106.180.22: Flags [.], ack 7545, win 1003, options [nop,nop,TS val 21706510 ecr 2124310129], length 0 00:00:00.000162 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [.], seq 8117:9565, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr 21706510], length 1448 00:00:00.000012 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [P.], seq 9565:10137, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr 21706510], length 572 00:00:00.000007 IP 10.180.1.29.25369 > 10.180.106.180.22: Flags [.], ack 9565, win 1003, options [nop,nop,TS val 21706510 ecr 2124310129], length 0 What else can I examine to debug the problem further? Thank you! -- Andriy Gapon From owner-freebsd-net@freebsd.org Fri Dec 27 01:13:24 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AC0921DE0F1 for ; Fri, 27 Dec 2019 01:13:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47kTNN47Y5z4X3h for ; Fri, 27 Dec 2019 01:13:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 8C21F1DE0ED; Fri, 27 Dec 2019 01:13:24 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8BEB01DE0EB for ; Fri, 27 Dec 2019 01:13:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47kTNN3Brxz4X3g for ; Fri, 27 Dec 2019 01:13:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 663189482 for ; Fri, 27 Dec 2019 01:13:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBR1DO3N001665 for ; Fri, 27 Dec 2019 01:13:24 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBR1DOX2001664 for net@FreeBSD.org; Fri, 27 Dec 2019 01:13:24 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242746] ifconfig: Deleting (or re-setting) an IP address holds (leaks?) memory Date: Fri, 27 Dec 2019 01:13:23 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: markj@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? mfc-stable11? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Dec 2019 01:13:24 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242746 --- Comment #6 from commit-hook@freebsd.org --- A commit references this bug: Author: markj Date: Fri Dec 27 01:12:54 UTC 2019 New revision: 356107 URL: https://svnweb.freebsd.org/changeset/base/356107 Log: Plug some ifaddr refcount leaks. - Only take an ifaddr ref in in rt_exportinfo() if the caller explicitly requests it. Take care to release it in this case. - Don't unconditionally take a ref in rtrequest1_fib(). rt_getifa_fib() will acquire a reference, in which case we would previously acquire two references. - Stop taking a reference in rtinit1() before calling rtrequest1_fib(). rtrequest1_fib() will acquire a reference for the RTM_ADD case. PR: 242746 Reviewed by: melifaro (previous version) Tested by: ghuckriede@blackberry.com MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D22912 Changes: head/sys/net/route.c --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-net@freebsd.org Fri Dec 27 10:08:51 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 909D21E9538 for ; Fri, 27 Dec 2019 10:08:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47kjGC3N7tz3x7n for ; Fri, 27 Dec 2019 10:08:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 71F271E9537; Fri, 27 Dec 2019 10:08:51 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 707991E9536 for ; Fri, 27 Dec 2019 10:08:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47kjGC2D4Dz3x7l for ; Fri, 27 Dec 2019 10:08:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 47AA9F4A2 for ; Fri, 27 Dec 2019 10:08:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xBRA8pHE093584 for ; Fri, 27 Dec 2019 10:08:51 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xBRA8psN093583 for net@FreeBSD.org; Fri, 27 Dec 2019 10:08:51 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 235918] with more than 1 vlan, ix0 gets 'No carrier.' ixgbe_driver_version[] = "4.0.1-k" Date: Fri, 27 Dec 2019 10:08:50 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: IntelNetworking X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: surikovs@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Dec 2019 10:08:51 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235918 Sergey Surikov changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |surikovs@gmail.com --- Comment #1 from Sergey Surikov --- The same issue. The NIC going to 'no carrier' for the some time after ifcon= fig vlan created. If add next vlan in this time NIC stay 'no carrier'. The workaround is add pause before/after vlan created. --- /tmp/network.subr 2019-12-27 13:04:36.376505000 +0300 +++ /usr/src/libexec/rc/network.subr 2019-12-26 14:06:25.670522000 +0300 @@ -1520,6 +1520,7 @@ fi for child in ${child_vlans}; do + sleep 1; if expr $child : '[1-9][0-9]*$' >/dev/null 2>&1; then child=3D"${ifn}.${child}" create_args=3D`get_if_var $child create_args_IF` --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Fri Dec 27 13:34:50 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 871A21ED444 for ; Fri, 27 Dec 2019 13:34:50 +0000 (UTC) (envelope-from vmaffione@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47knqt2l25z46WV; Fri, 27 Dec 2019 13:34:50 +0000 (UTC) (envelope-from vmaffione@freebsd.org) Received: from mail-qk1-f179.google.com (mail-qk1-f179.google.com [209.85.222.