ICMP6

Fri, 07 Jun 2024 01:11:45 -0700 

Invaluable Committers, Dear Subscribers,
I found Gleb's fixes to ICMP6 error rate limiting extremely useful, especially since this limiting is not working at all in stable/14 (as far as I was able to test). It looks to me like IPv6 bits in FreeBSD are not widely tested and seem to be neglected. In some places, they remain as they were initially imported from KAME.  Some time ago kaktus@ fixed logging for unforwarded packets [1] [2]. Recently glebius@ fixed ICMP6 error rate limiting, but there is still open PR 245103[3] and other bugs. 


It's appreciated by the community that Netflix uses IPv6 and their 
programmers are working on the improvements. So please let me ask here 
for the MFC of the few commits to the stable/14 branch. The commits I am 
asking for have the following hashes: 
7142ab4790666022a2a3d85910e9cd8e241d9b87, 
9d7f17d7467ed8c9740730a8db7a82e4768e5177, 
b508545ce044dbfdd83da772e73f969a3713d59d, 
ac44739fd834f51cacb26485a4140fd482e20150, 
c6c96aaba8dd74eb39469ed156ff19cc31d599b7, 
32aeee8ce7e72738fff236ccd5629d55035458f8, 
4f96be33fe7676c69c5abb476bb09bba0c63a3f4, 
a03aff88a14448c3084a0384082ec996d7213897, 
4399e055ea610cdefa1470ad1ee614dd81ba5e56, 
75d15e893b14188b83c5fb5e4979fa21c557934f, 
f7c4d12bcd5bd7f7fbf6bf9fa601c47e7f97bc5f.



I have done the MFC in my local repo and while testing the stable/14 
built from it on the bunch of hosts, I found the set complete, 
applicable, and most likely not breaking KBI. The only problem I spotted 
was the too-low default value of net.inet6.icmp6.errppslimit[4]. 
Fortunately, it's tunable, so bumping it to 200 fixed the error flooding 
for Nextcloud hosts. Let me mention here, that the value of the similar 
knob for IPv4 (net.inet.icmp.icmplim) was already bumped to 200 some 
time ago.



 Maybe some brave committer will take on this MFC of the above set of 
commits to stable/14 and thus will contribute to preparing an even 
better future 14.2-RELEASE.


1. https://reviews.freebsd.org/D38644
2. https://reviews.freebsd.org/D38758
3. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245103
4. https://github.com/freebsd/freebsd-src/blob/main/sys/netinet6/icmp6.c#L2735

Best regards

--
Marek Zarychta
























					Reply via email to