> On Jun 7, 2024, at 4:10 PM, Marek Zarychta <zarych...@plan-b.pwste.edu.pl> > wrote: > > Invaluable Committers, Dear Subscribers, > > I found Gleb's fixes to ICMP6 error rate limiting extremely useful, > especially since this limiting is not working at all in stable/14 (as far as > I was able to test). It looks to me like IPv6 bits in FreeBSD are not widely > tested and seem to be neglected. In some places, they remain as they were > initially imported from KAME. Some time ago kaktus@ fixed logging for > unforwarded packets [1] [2]. Recently glebius@ fixed ICMP6 error rate > limiting, but there is still open PR 245103[3] and other bugs. > > It's appreciated by the community that Netflix uses IPv6 and their > programmers are working on the improvements. So please let me ask here for > the MFC of the few commits to the stable/14 branch. The commits I am asking > for have the following hashes: 7142ab4790666022a2a3d85910e9cd8e241d9b87, > 9d7f17d7467ed8c9740730a8db7a82e4768e5177, > b508545ce044dbfdd83da772e73f969a3713d59d, > ac44739fd834f51cacb26485a4140fd482e20150, > c6c96aaba8dd74eb39469ed156ff19cc31d599b7, > 32aeee8ce7e72738fff236ccd5629d55035458f8, > 4f96be33fe7676c69c5abb476bb09bba0c63a3f4, > a03aff88a14448c3084a0384082ec996d7213897, > 4399e055ea610cdefa1470ad1ee614dd81ba5e56, > 75d15e893b14188b83c5fb5e4979fa21c557934f, > f7c4d12bcd5bd7f7fbf6bf9fa601c47e7f97bc5f. As discussed with Marek in Telegram, those looks pretty safe to MFC. I can do the MFC if no explicit objections. > > I have done the MFC in my local repo and while testing the stable/14 built > from it on the bunch of hosts, I found the set complete, applicable, and most > likely not breaking KBI. The only problem I spotted was the too-low default > value of net.inet6.icmp6.errppslimit[4]. Fortunately, it's tunable, so > bumping it to 200 fixed the error flooding for Nextcloud hosts. Let me > mention here, that the value of the similar knob for IPv4 > (net.inet.icmp.icmplim) was already bumped to 200 some time ago. > > Maybe some brave committer will take on this MFC of the above set of commits > to stable/14 and thus will contribute to preparing an even better future > 14.2-RELEASE. > > 1. https://reviews.freebsd.org/D38644 > 2. https://reviews.freebsd.org/D38758 > 3. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245103 > 4. https://github.com/freebsd/freebsd-src/blob/main/sys/netinet6/icmp6.c#L2735 > > Best regards > > -- > Marek Zarychta >