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) (Authenticated sender: vmaffione) by smtp.freebsd.org (Postfix) with ESMTPSA id 4B1E911B00; Fri, 27 Dec 2019 13:34:50 +0000 (UTC) (envelope-from vmaffione@freebsd.org) Received: by mail-qk1-f179.google.com with SMTP id x129so21511004qke.8; Fri, 27 Dec 2019 05:34:50 -0800 (PST) X-Gm-Message-State: APjAAAWt2MaFUP0emGqpZfq8fjo8NlMV2jKnYJScnSYgXp2I53G1E+Lr 57BtSayLcwVUjVIKCQtaba4fSbfZzkVFNqmVcFo= X-Google-Smtp-Source: APXvYqzj9Uplacb7ITQNwy7w7QnP+O14YBbf2Zvy5hRkoGSHZnxNauGugRKYTZikyGRyYS85raJwgWScrimXDuo4BRE= X-Received: by 2002:a05:620a:782:: with SMTP id 2mr43748174qka.169.1577453689538; Fri, 27 Dec 2019 05:34:49 -0800 (PST) MIME-Version: 1.0 References: <67dc1ce9-274c-7e70-30dc-97e2d5767237@FreeBSD.org> In-Reply-To: <67dc1ce9-274c-7e70-30dc-97e2d5767237@FreeBSD.org> From: Vincenzo Maffione Date: Fri, 27 Dec 2019 14:34:38 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: vmx: strange issue, related to to tso? To: Andriy Gapon Cc: freebsd-net Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Dec 2019 13:34:50 -0000 It may be useful to check what happens if you replace the vmx0 interface with an em0. In this way you would know if the issue is vmx-specific or not. Cheers, Vincenzo Il giorno gio 26 dic 2019 alle ore 20:04 Andriy Gapon ha scritto: > > Maybe someone would have any pointers for me with the following problem. > This happens with CURRENT as of the beginning of September. > I connect via ssh to a VM running on VMware, it has a single vmx0 > interface. > The problem is that when I print a moderately large amount of text to the > terminal (e.g., tail -100 /var/log/messages) I literally see it printed in > chunks with noticeable pauses between chunks. It takes several seconds > for all > lines to get shown. This happens every time I do it. > There is an interesting twist. If I disable TSO with ifconfig vmx0 -tso > and > print the same output in the same ssh session, then the output is smooth > and > fast as I would expect it. The lines scroll by almost instantly. > If then I re-enable TSO and again produce the same output in the same ssh, > then > it is still fast. > > It appears that the TCP connection gets tuned to some very sub-optimal > parameters when TSO is enabled. When I disable TSO, the parameters get > re-tuned > to better values and the values stick when I re-enable TSO. > This is just a conjecture, of course. > > I have some tcpdump captures, but I do not see anything that would really > stand > out. One difference is that in the slow case only "full sized" packets > are sent > while in the fast case there are shorter packets with push flag. > > Some packets for the slow case: > 00:00:00.453202 IP 10.180.106.180.22 > 10.180.1.29.25490: Flags [.], seq > 37:1485, ack 36, win 128, options [nop,nop,TS val 1403195134 ecr 4966311], > length 1448 > 00:00:00.096859 IP 10.180.1.29.25490 > 10.180.106.180.22: Flags [.], ack > 1485, > win 1026, options [nop,nop,TS val 4966864 ecr 1403195134], length 0 > 00:00:00.442963 IP 10.180.106.180.22 > 10.180.1.29.25490: Flags [.], seq > 1485:2933, ack 36, win 128, options [nop,nop,TS val 1403195664 ecr > 4966864], > length 1448 > 00:00:00.092677 IP 10.180.1.29.25490 > 10.180.106.180.22: Flags [.], ack > 2933, > win 1026, options [nop,nop,TS val 4967400 ecr 1403195664], length 0 > 00:00:00.437336 IP 10.180.106.180.22 > 10.180.1.29.25490: Flags [.], seq > 2933:4381, ack 36, win 128, options [nop,nop,TS val 1403196194 ecr > 4967400], > length 1448 > 00:00:00.097190 IP 10.180.1.29.25490 > 10.180.106.180.22: Flags [.], ack > 4381, > win 1026, options [nop,nop,TS val 4967934 ecr 1403196194], length 0 > > Some packets after the TSO dance: > 00:00:00.000450 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [.], seq > 4077:5525, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr > 21706510], > length 1448 > 00:00:00.000016 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [P.], seq > 5525:6097, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr > 21706510], > length 572 > 00:00:00.000009 IP 10.180.1.29.25369 > 10.180.106.180.22: Flags [.], ack > 5525, > win 1003, options [nop,nop,TS val 21706510 ecr 2124310129], length 0 > 00:00:00.000303 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [.], seq > 6097:7545, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr > 21706510], > length 1448 > 00:00:00.000019 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [P.], seq > 7545:8117, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr > 21706510], > length 572 > 00:00:00.000013 IP 10.180.1.29.25369 > 10.180.106.180.22: Flags [.], ack > 7545, > win 1003, options [nop,nop,TS val 21706510 ecr 2124310129], length 0 > 00:00:00.000162 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [.], seq > 8117:9565, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr > 21706510], > length 1448 > 00:00:00.000012 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [P.], seq > 9565:10137, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr > 21706510], > length 572 > 00:00:00.000007 IP 10.180.1.29.25369 > 10.180.106.180.22: Flags [.], ack > 9565, > win 1003, options [nop,nop,TS val 21706510 ecr 2124310129], length 0 > > What else can I examine to debug the problem further? > Thank you! > -- > Andriy Gapon > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@freebsd.org Fri Dec 27 22:01:06 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1304E1D0C1A for ; Fri, 27 Dec 2019 22:01:06 +0000 (UTC) (envelope-from agapon@gmail.com) Received: from mail-lj1-f182.google.com (mail-lj1-f182.google.com [209.85.208.182]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47l1411p7Mz4cXb; Fri, 27 Dec 2019 22:01:05 +0000 (UTC) (envelope-from agapon@gmail.com) Received: by mail-lj1-f182.google.com with SMTP id j26so28077897ljc.12; Fri, 27 Dec 2019 14:01:05 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=pTyyU9OXqIJSoBS/qYtTEGUftk9CKzcBCr6YHgbctvc=; b=Bhd0H81fIrF5tJw3lnN2fhXvJLbbYSrN9XNKzfji7fH3VUdHBpbSYVBRUhxcTP1Quq NEk9rsHw+X/KDF9J4GQI5qcq+lS9Q6QkUKKL0XBvzdKyNpl/olXTcIPxuZIapt60sZxY D0/LgFh8TQCHZBMg2sXKo9sShrl3ZA8svV+CfE4AXYvM/irxTx/rEUCZihal0Xs7d6jp 2TSUCjBFEe69NJdvmeeIf0yfiZ8A3lK5Wc1I/ZpN2nBIv60VSvm25vu8a1p+ATXYjmZl iQw6Vv/Ic+HolXohJLCWAFGQSY8pxaeWSwE15r14YWmsHVI0TCRWhRPqU7t4B8otXSoV sH3A== X-Gm-Message-State: APjAAAUXVBRp8/YYzpwTwkMIYS0ZwGbS+OR2G8E6kczWElQl/MfJoB6d Cysqndcd6hP7S450//PDocrv+DqD X-Google-Smtp-Source: APXvYqy9BiS6ijJ6bZ+y3LBM/l8LVvjaIbk87Co+e0ioe9BedbjkyS0oIFb4iZilYRVu7pmm4fqJJg== X-Received: by 2002:a2e:86c4:: with SMTP id n4mr29400546ljj.97.1577484062682; Fri, 27 Dec 2019 14:01:02 -0800 (PST) Received: from [192.168.0.88] (east.meadow.volia.net. [93.72.151.96]) by