From owner-freebsd-net@freebsd.org Sun Nov 17 19:37:03 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 96B301A86B0 for ; Sun, 17 Nov 2019 19:37:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47GMmH2sxHz4SBp for ; Sun, 17 Nov 2019 19:37:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 4C43B1A86AF; Sun, 17 Nov 2019 19:37:03 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 475A81A86AE for ; Sun, 17 Nov 2019 19:37:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47GMmH0Qr1z4SBJ for ; Sun, 17 Nov 2019 19:37:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CA08F1E965 for ; Sun, 17 Nov 2019 19:37:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xAHJb2XJ037462 for ; Sun, 17 Nov 2019 19:37:02 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xAHJb27D037458 for net@FreeBSD.org; Sun, 17 Nov 2019 19:37:02 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 240825] Possible race between vlan interfaces and lagg(4) w/ em0/em1 post-EPOCH Date: Sun, 17 Nov 2019 19:37:01 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: needs-qa, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: yar@shvets.name X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable12? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Nov 2019 19:37:03 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240825 --- Comment #9 from Yaroslav Shvets --- I just updated the system to 12.1-RELEASE. Problem still exists. After reboot, the interface lagg0.11 does not work. With manual creation (ifconfig lagg0 create, etc...) the interface is working. --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Sun Nov 17 21:00:33 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 303E01AAB6B for ; Sun, 17 Nov 2019 21:00:33 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47GPcd0Sh2z43SL for ; Sun, 17 Nov 2019 21:00:33 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.nyi.freebsd.org (Postfix) id 04C551AAB6A; Sun, 17 Nov 2019 21:00:33 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 047E91AAB69 for ; Sun, 17 Nov 2019 21:00:33 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47GPcc62DSz43S3 for ; Sun, 17 Nov 2019 21:00:32 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A3DFE1F807 for ; Sun, 17 Nov 2019 21:00:32 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xAHL0Wj2069043 for ; Sun, 17 Nov 2019 21:00:32 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xAHL0WZ8069035 for net@FreeBSD.org; Sun, 17 Nov 2019 21:00:32 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201911172100.xAHL0WZ8069035@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: net@FreeBSD.org Subject: Problem reports for net@FreeBSD.org that need special attention Date: Sun, 17 Nov 2019 21:00:32 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Nov 2019 21:00:33 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- In Progress | 221146 | [ixgbe] Problem with second laggport In Progress | 235700 | oce(4) driver causes fatal trap 12 on boot with e New | 204438 | setsockopt() handling of kern.ipc.maxsockbuf limi New | 205592 | TCP processing in IPSec causes kernel panic New | 213410 | [carp] service netif restart causes hang only whe Open | 193452 | Dell PowerEdge 210 II -- Kernel panic bce (broadc Open | 194485 | Userland cannot add IPv6 prefix routes Open | 200319 | Bridge+CARP crashes/freezes Open | 202510 | [CARP] advertisements sourced from CARP IP cause Open | 210726 | tcp connect() can return invalid EADDRINUSE (Eg: Open | 222273 | igb(4): Kernel panic (fatal trap 12) due to netwo Open | 225438 | panic in6_unlink_ifa() due to race Open | 227720 | Kernel panic in ppp server Open | 235524 | igb(4): Ethernet interface loses active link stat Open | 236888 | ppp daemon: Allow MTU to be overridden for PPPoE Open | 236983 | bnxt(4) VLAN not operational unless explicit "ifc Open | 237072 | netgraph(4): performance issue [on HardenedBSD]? Open | 237391 | route get returns no result for network addresses Open | 237840 | Removed dummynet dependency on ipfw Open | 238324 | Add XG-C100C/AQtion AQC107 10GbE NIC driver Open | 240530 | netgraph/ng_source: Allow ng_source to inject int Open | 240608 | if_vmx(4): iflib - Panic with INVARIANTS: Memory Open | 240944 | em(4): Crash with Intel 82571EB NIC with AMD Pile Open | 240969 | netinet6: Neighbour reachability detection broken Open | 241106 | tun/ppp: panic: vm_fault: fault on nofault entry Open | 241162 | Panic in closefp() triggered by nginx (uwsgi with Open | 241191 | route flush panic with RADIX_MPATH 27 problems total for which you should take action. From owner-freebsd-net@freebsd.org Mon Nov 18 16:16:35 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 211401C3664 for ; Mon, 18 Nov 2019 16:16:35 +0000 (UTC) (envelope-from kendra.castillo@globalmediaeventzone.com) Received: from a2nlsmtp01-05.prod.iad2.secureserver.net (a2nlsmtp01-05.prod.iad2.secureserver.net [198.71.225.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "relay-hosting.secureserver.net", Issuer "Starfield Secure Certificate Authority - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47GvGT4Yt4z4Fqc for ; Mon, 18 Nov 2019 16:16:33 +0000 (UTC) (envelope-from kendra.castillo@globalmediaeventzone.com) Received: from a2plcpnl0082.prod.iad2.secureserver.net ([198.71.226.18]) by : HOSTING RELAY : with ESMTP id WjgZip6GQfnDkWjgZi2Djr; Mon, 18 Nov 2019 09:15:31 -0700 Received: from [125.99.252.138] (port=4456 helo=WS71) by a2plcpnl0082.prod.iad2.secureserver.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from ) id 1iWj6M-00DXAz-3c for freebsd-net@freebsd.org; Mon, 18 Nov 2019 08:38:06 -0700 From: "Kendra Castillo" To: Subject: HR Contact List Date: Mon, 18 Nov 2019 21:08:13 +0530 Message-ID: MIME-Version: 1.0 X-Mailer: Microsoft Outlook 15.0 Thread-Index: AdWeJi6LCz8B3wwmQYSU0qCAagckjw== Content-Language: en-us X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - a2plcpnl0082.prod.iad2.secureserver.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - globalmediaeventzone.com X-Get-Message-Sender-Via: a2plcpnl0082.prod.iad2.secureserver.net: authenticated_id: kendra.castillo@globalmediaeventzone.com X-Authenticated-Sender: a2plcpnl0082.prod.iad2.secureserver.net: kendra.castillo@globalmediaeventzone.com X-Source: X-Source-Args: X-Source-Dir: X-CMAE-Envelope: MS4wfMit/QUdjeWOFBUQ3a3EMy9UX5BxxfQOnzIqUIRIQ1a2bT+O9rMXKdy1Rc95Mc7UzWpNrTbofzER10gHcQXtm4gepbsAs6/DGwJe8vvW6BYJT9ZdQHxc uH53XDlJRm0p8fMr8VpZnziZ1I0xHFumNRqgq01a/j5SYDyMJsrvDDZSw8XK9KYM4agu26j7FXBcJwfrIfbMkOTacdhgLOrJL0OJHBO0bWhWtaeeMgb21RDn X-Rspamd-Queue-Id: 47GvGT4Yt4z4Fqc X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of kendra.castillo@globalmediaeventzone.com has no SPF policy when checking 198.71.225.49) smtp.mailfrom=kendra.castillo@globalmediaeventzone.com X-Spamd-Result: default: False [-0.34 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; HAS_X_SOURCE(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[globalmediaeventzone.com]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.88)[-0.881,0]; RCVD_COUNT_THREE(0.00)[3]; IP_SCORE(0.47)[ip: (1.19), ipnet: 198.71.224.0/21(1.05), asn: 26496(0.19), country: US(-0.05)]; RCVD_IN_DNSWL_NONE(0.00)[49.225.71.198.list.dnswl.org : 127.0.5.0]; HAS_X_GMSV(0.00)[kendra.castillo@globalmediaeventzone.com]; R_SPF_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.84)[-0.835,0]; HAS_X_ANTIABUSE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:26496, ipnet:198.71.224.0/21, country:US]; MID_RHS_MATCH_FROM(0.00)[]; HAS_X_AS(0.00)[kendra.castillo@globalmediaeventzone.com] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Nov 2019 16:16:35 -0000 Hi, I'm curious to know would you be interested in updated list of HR professional's contacts? We can help you to reach key decision makers from Executive VP HR, Senior VP HR, VP HR, Manager HR, CEO, CHRO, HR Director, L&D Specialists, Recruiting Director/Manager, VP of Human Resources, Recruitment Specialists, Director of Human Resources, Human Resource Manager, Operations Manager, Chief People Officer, Director of Employee Engagement, Employee Relations manager, HR Generalist and many more If yes, kindly share me your requirement by filling the below information and I'll come up with more details for the same. . Target Industry: __________ . Target geography: __________ Best Regards, Kendra Castillo Sr. Marketing Manager From owner-freebsd-net@freebsd.org Mon Nov 18 21:21:08 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 341F91C9ECF for ; Mon, 18 Nov 2019 21:21:08 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from mail.otcnet.ru (mail.otcnet.ru [194.190.78.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47H21v09FCz4YMK for ; Mon, 18 Nov 2019 21:21:06 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from MacBook-Gamov.local (unknown [195.91.148.145]) by mail.otcnet.ru (Postfix) with ESMTPSA id 83FBD8A065 for ; Tue, 19 Nov 2019 00:20:58 +0300 (MSK) Subject: Re: FreeBSD as multicast router To: freebsd-net@freebsd.org References: <10688d9e-80af-3f03-425e-1b74d69c05f0@otcnet.ru> From: Victor Gamov Organization: OstankinoTelecom Message-ID: <56999aa0-3d92-0076-9671-c5eed66d50ba@otcnet.ru> Date: Tue, 19 Nov 2019 00:20:57 +0300 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 In-Reply-To: <10688d9e-80af-3f03-425e-1b74d69c05f0@otcnet.ru> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47H21v09FCz4YMK X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of vit@otcnet.ru designates 194.190.78.3 as permitted sender) smtp.mailfrom=vit@otcnet.ru X-Spamd-Result: default: False [-5.48 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a:mail.otcnet.ru]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; DMARC_NA(0.00)[otcnet.ru]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE(-3.28)[ip: (-8.63), ipnet: 194.190.78.0/24(-4.31), asn: 50822(-3.45), country: RU(0.01)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:50822, ipnet:194.190.78.0/24, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Nov 2019 21:21:08 -0000 Hi All Still trying to run FreeBSD-box as multicast router :-) FreeBSD upgraded to 11.3-STABLE #1 r354778. netstat pacth by Mike Karels manually applied and netstat -gs looks OK now. Latest pimd version 3.0beta1 downloaded from git and configured. While configure it report following: ===== ------------------ Summary ------------------ pimd version 3.0-beta1 Prefix................: /usr/local Sysconfdir............: /usr/local/etc Localstatedir.........: /usr/local/var C Compiler............: cc -g -O2 Optional features: Kernel register encap.: no Kernel (*,G) support..: no Kernel MAX VIFs.......: 32 Memory save...........: no RSRR (experimental)...: no Exit on error.........: yes ===== What does "Kernel (*,G) support..: no" means? Then my test multicast network configured (again) -------------------- ---------- -vlan298-| FreeBSD PIM router |-vlan299-| client | |208.34/29 205.2/29| |205.5/29| -------------------- ---------- Two multicast generated by FreeBSD-router: one (232.232.9.43) sended from vlan299 and another (232.232.88.173) from vlan298 both with TTL=20 Pimd started with following config: ===== phyint vlan299 enable ttl-threshold 20 phyint vlan298 enable ttl-threshold 20 rp-address 10.200.205.2 232.232.0.0/16 ===== Now client is requesting multicast which router is sending from vlan299 and client successfully receiving it. But when client is requests multicast sending (by router) from vlan298 it doesn't receive it. My first question: (in theory) is router must send multicast to client in this situation? And the second: why :Ttls is 1 at `netstat -f inet -g` output: ===== IPv4 Virtual Interface Table Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out 0 20 10.200.205.2 0 19247 1 20 10.200.208.34 0 22249 2 1 10.200.205.2 0 41496 IPv4 Multicast Forwarding Table Origin Group Packets In-Vif Out-Vifs:Ttls 10.200.208.34 232.232.88.173 22249 1 2:1 10.200.205.2 232.232.9.43 19247 0 2:1 ===== Any suggestion? -- CU, Victor Gamov From owner-freebsd-net@freebsd.org Tue Nov 19 00:49:14 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 64A381CE1A8 for ; Tue, 19 Nov 2019 00:49:14 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (mail.karels.net [216.160.39.52]) by mx1.freebsd.org (Postfix) with ESMTP id 47H6f10Jx3z3HTk for ; Tue, 19 Nov 2019 00:49:11 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (localhost [127.0.0.1]) by mail.karels.net (8.15.2/8.15.2) with ESMTP id xAJ0n474026871; Mon, 18 Nov 2019 18:49:04 -0600 (CST) (envelope-from mike@karels.net) Message-Id: <201911190049.xAJ0n474026871@mail.karels.net> To: Victor Gamov cc: freebsd-net@freebsd.org From: Mike Karels Reply-to: mike@karels.net Subject: Re: FreeBSD as multicast router In-reply-to: Your message of Tue, 19 Nov 2019 00:20:57 +0300. <56999aa0-3d92-0076-9671-c5eed66d50ba@otcnet.ru> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <26869.1574124544.1@mail.karels.net> Date: Mon, 18 Nov 2019 18:49:04 -0600 X-Rspamd-Queue-Id: 47H6f10Jx3z3HTk X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mike@karels.net designates 216.160.39.52 as permitted sender) smtp.mailfrom=mike@karels.net X-Spamd-Result: default: False [-4.15 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[mike@karels.net]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:216.160.39.52]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[karels.net]; REPLYTO_ADDR_EQ_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-1.95)[ip: (-6.51), ipnet: 216.160.0.0/15(-3.19), asn: 209(0.02), country: US(-0.05)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:209, ipnet:216.160.0.0/15, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2019 00:49:14 -0000 > Hi All > Still trying to run FreeBSD-box as multicast router :-) > FreeBSD upgraded to 11.3-STABLE #1 r354778. netstat pacth by Mike Karels > manually applied and netstat -gs looks OK now. > Latest pimd version 3.0beta1 downloaded from git and configured. While > configure it report following: > ===== > ------------------ Summary ------------------ > pimd version 3.0-beta1 > Prefix................: /usr/local > Sysconfdir............: /usr/local/etc > Localstatedir.........: /usr/local/var > C Compiler............: cc -g -O2 > Optional features: > Kernel register encap.: no > Kernel (*,G) support..: no > Kernel MAX VIFs.......: 32 > Memory save...........: no > RSRR (experimental)...: no > Exit on error.........: yes > ===== > What does "Kernel (*,G) support..: no" means? > Then my test multicast network configured (again) > -------------------- ---------- > -vlan298-| FreeBSD PIM router |-vlan299-| client | > |208.34/29 205.2/29| |205.5/29| > -------------------- ---------- > Two multicast generated by FreeBSD-router: one (232.232.9.43) sended > from vlan299 and another (232.232.88.173) from vlan298 both with TTL=20 > Pimd started with following config: > ===== > phyint vlan299 enable ttl-threshold 20 > phyint vlan298 enable ttl-threshold 20 > rp-address 10.200.205.2 232.232.0.0/16 > ===== If the threshold is 20 and the TTL is 20, does that mean that the TTL is just high enough, or is it at the cutoff? I'd try lowering the threshold and/or increasing the TTL to see which it is. If the TTL is 20 on the incoming side, it would be 19 on the outgoing side. > Now client is requesting multicast which router is sending from vlan299 > and client successfully receiving it. But when client is requests > multicast sending (by router) from vlan298 it doesn't receive it. > My first question: (in theory) is router must send multicast to client > in this situation? In theory yes, modulo TTL and other checks. > And the second: why :Ttls is 1 at `netstat -f inet -g` output: > ===== > IPv4 Virtual Interface Table > Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out > 0 20 10.200.205.2 0 19247 > 1 20 10.200.208.34 0 22249 > 2 1 10.200.205.2 0 41496 > IPv4 Multicast Forwarding Table > Origin Group Packets In-Vif Out-Vifs:Ttls > 10.200.208.34 232.232.88.173 22249 1 2:1 > 10.200.205.2 232.232.9.43 19247 0 2:1 > ===== > Any suggestion? > -- > CU, > Victor Gamov Mike From owner-freebsd-net@freebsd.org Tue Nov 19 08:06:01 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9B9A31A94EA for ; Tue, 19 Nov 2019 08:06:01 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from mail.otcnet.ru (mail.otcnet.ru [194.190.78.