From owner-freebsd-net@freebsd.org Mon Sep 24 19:15:30 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3EE5D10B539A for ; Mon, 24 Sep 2018 19:15:30 +0000 (UTC) (envelope-from john@saltant.com) Received: from twaddle.saltant.net (twaddle.saltant.net [IPv6:2001:470:8d6f:1001::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CBE998F4B8; Mon, 24 Sep 2018 19:15:29 +0000 (UTC) (envelope-from john@saltant.com) Received: from huntsman-ve504-0533.apn.wlan.upenn.edu (unknown [IPv6:2607:f470:6:4005:6c23:4758:9501:2df3]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by twaddle.saltant.net (Postfix) with ESMTPSA id 62D05EC4A; Mon, 24 Sep 2018 15:15:23 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=saltant.com; s=twaddle; t=1537816523; bh=MI6JqO6HffL38Jgwi5slua2qa/6XQa0zdg9oifQt7Kw=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=blBhfmJPI/aeJLNgFyzfxRZgrbNUW0mfVBhKz20JcVds0UkRnbfJ4m1xWTgNhOiGk GAdzR0wH0I8lwW+zMIs8ZFKIrzUSxsjKdTcvTVfM25iLq/kT9f6jLPOQZKF/QYlVhK wVDecSWLN9lKpZrZyebmauSCM2cIi83GXN0e/2MoooH5aaLye4p9t3L4PcsOe9jjNc D7+N6HixnAnZSUEKunNBvdNOgM8xPhDtF+RT26NAMXoI0Bi1YibkAlzKu0/ss09JLJ omweVTrIOxGg6mK8TthO/dRDvuPPWUWRvTkK1dD+3pOLC2xB63kPw6UHWxK/S/aVSX UWCxzlOPgolxQ== Subject: Re: IPv6 fragment reassembly regression following FreeBSD-SA-18:10.ip To: Don Lewis Cc: FreeBSD Net References: <38a2d322-eae9-ec3d-284c-af29aed10c03@saltant.com> From: "John W. O'Brien" Autocrypt: addr=john@saltant.com; prefer-encrypt=mutual; keydata= xsFNBFpcMG0BEACeAEQ0ZTUEH+6B8XIBid2H8g1yY+niHxVphqz8JwnQtYX+bS+Kl3vr783F HH81DEbfPtYgHY53NF9FjSzCyj13lXVnEGQOdxXzZVKsN1nyuXCN2hDOFH7Yc5yQ8h85T4Hv sqPIGIXOztu4MX14iUAcTgLhfibNQBeKDeNI+BBeaE9lPuNVeiM+xsI4JYcjmDbjFzAHRpBo ull0koUFh6RZAKE7u17yLej1pTIQQVjQpWdK37BAq4hdkLwjGDY8mDGo3ZwGdNibxIAxv/wi KU6u2DfUg8+kLHIhOqk/+kFQ/uK5YA1azsyD5eIbNAs4W7LglA6SkiGBglTwkP0VCrkPdD14 6sx3U7uFgexDWbVuhLIkcPQ0SRmnjgUKHgk7px/jMvAPKSKoL0JQNdP/+pnO9CDLGmoHx9gE 5kVr5dQK8c/WauEfimAdE9qLuN6vb0Iei73q3e3OOHAUusR5wC5SwXt4iilbaK4r04NKXyfb SB3+qWST07F9cmMscfEStSBhpez3awB+1jz8gr40tkEGsFZGvD2KKAgZdKpoxv6IrZepclWz HpqHF01SRFORYMsd1d83XlEu/S1/Z9YJ87RoCdZuYCkjnoRPtpTi9d+JD/u3ZiQFwLUz/Ne3 VqiGKvY66EGcO3tvANMg6GWD9sqlnBDp9Lls0ChEY3dgDYd6DQARAQABzSJKb2huIFcuIE8n QnJpZW4gPGpvaG5Ac2FsdGFudC5jb20+wsGUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMB Ah4BAheAFiEENPkbBr3zmPAVSH2HM8TWS4ldvzsFAlpcMTMFCQX2qcYACgkQM8TWS4ldvztT xQ//eHb1mgd40Z0fN2GnJti6/9uJ771IO6slFQ02GZcXZI+FIQo8Yd1dHe0e0Codu78qvJNr ggUtqdxH6SVp7K1AWHeLH5S0PF6iG5B+YUux080wEv/Mr8PPMgAD8gS3wiPDDgB/kUXO52bn DC3Fc0dUrFE/JAOByVEEDL5nLF6SQNpAtIUnaAIIuhKxi0d40LMcLUwuJ6jExynw8Iu7OVtu Y1PRAH5ESt6wYZq8ro8ukh4rMOxiWtT1yNEgHgnq3N4jKErVo87YJijHSSj80IKxUiKb/T6K tGTEBTKiSUV3OFj0ZoPxcbUmhIg2sBCNHaUCiI0KabqN1NyK2glKtcK6NpWy3JIHvtr3+VL1 /tvQTwlVUIacmsuxkGzm5vJPs/i2RtwsJXEXPmIRNgJ1EwZgpg5VqqEUDlmSyRLb48QcDrdv