smtp.googlemail.com with ESMTPSA id p136sm15289531lfa.8.2019.12.27.14.01.01 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 27 Dec 2019 14:01:01 -0800 (PST) Subject: Re: vmx: strange issue, related to to tso? To: Vincenzo Maffione Cc: freebsd-net References: <67dc1ce9-274c-7e70-30dc-97e2d5767237@FreeBSD.org> From: Andriy Gapon Openpgp: preference=signencrypt Autocrypt: addr=avg@FreeBSD.org; prefer-encrypt=mutual; keydata= mQINBFm4LIgBEADNB/3lT7f15UKeQ52xCFQx/GqHkSxEdVyLFZTmY3KyNPQGBtyvVyBfprJ7 mAeXZWfhat6cKNRAGZcL5EmewdQuUfQfBdYmKjbw3a9GFDsDNuhDA2QwFt8BmkiVMRYyvI7l N0eVzszWCUgdc3qqM6qqcgBaqsVmJluwpvwp4ZBXmch5BgDDDb1MPO8AZ2QZfIQmplkj8Y6Z AiNMknkmgaekIINSJX8IzRzKD5WwMsin70psE8dpL/iBsA2cpJGzWMObVTtCxeDKlBCNqM1i gTXta1ukdUT7JgLEFZk9ceYQQMJJtUwzWu1UHfZn0Fs29HTqawfWPSZVbulbrnu5q55R4PlQ /xURkWQUTyDpqUvb4JK371zhepXiXDwrrpnyyZABm3SFLkk2bHlheeKU6Yql4pcmSVym1AS4 dV8y0oHAfdlSCF6tpOPf2+K9nW1CFA8b/tw4oJBTtfZ1kxXOMdyZU5fiG7xb1qDgpQKgHUX8 7Rd2T1UVLVeuhYlXNw2F+a2ucY+cMoqz3LtpksUiBppJhw099gEXehcN2JbUZ2TueJdt1FdS ztnZmsHUXLxrRBtGwqnFL7GSd6snpGIKuuL305iaOGODbb9c7ne1JqBbkw1wh8ci6vvwGlzx rexzimRaBzJxlkjNfMx8WpCvYebGMydNoeEtkWldtjTNVsUAtQARAQABtB5BbmRyaXkgR2Fw b24gPGF2Z0BGcmVlQlNELm9yZz6JAlQEEwEIAD4WIQS+LEO7ngQnXA4Bjr538m7TUc1yjwUC WbgsiAIbIwUJBaOagAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRB38m7TUc1yj+JAEACV l9AK/nOWAt/9cufV2fRj0hdOqB1aCshtSrwHk/exXsDa4/FkmegxXQGY+3GWX3deIyesbVRL rYdtdK0dqJyT1SBqXK1h3/at9rxr9GQA6KWOxTjUFURsU7ok/6SIlm8uLRPNKO+yq0GDjgaO LzN+xykuBA0FlhQAXJnpZLcVfPJdWv7sSHGedL5ln8P8rxR+XnmsA5TUaaPcbhTB+mG+iKFj GghASDSfGqLWFPBlX/fpXikBDZ1gvOr8nyMY9nXhgfXpq3B6QCRYKPy58ChrZ5weeJZ29b7/ QdEO8NFNWHjSD9meiLdWQaqo9Y7uUxN3wySc/YUZxtS0bhAd8zJdNPsJYG8sXgKjeBQMVGuT eCAJFEYJqbwWvIXMfVWop4+O4xB+z2YE3jAbG/9tB/GSnQdVSj3G8MS80iLS58frnt+RSEw/ psahrfh0dh6SFHttE049xYiC+cM8J27Aaf0i9RflyITq57NuJm+AHJoU9SQUkIF0nc6lfA+o JRiyRlHZHKoRQkIg4aiKaZSWjQYRl5Txl0IZUP1dSWMX4s3XTMurC/pnja45dge/4ESOtJ9R 8XuIWg45Oq6MeIWdjKddGhRj3OohsltKgkEU3eLKYtB6qRTQypHHUawCXz88uYt5e3w4V16H lCpSTZV/EVHnNe45FVBlvK7k7HFfDDkryLkCDQRZuCyIARAAlq0slcsVboY/+IUJdcbEiJRW be9HKVz4SUchq0z9MZPX/0dcnvz/gkyYA+OuM78dNS7Mbby5dTvOqfpLJfCuhaNYOhlE0wY+ 1T6Tf1f4c/uA3U/YiadukQ3+6TJuYGAdRZD5EqYFIkreARTVWg87N9g0fT9BEqLw9lJtEGDY EWUE7L++B8o4uu3LQFEYxcrb4K/WKmgtmFcm77s0IKDrfcX4doV92QTIpLiRxcOmCC/OCYuO jB1oaaqXQzZrCutXRK0L5XN1Y1PYjIrEzHMIXmCDlLYnpFkK+itlXwlE2ZQxkfMruCWdQXye syl2fynAe8hvp7Mms9qU2r2K9EcJiR5N1t1C2/kTKNUhcRv7Yd/vwusK7BqJbhlng5ZgRx0m WxdntU/JLEntz3QBsBsWM9Y9wf2V4tLv6/DuDBta781RsCB/UrU2zNuOEkSixlUiHxw1dccI 6CVlaWkkJBxmHX22GdDFrcjvwMNIbbyfQLuBq6IOh8nvu9vuItup7qemDG3Ms6TVwA7BD3j+ 3fGprtyW8Fd/RR2bW2+LWkMrqHffAr6Y6V3h5kd2G9Q8ZWpEJk+LG6Mk3fhZhmCnHhDu6CwN MeUvxXDVO+fqc3JjFm5OxhmfVeJKrbCEUJyM8ESWLoNHLqjywdZga4Q7P12g8DUQ1mRxYg/L HgZY3zfKOqcAEQEAAYkCPAQYAQgAJhYhBL4sQ7ueBCdcDgGOvnfybtNRzXKPBQJZuCyIAhsM BQkFo5qAAAoJEHfybtNRzXKPBVwQAKfFy9P7N3OsLDMB56A4Kf+ZT+d5cIx0Yiaf4n6w7m3i ImHHHk9FIetI4Xe54a2IXh4Bq5UkAGY0667eIs+Z1Ea6I2i27Sdo7DxGwq09Qnm/Y65ADvXs 3aBvokCcm7FsM1wky395m8xUos1681oV5oxgqeRI8/76qy0hD9WR65UW+HQgZRIcIjSel9vR XDaD2HLGPTTGr7u4v00UeTMs6qvPsa2PJagogrKY8RXdFtXvweQFz78NbXhluwix2Tb9ETPk LIpDrtzV73CaE2aqBG/KrboXT2C67BgFtnk7T7Y7iKq4/XvEdDWscz2wws91BOXuMMd4c/c4 OmGW9m3RBLufFrOag1q5yUS9QbFfyqL6dftJP3Zq/xe+mr7sbWbhPVCQFrH3r26mpmy841ym dwQnNcsbIGiBASBSKksOvIDYKa2Wy8htPmWFTEOPRpFXdGQ27awcjjnB42nngyCK5ukZDHi6 w0qK5DNQQCkiweevCIC6wc3p67jl1EMFY5+z+zdTPb3h7LeVnGqW0qBQl99vVFgzLxchKcl0 R/paSFgwqXCZhAKMuUHncJuynDOP7z5LirUeFI8qsBAJi1rXpQoLJTVcW72swZ42IdPiboqx NbTMiNOiE36GqMcTPfKylCbF45JNX4nF9ElM0E+Y8gi4cizJYBRr2FBJgay0b9Cp Message-ID: <963e3042-90b4-4de2-e18c-3e29627a25a9@FreeBSD.org> Date: Sat, 28 Dec 2019 00:01:00 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Firefox/60.0 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 47l1411p7Mz4cXb X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of agapon@gmail.com designates 209.85.208.182 as permitted sender) smtp.mailfrom=agapon@gmail.com X-Spamd-Result: default: False [-2.11 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[FreeBSD.org]; RCVD_TLS_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; IP_SCORE(-1.11)[ip: (-0.50), ipnet: 209.85.128.0/17(-3.11), asn: 15169(-1.88), country: US(-0.05)]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[182.208.85.209.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FORGED_SENDER(0.30)[avg@FreeBSD.org,agapon@gmail.com]; RWL_MAILSPIKE_POSSIBLE(0.00)[182.208.85.209.rep.mailspike.net : 127.0.0.17]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; SUBJECT_ENDS_QUESTION(1.00)[]; FROM_NEQ_ENVFROM(0.00)[avg@FreeBSD.org,agapon@gmail.com]; RECEIVED_SPAMHAUS_PBL(0.00)[96.151.72.93.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Dec 2019 22:01:06 -0000 On 27/12/2019 15:34, Vincenzo Maffione wrote: > It may be useful to check what happens if you replace the vmx0 interface with an > em0. > In this way you would know if the issue is vmx-specific or not. I'll put this on my to-do, can't test right now. But one thing I noticed when comparing the TCP control block of the connection before and after the "TSO dance" is that TF_TSO gets cleared after any outgoing traffic while TSO is disabled on the interface. And the flag does not come back after TSO is reenabled. Any new connections get the flag, of course. So, I indeed suspect that there is a problem with vmx TSO. As another data point, an older system from before vmx->iflib conversion does not exhibit the problem. > Il giorno gio 26 dic 2019 alle ore 20:04 Andriy Gapon > ha scritto: > > > Maybe someone would have any pointers for me with the following problem. > This happens with CURRENT as of the beginning of September. > I connect via ssh to a VM running on VMware, it has a single vmx0 interface. > The problem is that when I print a moderately large amount of text to the > terminal (e.g., tail -100 /var/log/messages) I literally see it printed in > chunks with noticeable pauses between chunks.  It takes several seconds for all > lines to get shown.  