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47HJL039t0z491Y for ; Tue, 19 Nov 2019 08:06:00 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from MacBook-Gamov.local (unknown [195.91.148.145]) by mail.otcnet.ru (Postfix) with ESMTPSA id 3304B8A1A1; Tue, 19 Nov 2019 11:05:57 +0300 (MSK) Subject: Re: FreeBSD as multicast router To: mike@karels.net Cc: freebsd-net@freebsd.org References: <201911190049.xAJ0n474026871@mail.karels.net> From: Victor Gamov Organization: OstankinoTelecom Message-ID: <649ee28c-d5fa-c44b-44f7-e6020bdc5afd@otcnet.ru> Date: Tue, 19 Nov 2019 11:05:56 +0300 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 In-Reply-To: <201911190049.xAJ0n474026871@mail.karels.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47HJL039t0z491Y X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of vit@otcnet.ru designates 194.190.78.3 as permitted sender) smtp.mailfrom=vit@otcnet.ru X-Spamd-Result: default: False [-5.48 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a:mail.otcnet.ru]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[otcnet.ru]; HAS_ORG_HEADER(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-3.28)[ip: (-8.63), ipnet: 194.190.78.0/24(-4.32), asn: 50822(-3.45), country: RU(0.01)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:50822, ipnet:194.190.78.0/24, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2019 08:06:01 -0000 On 19/11/2019 03:49, Mike Karels wrote: >> Hi All > >> Still trying to run FreeBSD-box as multicast router :-) > >> FreeBSD upgraded to 11.3-STABLE #1 r354778. netstat pacth by Mike Karels >> manually applied and netstat -gs looks OK now. > >> Latest pimd version 3.0beta1 downloaded from git and configured. While >> configure it report following: > >> ===== >> ------------------ Summary ------------------ >> pimd version 3.0-beta1 >> Prefix................: /usr/local >> Sysconfdir............: /usr/local/etc >> Localstatedir.........: /usr/local/var >> C Compiler............: cc -g -O2 > >> Optional features: >> Kernel register encap.: no >> Kernel (*,G) support..: no >> Kernel MAX VIFs.......: 32 >> Memory save...........: no >> RSRR (experimental)...: no >> Exit on error.........: yes >> ===== > >> What does "Kernel (*,G) support..: no" means? > > >> Then my test multicast network configured (again) >> -------------------- ---------- >> -vlan298-| FreeBSD PIM router |-vlan299-| client | >> |208.34/29 205.2/29| |205.5/29| >> -------------------- ---------- > > >> Two multicast generated by FreeBSD-router: one (232.232.9.43) sended >> from vlan299 and another (232.232.88.173) from vlan298 both with TTL=20 > >> Pimd started with following config: >> ===== >> phyint vlan299 enable ttl-threshold 20 >> phyint vlan298 enable ttl-threshold 20 >> rp-address 10.200.205.2 232.232.0.0/16 >> ===== > > If the threshold is 20 and the TTL is 20, does that mean that the TTL is > just high enough, or is it at the cutoff? I'd try lowering the threshold > and/or increasing the TTL to see which it is. If the TTL is 20 on the > incoming side, it would be 19 on the outgoing side. ttl-threshold changed to 10 in pimd.conf. `netstat -g` reports Thresh=10 now. Locally FreeBSD-router generated multicast vlan299 comes to receiver with ttl=20. And it's OK. Locally FreeBSD-router generated multicast vlan298 does not comes to receiver. Multicast generated from another sender on vlan298 comes to router with TTL=20 but never comes to receiver via vlan299 >> Now client is requesting multicast which router is sending from vlan299 >> and client successfully receiving it. But when client is requests >> multicast sending (by router) from vlan298 it doesn't receive it. > > >> My first question: (in theory) is router must send multicast to client >> in this situation? > > In theory yes, modulo TTL and other checks. I will reconfigure my test network to use dedicated FreeBSD-box as multicast router with two only multicast interfaces to get more clear info from `netstat -gs` Also pimd periodically reports following ===== Kernel busy, retrying (1/3) routing socket read in one sec ===== Is it OK? And more about pimd. It creates register_vif0 on startup. I assume it uses this interface (not reported by `ifconfig`) to route all multicast via. But `netstat -g` reports this interface with threshold=1. Is it OK? -- CU, Victor Gamov From owner-freebsd-net@freebsd.org Tue Nov 19 12:17:34 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 99D621B0E38 for ; Tue, 19 Nov 2019 12:17:34 +0000 (UTC) (envelope-from misho@elwix.org) Received: from mail.elwix.net (ns.aitbg.com [84.242.154.175]) by mx1.freebsd.org (Postfix) with ESMTP id 47HPwF37KPz4PjX; Tue, 19 Nov 2019 12:17:32 +0000 (UTC) (envelope-from misho@elwix.org) Received: from meow.tbc.cloudsigma.com (unknown [91.92.71.51]) by mail.elwix.net (Postfix) with ESMTPSA id B0B5A4A1505E; Tue, 19 Nov 2019 14:17:24 +0200 (EET) Date: Tue, 19 Nov 2019 14:15:53 +0200 From: Michael Pounov To: freebsd-net@freebsd.org, bryanv@FreeBSD.org Subject: vxlan interface mtu when clonning Message-Id: <20191119141553.ca59c2aba580953f71e598ff@elwix.org> Organization: ELWIX X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0) Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Multipart=_Tue__19_Nov_2019_14_15_53_+0200_bs9x9ZGSCr6g9di8" X-Rspamd-Queue-Id: 47HPwF37KPz4PjX X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of misho@elwix.org has no SPF policy when checking 84.242.154.175) smtp.mailfrom=misho@elwix.org X-Spamd-Result: default: False [1.93 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.42)[-0.417,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MV_CASE(0.50)[]; HAS_ATTACHMENT(0.00)[]; MIME_GOOD(-0.10)[multipart/mixed,text/plain]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; DMARC_NA(0.00)[elwix.org]; HAS_ORG_HEADER(0.00)[]; IP_SCORE(0.01)[country: BG(0.04)]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.84)[0.837,0]; R_SPF_NA(0.00)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:29580, ipnet:84.242.152.0/21, country:BG]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2019 12:17:34 -0000 This is a multi-part message in MIME format. --Multipart=_Tue__19_Nov_2019_14_15_53_+0200_bs9x9ZGSCr6g9di8 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hi there Do you thinking that is good idea to have ability for automatically adjust MTU of vxlan in clone phase? When I doing clone/create of vxlan interface automatically doing adjust of vxlan MTU according multicast vxlandev interface. If this is valuable for project can take it. -- Michael Pounov ELWIX - Embedded LightWeight unIX - --Multipart=_Tue__19_Nov_2019_14_15_53_+0200_bs9x9ZGSCr6g9di8 Content-Type: text/x-diff; name="if_vxlan_clone.patch" Content-Disposition: attachment; filename="if_vxlan_clone.patch" Content-Transfer-Encoding: 7bit --- if_vxlan.c 2019-11-19 13:57:56.046105000 +0200 +++ if_vxlan.c 2019-11-19 14:02:21.057692000 +0200 @@ -2725,8 +2725,9 @@ vxlan_clone_create(struct if_clone *ifc, int unit, caddr_t params) { struct vxlan_softc *sc; - struct ifnet *ifp; + struct ifnet *ifp, *ifpp; struct ifvxlanparam vxlp; + const short r4hdrs = 100; /* Reasonable standard offset for MTU from vxlandev iface */ int error; sc = malloc(sizeof(struct vxlan_softc), M_VXLAN, M_WAITOK | M_ZERO); @@ -2776,6 +2777,22 @@ ifp->if_baudrate = 0; ifp->if_hdrlen = 0; + + if (vxlp.vxlp_with & VXLAN_PARAM_WITH_MULTICAST_IF) { + ifpp = ifunit_ref(sc->vxl_mc_ifname); + if (ifpp == NULL) { + if_printf(sc->vxl_ifp, "multicast interface %s does " + "not exist\n", sc->vxl_mc_ifname); + goto fail; + } + if (ifpp->if_mtu <= r4hdrs) { + if_printf(sc->vxl_ifp, "multicast interface %s does " + "not have sufficient MTU\n", sc->vxl_mc_ifname); + goto fail; + } + + ifp->if_mtu = ifpp->if_mtu - r4hdrs; + } return (0); --Multipart=_Tue__19_Nov_2019_14_15_53_+0200_bs9x9ZGSCr6g9di8-- From owner-freebsd-net@freebsd.org Tue Nov 19 12:22:30 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 68E651B1107 for ; Tue, 19 Nov 2019 12:22:30 +0000 (UTC) (envelope-from info@mussttikstat.ru) Received: from mussttikstat.ru (mussttikstat.ru [37.228.116.107]) by mx1.freebsd.org (Postfix) with ESMTP id 47HQ1x1smyz4Q3R for ; Tue, 19 Nov 2019 12:22:29 +0000 (UTC) (envelope-from info@mussttikstat.ru) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=mail; d=mussttikstat.ru; h=MIME-Version:Subject:Content-Type:From:To:Date:Message-ID; bh=hhdjdvM3maXr0XE/E2BrR+ERMFbcdfQC6My0tPolKXg=; b=yGbu8XHVWjFCWRmin8z25TOZ/ze2tpiyvG93BLYv4eqKEKeAot81+UZZ06MFfg6cJxjHt1YrSA5t GnLiNNMl1z0cJjUIiAzlpPEWvx1bbO3V2iaiu/5SVnXieayIczi38s6EloDk14FnZq3PIXt6dnRC CCgNnngh5rWf4EBQZAc= MIME-Version: 1.0 Subject: EPS Global Loans From: Benson Benny To: To: freebsd-net@freebsd.org Date: Tue, 19 Nov 2019 15:22:21 +0300 (UTC) Message-ID: <358653444@mussttikstat.ru> X-Felis-L: OdlxOvgokkn X-Complaints-To: abuse@hfaregkkx.mussttikstat.ru X-Felis-L: MIME::Lite 2.812 (V1.53; D5.94; H1.70; A4.91; V6.12) X-Rspamd-Queue-Id: 47HQ1x1smyz4Q3R X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=mussttikstat.ru header.s=mail header.b=yGbu8XHV; dmarc=pass (policy=none) header.from=mussttikstat.ru; spf=pass (mx1.freebsd.org: domain of info@mussttikstat.ru designates 37.228.116.107 as permitted sender) smtp.mailfrom=info@mussttikstat.ru X-Spamd-Result: default: False [-1.44 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.44)[-0.442,0]; R_DKIM_ALLOW(-0.20)[mussttikstat.ru:s=mail]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:37.228.116.107]; NEURAL_HAM_LONG(-0.68)[-0.685,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; DKIM_TRACE(0.00)[mussttikstat.ru:+]; DMARC_POLICY_ALLOW(-0.50)[mussttikstat.ru,none]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; IP_SCORE(0.69)[ipnet: 37.228.116.0/22(1.89), asn: 50340(1.56), country: RU(0.01)]; ASN(0.00)[asn:50340, ipnet:37.228.116.0/22, country:RU]; FORGED_RECIPIENTS(0.00)[To: freebsd-net@freebsd.org,freebsd-net@freebsd.org]; MID_RHS_MATCH_FROM(0.00)[] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2019 12:22:30 -0000 Are you a business owner, Are you having financial distress or you want t= o fulfill that dream of yours and you need funding, Are you having diffic= ulties in obtaining a loan from hard lenders or banks because of their hi= gh loan fees/requirements? Do you need a loan for any legitimate reason? Then worry no more, Our ser= vices includes, * Personal Loan (Unsecured) * Business Loan (Unsecured) * Debt Consolidation Loan * Improve your home Kindly get back to me for more information if you are interested, Contact= us now email:loans@epsgloballlc.org Thanks Rivera From owner-freebsd-net@freebsd.org Tue Nov 19 14:48:26 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7DB831B4E1B for ; Tue, 19 Nov 2019 14:48:26 +0000 (UTC) (envelope-from info@tovarsyou.ru) Received: from tovarsyou.ru (tovarsyou.ru [37.228.116.79]) by mx1.freebsd.org (Postfix) with ESMTP id 47HTGK0wMkz4ZQr for ; Tue, 19 Nov 2019 14:48:24 +0000 (UTC) (envelope-from info@tovarsyou.ru) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=mail; d=tovarsyou.ru; h=MIME-Version:Subject:Content-Type:From:To:Date:Message-ID:List-Subscribe; bh=34yhKl9QM6Z2hPu6YVYAMX13/fWvB6s/YL82iY0qvMA=; b=ZBmwXlYOFGCmYiBc8mez7FXknxv2SHQ57T0ish4NyhvCnS8gEpJqDw4I5fCfoBNkKHg0yDEHqq5d Wum1yxkF4jsF1wV/10QUluUwJ8Y5YWR+YWoXORoGE9dX4W70LAc4oofagDOvAdfwrcCb5/3718rS 9lEdcGEbcZ6KCYbn5J8= MIME-Version: 1.0 Subject: EPS Global Loans From: info@tovarsyou.ru To: freebsd-net@freebsd.org Date: Tue, 19 Nov 2019 17:14:59 +0300 (UTC) Message-ID: <28506101487508.SUD185S8021@be797.tovarsyou.ru Feedback-ID: 1FZ68WL1D3G38V73D8X7EA9MK77DLLONW X-SG-ID: jn990 X-Rspamd-Queue-Id: 47HTGK0wMkz4ZQr X-Spamd-Bar: +++++++++ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tovarsyou.ru header.s=mail header.b=ZBmwXlYO; dmarc=pass (policy=none) header.from=tovarsyou.ru; spf=pass (mx1.freebsd.org: domain of info@tovarsyou.ru designates 37.228.116.79 as permitted sender) smtp.mailfrom=info@tovarsyou.ru X-Spamd-Result: default: False [9.96 / 15.00]; ARC_NA(0.00)[]; NEURAL_SPAM_LONG(0.77)[0.774,0]; R_DKIM_ALLOW(0.00)[tovarsyou.ru:s=mail]; RBL_NIXSPAM(4.00)[79.116.228.37.ix.dnsbl.manitu.net]; R_SPF_ALLOW(0.00)[+ip4:37.228.116.79]; TO_MATCH_ENVRCPT_ALL(0.00)[]; URIBL_RED(3.50)[tovarsyou.ru.multi.uribl.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_SPAM_MEDIUM(0.39)[0.393,0]; RCPT_COUNT_ONE(0.00)[1]; BAD_REP_POLICIES(0.10)[]; DKIM_TRACE(0.00)[tovarsyou.ru:+]; DMARC_POLICY_ALLOW(0.00)[tovarsyou.ru,none]; FROM_NO_DN(0.00)[]; HAS_ANON_DOMAIN(0.10)[]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; MID_MISSING_BRACKETS(0.50)[]; ASN(0.00)[asn:50340, ipnet:37.228.116.0/22, country:RU]; IP_SCORE(0.70)[ipnet: 37.228.116.0/22(1.91), asn: 50340(1.56), country: RU(0.01)]; GREYLIST(0.00)[pass,body] X-Spam: Yes Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2019 14:48:26 -0000 Are you a business owner, Are you having financial distress or you want t= o fulfill that dream of yours and you need funding, Are you having diffic= ulties in obtaining a loan from hard lenders or banks because of their hi= gh loan fees/requirements? Do you need a loan for any legitimate reason? Then worry no more, Our ser= vices includes, * Personal Loan (Unsecured) * Business Loan (Unsecured) * Debt Consolidation Loan * Improve your home Kindly get back to me for more information if you are interested, Contact= us now email:loans@epsgloballlc.org Thanks Rivera From owner-freebsd-net@freebsd.org Tue Nov 19 23:08:24 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 16E521C0CFA for ; Tue, 19 Nov 2019 23:08:24 +0000 (UTC) (envelope-from list_freebsd@bluerosetech.com) Received: from echo.brtsvcs.net (echo.brtsvcs.net [208.111.40.118]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47HhMC247Rz43sV for ; Tue, 19 Nov 2019 23:08:23 +0000 (UTC) (envelope-from list_freebsd@bluerosetech.com) Received: from chombo.houseloki.net (c-73-240-250-185.hsd1.or.comcast.net [73.240.250.185]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "chombo.houseloki.net", Issuer "brtsvcs.net CA" (verified OK)) by echo.brtsvcs.net (Postfix) with ESMTPS id 3455438D47 for ; Tue, 19 Nov 2019 23:07:55 +0000 (UTC) Received: from [IPv6:2601:1c2:1402:1770:6950:8969:122c:f74a] (unknown [IPv6:2601:1c2:1402:1770:6950:8969:122c:f74a]) by chombo.houseloki.net (Postfix) with ESMTPSA id C4C1B13437 for ; Tue, 19 Nov 2019 15:07:54 -0800 (PST) To: freebsd-net@freebsd.org From: Mel Pilgrim Subject: CenturyLink gigabit PPPoE/igb, are there still performance issues? Message-ID: Date: Tue, 19 Nov 2019 15:07:52 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47HhMC247Rz43sV X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of list_freebsd@bluerosetech.com designates 208.111.40.118 as permitted sender) smtp.mailfrom=list_freebsd@bluerosetech.com X-Spamd-Result: default: False [-4.50 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:relay3.brtsvcs.net]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[bluerosetech.com]; IP_SCORE(-3.20)[ip: (-8.06), ipnet: 208.111.40.0/24(-4.03), asn: 36236(-3.85), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:36236, ipnet:208.111.40.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[185.250.240.73.