utKLA1MKLib1fD+0XmxZTbCMlFMlvJjAoBlVq60mvB/Jnv1TTnZ2eN6DKMWoxHKmPICh5F1q esmT/aJRIUoCiAgcChi4Ol4XmW3dM7ypjKCGHzyr6emCky5pjqSQZyFzg0RN5UjUQBISAGmJ E8hCFZIy7tf8meqIDbtkONh+JShN6u3t02JrnzSOQjZCh5WQW9Pnu7unJlIsYB10aZ6rvuAK YjghT8QLG8QVgJj/U9oeVG1Ag60fmLZdOFjRGmnOwU0EWlwwbQEQANebvidw1D5SKSmG3Ut8 p9vngBi5HjYe4FSYcfz0NgYa893RiScQ6yjOwuEf/fEoBgvpVnhcbu0JsaYvDNNzFGzPQcj0 CFhkr5s7REWNLGmmFCxCaGieTxIQdYsLxwn72mops8bsrL0a++8NDE+l7X4K3EUyp9GP7pIq 4l9jeIJ/RnX3yySRlXxcM3P+DV9ltXsnQ9pC/qEVVyK18C1zoiskhxmAY9cv9TJOaANHtA7R 7+hM5TyppIz7kqiwiCf6XfVFqKH0I0srdamb0KTnAZpmyx7iNKYl60PdIfEwkwck8fcGwOSA lwE9CLkHLwKMjx/gF3xRag5xjOdP/Out0cQ/pXv8DWnKblWbiGZheB4xUqhOT9Cj/8u/tKtC 51C9wID26hsrhtSAMJPUwQoo/SwLNEd1JpkqUP1njOdlV8FmM1EozHLPSvwlTm6oWwubkkY6 QkUHqXuO+2VdNhyDfx23fQhd0UPhQ0ceDRnjaSB9ycWqpktBP5iNQajYbx5Ktt8fC2Y+Ztjo u1KY7wJSUzqh7uZgR1TqIOVZp7bdPLBGHW5eNEf0Awq17utGe6d9i4hPmeNqELUz71hjmABm bIQJ+VgqYcQ0T/PrjwhzHv5g3jn67/ftW91nlTNpbhwm8suIdPA1hF6vgnZ3B4+JsevnevLG yU6YCb0OOKleP6pZABEBAAHCwXwEGAEIACYCGwwWIQQ0+RsGvfOY8BVIfYczxNZLiV2/OwUC WlwxTQUJBBV2YAAKCRAzxNZLiV2/O2PnD/wMKz/rzYbf0SaTvgae4jqryrcWRta56dcnVe7W KPuUu4Q/WBGhXKeCfPrlr399bILxZGw5TXuGMjS8gEoMd81PEMcWaMpgg3F569Cxd9GN6AZd LXXrZa0aM7dvZkz98ymILEnqHMpF74sLvZY2PrsOwo2gKXNqhtCJ2ph8OUKhG+NHvAomjMu9 lPQMkXJ4HRV0OljawqAe4y+IFu2K4abWwZw1mdniTCb5al8V2umzf26QL0DgeFp3banlfjYW Dn5cRuDBQqIoR/6cQaKdFKTJYiTVK3p3WRWiJQniYi39S8CR646w+zVi7ax1shSB0r0lxIFo CZu285HcMd7HsHH+T2ZI45ilayUoyoZvxPPlwhiRzyYZ6qqAAXKDihhda7uNApUqLwoSn5FW njmx6KdlVPF9ycCdf+in5k6nVlHWG15ogF/Y96K+/Q1Iuod9rzWqT4bz9a5olY8r++QE3V1b H3z803wXEUAJg+WGTkYXFNw7w6RhSSEhBRzupDoCROSkRhe3vQGy5FLG+BMV9n9nevhj5sBx CM1BbNBdB5H/2RcXh0wSb6zjewgs3UAbBvCQOdMAMo8XpYM5SLBqtaY7oalBElTxtFnwSNJm hMbahYE/wHbkmMqalrzGyQxbSUdrmE64CIX8xmv47fnjRoTZMzKim/02MRH+Ss1M+rLzpw== Organization: Saltant Solutions Message-ID: <139c4032-b021-010d-a55d-7203e791ed15@saltant.com> Date: Mon, 24 Sep 2018 15:15:18 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Ln5JC2LZiTbvt8kZMAJ5T3LdAnDIM4MOy" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Sep 2018 19:15:30 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Ln5JC2LZiTbvt8kZMAJ5T3LdAnDIM4MOy Content-Type: multipart/mixed; boundary="AAv3Hi0gPchy3mwEa0B9q22MsxLUrayuL"; protected-headers="v1" From: "John W. O'Brien" To: Don Lewis Cc: FreeBSD Net Message-ID: <139c4032-b021-010d-a55d-7203e791ed15@saltant.com> Subject: Re: IPv6 fragment reassembly regression following FreeBSD-SA-18:10.ip References: <38a2d322-eae9-ec3d-284c-af29aed10c03@saltant.com> In-Reply-To: --AAv3Hi0gPchy3mwEa0B9q22MsxLUrayuL Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 9/23/18 17:50, Don Lewis wrote: > On 23 Sep, John W. O'Brien wrote: >> I'd like to check my understanding and then ask a procedural question.