This happens every time I do it. > There is an interesting twist.  If I disable TSO with ifconfig vmx0 -tso and > print the same output in the same ssh session, then the output is smooth and > fast as I would expect it.  The lines scroll by almost instantly. > If then I re-enable TSO and again produce the same output in the same ssh, then > it is still fast. > > It appears that the TCP connection gets tuned to some very sub-optimal > parameters when TSO is enabled.  When I disable TSO, the parameters get re-tuned > to better values and the values stick when I re-enable TSO. > This is just a conjecture, of course. > > I have some tcpdump captures, but I do not see anything that would really stand > out.  One difference is that in the slow case only "full sized" packets are sent > while in the fast case there are shorter packets with push flag. > > Some packets for the slow case: >  00:00:00.453202 IP 10.180.106.180.22 > 10.180.1.29.25490: Flags [.], seq > 37:1485, ack 36, win 128, options [nop,nop,TS val 1403195134 ecr 4966311], > length 1448 >  00:00:00.096859 IP 10.180.1.29.25490 > 10.180.106.180.22: Flags [.], ack 1485, > win 1026, options [nop,nop,TS val 4966864 ecr 1403195134], length 0 >  00:00:00.442963 IP 10.180.106.180.22 > 10.180.1.29.25490: Flags [.], seq > 1485:2933, ack 36, win 128, options [nop,nop,TS val 1403195664 ecr 4966864], > length 1448 >  00:00:00.092677 IP 10.180.1.29.25490 > 10.180.106.180.22: Flags [.], ack 2933, > win 1026, options [nop,nop,TS val 4967400 ecr 1403195664], length 0 >  00:00:00.437336 IP 10.180.106.180.22 > 10.180.1.29.25490: Flags [.], seq > 2933:4381, ack 36, win 128, options [nop,nop,TS val 1403196194 ecr 4967400], > length 1448 >  00:00:00.097190 IP 10.180.1.29.25490 > 10.180.106.180.22: Flags [.], ack 4381, > win 1026, options [nop,nop,TS val 4967934 ecr 1403196194], length 0 > > Some packets after the TSO dance: >  00:00:00.000450 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [.], seq > 4077:5525, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr 21706510], > length 1448 >  00:00:00.000016 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [P.], seq > 5525:6097, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr 21706510], > length 572 >  00:00:00.000009 IP 10.180.1.29.25369 > 10.180.106.180.22: Flags [.], ack 5525, > win 1003, options [nop,nop,TS val 21706510 ecr 2124310129], length 0 >  00:00:00.000303 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [.], seq > 6097:7545, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr 21706510], > length 1448 >  00:00:00.000019 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [P.], seq > 7545:8117, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr 21706510], > length 572 >  00:00:00.000013 IP 10.180.1.29.25369 > 10.180.106.180.22: Flags [.], ack 7545, > win 1003, options [nop,nop,TS val 21706510 ecr 2124310129], length 0 >  00:00:00.000162 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [.], seq > 8117:9565, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr 21706510], > length 1448 >  00:00:00.000012 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [P.], seq > 9565:10137, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr 21706510], > length 572 >  00:00:00.000007 IP 10.180.1.29.25369 > 10.180.106.180.22: Flags [.], ack 9565, > win 1003, options [nop,nop,TS val 21706510 ecr 2124310129], length 0 > > What else can I examine to debug the problem further? > Thank you! > -- > Andriy Gapon > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org > " > -- Andriy Gapon From owner-freebsd-net@freebsd.org Sat Dec 28 04:44:02 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9A76A1D9FDA for ; Sat, 28 Dec 2019 04:44:02 +0000 (UTC) (envelope-from pkelsey@gmail.com) Received: from mail-il1-f173.google.com (mail-il1-f173.google.com [209.85.166.173]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47lB0y41Ymz3DDT; Sat, 28 Dec 2019 04:44:02 +0000 (UTC) (envelope-from pkelsey@gmail.com) Received: by mail-il1-f173.google.com with SMTP id f10so23808457ils.8; Fri, 27 Dec 2019 20:44:02 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Q3nlrGPMPO643TjH2I/Mv6eK2nDDu7P1XnkxCTWr9UA=; b=bh+CwtWhxnL5vjeQDgUTdPnV3jOGNN52Vu/Upugw8mdU/jhMAyKG2Ucq3VpIaalNHK xG8ktmczNkkCfFf/3cGc1N35Kc/TGem3b7xcjLaXalkgjZSgRa8CijciSPkoM2prr0bR xCBMfHDqvUr3WAvb4YOvm9XuQNw+MHheXSEBU5nv7Mwo/TlW62VLrHyKmPWps+3haT2q +H/Wx9EbiPOn4zTw3SlOIM21NXhfQ8R4Ci3ejTh5md04K29Mg8pIF3xVJg7hLKQv+mzO p4yugcN9zfylKteNAwk/xDcrU/jis0agTmlMVD3p5DhzWtmLtjv3xlsQzkY7pB7Btjn5 AGMQ== X-Gm-Message-State: APjAAAV5cI0az9YtH5jUZpQw1u1tS7iuRSxKG6awOPZjP8mMSmgmedjx 5qQxqfvL4Y+zrYLuA+ztG8RbHj9SvY+s9M13meNWjw== X-Google-Smtp-Source: APXvYqyOJNbdCkm+yXpLBhIhZpjS4W/XCi234v1zg1iRnTrO5zzTQ/d1zVO7TFTeEFMeqDOqw2rwzdYIrFXCEU2Q4aM= X-Received: by 2002:a92:1f16:: with SMTP id i22mr48896724ile.206.1577508240637; Fri, 27 Dec 2019 20:44:00 -0800 (PST) MIME-Version: 1.0 References: <67dc1ce9-274c-7e70-30dc-97e2d5767237@FreeBSD.org> <963e3042-90b4-4de2-e18c-3e29627a25a9@FreeBSD.org> In-Reply-To: <963e3042-90b4-4de2-e18c-3e29627a25a9@FreeBSD.org> From: Patrick Kelsey Date: Fri, 27 Dec 2019 23:43:47 -0500 Message-ID: Subject: Re: vmx: strange issue, related to to tso? To: Andriy Gapon Cc: Vincenzo Maffione , freebsd-net X-Rspamd-Queue-Id: 47lB0y41Ymz3DDT X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-6.