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2019 23:08:24 -0000 I have CenturyLink GPON service, which uses PPPoE. I've read about the performance bottleneck with PPPoE over igb interfaces limiting throughput to only a few hundred Mbps unless run on fairly capable hardware. Caveat: the posts that discuss this issue are a few years old. The hardware I have is a Xeon E3-1245v6 with igb interfaces. That seems like it should be beefy enough to handle a gigabit of PPPoE. In testing, I get 800+ Mbps when connected though the router provided by CenturyLink, but only 350 Mbps when connected directly to the ONT. If I add an em-based NIC, will that work around the issue? Is a cxgbe-based NIC the better choice? From owner-freebsd-net@freebsd.org Tue Nov 19 23:13:12 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 46EF91C111A for ; Tue, 19 Nov 2019 23:13:12 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47HhSl1nVbz44Ml for ; Tue, 19 Nov 2019 23:13:10 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 3BF09220AA for ; Tue, 19 Nov 2019 18:13:10 -0500 (EST) Received: from imap6 ([10.202.2.56]) by compute7.internal (MEProxy); Tue, 19 Nov 2019 18:13:10 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at; h=mime-version:message-id:date:from:to:subject:content-type; s= fm3; bh=Tfe0VeQs6OC/d7ec1J/dPGAS28q1HVOO3yEdiC5fZfY=; b=s/OpDrJE /tub5uhEmVEUIrPZ5261r8J168Z/Dsg0xgA1ztM0I03Bs5sUZNre7bEYJURu2LPP EdLB/WzyrMRGHgM43mUbzsnTroBNQWhAZ6IiEsRc17OKKAe0Y1muJ/wCenDPTlKc 8oWjZns8oTBoS3mm990j2WvmmPF1NHYF3F0R1Xl/AgEiC2OPBaBUpBctVGqohBKq 0JpukyqVN9RbVQb7UazZuHfv2p8f6M5Hm55ANRLvkfhZrziwkTIcvMj/gWTnnJFO D7OGrxPVaNJ8DoAAAt/ZIF6E68qDa6LjZ7cv3ORfRSK00XQ3IsKo8znTvWME6qLj F5poDrZbHsbYuw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=Tfe0VeQs6OC/d7ec1J/dPGAS28q1H VOO3yEdiC5fZfY=; b=uiBQ7VVLDH6p0LhdPryUw75jCSr5Rlw/VcdGH+kzgzSP8 +c2ogLxMrftEy6Om+FpKM3Ej9XHefPCzN/JfPWY8WNoUFSHiAL2cywS8/90Dt52N oCsEQ9W3pag36q32TWkhBzFAb/6Qjjc7ZviNOV10G01wVvj7TtAq4B2I34QgqZ2N VcHnHith+SmT5o86Q1W1L+oEXLXysRnqWlGI4NS6K3kX0v7DQ9/8BuBibMGbUSvV G6lf6eWjn7EqKvg4eABEFMZ6QNpqI/4cPPXEKG+x0+1KEUZ9SuEZj2wVajS/3gCj W2qgWVB+6PxTyE4GLjKN+Mkg65abRH3wvvrfcwuCg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrudegledgtdejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvufgtsehttdertd erredtnecuhfhrohhmpedfffgrvhgvucevohhtthhlvghhuhgsvghrfdcuoegutghhsehs khhunhhkfigvrhhkshdrrghtqeenucfrrghrrghmpehmrghilhhfrhhomhepuggthhessh hkuhhnkhifvghrkhhsrdgrthenucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id B77AF1400A2; Tue, 19 Nov 2019 18:13:09 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.1.7-578-g826f590-fmstable-20191119v1 Mime-Version: 1.0 Message-Id: Date: Tue, 19 Nov 2019 23:12:48 +0000 From: "Dave Cottlehuber" To: freebsd-net Subject: if_tap limits in 12.1R amd64? Content-Type: text/plain X-Rspamd-Queue-Id: 47HhSl1nVbz44Ml X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=skunkwerks.at header.s=fm3 header.b=s/OpDrJE; dkim=pass header.d=messagingengine.com header.s=fm1 header.b=uiBQ7VVL; dmarc=none; spf=pass (mx1.freebsd.org: domain of dch@skunkwerks.at designates 66.111.4.27 as permitted sender) smtp.mailfrom=dch@skunkwerks.at X-Spamd-Result: default: False [-4.08 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[skunkwerks.at:s=fm3,messagingengine.com:s=fm1]; XM_UA_NO_VERSION(0.01)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.27]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; DMARC_NA(0.00)[skunkwerks.at]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4]; IP_SCORE(-3.49)[ip: (-9.83), ipnet: 66.111.4.0/24(-4.87), asn: 11403(-2.68), country: US(-0.05)]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[skunkwerks.at:+,messagingengine.com:+]; MV_CASE(0.50)[]; RCVD_IN_DNSWL_LOW(-0.10)[27.4.111.66.list.dnswl.org : 127.0.5.1]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US]; RCVD_TLS_LAST(0.00)[]; MID_RHS_WWW(0.50)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2019 23:13:12 -0000 I use a port, net/zerotier, that uses if_tap(4) to provide a mesh VPN. If I add many IPv6 aliases to its /80 routable IPv6 interface, sometime around adding ~ 1100 or more aliases, the port dies. If I'm really lucky, system panics. Now that I'm watching it, no such luck.... Am I running into some limitations or thresholds for if_tap? lo has no trouble soaking up this number of aliases. thanks Dave From owner-freebsd-net@freebsd.org Wed Nov 20 06:39:42 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 92BD11AA7EA for ; Wed, 20 Nov 2019 06:39:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47HtMy3PbWz4PlG for ; Wed, 20 Nov 2019 06:39:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 74D641AA7E8; Wed, 20 Nov 2019 06:39:42 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 749F41AA7E7 for ; Wed, 20 Nov 2019 06:39:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47HtMy2bSSz4PlF for ; Wed, 20 Nov 2019 06:39:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3C6EF1EBDE for ; Wed, 20 Nov 2019 06:39:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xAK6dghH081547 for ; Wed, 20 Nov 2019 06:39:42 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xAK6dg9W081546 for net@FreeBSD.org; Wed, 20 Nov 2019 06:39:42 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242070] scp on 12.1p1-RELEASE is painfully slow Date: Wed, 20 Nov 2019 06:39:42 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: keywords assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2019 06:39:42 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242070 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |regression Assignee|bugs@FreeBSD.org |net@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Nov 20 06:54:44 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 959651AB260 for ; Wed, 20 Nov 2019 06:54:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47HtjJ3XtLz4Qjv for ; Wed, 20 Nov 2019 06:54:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 79A501AB25F; Wed, 20 Nov 2019 06:54:44 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 796CD1AB25E for ; Wed, 20 Nov 2019 06:54:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47HtjJ2gmMz4Qjt for ; Wed, 20 Nov 2019 06:54:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 40B0B1EF80 for ; Wed, 20 Nov 2019 06:54:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xAK6sinh022704 for ; Wed, 20 Nov 2019 06:54:44 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xAK6sio3022703 for net@FreeBSD.org; Wed, 20 Nov 2019 06:54:44 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242070] scp on 12.1p1-RELEASE is painfully slow Date: Wed, 20 Nov 2019 06:54:44 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2019 06:54:44 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242070 Eugene Grosbein changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |eugen@freebsd.org --- Comment #1 from Eugene Grosbein --- Please supply more details on your network configuration beginning with used network cards and drivers. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Nov 20 10:27:56 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7D7331B1CF7 for ; Wed, 20 Nov 2019 10:27:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47HzRJ2q94z4cc5 for ; Wed, 20 Nov 2019 10:27:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 5F0091B1CF6; Wed, 20 Nov 2019 10:27:56 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5EC651B1CF5 for ; Wed, 20 Nov 2019 10:27:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47HzRJ1z85z4cc4 for ; Wed, 20 Nov 2019 10:27:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2700A21524 for ; Wed, 20 Nov 2019 10:27:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xAKARu53054900 for ; Wed, 20 Nov 2019 10:27:56 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xAKARuho054899 for net@FreeBSD.org; Wed, 20 Nov 2019 10:27:56 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242070] scp on 12.1p1-RELEASE is painfully slow Date: Wed, 20 Nov 2019 10:27:55 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: oz42@oz42.eu X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2019 10:27:56 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242070 --- Comment #2 from oz42@oz42.eu --- Both hosts use IPv4 (on the same subnet) and vmx network card driver. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Nov 20 10:41:31 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A73661B228F for ; Wed, 20 Nov 2019 10:41:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47Hzkz42kQz4dFD for ; Wed, 20 Nov 2019 10:41:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 8AA321B228E; Wed, 20 Nov 2019 10:41:31 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8A66B1B228D for ; Wed, 20 Nov 2019 10:41:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47Hzkz3Cbcz4dFC for ; Wed, 20 Nov 2019 10:41:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 532052173D for ; Wed, 20 Nov 2019 10:41:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xAKAfVDd087662 for ; Wed, 20 Nov 2019 10:41:31 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xAKAfV2P087615 for net@FreeBSD.org; Wed, 20 Nov 2019 10:41:31 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 242070] scp on 12.1p1-RELEASE is painfully slow Date: Wed, 20 Nov 2019 10:41:30 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2019 10:41:31 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D242070 --- Comment #3 from Eugene Grosbein --- Does it help if you disable various offloads for network interfaces such ax tso4, rxcsum, txcsum etc.? Use: "ifconfig vmx0 -tso4" and so on for both si= des. Use "ifconfig vmx0" to verify that offload features got disabled, repeat te= st and report back. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Wed Nov 20 21:46:48 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BBC071C256F for ; Wed, 20 Nov 2019 21:46:48 +0000 (UTC) (envelope-from gretchen.chester@dxs-shopping.com) Received: from sg2nlsmtp01.shr.prod.sin2.secureserver.net (sg2nlsmtp01.shr.prod.sin2.secureserver.net [182.50.132.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "relay-hosting.secureserver.net", Issuer "Starfield Secure Certificate Authority - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47JGVb0MM8z4NHW for ; Wed, 20 Nov 2019 21:46:46 +0000 (UTC) (envelope-from gretchen.chester@dxs-shopping.com) Received: from sg2plcpnl0105.prod.sin2.secureserver.net ([182.50.135.51]) by : HOSTING RELAY : with ESMTP id XXfqihE2Qmw8YXXfqii96S; Wed, 20 Nov 2019 14:38:06 -0700 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dxs-shopping.com; s=default; h=Content-Type:MIME-Version:Message-ID:Date: Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+7YopJXSsRmfr5csch7jhrxeHipTGQCvLeKlRtlaLEQ=; b=JzuLvw1Chc8jSgtmnMJAWO3oGl kpRDq+Hj1w5pcgdNYk3ZKQ8nuBsn86z08c/iUEn53bjDXYm4cN8ApcOvdejDyNOjk9wHkr9HBMbnd lXOIv0RwTyJjXw9NsURDFNeSEuteSpsrtqq2d4dvOaHD4Rl5UHlvxSEz4zMCumgJ+Su8RwhCdGH5m KYBPAcp6k6NgGEd10n9nAaa8xWpvc8eiIrg43UUfpxVtSZS8Jv8ON48zuCtvzse+rcbXY7ExYFMbP QZV5MS8YUnUYN/llEM5b7DT44B45SBlGviFLKhvf55iftoELnYvZ6tpb7Lldo57Mu9+bA6/H5jFPf VQk+9/AQ==; Received: from [125.99.231.22] (port=64341 helo=WS53) by sg2plcpnl0105.prod.sin2.secureserver.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from ) id 1iXXfq-003bmA-BL for freebsd-net@freebsd.org; Wed, 20 Nov 2019 14:38:06 -0700 From: "Gretchen Chester" To: Subject: VMware Potential Business Clients Date: Thu, 21 Nov 2019 03:07:30 +0530 Message-ID: MIME-Version: 1.0 X-Priority: 1 (Highest) X-MSMail-Priority: High X-Mailer: Microsoft Outlook 15.0 Importance: High Sensitivity: Personal Thread-Index: AdWf6GvpL2YkaBqxRIe3VHfc3xDHpg== Content-Language: en-us X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - sg2plcpnl0105.prod.sin2.secureserver.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - dxs-shopping.com X-Get-Message-Sender-Via: sg2plcpnl0105.prod.sin2.secureserver.net: authenticated_id: gretchen.chester@dxs-shopping.com X-Authenticated-Sender: sg2plcpnl0105.prod.sin2.secureserver.net: gretchen.chester@dxs-shopping.com X-Source: X-Source-Args: X-Source-Dir: X-CMAE-Envelope: MS4wfOCK/3hmLyzkAuBNfHGEbt5DHPmeWCXcoEr5WomHby6rtizHXHKlxF2DymH9nl88Ldx9OBoA0SgSMZ4CPLXJazr3WLYSWQ5EhVMBtqQ6qpWpw0h7pRSs ijcfXdgOc1AreYp3/Lh3Wwg0kw5uk2mXrjJykaROzNL+mmAAp2Lh6BRfNuNfE7Z8JDYpsxx8nBafMo+YgyIlk/EHTTALKflrvHfuKolsxYgAnqKVMi2PwYGx X-Rspamd-Queue-Id: 47JGVb0MM8z4NHW X-Spamd-Bar: +++++++ Authentication-Results: mx1.freebsd.org; dkim=none (invalid DKIM record) header.d=dxs-shopping.com header.s=default header.b=JzuLvw1C; dmarc=none; spf=none (mx1.freebsd.org: domain of gretchen.chester@dxs-shopping.com has no SPF policy when checking 182.50.132.200) smtp.mailfrom=gretchen.chester@dxs-shopping.com X-Spamd-Result: default: False [7.86 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_X_SOURCE(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[dxs-shopping.com:~]; HAS_X_ANTIABUSE(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[22.231.99.125.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; HAS_X_PRIO_ONE(0.00)[1]; ASN(0.00)[asn:26496, ipnet:182.50.132.0/22, country:US]; MID_RHS_MATCH_FROM(0.00)[]; HAS_X_AS(0.00)[gretchen.chester@dxs-shopping.com]; ARC_NA(0.00)[]; RECEIVED_SPAMHAUS_XBL(5.00)[22.231.99.125.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.4]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; DMARC_NA(0.00)[dxs-shopping.com]; NEURAL_SPAM_MEDIUM(1.00)[0.996,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(0.96)[ip: (3.20), ipnet: 182.50.132.0/22(1.48), asn: 26496(0.19), country: US(-0.05)]; NEURAL_SPAM_LONG(1.00)[1.000,0]; RCVD_IN_DNSWL_NONE(0.00)[200.132.50.182.list.dnswl.org : 127.0.5.0]; HAS_X_GMSV(0.00)[gretchen.chester@dxs-shopping.com]; R_DKIM_PERMFAIL(0.00)[dxs-shopping.com:s=default]; R_SPF_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; GREYLIST(0.00)[pass,body] X-Spam: Yes Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2019 21:46:48 -0000 Hi, I hope you are doing well! I just wanted to see if you would be interested in purchasing updated VMWare Users List for your business campaign. We also have related technology users list like: AWS, Oracle, Cisco, Citrix, Fortinet, Microsoft, NetApp and many more. Let me know if you're interested and I will come back to you with more details, Counts and Pricing. Awaiting for your response. Regards, Gretchen Chester Sr. Marketing Manager If you're not interested please reply with "Leave out". From owner-freebsd-net@freebsd.org Thu Nov 21 11:52:58 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9E3371BB1B2; Thu, 21 Nov 2019 11:52:58 +0000 (UTC) (envelope-from michal@microwave.sk) Received: from daemon.microwave.sk (daemon.microwave.sk [217.144.16.208]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47JdGw6bj8z4HCg; Thu, 21 Nov 2019 11:52:56 +0000 (UTC) (envelope-from michal@microwave.sk) Received: from [192.168.0.128] (static-dsl-28.87-197-110.telecom.sk [87.197.110.28]) by daemon.microwave.sk (Postfix) with ESMTPSA id 09C74289B; Thu, 21 Nov 2019 12:52:48 +0100 (CET) From: =?utf-8?Q?Michal_Van=C4=8Do?= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3601.0.10\)) Subject: device_attach: ixv0 attach returned 5 Message-Id: <2D60E558-2F48-40EA-BF0D-C350BD005215@microwave.sk> Date: Thu, 21 Nov 2019 12:52:47 +0100 To: freebsd-net@freebsd.org, freebsd-stable@freebsd.org X-Mailer: Apple Mail (2.3601.0.10) X-Rspamd-Queue-Id: 47JdGw6bj8z4HCg X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.44 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[microwave.sk:s=mail]; NEURAL_HAM_MEDIUM(-0.98)[-0.981,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-0.97)[-0.975,0]; MV_CASE(0.50)[]; DKIM_TRACE(0.00)[microwave.sk:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[microwave.sk,quarantine]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(0.02)[country: SK(0.09)]; ASN(0.00)[asn:31127, ipnet:217.144.16.0/20, country:SK]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 11:52:58 -0000 Hi, I=E2=80=99m trying to get SR-IOV working with my two port Intel 10G NIC: ix0@pci0:3:0:0: class=3D0x020000 card=3D0x15ad15d9 chip=3D0x15ad8086 = rev=3D0x00 hdr=3D0x00 vendor =3D 'Intel Corporation' device =3D 'Ethernet Connection X552/X557-AT 10GBASE-T' class =3D network subclass =3D ethernet ix1@pci0:3:0:1: class=3D0x020000 card=3D0x15ad15d9 chip=3D0x15ad8086 = rev=3D0x00 hdr=3D0x00 vendor =3D 'Intel Corporation' device =3D 'Ethernet Connection X552/X557-AT 10GBASE-T' class =3D network subclass =3D ethernet with this iovctl config: # cat /etc/iovctl_ix1.conf=20 PF { device: "ix1"; num_vfs: 4; } I get 4 PCI devices created: none57@pci0:3:0:129: class=3D0x020000 card=3D0x15ad15d9 = chip=3D0x15a88086 rev=3D0x00 hdr=3D0x00 vendor =3D 'Intel Corporation' device =3D 'Ethernet Connection X552 Virtual Function' class =3D network subclass =3D ethernet none58@pci0:3:0:131: class=3D0x020000 card=3D0x15ad15d9 = chip=3D0x15a88086 rev=3D0x00 hdr=3D0x00 vendor =3D 'Intel Corporation' device =3D 'Ethernet Connection X552 Virtual Function' class =3D network subclass =3D ethernet none59@pci0:3:0:133: class=3D0x020000 card=3D0x15ad15d9 = chip=3D0x15a88086 rev=3D0x00 hdr=3D0x00 vendor =3D 'Intel Corporation' device =3D 'Ethernet Connection X552 Virtual Function' class =3D network subclass =3D ethernet none60@pci0:3:0:135: class=3D0x020000 card=3D0x15ad15d9 = chip=3D0x15a88086 rev=3D0x00 hdr=3D0x00 vendor =3D 'Intel Corporation' device =3D 'Ethernet Connection X552 Virtual Function' class =3D network subclass =3D ethernet But the driver fails to attach with following errors: ixv0: at device = 0.129 on pci4 ixv0: ...reset_hw() failure: Reset Failed! ixv0: IFDI_ATTACH_PRE failed 5 device_attach: ixv0 attach returned 5 ixv0: at device = 0.131 on pci4 ixv0: ...reset_hw() failure: Reset Failed! ixv0: IFDI_ATTACH_PRE failed 5 device_attach: ixv0 attach returned 5 ixv0: at device = 0.133 on pci4 ixv0: ...reset_hw() failure: Reset Failed! ixv0: IFDI_ATTACH_PRE failed 5 device_attach: ixv0 attach returned 5 ixv0: at device = 0.135 on pci4 ixv0: ...reset_hw() failure: Reset Failed! ixv0: IFDI_ATTACH_PRE failed 5 device_attach: ixv0 attach returned 5 I=E2=80=99m running 12-STABLE. Is this a hardware related or possibly a = driver bug? regards Michal From owner-freebsd-net@freebsd.org Thu Nov 21 12:38:22 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1431E1BD469 for ; Thu, 21 Nov 2019 12:38:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47JfHK6rGrz4L2R for ; Thu, 21 Nov 2019 12:38:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id EABEE1BD468; Thu, 21 Nov 2019 12:38:21 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EA8511BD467 for ; Thu, 21 Nov 2019 12:38:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47JfHK5vDnz4L2Q for ; Thu, 21 Nov 2019 12:38:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A9794B44F for ; Thu, 21 Nov 2019 12:38:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xALCcLo9092389 for ; Thu, 21 Nov 2019 12:38:21 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xALCcLXo092381 for net@FreeBSD.org; Thu, 21 Nov 2019 12:38:21 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 196501] [em] Intel 82573 nic built on my pdsbm-ln2 1U server and only one port will work. Date: Thu, 21 Nov 2019 12:38:21 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: ijeffsc@gmail.com X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 12:38:22 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D196501 --- Comment #9 from Ian Jefferson --- (In reply to Ian Jefferson from comment #8) This still seems to be an issue in 11.3. Same hardware configuration but finally getting around to upgrading Xigmanas to something moderately curren= t. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Thu Nov 21 14:42:02 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DF7B81C10C5 for ; Thu, 21 Nov 2019 14:42:02 +0000 (UTC) (envelope-from email-account-protection-verification@email123.linkpc.net) Received: from vm.publicvm.com (vm.publicvm.com [216.108.228.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47Jj210w1Bz4VCQ for ; Thu, 21 Nov 2019 14:42:00 +0000 (UTC) (envelope-from email-account-protection-verification@email123.linkpc.net) Received: from ec2-18-218-137-235.us-east-2.compute.amazonaws.com ([18.218.137.235]:61977 helo=email123.linkpc.net) by vm.publicvm.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from ) id 1iXnea-0005Iu-Kx for freebsd-net@freebsd.org; Thu, 21 Nov 2019 15:41:52 +0100 From: Server Report To: freebsd-net@freebsd.org Subject: Account (freebsd-net@freebsd.org) Confirmation Required ! Date: 21 Nov 2019 14:41:52 +0000 Message-ID: <20191121144151.7CD4E2143AA15AF1@email123.linkpc.net> MIME-Version: 1.0 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vm.publicvm.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - email123.linkpc.net X-Get-Message-Sender-Via: vm.publicvm.com: authenticated_id: email-account-protection-verification@email123.linkpc.net X-Authenticated-Sender: vm.publicvm.com: email-account-protection-verification@email123.linkpc.net X-Source: X-Source-Args: X-Source-Dir: X-Rspamd-Queue-Id: 47Jj210w1Bz4VCQ X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.02 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(0.00)[+ip4:216.108.228.45]; HAS_X_SOURCE(0.00)[]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[email123.linkpc.net:+]; DMARC_POLICY_ALLOW(0.00)[email123.linkpc.net,reject]; SUBJECT_ENDS_EXCLAIM(0.00)[]; HAS_X_ANTIABUSE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; IP_SCORE(-0.09)[ipnet: 216.108.228.0/24(-1.62), asn: 26277(1.24), country: US(-0.05)]; ASN(0.00)[asn:26277, ipnet:216.108.228.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; HAS_X_AS(0.00)[email-account-protection-verification@email123.linkpc.net]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.96)[-0.960,0]; R_DKIM_ALLOW(0.00)[email123.linkpc.net:s=default]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.98)[-0.977,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; HAS_LIST_UNSUB(-0.01)[]; RCPT_COUNT_ONE(0.00)[1]; BAD_REP_POLICIES(0.10)[]; URIBL_PBL(0.01)[harvar.edu.pe]; HAS_X_GMSV(0.00)[email-account-protection-verification@email123.linkpc.net]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 14:42:02 -0000 Please note that our service to you will be terminated in a=20 shortly time due to the recent suspicious activities we detected CONFIRM MY ACCOUNT=20 (=C2=A0http://harvar.edu.pe/-/index.php?email=3Dfreebsd-net@freebsd.org=C2= =A0) Verify your account to avoid service disruption and continue=20 using our service From owner-freebsd-net@freebsd.org Thu Nov 21 15:10:49 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E4A051C20C2 for ; Thu, 21 Nov 2019 15:10:49 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47JjgD6XCXz4XC4 for ; Thu, 21 Nov 2019 15:10:48 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=Message-ID:Subject:To:From:Date:In-Reply-To; bh=R0k3l3+cWRxu5lx4alD61Gd3A1Vt0YFvmwFJAYCXgDM=; b=JDx2ZsZtHRStty5qvgWuMa+fmG boia3gjUgwWSVlqncpB73t6CqLAdCKIhzTwp+bPd0uj+tL4EYDI4CvA9gAyV5gnxOCmdZ6nWb+PHf tCKMT4wVnv0qvzSJdm0owQCMYyG6FQ5P61N9k1nFoBS27UyulYfE3Us/FX7g5VvVKxLQ=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iXo6T-000OYK-4L for freebsd-net@freebsd.org; Thu, 21 Nov 2019 22:10:41 +0700 Date: Thu, 21 Nov 2019 22:10:41 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: pf, stateful filter and DMZ Message-ID: <20191121151041.GA93735@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="yrj/dFKFPuw6o+aM" Content-Disposition: inline X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47JjgD6XCXz4XC4 X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=JDx2ZsZt; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.40 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.30)[ip: (-9.85), ipnet: 2001:19f0:5000::/38(-4.92), asn: 20473(-1.68), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 15:10:50 -0000 --yrj/dFKFPuw6o+aM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Dear Colleagues, A quick question about pf from an ipfw user. Suppose I have three interfaces: $outside, $inside and $dmz. If I want to block any traffic from $dmz to $inside, unless it is=20 1. Return traffic from $inside to $dmz 2. ICMP traffic in any direction would these rules be sufficient? block in on $dmz pass in on $dmz proto icmp pass out on $inside --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --yrj/dFKFPuw6o+aM Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd1qjxAAoJEA2k8lmbXsY0RCkIALixnsB9NvxFaRAk0QfxBp3V fovMrJZvNJl844FQQJnpoh8u2S524Th7feYLRVDyBeLs4GY7s5AvRdzej5l7fXNn bgtqXt7tHcu76a7pYo/5ry7UOBULjiNqO7v2LcMI3NXNdI6DZc7QemHTFSvqZ3PR N2qeq5PFdJNjycq7Qfn2kUJRncHnYj6vl+BSAXBS26JtFb0waTSKpnm+OPSi+biq lBFrjTdV5aPTHGHlA8TpbzrcgJqGiTHplGZim2BLhy1OVQzNVXJaLvBeA70wdewS 0EVoh8GA+9T4c+bh3fw/5J5uvzuyV7jpjkRnd/+VBuDakd41JKX23kpf40p1W0A= =UKiF -----END PGP SIGNATURE----- --yrj/dFKFPuw6o+aM-- From owner-freebsd-net@freebsd.org Thu Nov 21 17:49:28 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 701411C62D6 for ; Thu, 21 Nov 2019 17:49:28 +0000 (UTC) (envelope-from vegeta@tuxpowered.net) Received: from mail-ed1-x544.google.com (mail-ed1-x544.google.com [IPv6:2a00:1450:4864:20::544]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47JnBH4YyYz3DDZ for ; Thu, 21 Nov 2019 17:49:27 +0000 (UTC) (envelope-from vegeta@tuxpowered.net) Received: by mail-ed1-x544.google.com with SMTP id k14so3558792eds.4 for ; Thu, 21 Nov 2019 09:49:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tuxpowered-net.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to; bh=KUrmYyHSW6lFMwwFIFUewkKwz2SD0UJumS5fivT5e+k=; b=pZiVj+04QkP6zil+PZ7BikJifEQpUvlrBLl6/0ZF+xgTPRWucDrJ38oPGTbm2LOD3k EZlPd8fQ7LJh60zIMgC9bgHQeL0ts5GlzUB9CZXGVJ6a/vJkISpsWfU0wo+n/HqK14K3 zPDQyZbuMkp6QDM4yqNH2h8GgLVRoW3wIrtPuTwngliz5iSjh9YlOOI+s9ClSmSNH3to OG7lZLn/o62z7mE95CPBypmonEpoqjcEoZqOVVZIBgax9MAfeq/C+fSD4YJ6SxEY+FOd zefg3FD1tDoxpA3bYZUYziiZY1+o8XBENjRyWdhkw1tdE2USQ/ilgI8LRoHtV9cWPwpe no8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to; bh=KUrmYyHSW6lFMwwFIFUewkKwz2SD0UJumS5fivT5e+k=; b=H4BC2uFm/0WD5swiRbzcmq3heNS8fk2WmnNNLKtNoWxym5AGdFfHSkzLXh7y2EJSN/ n8QlStzuusi57PpogPlO0MBMjA9XZey52l/D7g7QuEujBExFKrl9zAql5HLRlWVOXRmr XctLdq3OMgT0eZk219ERz+nAl3c/3VeLmtd/6yOSfWCgXc7nVBtTnUxBj6+qsNsV2AOA WHEE2jmtV0BwrA/CjR+f176IC/P/FaJTvIqE8RvZ/eTQtR3xv1RJoDvYr1gytIorQOxy K0K/UmXCd/fNWI21oTzyNOYxdnS9ALCcTChSnqKuWmgn0OkiDdPZppNUYqbe0yn+8AzQ 1oxA== X-Gm-Message-State: APjAAAWbgXrAdbjaVqpivm4LKQJkFZFenaUNFZoKzC9uluI+GNnWX9K8 7b9IhebzFM6JNRvjmWxNLnzAgD5nfAw= X-Google-Smtp-Source: APXvYqwdi4d+2b62Elka/z30ijY/UEpVXJVqyg4q5Eds343Z0u2cwv5rKNnFKGIWpx9JcVij1tUIyA== X-Received: by 2002:a17:906:c44f:: with SMTP id ck15mr15216822ejb.7.1574358564431; Thu, 21 Nov 2019 09:49:24 -0800 (PST) Received: from Proton.local ([2a00:1f78:fffb:1000:50b1:385e:47d4:bb5f]) by smtp.gmail.com with ESMTPSA id d18sm128381edy.79.2019.11.21.09.49.23 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 21 Nov 2019 09:49:23 -0800 (PST) Subject: Re: pf, stateful filter and DMZ To: freebsd-net@freebsd.org References: <20191121151041.GA93735@admin.sibptus.ru> From: Kajetan Staszkiewicz Openpgp: preference=signencrypt Autocrypt: addr=vegeta@tuxpowered.net; keydata= mQGiBELvVycRBADVGZM8mHAsH+R87EBg4O+QTOkL0TjroqamohMlCdBEZgFGcGVoKA9c9Az6 e7xpk90DuaWYrzBKJ+I5drx2ddqdqejLhgNm3QZubE8Cf9cCxBAxnxBZHzmmgVJMOg93lJUQ e9L1BstntodE2xz4jSBB++Zh9eZgRqbn/EICcQmmKwCg9pQfnXRAMr4tFxhsFenxa/JCvFME AK/03irNfB8DezORCfpt7lZuwL5oRJ/TvpoCfwgVkNd6gTLMgSQpKbFytLzAAmRsE+EwVpBo sUzKt4vzmW4bllgPao14TyuVcViah27/da3fHm1HIMkjvro/ONtUivInn+5L33S0meT3KyuK ofwc1A6KucNxhv4rG7RsXuhwZZmQA/0QVni2wq7yc6t15dfCxuDCxG7yXp4pE5Dghp/MMwts leIxJ3JdHaTZ9aIrYT2Rxw8mTXUs89pDi7PCqXA2N4C+RvkoZI0Q6cWs6jHNZGiZRVzkw38r 8ctqtAlcfzlAynX5+Ym9oiNMJ/c/4fAiFrWerMR1rFWDSD56ltQHk0X0oLQsS2FqZXRhbiBT dGFzemtpZXdpY3ogPHZlZ2V0YUB0dXhwb3dlcmVkLm5ldD6IewQTEQIAOwYLCQgHAwIDFQID AxYCAQIeAQIXgAIZARYhBI4RBk5u/YHyZ/QlueO0UK9tezoUBQJcD656BQkbAXUJAAoJEOO0 UK9tezoUnsIAoK89eXWiO7x3gkfC+5mDXNnRx6ioAKCy4NE/0s8vTDA/P3yYJ2r6orDDNLkB DQRC71cpEAQAjXEOKfj9O4eYTWcifEApMYzel9+aWmhNRqqUhJuNO40UDF73biRJ0cjd8miV hZGxcqIdjnZUmxn8Okr+ta7ZU4Q2KNw7B23VKd1jzDKalaUGtCbv8pnvFdBCJwwzdhHJ2vxr e7zkGMrU4x5Od/92YZRCgX229Ic8y7muveQty4sAAwYD/A/FKDQkIu16GVOu9g8ZBLLBi1HS h2eiem/efmfZS1APR7Q5Ouf6KJMeEgBCKY9yqEp9wg97Bt93oi3zP0H1I8rLmrj5hoEE/VEj Cc4XSQ3qrthmQ9bE8fPDZIgodPG1h+dlOzDQoUxKM/YZdbKmV8VkegbAmEng9rJk90gJ+7Qt iGMEGBEIACMWIQSOEQZObv2B8mf0JbnjtFCvbXs6FAUCXDcogwUJGzo2agAKCRDjtFCvbXs6 FNsqAJ9naj/37JF2c1HjhO/4xosKOtGX/QCgn5ADg8fykMSnWmIR0GO/xq9LEzs= Message-ID: <59ac7be3-b79d-a13e-b64f-cd4dae43b9e4@tuxpowered.net> Date: Thu, 21 Nov 2019 18:49:22 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: <20191121151041.GA93735@admin.sibptus.ru> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="EAjuuvwHeV88g1DIYEruuXx5RLhcGQIKt" X-Rspamd-Queue-Id: 47JnBH4YyYz3DDZ X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tuxpowered-net.20150623.gappssmtp.com header.s=20150623 header.b=pZiVj+04; dmarc=none; spf=pass (mx1.freebsd.org: domain of vegeta@tuxpowered.net designates 2a00:1450:4864:20::544 as permitted sender) smtp.mailfrom=vegeta@tuxpowered.net X-Spamd-Result: default: False [-5.55 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[tuxpowered-net.20150623.gappssmtp.com:s=20150623]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; TO_MATCH_ENVRCPT_ALL(0.00)[]; HAS_ATTACHMENT(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; DMARC_NA(0.00)[tuxpowered.net]; DKIM_TRACE(0.00)[tuxpowered-net.20150623.gappssmtp.com:+]; RCVD_IN_DNSWL_NONE(0.00)[4.4.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; IP_SCORE(-0.95)[ip: (-0.04), ipnet: 2a00:1450::/32(-2.71), asn: 15169(-1.97), country: US(-0.05)]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 17:49:28 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --EAjuuvwHeV88g1DIYEruuXx5RLhcGQIKt Content-Type: multipart/mixed; boundary="MJwmGYcMuicYegV205teRV9YGxvXBmRyJ"; protected-headers="v1" From: Kajetan Staszkiewicz To: freebsd-net@freebsd.org Message-ID: <59ac7be3-b79d-a13e-b64f-cd4dae43b9e4@tuxpowered.net> Subject: Re: pf, stateful filter and DMZ References: <20191121151041.GA93735@admin.sibptus.ru> In-Reply-To: <20191121151041.GA93735@admin.sibptus.ru> --MJwmGYcMuicYegV205teRV9YGxvXBmRyJ Content-Type: text/plain; charset=windows-1252 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable On 21.11.19 16:10, Victor Sudakov wrote: > Dear Colleagues, >=20 > A quick question about pf from an ipfw user. >=20 > Suppose I have three interfaces: $outside, $inside and $dmz. If I want > to block any traffic from $dmz to $inside, unless it is=20 >=20 > 1. Return traffic from $inside to $dmz pf is a stateful firewall and you can't really skip its statefullness. It will always allow return traffic if you allowed outgoint connection. > 2. ICMP traffic in any direction Sounds like a bad idea. Why would you do it? > would these rules be sufficient? >=20 > block in on $dmz > pass in on $dmz proto icmp > pass out on $inside >=20 For me this rather looks like you allow from $dmz to $inside but block from $dmz to $outside. Rules are not "quick" so the last one matching applies. However somebody else should verify this, I'm always only using quick rules so I'm not 100% sure. --=20 | pozdrawiam / greetings | powered by Debian, FreeBSD and CentOS | | Kajetan Staszkiewicz | jabber,email: vegeta()tuxpowered net | | Vegeta | www: http://vegeta.tuxpowered.net | `------------------------^---------------------------------------' --MJwmGYcMuicYegV205teRV9YGxvXBmRyJ-- --EAjuuvwHeV88g1DIYEruuXx5RLhcGQIKt Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQSOEQZObv2B8mf0JbnjtFCvbXs6FAUCXdbOIgAKCRDjtFCvbXs6 FHoqAJ4wBvTP5D0o6MC6w/arYiXmnq3AkQCfQUdqaWT2/3WdG7hiLj8C6PzVDv4= =eBPe -----END PGP SIGNATURE----- --EAjuuvwHeV88g1DIYEruuXx5RLhcGQIKt-- From owner-freebsd-net@freebsd.org Thu Nov 21 17:52:31 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B435F1C6555; Thu, 21 Nov 2019 17:52:31 +0000 (UTC) (envelope-from ultima1252@gmail.com) Received: from mail-oi1-f176.google.com (mail-oi1-f176.google.com [209.85.167.176]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47JnFp6mt0z3DY6; Thu, 21 Nov 2019 17:52:30 +0000 (UTC) (envelope-from ultima1252@gmail.com) Received: by mail-oi1-f176.google.com with SMTP id y194so4008492oie.4; Thu, 21 Nov 2019 09:52:30 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=u5sRQQGyGPxPj67Itm6i2dUZ+tfsEblzf5KvkE98y/A=; b=BCf9EjwPoeSlsS4jHYiMhzwEChHCAdyK41skyChmCmWxDxLOX7lndHp2z1TS9pHWHu ta9Tuhu1vJgBwtztewbWw5NBq6e0K2Q9DewISsqz/cI652acRsnLdnUIXWTLntH5nl9i NUEq2RzxHxie9Jg/uc+yudfw9pnVOBQmKQ8PsmAmhDSdRd8mqTSVPmLGvdhwkRzOuUj5 +HVGD2FkCFA3m3fxrsCHbBYrOcO2Ubv0l1AZr07xwrahdHwGGVRlFXZaKRom2F8/UUTD xZdfEdeung7JPrrc/DAzOK816vp+X/g1fNQ7Z8ClYb4uJEhd90jUgL9xx4lYlHJEnjv2 DiyA== X-Gm-Message-State: APjAAAVj99u7MO/9PjX7mauIXOlX/K8RPCj+HhEi1J+9pRYYdjWNwDNp 0iITOjtlqFQbrwv6vqW52KKY0M8e X-Google-Smtp-Source: APXvYqyYVLM6ZDpvJ4taBaMdhZ9mbYkFI7dSRK+fj5RvMYleosDM1GuownYOYsVjzb8MFXzHVSsPbw== X-Received: by 2002:aca:674c:: with SMTP id b12mr8572927oiy.148.1574358749234; Thu, 21 Nov 2019 09:52:29 -0800 (PST) Received: from mail-io1-f53.google.com (mail-io1-f53.google.com. [209.85.166.53]) by smtp.gmail.com with ESMTPSA id d21sm1188859otp.66.2019.11.21.09.52.28 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 21 Nov 2019 09:52:28 -0800 (PST) Received: by mail-io1-f53.google.com with SMTP id b26so2572851ion.7; Thu, 21 Nov 2019 09:52:28 -0800 (PST) X-Received: by 2002:a6b:204:: with SMTP id 4mr8794818ioc.303.1574358748281; Thu, 21 Nov 2019 09:52:28 -0800 (PST) MIME-Version: 1.0 References: <2D60E558-2F48-40EA-BF0D-C350BD005215@microwave.sk> In-Reply-To: <2D60E558-2F48-40EA-BF0D-C350BD005215@microwave.sk> From: Richard Gallamore Date: Thu, 21 Nov 2019 09:52:17 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: device_attach: ixv0 attach returned 5 To: =?UTF-8?Q?Michal_Van=C4=8Do?= Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org X-Rspamd-Queue-Id: 47JnFp6mt0z3DY6 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of ultima1252@gmail.com designates 209.85.167.176 as permitted sender) smtp.mailfrom=ultima1252@gmail.com X-Spamd-Result: default: False [-2.12 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; DMARC_NA(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; TO_DN_SOME(0.00)[]; URI_COUNT_ODD(1.00)[3]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[176.167.85.209.list.dnswl.org : 127.0.5.0]; IP_SCORE(-1.12)[ip: (-0.43), ipnet: 209.85.128.0/17(-3.17), asn: 15169(-1.97), country: US(-0.05)]; FORGED_SENDER(0.30)[ultima@freebsd.org,ultima1252@gmail.com]; RWL_MAILSPIKE_POSSIBLE(0.00)[176.167.85.209.rep.mailspike.net : 127.0.0.17]; MIME_TRACE(0.00)[0:+,1:+,2:~]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[ultima@freebsd.org,ultima1252@gmail.com] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 17:52:31 -0000 Hello Michal, > I=E2=80=99m running 12-STABLE. Is this a hardware related or possibly a d= river bug? This is probably a driver / module bug. [1] is a bug on this issue, that I opened some years ago. The last time I tested the sr-iov functionality it was working if you compile the intel module with sr-iov support enabled but not with the base module. This was probably a couple years ago though and on 12-CURRENT before 12 was released. Personally I suggest you just avoid sr-iov though and use bridges. sr-iov was a cool idea but it just failed to get an attraction. Probably several reasons for this, based on my experience I would say the primary reason is because its designed use case is for virtualization, and if you do use this for virtualization, you trade the ability to do live migrations due to using physical hardware. Hope this helps, Richard Gallamore On Thu, Nov 21, 2019 at 3:53 AM Michal Van=C4=8Do via freebsd-stable < freebsd-stable@freebsd.org> wrote: > Hi, > > I=E2=80=99m trying to get SR-IOV working with my two port Intel 10G NIC: > > ix0@pci0:3:0:0: class=3D0x020000 card=3D0x15ad15d9 chip=3D0x15ad8086 rev= =3D0x00 > hdr=3D0x00 > vendor =3D 'Intel Corporation' > device =3D 'Ethernet Connection X552/X557-AT 10GBASE-T' > class =3D network > subclass =3D ethernet > ix1@pci0:3:0:1: class=3D0x020000 card=3D0x15ad15d9 chip=3D0x15ad8086 rev= =3D0x00 > hdr=3D0x00 > vendor =3D 'Intel Corporation' > device =3D 'Ethernet Connection X552/X557-AT 10GBASE-T' > class =3D network > subclass =3D ethernet > > with this iovctl config: > > # cat /etc/iovctl_ix1.conf > PF { > device: "ix1"; > num_vfs: 4; > } > > I get 4 PCI devices created: > > none57@pci0:3:0:129: class=3D0x020000 card=3D0x15ad15d9 chip=3D0x15a88= 086 > rev=3D0x00 hdr=3D0x00 > vendor =3D 'Intel Corporation' > device =3D 'Ethernet Connection X552 Virtual Function' > class =3D network > subclass =3D ethernet > none58@pci0:3:0:131: class=3D0x020000 card=3D0x15ad15d9 chip=3D0x15a88= 086 > rev=3D0x00 hdr=3D0x00 > vendor =3D 'Intel Corporation' > device =3D 'Ethernet Connection X552 Virtual Function' > class =3D network > subclass =3D ethernet > none59@pci0:3:0:133: class=3D0x020000 card=3D0x15ad15d9 chip=3D0x15a88= 086 > rev=3D0x00 hdr=3D0x00 > vendor =3D 'Intel Corporation' > device =3D 'Ethernet Connection X552 Virtual Function' > class =3D network > subclass =3D ethernet > none60@pci0:3:0:135: class=3D0x020000 card=3D0x15ad15d9 chip=3D0x15a88= 086 > rev=3D0x00 hdr=3D0x00 > vendor =3D 'Intel Corporation' > device =3D 'Ethernet Connection X552 Virtual Function' > class =3D network > subclass =3D ethernet > > But the driver fails to attach with following errors: > > ixv0: at device 0.12= 9 > on pci4 > ixv0: ...reset_hw() failure: Reset Failed! > ixv0: IFDI_ATTACH_PRE failed 5 > device_attach: ixv0 attach returned 5 > ixv0: at device 0.13= 1 > on pci4 > ixv0: ...reset_hw() failure: Reset Failed! > ixv0: IFDI_ATTACH_PRE failed 5 > device_attach: ixv0 attach returned 5 > ixv0: at device 0.13= 3 > on pci4 > ixv0: ...reset_hw() failure: Reset Failed! > ixv0: IFDI_ATTACH_PRE failed 5 > device_attach: ixv0 attach returned 5 > ixv0: at device 0.13= 5 > on pci4 > ixv0: ...reset_hw() failure: Reset Failed! > ixv0: IFDI_ATTACH_PRE failed 5 > device_attach: ixv0 attach returned 5 > > I=E2=80=99m running 12-STABLE. Is this a hardware related or possibly a d= river bug? > > regards > Michal > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > From owner-freebsd-net@freebsd.org Thu Nov 21 18:10:46 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 58F891C6B03; Thu, 21 Nov 2019 18:10:46 +0000 (UTC) (envelope-from michal@microwave.sk) Received: from daemon.microwave.sk (daemon.microwave.sk [IPv6:2a01:108:1:1001::d0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47Jnfr4g5Nz3FSR; Thu, 21 Nov 2019 18:10:44 +0000 (UTC) (envelope-from michal@microwave.sk) Received: from [192.168.0.128] (static-dsl-28.87-197-110.telecom.sk [87.197.110.28]) by daemon.microwave.sk (Postfix) with ESMTPSA id F2C712A9F; Thu, 21 Nov 2019 19:10:40 +0100 (CET) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3601.0.10\)) Subject: Re: device_attach: ixv0 attach returned 5 From: =?utf-8?Q?Michal_Van=C4=8Do?= In-Reply-To: Date: Thu, 21 Nov 2019 19:10:40 +0100 Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <01EC7302-24A6-4441-85A2-4D24C97696ED@microwave.sk> References: <2D60E558-2F48-40EA-BF0D-C350BD005215@microwave.sk> To: Richard Gallamore X-Mailer: Apple Mail (2.3601.0.10) X-Rspamd-Queue-Id: 47Jnfr4g5Nz3FSR X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.41 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[microwave.sk:s=mail]; NEURAL_HAM_MEDIUM(-0.98)[-0.985,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; MV_CASE(0.50)[]; NEURAL_HAM_LONG(-0.95)[-0.948,0]; TO_DN_SOME(0.00)[]; DKIM_TRACE(0.00)[microwave.sk:+]; DMARC_POLICY_ALLOW(-0.50)[microwave.sk,quarantine]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(0.02)[country: SK(0.09)]; ASN(0.00)[asn:31127, ipnet:2a01:108::/32, country:SK]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 18:10:46 -0000 Well then this is really annoying. I can image few other applications = besides virtualization. Jails using vnet bound to VF instead of epair being one = of=20 examples. Any hope that someone will port the SR-IOV from Intel=E2=80=99s = code into the base driver on foreseeable future? regards Michal > On 21 Nov 2019, at 18:52, Richard Gallamore = wrote: >=20 > Hello Michal, >=20 >> I=E2=80=99m running 12-STABLE. Is this a hardware related or possibly = a driver > bug? > This is probably a driver / module bug. >=20 > [1] is a bug on this issue, that I opened some years ago. The last = time > I tested the sr-iov functionality it was working if you compile the = intel > module with sr-iov support enabled but not with the base module. This > was probably a couple years ago though and on 12-CURRENT before > 12 was released. >=20 > Personally I suggest you just avoid sr-iov though and use bridges. = sr-iov > was > a cool idea but it just failed to get an attraction. Probably several > reasons > for this, based on my experience I would say the primary reason is = because > its designed use case is for virtualization, and if you do use this = for > virtualization, you trade the ability to do live migrations due to = using > physical hardware. >=20 > Hope this helps, > Richard Gallamore >=20 > On Thu, Nov 21, 2019 at 3:53 AM Michal Van=C4=8Do via freebsd-stable < > freebsd-stable@freebsd.org> wrote: >=20 >> Hi, >>=20 >> I=E2=80=99m trying to get SR-IOV working with my two port Intel 10G = NIC: >>=20 >> ix0@pci0:3:0:0: class=3D0x020000 card=3D0x15ad15d9 chip=3D0x15ad8086 = rev=3D0x00 >> hdr=3D0x00 >> vendor =3D 'Intel Corporation' >> device =3D 'Ethernet Connection X552/X557-AT 10GBASE-T' >> class =3D network >> subclass =3D ethernet >> ix1@pci0:3:0:1: class=3D0x020000 card=3D0x15ad15d9 chip=3D0x15ad8086 = rev=3D0x00 >> hdr=3D0x00 >> vendor =3D 'Intel Corporation' >> device =3D 'Ethernet Connection X552/X557-AT 10GBASE-T' >> class =3D network >> subclass =3D ethernet >>=20 >> with this iovctl config: >>=20 >> # cat /etc/iovctl_ix1.conf >> PF { >> device: "ix1"; >> num_vfs: 4; >> } >>=20 >> I get 4 PCI devices created: >>=20 >> none57@pci0:3:0:129: class=3D0x020000 card=3D0x15ad15d9 = chip=3D0x15a88086 >> rev=3D0x00 hdr=3D0x00 >> vendor =3D 'Intel Corporation' >> device =3D 'Ethernet Connection X552 Virtual Function' >> class =3D network >> subclass =3D ethernet >> none58@pci0:3:0:131: class=3D0x020000 card=3D0x15ad15d9 = chip=3D0x15a88086 >> rev=3D0x00 hdr=3D0x00 >> vendor =3D 'Intel Corporation' >> device =3D 'Ethernet Connection X552 Virtual Function' >> class =3D network >> subclass =3D ethernet >> none59@pci0:3:0:133: class=3D0x020000 card=3D0x15ad15d9 = chip=3D0x15a88086 >> rev=3D0x00 hdr=3D0x00 >> vendor =3D 'Intel Corporation' >> device =3D 'Ethernet Connection X552 Virtual Function' >> class =3D network >> subclass =3D ethernet >> none60@pci0:3:0:135: class=3D0x020000 card=3D0x15ad15d9 = chip=3D0x15a88086 >> rev=3D0x00 hdr=3D0x00 >> vendor =3D 'Intel Corporation' >> device =3D 'Ethernet Connection X552 Virtual Function' >> class =3D network >> subclass =3D ethernet >>=20 >> But the driver fails to attach with following errors: >>=20 >> ixv0: at device = 0.129 >> on pci4 >> ixv0: ...reset_hw() failure: Reset Failed! >> ixv0: IFDI_ATTACH_PRE failed 5 >> device_attach: ixv0 attach returned 5 >> ixv0: at device = 0.131 >> on pci4 >> ixv0: ...reset_hw() failure: Reset Failed! >> ixv0: IFDI_ATTACH_PRE failed 5 >> device_attach: ixv0 attach returned 5 >> ixv0: at device = 0.133 >> on pci4 >> ixv0: ...reset_hw() failure: Reset Failed! >> ixv0: IFDI_ATTACH_PRE failed 5 >> device_attach: ixv0 attach returned 5 >> ixv0: at device = 0.135 >> on pci4 >> ixv0: ...reset_hw() failure: Reset Failed! >> ixv0: IFDI_ATTACH_PRE failed 5 >> device_attach: ixv0 attach returned 5 >>=20 >> I=E2=80=99m running 12-STABLE. Is this a hardware related or possibly = a driver bug? >>=20 >> regards >> Michal >>=20 >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to = "freebsd-stable-unsubscribe@freebsd.org" >>=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-net@freebsd.org Thu Nov 21 19:29:31 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2D4C01C8AC6 for ; Thu, 21 Nov 2019 19:29:31 +0000 (UTC) (envelope-from mgrooms@shrew.net) Received: from mx2.shrew.net (mx2.shrew.net [38.97.5.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47JqPk2h9cz3KjP for ; Thu, 21 Nov 2019 19:29:30 +0000 (UTC) (envelope-from mgrooms@shrew.net) Received: from mail.shrew.net (mail.shrew.prv [10.24.10.20]) by mx2.shrew.net (8.15.2/8.15.2) with ESMTP id xALJTS4l094250 for ; Thu, 21 Nov 2019 13:29:28 -0600 (CST) (envelope-from mgrooms@shrew.net) Received: from [10.16.32.30] (65-36-5-114.static.grandenetworks.net [65.36.5.114]) by mail.shrew.net (Postfix) with ESMTPSA id 6AC1719651E for ; Thu, 21 Nov 2019 13:29:23 -0600 (CST) From: Matthew Grooms Subject: Re: pf, stateful filter and DMZ To: freebsd-net@freebsd.org References: <20191121151041.GA93735@admin.sibptus.ru> Message-ID: <4d7b48c2-8141-e2cb-596e-8a73d9e68618@shrew.net> Date: Thu, 21 Nov 2019 13:29:13 -0600 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 In-Reply-To: <20191121151041.GA93735@admin.sibptus.ru> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx2.shrew.net [10.24.10.11]); Thu, 21 Nov 2019 13:29:28 -0600 (CST) X-Rspamd-Queue-Id: 47JqPk2h9cz3KjP X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mgrooms@shrew.net designates 38.97.5.132 as permitted sender) smtp.mailfrom=mgrooms@shrew.net X-Spamd-Result: default: False [-3.26 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[132.5.97.38.list.dnswl.org : 127.0.10.0]; IP_SCORE(-0.96)[ip: (-9.22), ipnet: 38.0.0.0/8(2.85), asn: 174(1.64), country: US(-0.05)]; DMARC_NA(0.00)[shrew.net]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:174, ipnet:38.0.0.0/8, country:US]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 19:29:31 -0000 On 11/21/2019 9:10 AM, Victor Sudakov wrote: > Dear Colleagues, > > A quick question about pf from an ipfw user. > > Suppose I have three interfaces: $outside, $inside and $dmz. If I want > to block any traffic from $dmz to $inside, unless it is > > 1. Return traffic from $inside to $dmz > 2. ICMP traffic in any direction > > would these rules be sufficient? > > block in on $dmz > pass in on $dmz proto icmp > pass out on $inside Assuming a default to deny with a narrow match criteria ( using in/out & from/to ), you probably want something like the following ... # default to deny block log all # pass icmp from dmz to inside pass in  log on $if_dmz    proto icmpfrom $net_dmz to $net_inside pass out log on $if_inside proto icmp from $net_dmz to $net_inside # pass from inside to dmz pass in  log on $if_inside from $net_inside to $net_dmz pass out log on $if_dmz    from $net_inside to $net_dmz Rules will keep state by default unless you disable ( w/ no keep state ), so return packets will pass ( icmp from inside to dmz | any from dmz to inside ). You could broaden the match criteria by dropping the from/to selectors. -Matthew From owner-freebsd-net@freebsd.org Thu Nov 21 21:31:10 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 76EC01CB6E3 for ; Thu, 21 Nov 2019 21:31:10 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from mail.otcnet.ru (mail.otcnet.ru [194.190.78.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47Jt646Gfzz3yGk for ; Thu, 21 Nov 2019 21:31:08 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from MacBook-Gamov.local (unknown [195.91.148.145]) by mail.otcnet.ru (Postfix) with ESMTPSA id 3663F8B614 for ; Fri, 22 Nov 2019 00:31:01 +0300 (MSK) Subject: Re: FreeBSD as multicast router From: Victor Gamov To: freebsd-net@freebsd.org References: <201911190049.xAJ0n474026871@mail.karels.net> <649ee28c-d5fa-c44b-44f7-e6020bdc5afd@otcnet.ru> Organization: OstankinoTelecom Message-ID: <07757b31-f912-2ef4-8a8f-f055b8e46e54@otcnet.ru> Date: Fri, 22 Nov 2019 00:31:00 +0300 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 In-Reply-To: <649ee28c-d5fa-c44b-44f7-e6020bdc5afd@otcnet.ru> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 47Jt646Gfzz3yGk X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of vit@otcnet.ru designates 194.190.78.3 as permitted sender) smtp.mailfrom=vit@otcnet.ru X-Spamd-Result: default: False [-5.48 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a:mail.otcnet.ru]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; DMARC_NA(0.00)[otcnet.ru]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE(-3.28)[ip: (-8.64), ipnet: 194.190.78.0/24(-4.32), asn: 50822(-3.45), country: RU(0.01)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:50822, ipnet:194.190.78.0/24, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2019 21:31:10 -0000 Looks like everything is OK, but multicast routed if S,G specified in JOIN only. Is it a FreBSD-specific limitation? Also `netstat -gs` reports about some errors: ===== IPv4 multicast forwarding: 973725 multicast forwarding cache lookups 15 multicast forwarding cache misses 498297 upcalls to multicast routing daemon 0 upcall queue overflows (!!!) 