= >> >> FreeBSD-SA-18:10.ip [0], released on 08/14, was resolved by r337828 [1= ]. >> That changeset, resulting in 11.1R-p13 and 11.2R-p2, included a patch = to >> the way IPv6 fragment reassembly is handled [2] that was part of the >> merge to releng. In an ensuing thread [3] two weeks later, an >> implementation defect was identified, but not before that defect had >> shipped. The defect is now being tracked as a bug [4], as of 09/03 has= >> been fixed in head and stable/11, and is registered as a blocker for 1= 2.0. >> >> I believe this defect is the cause of a problem I detected recently >> where postfix would query BIND on ::1 for the DNSSEC-signed AAAA of an= >> MX, and never receive a response. I'm a little puzzled that lo0 is >> affected in spite of having a 16k MTU, but the other signs are there: >> the symptoms appeared after upgrading from 11.2R-p1 to -p3, and I can >> perform that query successfully on UDPv4 or TCPv6. >> >> What I have been unable so far to determine is, will another 11.2R pat= ch >> be forthcoming to resolve this regression, and if so, when? I can limp= >> along without UDPv6 for a little while, but not until 11.3. The only >> clear alternative is to downgrade to -p1. >> >> [0] https://www.freebsd.org/security/advisories/FreeBSD-SA-18:10.ip.as= c >> [1] https://svnweb.freebsd.org/changeset/base/337828 >> [2] https://svnweb.freebsd.org/changeset/base/337776 >> [3] https://lists.freebsd.org/pipermail/svn-src-head/2018-August/11751= 4.html >> [4] https://bugs.freebsd.org/231045 >> >=20 > It looks to me like r337776 is a further performance improvement, only > present in head, which also introduced a new bug that was fixed by > r338406. I don't know why r338406 was merged to stable/11 since r337776= > was not. Stable/11 only has the original fix (r337787 in head, r337803= > in stable/11). Hi Don, I'm looking at this line of code [5] in releng/11.2. It looks to me like that's what r338406 fixed in head [6]. Am I being obtuse here? [5] https://svnweb.freebsd.org/base/releng/11.2/sys/netinet6/frag6.c?annotate= =3D337828#l219 [6] https://svnweb.freebsd.org/base/head/sys/netinet6/frag6.c?r1=3D338406&r2=3D= 338405&pathrev=3D338406 --=20 John W. O'Brien OpenPGP keys: 0x33C4D64B895DBF3B --AAv3Hi0gPchy3mwEa0B9q22MsxLUrayuL-- --Ln5JC2LZiTbvt8kZMAJ5T3LdAnDIM4MOy Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEKpEHkkRoSDiIJkQOWPtK56pP/m4FAlupN8oACgkQWPtK56pP /m7q5Qf/caqMuYucFZYyT/D+yo9P9UjNX84JfmoTdt4z38TZEnOhJwePYmxkamhr OlsAjuhLyDUdbfw0cMCqs/rpSwoeRPgBd2+6LClzr70N1PjuA4l6ynA/XgEK2vZp F9E6fkX6THDHI026qmbAqKLb2NHwqjdrD2vTDemDHKTeY5AGw0vPV6+U7D4OPykv eniV8lyoR0DM+AlbhaA0MOLOIGyimVtG5cGh6RArCuzfTMPW2D3i0WlK0WfmWX2s MRdBQ89+NlvpUeQC7jGc/qvhpguEq6TvlODmw9iLX32XPEZnXJEwfrpTP2k676Wg +jkdm27bt0BNh9itq9pFSPWOLoOQZw== =vbG/ -----END PGP SIGNATURE----- --Ln5JC2LZiTbvt8kZMAJ5T3LdAnDIM4MOy--