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Dec 2019 04:44:02 -0000 On Fri, Dec 27, 2019 at 5:01 PM Andriy Gapon wrote: > On 27/12/2019 15:34, Vincenzo Maffione wrote: > > It may be useful to check what happens if you replace the vmx0 interface > with an > > em0. > > In this way you would know if the issue is vmx-specific or not. > > I'll put this on my to-do, can't test right now. > > But one thing I noticed when comparing the TCP control block of the > connection > before and after the "TSO dance" is that TF_TSO gets cleared after any > outgoing > traffic while TSO is disabled on the interface. And the flag does not > come back > after TSO is reenabled. Any new connections get the flag, of course. > > So, I indeed suspect that there is a problem with vmx TSO. > As another data point, an older system from before vmx->iflib conversion > does > not exhibit the problem. > > > Il giorno gio 26 dic 2019 alle ore 20:04 Andriy Gapon > > ha scritto: > > > > > > Maybe someone would have any pointers for me with the following > problem. > > This happens with CURRENT as of the beginning of September. > > I connect via ssh to a VM running on VMware, it has a single vmx0 > interface. > > The problem is that when I print a moderately large amount of text > to the > > terminal (e.g., tail -100 /var/log/messages) I literally see it > printed in > > chunks with noticeable pauses between chunks. It takes several > seconds for all > > lines to get shown. This happens every time I do it. > > There is an interesting twist. If I disable TSO with ifconfig vmx0 > -tso and > > print the same output in the same ssh session, then the output is > smooth and > > fast as I would expect it. The lines scroll by almost instantly. > > If then I re-enable TSO and again produce the same output in the > same ssh, then > > it is still fast. > > > > It appears that the TCP connection gets tuned to some very > sub-optimal > > parameters when TSO is enabled. When I disable TSO, the parameters > get re-tuned > > to better values and the values stick when I re-enable TSO. > > This is just a conjecture, of course. > > > > I have some tcpdump captures, but I do not see anything that would > really stand > > out. One difference is that in the slow case only "full sized" > packets are sent > > while in the fast case there are shorter packets with push flag. > > > > Some packets for the slow case: > > 00:00:00.453202 IP 10.180.106.180.22 > 10.180.1.29.25490: Flags > [.], seq > > 37:1485, ack 36, win 128, options [nop,nop,TS val 1403195134 ecr > 4966311], > > length 1448 > > 00:00:00.096859 IP 10.180.1.29.25490 > 10.180.106.180.22: Flags > [.], ack 1485, > > win 1026, options [nop,nop,TS val 4966864 ecr 1403195134], length 0 > > 00:00:00.442963 IP 10.180.106.180.22 > 10.180.1.29.25490: Flags > [.], seq > > 1485:2933, ack 36, win 128, options [nop,nop,TS val 1403195664 ecr > 4966864], > > length 1448 > > 00:00:00.092677 IP 10.180.1.29.25490 > 10.180.106.180.22: Flags > [.], ack 2933, > > win 1026, options [nop,nop,TS val 4967400 ecr 1403195664], length 0 > > 00:00:00.437336 IP 10.180.106.180.22 > 10.180.1.29.25490: Flags > [.], seq > > 2933:4381, ack 36, win 128, options [nop,nop,TS val 1403196194 ecr > 4967400], > > length 1448 > > 00:00:00.097190 IP 10.180.1.29.25490 > 10.180.106.180.22: Flags > [.], ack 4381, > > win 1026, options [nop,nop,TS val 4967934 ecr 1403196194], length 0 > > > > Some packets after the TSO dance: > > 00:00:00.000450 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags > [.], seq > > 4077:5525, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr > 21706510], > > length 1448 > > 00:00:00.000016 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags > [P.], seq > > 5525:6097, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr > 21706510], > > length 572 > > 00:00:00.000009 IP 10.180.1.29.25369 > 10.180.106.180.22: Flags > [.], ack 5525, > > win 1003, options [nop,nop,TS val 21706510 ecr 2124310129], length 0 > > 00:00:00.000303 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags > [.], seq > > 6097:7545, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr > 21706510], > > length 1448 > > 00:00:00.000019 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags > [P.], seq > > 7545:8117, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr > 21706510], > > length 572 > > 00:00:00.000013 IP 10.180.1.29.25369 > 10.180.106.180.22: Flags > [.], ack 7545, > > win 1003, options [nop,nop,TS val 21706510 ecr 2124310129], length 0 > > 00:00:00.000162 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags > [.], seq > > 8117:9565, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr > 21706510], > > length 1448 > > 00:00:00.000012 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags > [P.], seq > > 9565:10137, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr > 21706510], > > length 572 > > 00:00:00.000007 IP 10.180.1.29.25369 > 10.180.106.180.22: Flags > [.], ack 9565, > > win 1003, options [nop,nop,TS val 21706510 ecr 2124310129], length 0 > > > > What else can I examine to debug the problem further? > > Thank you! > > -- > > Andriy Gapon > > _______________________________________________ > > freebsd-net@freebsd.org mailing > list > > https://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to " > freebsd-net-unsubscribe@freebsd.org > > " > > > > I am not able to test this at the moment, nor likely in the very near future, but I did have a few minutes to do some code reading and now believe that the following is part of the problem, if not the entire problem. Using r353803 as a reference, I believe line 1323 in sys/dev/vmware/vmxnet3/if_vmx.c (in vmxnet3_isc_txd_encap()) should be: sop->hlen = hdrlen + ipi->ipi_tcp_hlen; instead of the current: sop->hlen = hdrlen; This can be seen by going back to r333813 and examining the CSUM_TSO case of vmxnet3_txq_offload_ctx(). The final increment of *start in that case is what was literally lost in translation when converting the driver to iflib. -Patrick From owner-freebsd-net@freebsd.org Sat Dec 28 08:17:07 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DD8F31E26BF for ; Sat, 28 Dec 2019 08:17:07 +0000 (UTC) (envelope-from vmaffione@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47lGkq4lRtz48fR; Sat, 28 Dec 2019 08:17:07 +0000 (UTC) (envelope-from vmaffione@freebsd.org) Received: from mail-qv1-f48.google.com (mail-qv1-f48.google.com [209.85.219.