16459 upcalls dropped due to full socket buffer 0 cache cleanups 15 datagrams with no route for origin 0 datagrams arrived with bad tunneling 0 datagrams could not be tunneled 475659 datagrams arrived on wrong interface 0 datagrams selectively dropped 0 datagrams dropped due to queue overflow 0 datagrams dropped for being too large ===== On 19/11/2019 11:05, Victor Gamov wrote: > On 19/11/2019 03:49, Mike Karels wrote: >>> Hi All >> >>> Still trying to run FreeBSD-box as multicast router :-) >> >>> FreeBSD upgraded to 11.3-STABLE #1 r354778. netstat pacth by Mike Karels >>> manually applied and netstat -gs looks OK now. >> >>> Latest pimd version 3.0beta1 downloaded from git and configured. While >>> configure it report following: >> >>> ===== >>> ------------------ Summary ------------------ >>>    pimd version 3.0-beta1 >>>     Prefix................: /usr/local >>>     Sysconfdir............: /usr/local/etc >>>     Localstatedir.........: /usr/local/var >>>     C Compiler............: cc -g -O2 >> >>> Optional features: >>>     Kernel register encap.: no >>>     Kernel (*,G) support..: no >>>     Kernel MAX VIFs.......: 32 >>>     Memory save...........: no >>>     RSRR (experimental)...: no >>>     Exit on error.........: yes >>> ===== >> >>> What does "Kernel (*,G) support..: no" means? >> >> >>> Then my test multicast network configured (again) >>>           --------------------          ---------- >>> -vlan298-| FreeBSD PIM router |-vlan299-| client | >>>          |208.34/29   205.2/29|         |205.5/29| >>>           --------------------          ---------- >> >> >>> Two multicast generated by FreeBSD-router: one (232.232.9.43) sended >>> from vlan299 and another (232.232.88.173) from vlan298 both with TTL=20 >> >>> Pimd started with following config: >>> ===== >>> phyint vlan299 enable ttl-threshold 20 >>> phyint vlan298 enable ttl-threshold 20 >>> rp-address 10.200.205.2 232.232.0.0/16 >>> ===== >> >> If the threshold is 20 and the TTL is 20, does that mean that the TTL is >> just high enough, or is it at the cutoff?  I'd try lowering the threshold >> and/or increasing the TTL to see which it is.  If the TTL is 20 on the >> incoming side, it would be 19 on the outgoing side. > > ttl-threshold changed to 10 in pimd.conf.  `netstat -g` reports > Thresh=10 now. > > Locally FreeBSD-router generated multicast vlan299 comes to receiver > with ttl=20. And it's OK. > > Locally FreeBSD-router generated multicast vlan298 does not comes to > receiver. > > Multicast generated from another sender on vlan298 comes to router with > TTL=20 but never comes to receiver via vlan299 > >>> Now client is requesting multicast which router is sending from vlan299 >>> and client successfully receiving it.  But when client is requests >>> multicast sending (by router) from vlan298 it doesn't receive it. >> >> >>> My first question: (in theory) is router must send multicast to client >>> in this situation? >> >> In theory yes, modulo TTL and other checks. > > I will reconfigure my test network to use dedicated FreeBSD-box as > multicast router with two only multicast interfaces to get more clear > info from `netstat -gs` > > > Also pimd periodically reports following > ===== > Kernel busy, retrying (1/3) routing socket read in one sec > ===== > > Is it OK? > > > And more about pimd.  It creates register_vif0 on startup.  I assume it > uses this interface (not reported by `ifconfig`) to route all multicast > via.  But `netstat -g` reports this interface with threshold=1.  Is it OK? -- CU, Victor Gamov From owner-freebsd-net@freebsd.org Fri Nov 22 01:06:58 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D3E771A810C for ; Fri, 22 Nov 2019 01:06:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47Jyv65LVhz4BS0 for ; Fri, 22 Nov 2019 01:06:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id B767A1A810B; Fri, 22 Nov 2019 01:06:58 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B72611A810A for ; Fri, 22 Nov 2019 01:06:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47Jyv64Rk6z4BRy for ; Fri, 22 Nov 2019 01:06:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7B40A1BF6D for ; Fri, 22 Nov 2019 01:06:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id xAM16wpJ016945 for ; Fri, 22 Nov 2019 01:06:58 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id xAM16wGi016825 for net@FreeBSD.org; Fri, 22 Nov 2019 01:06:58 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 220468] libfetch: Does not handle 407 (proxy auth) when connecting to HTTPS using connect tunnel Date: Fri, 22 Nov 2019 01:06:55 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: mfc-stable11? mfc-stable12? X-Bugzilla-Changed-Fields: assigned_to cc flagtypes.name short_desc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2019 01:06:58 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220468 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|des@FreeBSD.org |net@FreeBSD.org CC| |net@FreeBSD.org Flags|mfc-stable10? | Summary|[libfetch] is not handling |libfetch: Does not handle |407 (proxy auth) when |407 (proxy auth) when |connecting to https using |connecting to HTTPS using |connect tunnel (patch) |connect tunnel --- Comment #9 from Kubilay Kocak --- ^Triage:=20 - Assignee timeout, reset assignee. Open to take - 10.x is EoL, cancel MFC to stable/10 @Egil Could you please check that attachment 184069 still applies to CURRENT (head), and rebase/replace it if it doesn't. Thank you --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-net@freebsd.org Fri Nov 22 06:19:52 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9F43C1ADDBD for ; Fri, 22 Nov 2019 06:19:52 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47K5r73wBZz4PL0 for ; Fri, 22 Nov 2019 06:19:51 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=DF5qEhhK0iILIFNfkCG4vexML9ggK294oyPpcMAzpo0=; b=oOlXKhpkxL/YPr5M7ewFxkxNgq tu1K77w1Y0a8OT/0KPhh5LeOUrbYFSly9HpBERbiKCNgI8TWcAlk3jncKHbomDx96+4ZTUplOV8Tl cSqEiwGrfluVoPeEW5TRTDbl4zave9Ee7I5naBc/XYg2JcMo4Dh8KEIWng2Mqn0UM5fE=; Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1iY2II-0006lE-56 for freebsd-net@freebsd.org; Fri, 22 Nov 2019 13:19:50 +0700 Date: Fri, 22 Nov 2019 13:19:50 +0700 From: Victor Sudakov To: freebsd-net@freebsd.org Subject: Re: pf, stateful filter and DMZ Message-ID: <20191122061950.GA25286@admin.sibptus.ru> References: <20191121151041.GA93735@admin.sibptus.ru> <59ac7be3-b79d-a13e-b64f-cd4dae43b9e4@tuxpowered.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="TB36FDmn/VVEgNH/" Content-Disposition: inline In-Reply-To: <59ac7be3-b79d-a13e-b64f-cd4dae43b9e4@tuxpowered.net> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.12.2 (2019-09-21) X-Rspamd-Queue-Id: 47K5r73wBZz4PL0 X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=oOlXKhpk; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.40 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.30)[ip: (-9.85), ipnet: 2001:19f0:5000::/38(-4.93), asn: 20473(-1.69), country: US(-0.05)]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2019 06:19:52 -0000 --TB36FDmn/VVEgNH/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Kajetan Staszkiewicz wrote: > > A quick question about pf from an ipfw user. > >=20 > > Suppose I have three interfaces: $outside, $inside and $dmz. If I want > > to block any traffic from $dmz to $inside, unless it is=20 > >=20 > > 1. Return traffic from $inside to $dmz I think I actually meant "return traffic from $dmz_net to $inside_net".=20 >=20 > pf is a stateful firewall and you can't really skip its statefullness. > It will always allow return traffic if you allowed outgoint connection. I know that, the question is rather how to *create* the state when traffic passes from $inside_net to $dmz_net because it's permitted by default. So I just need a "pass" rule to create state, even if otherwise this rule does nothing? >=20 > > 2. ICMP traffic in any direction >=20 > Sounds like a bad idea. Why would you do it? Well, for example, if a host in $inside_net sends a UDP datagram to a host in $dmz_net which generates an ICMP port unreachable message, I want the host in $inside_net to actually receive the message. If pf is THAT stateful and smart, then this rule is not necessary. >=20 > > would these rules be sufficient? > >=20 > > block in on $dmz To be more precise, it would be block in on $dmz from any to $inside_net pass in on $dmz proto icmp from any to $inside_net pass out on $inside ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The last rule will actually create the state for return traffic, is it correct? >=20 > For me this rather looks like you allow from $dmz to $inside but block > from $dmz to $outside.=20 Corrected above. > Rules are not "quick" so the last one matching > applies. However somebody else should verify this, I'm always only using > quick rules so I'm not 100% sure. As a person with some ipfw background, I try to take advantage of pf's features, e.g. "last match wins." Maybe it allows for more concise rules. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --TB36FDmn/VVEgNH/ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJd134GAAoJEA2k8lmbXsY0538H/0qjjdE/3wXy2YIxbM7m3ehy IaAwcnDAEkckVZkV7f/R6Oeq+evzXV3BHCmJgzf4GS5hPoimynMHwwMRZuPBY3dB HKAUeSEFieQLwPJXLXSB79tPLfbTXpq/XmssjW3TuTnZQci7LYjSGIkjSjRO2fD2 QGdiYRWmfov/7b+hz/o2OIFnCgtpQYvSgwBPE0e6v26S5/09xbDYcFnGVZ3ypSfd RvtEw8kY2vL4ZeV9+ZPvCMcuJLWryqfA0QjnHxqL/KeQ757nJCengylmOPndUWQW Sjyiao14CR5zARm66fP0/Xh3dEk8caxdZN6ipsTK62VnWTRuqaIy0TMnObRlazU= =mOXV -----END PGP SIGNATURE----- --TB36FDmn/VVEgNH/-- From owner-freebsd-net@freebsd.org Fri Nov 22 09:42:54 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 338481B3750 for ; Fri, 22 Nov 2019 09:42:54 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47KBLQ0VYsz4ZJN for ; Fri, 22 Nov 2019 09:42:54 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.117.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "Let's Encrypt Authority X3" (verified OK)) (Authenticated sender: matthew/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id D0EE3107BA for ; Fri, 22 Nov 2019 09:42:53 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from leaf.local (unknown [88.212.184.97]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id E1B42F698 for ; Fri, 22 Nov 2019 09:42:51 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none (p=none dis=none) header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/E1B42F698; dkim=none; dkim-atps=neutral Subject: Re: pf, stateful filter and DMZ To: freebsd-net@freebsd.org References: <20191121151041.GA93735@admin.sibptus.ru> <59ac7be3-b79d-a13e-b64f-cd4dae43b9e4@tuxpowered.net> <20191122061950.GA25286@admin.sibptus.ru> From: Matthew Seaman Message-ID: <3d9c5663-3eb5-fd5a-bd72-041bbe392fe7@FreeBSD.org> Date: Fri, 22 Nov 2019 09:42:50 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 In-Reply-To: <20191122061950.GA25286@admin.sibptus.ru> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2019 09:42:54 -0000 On 22/11/2019 06:19, Victor Sudakov wrote: >>> 2. ICMP traffic in any direction >> Sounds like a bad idea. Why would you do it? > Well, for example, if a host in $inside_net sends a UDP datagram to a > host in $dmz_net which generates an ICMP port unreachable message, I > want the host in $inside_net to actually receive the message. If pf is > THAT stateful and smart, then this rule is not necessary. I believe that pf is clever enough to pass ICMP messages associated with a TCP or UDP connection for which it already has an established state without needing any specific additional rules. BICBW. Cheers, Matthew From owner-freebsd-net@freebsd.org Fri Nov 22 12:51:19 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DF0101B7E01 for ; Fri, 22 Nov 2019 12:51:19 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from mail.otcnet.ru (mail.otcnet.ru [194.190.78.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47KGWp3DzSz3GvH for ; Fri, 22 Nov 2019 12:51:18 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from MacBook-Gamov.local (unknown [195.91.148.145]) by mail.otcnet.ru (Postfix) with ESMTPSA id 5DBBA8B7C4 for ; Fri, 22 Nov 2019 15:51:15 +0300 (MSK) To: freebsd-net@freebsd.org From: Victor Gamov Subject: IGMP on FreeBSD-12.1 Organization: OstankinoTelecom Message-ID: Date: Fri, 22 Nov 2019 15:51:14 +0300 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47KGWp3DzSz3GvH X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of vit@otcnet.ru designates 194.190.78.3 as permitted sender) smtp.mailfrom=vit@otcnet.ru X-Spamd-Result: default: False [-5.48 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a:mail.otcnet.ru]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; DMARC_NA(0.00)[otcnet.ru]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE(-3.28)[ip: (-8.64), ipnet: 194.190.78.0/24(-4.32), asn: 50822(-3.46), country: RU(0.01)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:50822, ipnet:194.190.78.0/24, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2019 12:51:19 -0000 Hi All I have FreeBSD 12.1-STABLE r354850 When I started ffmpeg -i 'udp://232.232.9.57:3344?localaddr=10.200.207.35&source=10.200.205.2' then IGMP-Join sended out and ifmcstat reports about 232.232.9.57 on proper interface. I kill ffmpeg but ifmcstat still reports about 232.232.9.57 on interface. Any following ffmpeg start does not generate IGMP-Join as I understand because kernel think it still joined to this multicast. Then I start this scenario on FreeBSD 11.3-STABLE #1 r354778 then group subscription immediately removed from interface at the moment when ffmpeg killed. More things. When I request multicast on 11.3 from 12.1 then 11.3 respond to General-query like this: ===== 10.200.207.42 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 232.232.99.7 is_in { 10.200.208.33 }] ===== When I request multicast on 12.1 from 11.3 then 12.1 respond to General-query like this: ===== 10.200.207.35 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 232.232.9.44 to_ex { }] ===== And when ffmpeg started on 12.1 first time as following ffmpeg -i 'udp://@232.232.9.44:3344?localaddr=10.200.207.35&source=10.200.205.2' then 12.1 generates IGMP-Join without source: ===== 10.200.207.35 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 232.232.9.44 to_ex { }] ===== So, I assume 12.1 have some problem with IGMP -- CU, Victor Gamov From owner-freebsd-net@freebsd.org Fri Nov 22 15:04:48 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4D5621BA31E for ; Fri, 22 Nov 2019 15:04:48 +0000 (UTC) (envelope-from guido@gvr.org) Received: from gvr.gvr.org (gvr.gvr.org [62.251.117.91]) (using TLSv1.2 with cipher DHE-RSA-CAMELLIA256-SHA256 (256/256 bits)) (Client CN "gvr.gvr.org", Issuer "Gandi Standard SSL CA 2" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 47KKTp4rGjz3Ncr for ; Fri, 22 Nov 2019 15:04:46 +0000 (UTC) (envelope-from guido@gvr.org) Received: from gvr.gvr.org (localhost [127.0.0.1]) by gvr.gvr.org (Postfix) with ESMTP id 8393E35657; Fri, 22 Nov 2019 16:04:42 +0100 (CET) X-Virus-Scanned: amavisd-new at gvr.org Received: from gvr.gvr.org ([127.0.0.1]) by gvr.gvr.org (gvr.gvr.