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) (Authenticated sender: vmaffione) by smtp.freebsd.org (Postfix) with ESMTPSA id 8E44119AB9; Sat, 28 Dec 2019 08:17:07 +0000 (UTC) (envelope-from vmaffione@freebsd.org) Received: by mail-qv1-f48.google.com with SMTP id x1so10756922qvr.8; Sat, 28 Dec 2019 00:17:07 -0800 (PST) X-Gm-Message-State: APjAAAXB/HWHKyQGWIMJtZTJ6XoA82qZci6y4cN8r54c7RichihNGiJt G+QTwchmgCHGiyLz+T/EAxd3ALoTqSJeAG09T8I= X-Google-Smtp-Source: APXvYqx3VpY7QR57ZtOx4m9Cs97HbsW2F8ooWrgM1e9JBaNpZg/7vVc/ozgumExK4af/x322b63Ytw2YEw3NZtTZV9o= X-Received: by 2002:ad4:4b6a:: with SMTP id m10mr41814599qvx.116.1577521026581; Sat, 28 Dec 2019 00:17:06 -0800 (PST) MIME-Version: 1.0 References: <67dc1ce9-274c-7e70-30dc-97e2d5767237@FreeBSD.org> <963e3042-90b4-4de2-e18c-3e29627a25a9@FreeBSD.org> In-Reply-To: From: Vincenzo Maffione Date: Sat, 28 Dec 2019 09:16:55 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: vmx: strange issue, related to to tso? To: Patrick Kelsey Cc: Andriy Gapon , freebsd-net Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Dec 2019 08:17:07 -0000 I think you are correct. Good catch! We should file a bug and/or create a review on the Phabricator (If you are busy I could do that). Thanks, Vincenzo Il giorno sab 28 dic 2019 alle ore 05:44 Patrick Kelsey ha scritto: > > On Fri, Dec 27, 2019 at 5:01 PM Andriy Gapon wrote: > >> On 27/12/2019 15:34, Vincenzo Maffione wrote: >> > It may be useful to check what happens if you replace the vmx0 >> interface with an >> > em0. >> > In this way you would know if the issue is vmx-specific or not. >> >> I'll put this on my to-do, can't test right now. >> >> But one thing I noticed when comparing the TCP control block of the >> connection >> before and after the "TSO dance" is that TF_TSO gets cleared after any >> outgoing >> traffic while TSO is disabled on the interface. And the flag does not >> come back >> after TSO is reenabled. Any new connections get the flag, of course. >> >> So, I indeed suspect that there is a problem with vmx TSO. >> As another data point, an older system from before vmx->iflib conversion >> does >> not exhibit the problem. >> >> > Il giorno gio 26 dic 2019 alle ore 20:04 Andriy Gapon > > > ha scritto: >> > >> > >> > Maybe someone would have any pointers for me with the following >> problem. >> > This happens with CURRENT as of the beginning of September. >> > I connect via ssh to a VM running on VMware, it has a single vmx0 >> interface. >> > The problem is that when I print a moderately large amount of text >> to the >> > terminal (e.g., tail -100 /var/log/messages) I literally see it >> printed in >> > chunks with noticeable pauses between chunks. It takes several >> seconds for all >> > lines to get shown. This happens every time I do it. >> > There is an interesting twist. If I disable TSO with ifconfig vmx0 >> -tso and >> > print the same output in the same ssh session, then the output is >> smooth and >> > fast as I would expect it. The lines scroll by almost instantly. >> > If then I re-enable TSO and again produce the same output in the >> same ssh, then >> > it is still fast. >> > >> > It appears that the TCP connection gets tuned to some very >> sub-optimal >> > parameters when TSO is enabled. When I disable TSO, the parameters >> get re-tuned >> > to better values and the values stick when I re-enable TSO. >> > This is just a conjecture, of course. >> > >> > I have some tcpdump captures, but I do not see anything that would >> really stand >> > out. One difference is that in the slow case only "full sized" >> packets are sent >> > while in the fast case there are shorter packets with push flag. >> > >> > Some packets for the slow case: >> > 00:00:00.453202 IP 10.180.106.180.22 > 10.180.1.29.25490: Flags >> [.], seq >> > 37:1485, ack 36, win 128, options [nop,nop,TS val 1403195134 ecr >> 4966311], >> > length 1448 >> > 00:00:00.096859 IP 10.180.1.29.25490 > 10.180.106.180.22: Flags >> [.], ack 1485, >> > win 1026, options [nop,nop,TS val 4966864 ecr 1403195134], length 0 >> > 00:00:00.442963 IP 10.180.106.180.22 > 10.180.1.29.25490: Flags >> [.], seq >> > 1485:2933, ack 36, win 128, options [nop,nop,TS val 1403195664 ecr >> 4966864], >> > length 1448 >> > 00:00:00.092677 IP 10.180.1.29.25490 > 10.180.106.180.22: Flags >> [.], ack 2933, >> > win 1026, options [nop,nop,TS val 4967400 ecr 1403195664], length 0 >> > 00:00:00.437336 IP 10.180.106.180.22 > 10.180.1.29.25490: Flags >> [.], seq >> > 2933:4381, ack 36, win 128, options [nop,nop,TS val 1403196194 ecr >> 4967400], >> > length 1448 >> > 00:00:00.097190 IP 10.180.1.29.25490 > 10.180.106.180.22: Flags >> [.], ack 4381, >> > win 1026, options [nop,nop,TS val 4967934 ecr 1403196194], length 0 >> > >> > Some packets after the TSO dance: >> > 00:00:00.000450 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags >> [.], seq >> > 4077:5525, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr >> 21706510], >> > length 1448 >> > 00:00:00.000016 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags >> [P.], seq >> > 5525:6097, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr >> 21706510], >> > length 572 >> > 00:00:00.000009 IP 10.180.1.29.25369 > 10.180.106.180.22: Flags >> [.], ack 5525, >> > win 1003, options [nop,nop,TS val 21706510 ecr 2124310129], length 0 >> > 00:00:00.000303 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags >> [.], seq >> > 6097:7545, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr >> 21706510], >> > length 1448 >> > 00:00:00.000019 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags >> [P.], seq >> > 7545:8117, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr >> 21706510], >> > length 572 >> > 00:00:00.000013 IP 10.180.1.29.25369 > 10.180.106.180.22: Flags >> [.], ack 7545, >> > win 1003, options [nop,nop,TS val 21706510 ecr 2124310129], length 0 >> > 00:00:00.000162 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags >> [.], seq >> > 8117:9565, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr >> 21706510], >> > length 1448 >> > 00:00:00.000012 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags >> [P.], seq >> > 9565:10137, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr >> 21706510], >> > length 572 >> > 00:00:00.000007 IP 10.180.1.29.25369 > 10.180.106.180.22: Flags >> [.], ack 9565, >> > win 1003, options [nop,nop,TS val 21706510 ecr 2124310129], length 0 >> > >> > What else can I examine to debug the problem further? >> > Thank you! >> > -- >> > Andriy Gapon >> > _______________________________________________ >> > freebsd-net@freebsd.org mailing >> list >> > https://lists.freebsd.org/mailman/listinfo/freebsd-net >> > To unsubscribe, send any mail to " >> freebsd-net-unsubscribe@freebsd.org >> > " >> > >> >> > I am not able to test this at the moment, nor likely in the very near > future, but I did have a few minutes to do some code reading and now > believe that the following is part of the problem, if not the entire > problem. Using r353803 as a reference, I believe line 1323 in > sys/dev/vmware/vmxnet3/if_vmx.c (in vmxnet3_isc_txd_encap()) should be: > > sop->hlen = hdrlen + ipi->ipi_tcp_hlen; > > instead of the current: > > sop->hlen = hdrlen; > > This can be seen by going back to r333813 and examining the CSUM_TSO case > of vmxnet3_txq_offload_ctx(). The final increment of *start in that case > is what was literally lost in translation when converting the driver to > iflib. > > -Patrick > From owner-freebsd-net@freebsd.org Sat Dec 28 13:33:47 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A21CE1E8989 for ; Sat, 28 Dec 2019 13:33:47 +0000 (UTC) (envelope-from pkelsey@gmail.com) Received: from mail-qv1-xf34.google.com (mail-qv1-xf34.google.com [IPv6:2607:f8b0:4864:20::f34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47lPmB6hFgz4Mxb; Sat, 28 Dec 2019 13:33:46 +0000 (UTC) (envelope-from pkelsey@gmail.com) Received: by mail-qv1-xf34.google.com with SMTP id z3so10944010qvn.0; Sat, 28 Dec 2019 05:33:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:content-transfer-encoding:from:mime-version:subject:date :message-id:references:cc:in-reply-to:to; bh=NidRJV9IXsSFZs4nJk6K5yjcu+2j45Yx1wQp1b6/X1c=; b=AB9cYyPsvzf1K8JRCZr7dif07t5BpmjqoSoZghHme1du2poSbBWorLfCZJWdMhD/3v P+tAVErBzvSoi0hujmskXOdLhgl50Jx2XJ+3qQUQb4pq3Q5MDbXwMztrbCgeQS38u+yf ATXFXzuHOPjUtHS9CV2yQP8u3r/cNb/Z1qfbqKFumEyYirRCqRoKfzMhE/I7I93VQNMX f5UGKgu6X/XP6zKA2pxR0Z1ybWPRhkV34pKF+P9ynarxv5kU1hSynDvjtfHg/ZhPPHnk MbHBHn4fkKpuTqggnoBmq7BUdMz9Jberji3/307oWnkXbC2OmVdQ+FeErlxGUHoA8imf 3QvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:content-transfer-encoding:from :mime-version:subject:date:message-id:references:cc:in-reply-to:to; bh=NidRJV9IXsSFZs4nJk6K5yjcu+2j45Yx1wQp1b6/X1c=; b=gXjPLlf2Y/uJkekZd4Q45RlZCpPaOCwtIUfg4ITnkyUCV/Xj8deu9nuQr+Ro/D5UA8 fP7D7l3gx902BZdyM0dSkYdPOqMatVGsQ3lmd/HvO7i8vob4BMm8zELtvkPHRMoce/DB ETqM+dzZaaHYXkJFIM0fbbFOj9U4I+rQeTohfR1KZNX4kKJ5uBG7q6i1JSAKEcH+QY9n MB+0rKkkv6F5WVcs7nZa+2AwZEOwM5N5yY2MkjtOl84UnsvHPSWE2dTOlqhBADpJCiMd /Sf0q11+nJsydp86yY0V5h64aFytRx84szrl2ejeAJcvHKnpeMoHtfnKdblYQgd+Li+O mkiQ== X-Gm-Message-State: APjAAAVIf1q3EKlDc6j2q23obMFDKN1eLAeib+Im58aNn1kOGrTp6DSw jo+yLuSiBE1WqSmhkFIJRi9w24AM X-Google-Smtp-Source: APXvYqyWMMG7eBmDuMF1GVnSKDnZfhVT4O6pTXgEISU1zQlBf+yk6HY3HVwTJzIU8pRzNE4tO3hm5Q== X-Received: by 2002:ad4:514e:: with SMTP id g14mr44437300qvq.196.1577540020200; Sat, 28 Dec 2019 05:33:40 -0800 (PST) Received: from ?IPv6:2600:380:9064:d8e0:c0bb:78a8:179b:5aef? ([2600:380:9064:d8e0:c0bb:78a8:179b:5aef]) by smtp.gmail.com with ESMTPSA id v5sm11784788qtc.64.2019.12.28.05.33.39 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 28 Dec 2019 05:33:39 -0800 (PST) Sender: Patrick Kelsey From: Patrick Kelsey Mime-Version: 1.0 (1.0) Subject: Re: vmx: strange issue, related to to tso? Date: Sat, 28 Dec 2019 08:33:37 -0500 Message-Id: References: Cc: Patrick Kelsey , Andriy Gapon , freebsd-net In-Reply-To: To: Vincenzo Maffione X-Mailer: iPhone Mail (17C54) X-Rspamd-Queue-Id: 47lPmB6hFgz4Mxb X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=AB9cYyPs; dmarc=none; spf=pass (mx1.freebsd.org: domain of pkelsey@gmail.com designates 2607:f8b0:4864:20::f34 as permitted sender) smtp.mailfrom=pkelsey@gmail.com X-Spamd-Result: default: False [-1.51 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; MIME_TRACE(0.00)[0:+,1:+,2:~]; DMARC_NA(0.00)[freebsd.org]; MV_CASE(0.50)[]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; RCVD_COUNT_THREE(0.00)[3]; IP_SCORE(-0.82)[ipnet: 2607:f8b0::/32(-2.15), asn: 15169(-1.88), country: US(-0.05)]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; NEURAL_HAM_MEDIUM(-1.00)[-0.996,0]; FORGED_SENDER(0.30)[pkelsey@freebsd.org,pkelsey@gmail.com]; SUBJECT_ENDS_QUESTION(1.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[pkelsey@freebsd.org,pkelsey@gmail.com]; MID_RHS_MATCH_FROM(0.00)[] Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Dec 2019 13:33:47 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236999 appears to be con= verging to the same issue. If you want to create a review for the proposed p= atch that would be great. It would be good to have corroborating test results for the proposed patch, s= omething I will probably not be able to try to obtain for at least a couple o= f days. -Patrick > On Dec 28, 2019, at 3:17 AM, Vincenzo Maffione wro= te: >=20 > =EF=BB=BF > I think you are correct. Good catch! > We should file a bug and/or create a review on the Phabricator (If you are= busy I could do that). >=20 > Thanks, > Vincenzo >=20 >> Il giorno sab 28 dic 2019 alle ore 05:44 Patrick Kelsey ha scritto: >>=20 >>> On Fri, Dec 27, 2019 at 5:01 PM Andriy Gapon wrote: >>> On 27/12/2019 15:34, Vincenzo Maffione wrote: >>> > It may be useful to check what happens if you replace the vmx0 interfa= ce with an >>> > em0. >>> > In this way you would know if the issue is vmx-specific or not. >>>=20 >>> I'll put this