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 6uYSCKGDg76T; Fri, 22 Nov 2019 16:04:42 +0100 (CET) Received: by gvr.gvr.org (Postfix, from userid 657) id 1BCA735654; Fri, 22 Nov 2019 16:04:42 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gvr.org; s=20190204; t=1574435082; bh=VOBMOY06DxlxTHUxFvzIO/DJjjbhM+cU+b4S4JOKqHI=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=D60pGH2dQtyFKehRBlxHiFCXUtQxgpiVrdB7qe9Rv6fPnau5Yke49q5a9apQvVUav guq4kGJNpQZXJCa0KW1GEfvwMuoKovp+0g80azI1p7fufW2wbvuGVEY6J2DfdjxOeR qhQ6bXNmsZif5uUWXX2w0rGXqhjuZjExVK6AXt+mOWCe0T/Du/432O5FFbrT1Zvc4N qO2A285l7S+bgOICTr7WnRudKyruGXfXJslfJaC6Q/4aBF1psh+nmJwRrwQ/hls1xK t1gwBwzVy54H9yOVfDrlqJX6rvaDv1eiR+GEFpeXxK4rRw+lzxPMYQuJ9bKwqpvS8U C3GSL+X6bnskg== Date: Fri, 22 Nov 2019 16:04:42 +0100 From: Guido van Rooij To: Victor Gamov Cc: freebsd-net@freebsd.org Subject: Re: IGMP on FreeBSD-12.1 Message-ID: <20191122150442.GA30942@gvr.gvr.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 47KKTp4rGjz3Ncr X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gvr.org header.s=20190204 header.b=D60pGH2d; dmarc=none; spf=pass (mx1.freebsd.org: domain of guido@gvr.org designates 62.251.117.91 as permitted sender) smtp.mailfrom=guido@gvr.org X-Spamd-Result: default: False [-3.43 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gvr.org:s=20190204]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[gvr.org]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[gvr.org:+]; RCPT_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:3265, ipnet:62.251.0.0/17, country:NL]; IP_SCORE(-0.93)[ipnet: 62.251.0.0/17(-4.67), asn: 3265(-0.00), country: NL(0.02)] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2019 15:04:48 -0000 On Fri, Nov 22, 2019 at 03:51:14PM +0300, Victor Gamov wrote: > > So, I assume 12.1 have some problem with IGMP > I also have problems with igmpproxy and multicast based TV. I have enabled quickleave, but when I go to another channel I do not see an IGMP leave. The same setup worked flawlessly under 11.3. Seems like the same problem. -Guido From owner-freebsd-net@freebsd.org Fri Nov 22 16:27:43 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AB0C01BB76B for ; Fri, 22 Nov 2019 16:27:43 +0000 (UTC) (envelope-from vegeta@tuxpowered.net) Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47KMKV53WMz3xDt for ; Fri, 22 Nov 2019 16:27:42 +0000 (UTC) (envelope-from vegeta@tuxpowered.net) Received: by mail-ed1-x532.google.com with SMTP id k14so6528813eds.4 for ; Fri, 22 Nov 2019 08:27:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tuxpowered-net.20150623.gappssmtp.com; s=20150623; h=to:from:subject:openpgp:autocrypt:message-id:date:user-agent :mime-version; bh=hMPl+7lgUQ4tvJ/vSE3ObY83GKjqsIc8OvFBsZmhobA=; b=pGRAP0IHkOtlQwNwLYYRpbnladDRCHZrB8JqV62CbcbZKOZmA7bjnVc0w2+FvjO/bp 4lwuOH6p9FETrjcPJLsQGoU4J1zAuJpkwzvTeB+RpjXjIRvgjTeQ1d8u4GcI/UQi4fYb EYR5wHv0HvtHfxS4NvnAevVr23Pk7Qe3/p+88Nfbcyar63ZC8KrAM//doabjGc/tCC/B KxrOezCsudpSBYk93EvjpOEJXxWlv5nCAjO6pGMiFMpszeUz491CTMMs+1YauV+axF6V NC6AVvNT42gTagSpGlmDpmjLf4xoVIZSZYRWvqIn37pSW0YxhccxhjjmOyK2buyjsLbP IBcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:openpgp:autocrypt:message-id :date:user-agent:mime-version; bh=hMPl+7lgUQ4tvJ/vSE3ObY83GKjqsIc8OvFBsZmhobA=; b=I3zGwDP9OOO2Q2M1Jn+o9iUmMssyoJkgPkk8zkpcpxLSQsQcVZpSI62IeozL+OvWRs 2sl7P6JijC+i4n7caeaxqZ32XnvaLD3lz0SEPN17JTmNkmjS7RLlpIab0JW2Dm5q8/8q /L7xRv0VVU4Iw4Viu4RFxEfcQdxp7kkbGdImzEaRj81ZIQ10luy/u//n6tDNC0MIMtJw IZhyxef3HX+F8EI1as+3EhB0oNxU8cBUtengceABQJeLeTibHQJ3lKMRtzHTlkefCfYO 96DRjL3pX+Teyxi7UBcDwbfLdugjV3bwjzjBKeZIx+lXhgsG0ZM6UOjv4b/vvo9fbGqS XsUA== X-Gm-Message-State: APjAAAX/zQZpIcjNaAHBdak7tOBlyY+9nXD3I4HbR82fh56Jb84hjtdk AQAJ1yhUtGIMHU11dw24d9fPDeb67iU= X-Google-Smtp-Source: APXvYqwaXAdkW5efXHBxE9aWRjqq7Y1bAi8jbg3efBPwH8lzP0K+I6Djmrik5EzLWbZ5j5g9nqPyow== X-Received: by 2002:a17:906:f756:: with SMTP id jp22mr22330446ejb.234.1574440059155; Fri, 22 Nov 2019 08:27:39 -0800 (PST) Received: from Proton.local ([2a00:1f78:fffb:1000:1186:519d:cea5:41f6]) by smtp.gmail.com with ESMTPSA id f25sm302542edr.48.2019.11.22.08.27.37 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Nov 2019 08:27:37 -0800 (PST) To: freebsd-net@freebsd.org From: Kajetan Staszkiewicz Subject: Carp address used as source Openpgp: preference=signencrypt Autocrypt: addr=vegeta@tuxpowered.net; keydata= mQGiBELvVycRBADVGZM8mHAsH+R87EBg4O+QTOkL0TjroqamohMlCdBEZgFGcGVoKA9c9Az6 e7xpk90DuaWYrzBKJ+I5drx2ddqdqejLhgNm3QZubE8Cf9cCxBAxnxBZHzmmgVJMOg93lJUQ e9L1BstntodE2xz4jSBB++Zh9eZgRqbn/EICcQmmKwCg9pQfnXRAMr4tFxhsFenxa/JCvFME AK/03irNfB8DezORCfpt7lZuwL5oRJ/TvpoCfwgVkNd6gTLMgSQpKbFytLzAAmRsE+EwVpBo sUzKt4vzmW4bllgPao14TyuVcViah27/da3fHm1HIMkjvro/ONtUivInn+5L33S0meT3KyuK ofwc1A6KucNxhv4rG7RsXuhwZZmQA/0QVni2wq7yc6t15dfCxuDCxG7yXp4pE5Dghp/MMwts leIxJ3JdHaTZ9aIrYT2Rxw8mTXUs89pDi7PCqXA2N4C+RvkoZI0Q6cWs6jHNZGiZRVzkw38r 8ctqtAlcfzlAynX5+Ym9oiNMJ/c/4fAiFrWerMR1rFWDSD56ltQHk0X0oLQsS2FqZXRhbiBT dGFzemtpZXdpY3ogPHZlZ2V0YUB0dXhwb3dlcmVkLm5ldD6IewQTEQIAOwYLCQgHAwIDFQID AxYCAQIeAQIXgAIZARYhBI4RBk5u/YHyZ/QlueO0UK9tezoUBQJcD656BQkbAXUJAAoJEOO0 UK9tezoUnsIAoK89eXWiO7x3gkfC+5mDXNnRx6ioAKCy4NE/0s8vTDA/P3yYJ2r6orDDNLkB DQRC71cpEAQAjXEOKfj9O4eYTWcifEApMYzel9+aWmhNRqqUhJuNO40UDF73biRJ0cjd8miV hZGxcqIdjnZUmxn8Okr+ta7ZU4Q2KNw7B23VKd1jzDKalaUGtCbv8pnvFdBCJwwzdhHJ2vxr e7zkGMrU4x5Od/92YZRCgX229Ic8y7muveQty4sAAwYD/A/FKDQkIu16GVOu9g8ZBLLBi1HS h2eiem/efmfZS1APR7Q5Ouf6KJMeEgBCKY9yqEp9wg97Bt93oi3zP0H1I8rLmrj5hoEE/VEj Cc4XSQ3qrthmQ9bE8fPDZIgodPG1h+dlOzDQoUxKM/YZdbKmV8VkegbAmEng9rJk90gJ+7Qt iGMEGBEIACMWIQSOEQZObv2B8mf0JbnjtFCvbXs6FAUCXDcogwUJGzo2agAKCRDjtFCvbXs6 FNsqAJ9naj/37JF2c1HjhO/4xosKOtGX/QCgn5ADg8fykMSnWmIR0GO/xq9LEzs= Message-ID: Date: Fri, 22 Nov 2019 17:27:36 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Ow0Gb6YL8rX5B4QQrfBafecH8ZCbt8UIv" X-Rspamd-Queue-Id: 47KMKV53WMz3xDt X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tuxpowered-net.20150623.gappssmtp.com header.s=20150623 header.b=pGRAP0IH; dmarc=none; spf=pass (mx1.freebsd.org: domain of vegeta@tuxpowered.net designates 2a00:1450:4864:20::532 as permitted sender) smtp.mailfrom=vegeta@tuxpowered.net X-Spamd-Result: default: False [-7.45 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[tuxpowered-net.20150623.gappssmtp.com:s=20150623]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; TO_MATCH_ENVRCPT_ALL(0.00)[]; HAS_ATTACHMENT(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; DMARC_NA(0.00)[tuxpowered.net]; DKIM_TRACE(0.00)[tuxpowered-net.20150623.gappssmtp.com:+]; RCVD_IN_DNSWL_NONE(0.00)[2.3.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; IP_SCORE(-2.85)[ip: (-9.52), ipnet: 2a00:1450::/32(-2.71), asn: 15169(-1.97), country: US(-0.05)]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2019 16:27:43 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Ow0Gb6YL8rX5B4QQrfBafecH8ZCbt8UIv Content-Type: multipart/mixed; boundary="72YMLg69n4YnKWKB8WiTCoXT67znTL2PR"; protected-headers="v1" From: Kajetan Staszkiewicz To: freebsd-net@freebsd.org Message-ID: Subject: Carp address used as source --72YMLg69n4YnKWKB8WiTCoXT67znTL2PR Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable Hello, I have a pair of loadbalancers using FreeBSD 11.3. They have "public" side running BGP, which is not important for this discussion and internal side - multiple VLANs where multple hosts reside which are targets for loadbalancing. Directing traffic to correct target is done using route-to target of pf. Traffic usually comes to a public IP address from public side routed via BGP. This works flawlessly. There are some loadbalanced addresses configured on internal side too. Loadbalancers present an IP address using CARP to machines in VLAN and if traffic comes to this CARP-based IP address, it gets bounced back (using route-to) to another host in this or another VLAN. This works fine when clients and servers are in VLAN. Problem happens when the loadbalancer itself tries to access such address. For example a ping to loadbalanced address looks like this from backup Loadbalancer: [15:41:22] ~/ # sudo tcpdump -pni internal4008 host 10.7.1.7 15:41:33.916816 IP 10.7.1.7 > 10.7.1.7: ICMP echo request, id 35466, seq 3, length 64 15:41:34.917712 IP 10.7.1.7 > 10.7.1.7: ICMP echo request, id 35466, seq 4, length 64 15:41:35.952626 IP 10.7.1.7 > 10.7.1.7: ICMP echo request, id 35466, seq 5, length 64 [15:52:33] ~/ # ifconfig internal4008 | grep -E 'inet |carp:' inet 10.7.0.242 netmask 0xffff0000 broadcast 10.7.255.255 inet 10.7.1.1 netmask 0xffffffff broadcast 10.7.1.1 vhid 123 inet 10.7.1.4 netmask 0xffffffff broadcast 10.7.1.4 vhid 123 inet 10.7.1.7 netmask 0xffffffff broadcast 10.7.1.7 vhid 123 inet 10.7.0.240 netmask 0xffffffff broadcast 10.7.0.240 vhid 123 inet 10.7.2.1 netmask 0xffffffff broadcast 10.7.2.1 vhid 123 carp: BACKUP vhid 123 advbase 1 advskew 100 Connections originating from loadbalancer itself use CARP address as source. Always the same address which I'm trying to reach. How can I ensure that CARP address is never used as source for connections outgoing from Loadbalancer? I've read manpage of ifconfig but I've seen only flags regarding IPv6 address choice. --=20 | pozdrawiam / greetings | powered by Debian, FreeBSD and CentOS | | Kajetan Staszkiewicz | jabber,email: vegeta()tuxpowered net | | Vegeta | www: http://vegeta.tuxpowered.net | `------------------------^---------------------------------------' --72YMLg69n4YnKWKB8WiTCoXT67znTL2PR-- --Ow0Gb6YL8rX5B4QQrfBafecH8ZCbt8UIv Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQSOEQZObv2B8mf0JbnjtFCvbXs6FAUCXdgMeAAKCRDjtFCvbXs6 FH+HAJ9cwvQ7guKWVXhJ32DVDgayxJ7vHgCg4VeG+Zz1YyQx/boZxod55F+d+rk= =tCw+ -----END PGP SIGNATURE----- --Ow0Gb6YL8rX5B4QQrfBafecH8ZCbt8UIv-- From owner-freebsd-net@freebsd.org Fri Nov 22 18:35:16 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AC1131BDE9B for ; Fri, 22 Nov 2019 18:35:16 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (plan-b.pwste.edu.pl [IPv6:2001:678:618::40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "plan-b.pwste.edu.pl", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47KQ8g2ljsz44k2 for ; Fri, 22 Nov 2019 18:35:14 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from fomalhaut.potoki.eu ([IPv6:2001:470:71:d47:497c:944b:3cd8:5fe0]) (authenticated bits=0) by plan-b.pwste.edu.pl (8.15.2/8.15.2) with ESMTPSA id xAMIZ4N4060391 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 22 Nov 2019 19:35:04 +0100 (CET) (envelope-from zarychtam@plan-b.pwste.edu.pl) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=plan-b.pwste.edu.pl; s=plan-b-mailer; t=1574447704; bh=1zs78PIdOZOm7dIIg469LpFcW8TwbFNF7y4YQf0G0ss=; h=To:References:From:Subject:Date:In-Reply-To; b=phIW54+hyUDW3ToR2+zTQ7qdZ7pq0WEd1ei824k69z0TcaTntngxRMioGzz2V7iHt UIp1lFp+Pe4ZeKFGE0oj9TSIlldU+Ll04PJlHBDoNPwo0YkAkvdgJdr6x3VtrrCE/L CAiytHMf7/KmTQx0nnZpc4Wpzk4VtSY5uIkCOnappQz4ZeqtAbjcR815OzzCBcPbXN 17uQp4i7YMnrhtrGFul7r56Vd3m6AgsopsE/kQzYHt07zhAaEdZDXyOBRAweDpiasG g9ri3/HEFAMAxt6zxwb1/kTC2wk3nUXlDxxCoZPsAMFWf9jY8SOI/9xFjTwgQs9sUy cDT0m4T73iEVg== X-Authentication-Warning: plan-b.pwste.edu.pl: Host [IPv6:2001:470:71:d47:497c:944b:3cd8:5fe0] claimed to be fomalhaut.potoki.eu To: Kajetan Staszkiewicz , freebsd-net@freebsd.org References: From: Marek Zarychta Autocrypt: addr=zarychtam@plan-b.pwste.edu.pl; prefer-encrypt=mutual; keydata= mQENBFfi3cMBCADLecMTFXad4uDXqv3eRuB4qJJ8G9tzzFezeRnnwxOsPdytW5ES2z1ibSrR IsiImx6+PTqrAmXpTInxAi7yiZGdSiONRI4CCxKY9d1YFiNYT/2WyNXCekm9x29YeIU7x0JB Llbz0f/9HC+styBIu2H+PY/X98Clzm110CS+n/b9l1AtiGxTiVFj7/uavYAKxH6LNWnbkuc5 v8EVNc7NkEcl5h7Z9X5NEtzDxTOiBIFQ/kOT7LAtkYUPo1lqLeOM2DtWSXTXQgXl0zJI4iP1 OAu4qQYm2nXwq4b2AH9peknelvnt1mpfgDCGSKnhc26q6ibTfMwydp+tvUtQIQYpA6b9ABEB AAG0N01hcmVrIFphcnljaHRhIChQbGFuLWIpIDx6YXJ5Y2h0YW1AcGxhbi1iLnB3c3RlLmVk dS5wbD6JATcEEwEIACEFAlfi4LkCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQHZW8 vIFppoJXdgf8D9X3VRFSNaR9lthSx/+uqas17J3FJKBo1xMQsC2a+44vzNvYJSuPGLLJ+LW2 HPVazjP/BWZJbxOYpliY4zxNRU0YCp0BLIVLibc//yax+mE42FND/+NiIZhqJscl6MLPrSwo sIwXec4XYkldkyqW/xBbBYXoIkBqdKB9j5j42Npy1IV/RizOSdmvTWY27ir8e/yGMR1RLr4F 8P5K3OWTdlGy2H2F/3J8bIPBLG6FpaIyLQw4dHSx8V02PYqDxK1cNo2kAOnU8PnZL/AGuMOH iv3MN1VYL8ehcmpBBsrZGebQJxrjY2/5IaTSgp9xHYT70kshuU6Qb97vk1mOjNZxgbkBDQRX 4t3DAQgA10h6RCXuBLMHxq5B8X/ZIlj9sgLoeyfRdDZEc9rT2KUeUJVHDsbvOFf4/7F1ovWY hJbA6GK/LUZeHHTjnbZcH1uDYQeHly4UOLxeEvhGoz4JhS2C7JzN/uRnwbdOAUbJr8rUj/IY a7gk906rktsc/Ldrxrxh7O6WO0JCh2XO/p4pDfEwwB37g4xHprSab28ECYJ9JMbtA8Sy4M55 g3+GQ28FvSlGnx48OoGXU2BZdc1vZKSQmNOlikB+9/hDX8zdYWVfDaX1TLQ8Ib4+xTUmapza mV/bxIsaZRBw+jFjLQHhTbIMfPEU+4mxFDvTdbKPruKPqVf1ydgMnPZWngowdwARAQABiQEf BBgBCAAJBQJX4t3DAhsMAAoJEB2VvLyBaaaC6qkIAJs9sDPqrqW0bYoRfzY6XjDWQ59p9tJi v8aogxacQNCfAu+WkJ8PNVUtC1dlVcG5NnZ80gXzd1rc8ueIvXlvdanUt/jZd8jbb3gaDbK3 wh1yMCGBl/1fOJTyEGYv1CRojv97KK89KP5+r8x1P1iHcSrunlDNqGxTMydNCwBH23QcOM+m u4spKnJ/s0VRBkw3xoKBZfZza6fTQ4gTpAipjyk7ldOGBV+PvkKATdhK2yLwuWXhKbg/GRlD 1r5P0gxzSqfV4My+KJuc2EDcrqp1y0wOpE1m9iZqCcd0fup5f7HDsYlLWshr7NQl28f6+fQb sylq/j672BHXsdeqf/Ip9V65AQ0EV+OTdwEIAMxnGg7OO/ZAnSwiIiABA9lil1Lfa5BWTH3c l1rz4slz7Gw99G9J3bX3FiPA0vU89dgBZ2k0/UVk5cI5EsMAvwJN4bPwRsfBELQqjCKkVZr4 vUeGyvgQ2jnoK1fcEFOnCRdwFy4EJ6Y/fsZCTj4IfQpkM1W7C3KuSGPcjPDA9XCLDjjp8bbA Q9VgQ68MntAnYxMqK0S3CrHp5Pruvb0x4MfFLNwaKtWK+UnJGPT4umj8PMP6XLsFC3g+SGoP aWoYRDI297ZGx4IBWEaJq181oEC5iUQ6WREti9fNQ3TsAB3Q2CjNlkx1geSczIFJSyOHmyJZ RqAocw1sIuPopvhWtR0AEQEAAYkCRAQYAQgADwUCV+OTdwIbAgUJCWYBgAEpCRAdlby8gWmm gsBdIAQZAQgABgUCV+OTdwAKCRB1n+z//VKNLOETCAC3ggwAAQij4hkIxQFapnRuIVb5vq7D AwJ9+Ld5/zYHOj2Tfu+BPSNGzI2edqboz2w1t55UHEYzYDp2axxIfPrZrXsBV4DsjtGwzVV/ jZ9or5qTaYFDEStRkzL4mRpTyYhl/T7GgWpwOJWOih+cU7RWzjSOxiYMi4QSYlkpDUCcZew0 C3HfcxeFqpeL46zgysHC2ptjINXQ+xR2/F6dbed+l7OsvJAfkBqJoQ/48m+8ly1lbViKck7q gWw143ljaKn2qGIjZdb95zcI/CP4L45SXq8NOweACdx2NfUphLrIMbNCqLkMUJcrnruKfbnp C8OMjFJIqlu+PsW593NcZyOugEAH/0cBsDxlSauSVK4kp8ald26pcBI6igNnIMgjaxMiZBjn eoxBiKAOAO93sPnPr9/64CMMwv1T+0vU2lj8SMKOdHVrB9sW/ICGji5skE85xPEAtUkdAQN+ +c2clotujcaj9lBZKJdncKmSxY0SshEa66H+s76u+2Q3jGK6vOrdxakWYCvh2P0/l52Nd/t2 eazLFgwtk5rbo7O0MSC1GNXUsG07vtZ+zxJXFRx7PQ3ZIn0Y4HqwvXUvqgZ9EHiKy8F+ondz 9IS8/Fs81N5ieujHhSWqbaibapnpeDHvT/FWf8iXfJqWq+F7C8lGShSkmsS5AOhB4TNNH5/m ZzECJa1ql64= Subject: Re: Carp address used as source Message-ID: Date: Fri, 22 Nov 2019 19:34:58 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="wTyMLmUIywe24tjuML5rARr0fJ99CWvTx" X-Rspamd-Queue-Id: 47KQ8g2ljsz44k2 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=plan-b.pwste.edu.pl header.s=plan-b-mailer header.b=phIW54+h; dmarc=pass (policy=none) header.from=pwste.edu.pl; spf=none (mx1.freebsd.org: domain of zarychtam@plan-b.pwste.edu.pl has no SPF policy when checking 2001:678:618::40) smtp.mailfrom=zarychtam@plan-b.pwste.edu.pl X-Spamd-Result: default: False [-6.43 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[plan-b.pwste.edu.pl:s=plan-b-mailer]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; DWL_DNSWL_MED(-2.00)[pwste.edu.pl.dwl.dnswl.org : 127.0.11.2]; NEURAL_HAM_LONG(-0.98)[-0.976,0]; HAS_ATTACHMENT(0.00)[]; HAS_XAW(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[plan-b.pwste.edu.pl:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[pwste.edu.pl,none]; R_SPF_NA(0.00)[]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; IP_SCORE(0.45)[asn: 206006(2.17), country: PL(0.07)]; ASN(0.00)[asn:206006, ipnet:2001:678:618::/48, country:PL]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2019 18:35:16 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --wTyMLmUIywe24tjuML5rARr0fJ99CWvTx Content-Type: multipart/mixed; boundary="CdEEOMT3wvT4dueYV0W9VShd4w8VWmptJ"; protected-headers="v1" From: Marek Zarychta To: Kajetan Staszkiewicz , freebsd-net@freebsd.org Message-ID: Subject: Re: Carp address used as source References: In-Reply-To: --CdEEOMT3wvT4dueYV0W9VShd4w8VWmptJ Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable W dniu 22.11.2019 o=C2=A017:27, Kajetan Staszkiewicz pisze: > Hello, >=20 > I have a pair of loadbalancers using FreeBSD 11.3. They have "public" > side running BGP, which is not important for this discussion and > internal side - multiple VLANs where multple hosts reside which are > targets for loadbalancing. Directing traffic to correct target is done > using route-to target of pf. Traffic usually comes to a public IP > address from public side routed via BGP. This works flawlessly. There > are some loadbalanced addresses configured on internal side too. > Loadbalancers present an IP address