on my to-do, can't test right now. >>>=20 >>> But one thing I noticed when comparing the TCP control block of the conn= ection >>> before and after the "TSO dance" is that TF_TSO gets cleared after any o= utgoing >>> traffic while TSO is disabled on the interface. And the flag does not c= ome back >>> after TSO is reenabled. Any new connections get the flag, of course. >>>=20 >>> So, I indeed suspect that there is a problem with vmx TSO. >>> As another data point, an older system from before vmx->iflib conversion= does >>> not exhibit the problem. >>>=20 >>> > Il giorno gio 26 dic 2019 alle ore 20:04 Andriy Gapon >> > > ha scritto: >>> >=20 >>> >=20 >>> > Maybe someone would have any pointers for me with the following pr= oblem. >>> > This happens with CURRENT as of the beginning of September. >>> > I connect via ssh to a VM running on VMware, it has a single vmx0 i= nterface. >>> > The problem is that when I print a moderately large amount of text= to the >>> > terminal (e.g., tail -100 /var/log/messages) I literally see it pr= inted in >>> > chunks with noticeable pauses between chunks. It takes several se= conds for all >>> > lines to get shown. This happens every time I do it. >>> > There is an interesting twist. If I disable TSO with ifconfig vmx= 0 -tso and >>> > print the same output in the same ssh session, then the output is s= mooth and >>> > fast as I would expect it. The lines scroll by almost instantly. >>> > If then I re-enable TSO and again produce the same output in the s= ame ssh, then >>> > it is still fast. >>> >=20 >>> > It appears that the TCP connection gets tuned to some very sub-opt= imal >>> > parameters when TSO is enabled. When I disable TSO, the parameter= s get re-tuned >>> > to better values and the values stick when I re-enable TSO. >>> > This is just a conjecture, of course. >>> >=20 >>> > I have some tcpdump captures, but I do not see anything that would= really stand >>> > out. One difference is that in the slow case only "full sized" pa= ckets are sent >>> > while in the fast case there are shorter packets with push flag. >>> >=20 >>> > Some packets for the slow case: >>> > 00:00:00.453202 IP 10.180.106.180.22 > 10.180.1.29.25490: Flags [= .], seq >>> > 37:1485, ack 36, win 128, options [nop,nop,TS val 1403195134 ecr 4= 966311], >>> > length 1448 >>> > 00:00:00.096859 IP 10.180.1.29.25490 > 10.180.106.180.22: Flags [= .], ack 1485, >>> > win 1026, options [nop,nop,TS val 4966864 ecr 1403195134], length 0= >>> > 00:00:00.442963 IP 10.180.106.180.22 > 10.180.1.29.25490: Flags [= .], seq >>> > 1485:2933, ack 36, win 128, options [nop,nop,TS val 1403195664 ecr= 4966864], >>> > length 1448 >>> > 00:00:00.092677 IP 10.180.1.29.25490 > 10.180.106.180.22: Flags [= .], ack 2933, >>> > win 1026, options [nop,nop,TS val 4967400 ecr 1403195664], length 0= >>> > 00:00:00.437336 IP 10.180.106.180.22 > 10.180.1.29.25490: Flags [= .], seq >>> > 2933:4381, ack 36, win 128, options [nop,nop,TS val 1403196194 ecr= 4967400], >>> > length 1448 >>> > 00:00:00.097190 IP 10.180.1.29.25490 > 10.180.106.180.22: Flags [= .], ack 4381, >>> > win 1026, options [nop,nop,TS val 4967934 ecr 1403196194], length 0= >>> >=20 >>> > Some packets after the TSO dance: >>> > 00:00:00.000450 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [= .], seq >>> > 4077:5525, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr= 21706510], >>> > length 1448 >>> > 00:00:00.000016 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [= P.], seq >>> > 5525:6097, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr= 21706510], >>> > length 572 >>> > 00:00:00.000009 IP 10.180.1.29.25369 > 10.180.106.180.22: Flags [= .], ack 5525, >>> > win 1003, options [nop,nop,TS val 21706510 ecr 2124310129], length= 0 >>> > 00:00:00.000303 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [= .], seq >>> > 6097:7545, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr= 21706510], >>> > length 1448 >>> > 00:00:00.000019 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [= P.], seq >>> > 7545:8117, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr= 21706510], >>> > length 572 >>> > 00:00:00.000013 IP 10.180.1.29.25369 > 10.180.106.180.22: Flags [= .], ack 7545, >>> > win 1003, options [nop,nop,TS val 21706510 ecr 2124310129], length= 0 >>> > 00:00:00.000162 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [= .], seq >>> > 8117:9565, ack 36, win 128, options [nop,nop,TS val 2124310129 ecr= 21706510], >>> > length 1448 >>> > 00:00:00.000012 IP 10.180.106.180.22 > 10.180.1.29.25369: Flags [= P.], seq >>> > 9565:10137, ack 36, win 128, options [nop,nop,TS val 2124310129 ec= r 21706510], >>> > length 572 >>> > 00:00:00.000007 IP 10.180.1.29.25369 > 10.180.106.180.22: Flags [= .], ack 9565, >>> > win 1003, options [nop,nop,TS val 21706510 ecr 2124310129], length= 0 >>> >=20 >>> > What else can I examine to debug the problem further? >>> > Thank you! >>> > --=20 >>> > Andriy Gapon >>> > _______________________________________________ >>> > freebsd-net@freebsd.org mailing l= ist >>> > https://lists.freebsd.org/mailman/listinfo/freebsd-net >>> > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.= org >>> > " >>> >=20 >>>=20 >>=20 >> I am not able to test this at the moment, nor likely in the very near fut= ure, but I did have a few minutes to do some code reading and now believe th= at the following is part of the problem, if not the entire problem. Using r= 353803 as a reference, I believe line 1323 in sys/dev/vmware/vmxnet3/if_vmx.= c (in vmxnet3_isc_txd_encap()) should be: >>=20 >> sop->hlen =3D hdrlen + ipi->ipi_tcp_hlen; >>=20 >> instead of the current: >>=20 >> sop->hlen =3D hdrlen; >>=20 >> This can be seen by going back to r333813 and examining the CSUM_TSO case= of vmxnet3_txq_offload_ctx(). The final increment of *start in that case i= s what was literally lost in translation when converting the driver to iflib= . >>=20 >> -Patrick