using CARP to machines in VLAN and > if traffic comes to this CARP-based IP address, it gets bounced back > (using route-to) to another host in this or another VLAN. >=20 > This works fine when clients and servers are in VLAN. Problem happens > when the loadbalancer itself tries to access such address. >=20 > For example a ping to loadbalanced address looks like this from backup > Loadbalancer: >=20 > [15:41:22] ~/ # sudo tcpdump -pni internal4008 host 10.7.1.7 > 15:41:33.916816 IP 10.7.1.7 > 10.7.1.7: ICMP echo request, id 35466, se= q > 3, length 64 > 15:41:34.917712 IP 10.7.1.7 > 10.7.1.7: ICMP echo request, id 35466, se= q > 4, length 64 > 15:41:35.952626 IP 10.7.1.7 > 10.7.1.7: ICMP echo request, id 35466, se= q > 5, length 64 >=20 >=20 > [15:52:33] ~/ # ifconfig internal4008 | grep -E 'inet |carp:' > inet 10.7.0.242 netmask 0xffff0000 broadcast 10.7.255.255 > inet 10.7.1.1 netmask 0xffffffff broadcast 10.7.1.1 vhid 123 > inet 10.7.1.4 netmask 0xffffffff broadcast 10.7.1.4 vhid 123 > inet 10.7.1.7 netmask 0xffffffff broadcast 10.7.1.7 vhid 123 > inet 10.7.0.240 netmask 0xffffffff broadcast 10.7.0.240 vhid 123 > inet 10.7.2.1 netmask 0xffffffff broadcast 10.7.2.1 vhid 123 > carp: BACKUP vhid 123 advbase 1 advskew 100 >=20 > Connections originating from loadbalancer itself use CARP address as > source. Always the same address which I'm trying to reach. How can I > ensure that CARP address is never used as source for connections > outgoing from Loadbalancer? I've read manpage of ifconfig but I've seen= > only flags regarding IPv6 address choice. >=20 I believe this behavior can be changed by configuring carp interfaces with the same subnet mask as parent interface which is /16 in your case. Best regards, --=20 Marek Zarychta --CdEEOMT3wvT4dueYV0W9VShd4w8VWmptJ-- --wTyMLmUIywe24tjuML5rARr0fJ99CWvTx Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEMOqvKm6wKvS1/ZeCdZ/s//1SjSwFAl3YKlgACgkQdZ/s//1S jSzWkgf6A9V2ggh3N7NF6S8T9B7tVbZ/BhY/wYWxCz1W8Jfniegs7d15MYaJYvmB bMRaSulYauE60LQe8Sg28NY+D110We/rB+I70OIFhk+eBUjcn2xnkUt8XTqNGUnU X153TpmV8TsWUDGS2qnrxZIh1AHgg6g8c2Bk844pJqutMPJE+/3QYL3abIrSwOvU ylVOb3mm+zmy5ju/mPne3JJI1rihP+vcRagHopSflgkGCSz9a/U+8QL/TrI8NHun l0z5OD0VFm2wY717l943q7Tz3aLXYp81N36+GUilgcyE/yB0GapRCIvEJ3KUHnl1 FDBhRfhJo51aTdbgVKaZMsqVwuEHQg== =wrl5 -----END PGP SIGNATURE----- --wTyMLmUIywe24tjuML5rARr0fJ99CWvTx-- From owner-freebsd-net@freebsd.org Fri Nov 22 21:30:43 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 54D151C244B for ; Fri, 22 Nov 2019 21:30:43 +0000 (UTC) (envelope-from crapsh@monkeybrains.net) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47KV370SY1z4HP3 for ; Fri, 22 Nov 2019 21:30:43 +0000 (UTC) (envelope-from crapsh@monkeybrains.net) Received: by mailman.nyi.freebsd.org (Postfix) id 0C42C1C244A; Fri, 22 Nov 2019 21:30:43 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0BF5E1C2449 for ; Fri, 22 Nov 2019 21:30:43 +0000 (UTC) (envelope-from crapsh@monkeybrains.net) Received: from mail.monkeybrains.net (mail.monkeybrains.net [208.69.40.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.monkeybrains.net", Issuer "AlphaSSL CA - SHA256 - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47KV3575bzz4HNL for ; Fri, 22 Nov 2019 21:30:41 +0000 (UTC) (envelope-from crapsh@monkeybrains.net) Received: from [10.2.86.111] (public.monkeybrains.net [208.69.41.107] (may be forged)) (authenticated bits=0) by mail.monkeybrains.net (8.15.2/8.15.2) with ESMTPSA id xAMLUdNr078580 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Fri, 22 Nov 2019 13:30:40 -0800 (PST) (envelope-from crapsh@monkeybrains.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=monkeybrains.net; s=dkim; t=1574458240; bh=R6hRc8cEsLXrZZXOF4aVubJMCD4WMWOW16nTBUH6YdE=; h=To:From:Subject:Date; b=UPlDqi5ccO21rr8wFP1JuhALECWQDBKJPyShvkHwkUSF4QzYVsIxutZv4+EZEdzrh LIx7LkHKV+8cO+/0ihqz7Xl498pNHzgkBwGnR/dxhbHnWjUoOdl1H4ltG1/ull0FOE wZKlVPzO6Wzm9vBRVCeDlocvcvfPQK9WWrEI3nKw= X-Authentication-Warning: mail.monkeybrains.net: Host public.monkeybrains.net [208.69.41.107] (may be forged) claimed to be [10.2.86.111] To: net@FreeBSD.org From: BulkMailForRudy Subject: ix0 and ix1 ifconfig options different on Supermicro board Message-ID: Date: Fri, 22 Nov 2019 13:30:39 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.2 MIME-Version: 1.0 Content-Language: en-US X-Virus-Scanned: clamav-milter 0.101.4 at mail.monkeybrains.net X-Virus-Status: Clean X-Rspamd-Queue-Id: 47KV3575bzz4HNL X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=monkeybrains.net header.s=dkim header.b=UPlDqi5c; dmarc=pass (policy=none) header.from=monkeybrains.net; spf=pass (mx1.freebsd.org: domain of crapsh@monkeybrains.net designates 208.69.40.19 as permitted sender) smtp.mailfrom=crapsh@monkeybrains.net X-Spamd-Result: default: False [-6.84 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[monkeybrains.net:s=dkim]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[monkeybrains.net.dwl.dnswl.org : 127.0.5.0]; R_SPF_ALLOW(-0.20)[+ptr]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[net@freebsd.org]; HAS_XAW(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[monkeybrains.net:+]; DMARC_POLICY_ALLOW(-0.50)[monkeybrains.net,none]; IP_SCORE(-3.74)[ip: (-9.80), ipnet: 208.69.40.0/22(-4.91), asn: 32329(-3.93), country: US(-0.05)]; RCVD_IN_DNSWL_LOW(-0.10)[19.40.69.208.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:32329, ipnet:208.69.40.0/22, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2019 21:30:43 -0000 I have nearly identical setups, but ix0 and ix1 are getting different options at boot.  This seems to be the only difference I see between machines and I am trying to answer the question, Why can Server A iperf close to line rate while the other servers can not? The Test:  iperf -P 3 -c REMOTE_ADDR Server A (ix1) -> Server C (ix0)  = 9.4Gbps Server B (ix0)-> Server C (ix0) = 5.6Gbps Server C (ix0)-> A (ix1) or B (ix0)  = 5.0Gbps The motherboards are identical between A,B and C and the configs very similar.  The only difference is that Server A is plugged into ix1 while Server B and C are using ix0. I am not modifying the flags at boot (eg ifconfig -tso), yet ix0 lacks TXCSUM,TSO4,TSO6,LRO,WOL. ix0: flags=8943 metric 0 mtu 1500 options=a538b9         ether *ac:1f:6b:6a:14:6*4         media: Ethernet autoselect (10Gbase-T ) ix1: flags=8843 metric 0 mtu 1500 options=e53fbb         ether *ac:1f:6b:6a:14:6*5         media: Ethernet autoselect (10Gbase-T ) I did try adding some flags to ix0 and -- not sure if this was the reason -- the box started acting oddly and I ended up rebooting it. My hunch has is that there is somethign with the TSO4. Rudy From owner-freebsd-net@freebsd.org Fri Nov 22 21:46:54 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 64DD31C2E00 for ; Fri, 22 Nov 2019 21:46:54 +0000 (UTC) (envelope-from crapsh@monkeybrains.net) Received: from mail.monkeybrains.net (mail.monkeybrains.net [208.69.40.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.monkeybrains.net", Issuer "AlphaSSL CA - SHA256 - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47KVPn3NM7z4JWb for ; Fri, 22 Nov 2019 21:46:53 +0000 (UTC) (envelope-from crapsh@monkeybrains.net) Received: from [10.2.86.111] (public.monkeybrains.net [208.69.41.107] (may be forged)) (authenticated bits=0) by mail.monkeybrains.net (8.15.2/8.15.2) with ESMTPSA id xAMLkq1b081400 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Fri, 22 Nov 2019 13:46:52 -0800 (PST) (envelope-from crapsh@monkeybrains.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=monkeybrains.net; s=dkim; t=1574459212; bh=oPa+uh9ez/VfNen4GBXuriGtWiohXNj0BvJUcLXwfvc=; h=Subject:To:References:From:Date:In-Reply-To; b=g6sp6nLosXxSZHFlK1ddrpTekdAo1vctfPnVC8UYFh5EyhuwYa6VFNH4XjNmxtLMQ Xq/sgaxErf2lJgA7OKzuBnaIJugmJTEgMv0t63UVUURJ0FsW7AzLX7XVYTNeA2vxQw wQzeQ8c5atjE7UWO79GfqZH8MIv9elTxbv/bJfMU= X-Authentication-Warning: mail.monkeybrains.net: Host public.monkeybrains.net [208.69.41.107] (may be forged) claimed to be [10.2.86.111] Subject: Re: ix0 and ix1 ifconfig options different on Supermicro board To: freebsd-net@freebsd.org References: From: BulkMailForRudy Message-ID: Date: Fri, 22 Nov 2019 13:46:52 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Virus-Scanned: clamav-milter 0.101.4 at mail.monkeybrains.net X-Virus-Status: Clean X-Rspamd-Queue-Id: 47KVPn3NM7z4JWb X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=monkeybrains.net header.s=dkim header.b=g6sp6nLo; dmarc=pass (policy=none) header.from=monkeybrains.net; spf=pass (mx1.freebsd.org: domain of crapsh@monkeybrains.net designates 208.69.40.19 as permitted sender) smtp.mailfrom=crapsh@monkeybrains.net X-Spamd-Result: default: False [-6.84 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[monkeybrains.net:s=dkim]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ptr]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; RCVD_COUNT_TWO(0.00)[2]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[monkeybrains.net:+]; DMARC_POLICY_ALLOW(-0.50)[monkeybrains.net,none]; IP_SCORE(-3.74)[ip: (-9.81), ipnet: 208.69.40.0/22(-4.91), asn: 32329(-3.93), country: US(-0.05)]; RCVD_IN_DNSWL_LOW(-0.10)[19.40.69.208.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:32329, ipnet:208.69.40.0/22, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[monkeybrains.net.dwl.dnswl.org : 127.0.5.0] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2019 21:46:54 -0000 I just did another test to a machine with a Chelsio card.  Server D (cxl3) -> Server A = 3.5Gbps Turning on flags lro tso4 tso6 vlanhwtso , yields  Server D (cxl3) -> Server A = 9.1 Gbps Oddly, this was an ipv4 iperf, but tso6 seems to help. I had settings turned off per https://wiki.freebsd.org/10gFreeBSD/Router#Disabling_LRO_and_TSO Servers A,B, and C are all running services.  Server D is acting as a router.  Are the LRO and TSO only for TCP to the box, or will it increase speeds for forwarding if I enable it? Thanks, Rudy On 11/22/19 1:30 PM, BulkMailForRudy wrote: > > I have nearly identical setups, but ix0 and ix1 are getting different > options at boot.  This seems to be the only difference I see between > machines and I am trying to answer the question, Why can Server A > iperf close to line rate while the other servers can not? > > The Test:  iperf -P 3 -c REMOTE_ADDR > > Server A (ix1) -> Server C (ix0)  = 9.4Gbps > Server B (ix0)-> Server C (ix0) = 5.6Gbps > Server C (ix0)-> A (ix1) or B (ix0)  = 5.0Gbps > > > The motherboards are identical between A,B and C and the configs very > similar.  The only difference is that Server A is plugged into ix1 > while Server B and C are using ix0. > > > I am not modifying the flags at boot (eg ifconfig -tso), yet ix0 lacks > TXCSUM,TSO4,TSO6,LRO,WOL. > > ix0: flags=8943 metric > 0 mtu 1500 > options=a538b9 > >         ether *ac:1f:6b:6a:14:6*4 >         media: Ethernet autoselect (10Gbase-T ) > ix1: flags=8843 metric 0 mtu 1500 > options=e53fbb > >         ether *ac:1f:6b:6a:14:6*5 >         media: Ethernet autoselect (10Gbase-T ) > > I did try adding some flags to ix0 and -- not sure if this was the > reason -- the box started acting oddly and I ended up rebooting it. > > > My hunch has is that there is somethign with the TSO4. > > > Rudy > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@freebsd.org Sat Nov 23 08:49:12 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B514D1AF4B2 for ; Sat, 23 Nov 2019 08:49:12 +0000 (UTC) (envelope-from vmaffione@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47Kn604QhRz3KK4 for ; Sat, 23 Nov 2019 08:49:12 +0000 (UTC) (envelope-from vmaffione@freebsd.org) Received: from mail-qt1-f176.google.com (mail-qt1-f176.google.com [209.85.160.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) (Authenticated sender: vmaffione) by smtp.freebsd.org (Postfix) with ESMTPSA id 6B20B1A521 for ; Sat, 23 Nov 2019 08:49:12 +0000 (UTC) (envelope-from vmaffione@freebsd.org) Received: by mail-qt1-f176.google.com with SMTP id t20so10808640qtn.9 for ; Sat, 23 Nov 2019 00:49:12 -0800 (PST) X-Gm-Message-State: APjAAAUO9svIP9wIGis+kc3O/1noX/S7t8eIsinqp9QjyyBuVlls/fub fGbAzjUgGDSO63/zlluFc/DuF1lVU1+XxJc0ht4= X-Google-Smtp-Source: APXvYqxieinkTRCadGdFxo4X9ZQ5LGNm6h3dpWbtl3TndRAPGBm46o+J0Hg9xbNtN76ROSFxdDF61WW6JdDhwXjUmdw= X-Received: by 2002:ac8:664c:: with SMTP id j12mr3562112qtp.350.1574498951776; Sat, 23 Nov 2019 00:49:11 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Vincenzo Maffione Date: Sat, 23 Nov 2019 09:51:15 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: ix0 and ix1 ifconfig options different on Supermicro board To: BulkMailForRudy Cc: "freebsd-net@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Nov 2019 08:49:12 -0000 Hi, TSO/LRO (for IPv4 and/or IPv6) will increase TCP bulk throughput on machine X for those TCP connection where X is one of the two endpoints, that is TCP connections that are local to X. That's why you are seing iperf achieving higher throughput with TSO/LRO enabled. TSO means that your local TCP stack will pass down large (e.g. 32K) packets to the NIC driver, and the NIC will take care of segmentation. This is beneficial for two reasons: (1) the segmentation work is done in hardware rather than in the CPU, and this is typically faster (and also, you save the CPU time for other stuff); (2) the per-packet cost of protocol processing (TCP, IP, Ethernet) is amortized over a large amount of bytes, which means that your total per-byte CPU time will be way lower. Most of the gain actually comes from (2). LRO is similar, but in the receive direction. However, if your device is a router it means that it forwards packets. Therefore the local TCP stack is not involved, so TSO simply does not apply (at least in FreeBSD). I think LRO applies, but there is a latency hit, as suggested by the wiki page you pointed. So no, enabling TSO/LRO will not increase the forwarding rate, but possibly increase latency. You should keep it disabled. Cheers, Vincenzo Il giorno ven 22 nov 2019 alle ore 22:47 BulkMailForRudy < crapsh@monkeybrains.net> ha scritto: > > I just did another test to a machine with a Chelsio card. > > Server D (cxl3) -> Server A = 3.5Gbps > > Turning on flags lro tso4 tso6 vlanhwtso , yields > > Server D (cxl3) -> Server A = 9.1 Gbps > > Oddly, this was an ipv4 iperf, but tso6 seems to help. > > I had settings turned off per > https://wiki.freebsd.org/10gFreeBSD/Router#Disabling_LRO_and_TSO > > Servers A,B, and C are all running services. Server D is acting as a > router. Are the LRO and TSO only for TCP to the box, or will it > increase speeds for forwarding if I enable it? > > > Thanks, > > Rudy > > > On 11/22/19 1:30 PM, BulkMailForRudy wrote: > > > > I have nearly identical setups, but ix0 and ix1 are getting different > > options at boot. This seems to be the only difference I see between > > machines and I am trying to answer the question, Why can Server A > > iperf close to line rate while the other servers can not? > > > > The Test: iperf -P 3 -c REMOTE_ADDR > > > > Server A (ix1) -> Server C (ix0) = 9.4Gbps > > Server B (ix0)-> Server C (ix0) = 5.6Gbps > > Server C (ix0)-> A (ix1) or B (ix0) = 5.0Gbps > > > > > > The motherboards are identical between A,B and C and the configs very > > similar. The only difference is that Server A is plugged into ix1 > > while Server B and C are using ix0. > > > > > > I am not modifying the flags at boot (eg ifconfig -tso), yet ix0 lacks > > TXCSUM,TSO4,TSO6,LRO,WOL. > > > > ix0: flags=8943 metric > > 0 mtu 1500 > > > options=a538b9 > > > > > ether *ac:1f:6b:6a:14:6*4 > > media: Ethernet autoselect (10Gbase-T ) > > ix1: flags=8843 metric 0 mtu 1500 > > > options=e53fbb > > > > > ether *ac:1f:6b:6a:14:6*5 > > media: Ethernet autoselect (10Gbase-T ) > > > > I did try adding some flags to ix0 and -- not sure if this was the > > reason -- the box started acting oddly and I ended up rebooting it. > > > > > > My hunch has is that there is somethign with the TSO4. > > > > > > Rudy > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >