Problem reports for n...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- In Progress |221146 | [ixgbe] Problem with second laggport In Progress |235700 | oce(4) driver causes fatal trap 12 on boot with e New |204438 | setsockopt() handling of kern.ipc.maxsockbuf limi New |205592 | TCP processing in IPSec causes kernel panic New |213410 | [carp] service netif restart causes hang only whe Open|193452 | Dell PowerEdge 210 II -- Kernel panic bce (broadc Open|194485 | Userland cannot add IPv6 prefix routes Open|200319 | Bridge+CARP crashes/freezes Open|202510 | [CARP] advertisements sourced from CARP IP cause Open|73 | igb(4): Kernel panic (fatal trap 12) due to netwo Open|225438 | panic in6_unlink_ifa() due to race Open|227720 | Kernel panic in ppp server Open|233952 | jme NICs non functional after 11.2 to 12.0 upgrad Open|236888 | ppp daemon: Allow MTU to be overridden for PPPoE Open|236983 | bnxt(4) VLAN not operational unless explicit "ifc Open|237072 | netgraph(4): performance issue [on HardenedBSD]? Open|237391 | route get returns no result for network addresses Open|237840 | Removed dummynet dependency on ipfw 18 problems total for which you should take action. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
[Bug 209471] Listen queue overflow due to too many sockets stuck in CLOSED state
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209471 y2wjegieo...@opayq.com changed: What|Removed |Added CC||y2wjegieo...@opayq.com --- Comment #22 from y2wjegieo...@opayq.com --- I am facing the same issue with Freebsd 11.2 (freenas machine). In the log I have this: Aug 18 18:50:19 freenas ctld[2680]: 192.168.0.122: exiting due to timeout Aug 18 18:50:19 freenas ctld[2683]: 192.168.0.122: exiting due to timeout Aug 18 18:50:19 freenas ctld[2679]: 192.168.0.122: exiting due to timeout Aug 18 18:50:19 freenas ctld[2681]: 192.168.0.122: exiting due to timeout Aug 18 18:50:19 freenas ctld[2682]: 192.168.0.122: exiting due to timeout sonewconn: pcb 0xf80045e88ae0: Listen queue overflow: 193 already in queue awaiting acceptance (1 occurrences) sonewconn: pcb 0xf80045e88ae0: Listen queue overflow: 193 already in queue awaiting acceptance (322 occurrences) sonewconn: pcb 0xf80045e88ae0: Listen queue overflow: 193 already in queue awaiting acceptance (340 occurrences) sonewconn: pcb 0xf80045e88ae0: Listen queue overflow: 193 already in queue awaiting acceptance (340 occurrences) netstat -Lan reported the issue about the port 3260 (iscsi) It seems to happened while I try to rename a ZVOL (zfs rename ...) I tried to stop the iscsi service from the GUIwith no luck: /etc/rc.d/ctld stop did not produce any effect (process was stuck) I tried to kill the process manually: (2281 is for /usr/sbin/ctld) kill -9 2481 kill -HUP 2481 kill -KILL 2481 kill -19 2481 but no luck. For a strange reason: /etc/rc.d/ctld stop returned: ctld not running? (check /var/run/ctld.pid). (the service was definitely running) ps aux | awk '$8=="Z" {print $2}' returns nothing At the end, I rebooted the VM (I had to force the poweroff as I was getting extra message on the console about sonewconn after the sync message) Hope it helps -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: pf (rules and nat) + (ipfw + dummynet)
On Sun, Aug 18, 2019 at 01:15:17PM +0100, Andrew White wrote: > https://github.com/opnsense/src/commit/7514cc670601b566f30e0386ef8885660a27aa5a#diff-f038606be7fc68e05878b9cdbb32e21f I already talked to this commiter, and this is also PfSense patch, but for 11.0-RELEASE. That's the second thing we tried (first was understanding what Apple did). As for PfSense guys, I can not be any louder: https://twitter.com/meka_floss/status/1163035309224992768. If anyone knows how to reach PfSense people willing to help upstream their patch, I'm really glad to hear about them. signature.asc Description: PGP signature
Re: pf (rules and nat) + (ipfw + dummynet)
Best of luck with this endeavor ! A very quick scan of that patch seems to include a lot more changes to ipfw than I would expect, perhaps other bug fixes or feature changes that are unrelated ? It also reads like it defines new pf rule actions, so I imagine you configure pf by setting the rule action to be dnpipe or something similar. mac OS seems to use an anchor type called dummynet-anchor fwiw. If this works in pfsense, perhaps the developers there would assist getting their patches into freebsd so they don't have to maintain them outside of freebsd source. Andrew On Sun, Aug 18, 2019 at 10:33 AM Goran Mekić wrote: > Hello, > > If I knew we almost made it compile and boot (with dummynet, pf and pflog > loaded), > I would postpone the previous email. :o) > > The code I'm working on is > https://github.com/mekanix/freebsd/tree/feature/pf+dummynet/12.0. > It is nothing more than releng/12.0 branch into which I copied parts of > PFSense > code until it started working. I still don't know how to test it, as I'm > not > sure what's the PFSense's syntax for pf.conf. I know you can use "ipfw > pipe list" to show the pipes without ipfw module loaded. Once loaded, > ipfw lets you manage dummynet. What I do for now is load ipfw, set the > pipes, unload ipfw. > > If anyone knows how to configure pf.conf so that it passes everything > it receives to dummynet, I'm all ears. I will "fork" /sbin/ipfw and > create /sbin/dnctl so we don't have to depend on IPFW at all, but I > would like it to start working like this, first. > > My concerns about this patch is that it changes IPFW, too. I don't know > if the following link is visible if you're not logged into github, but > it shows the difference between releng/12.0 and this branch: > > https://github.com/freebsd/freebsd/compare/releng/12.0...mekanix:feature/pf+dummynet/12.0?expand=1 > > Anyway, my priority is to make it work somehow, then clean it up, port > to -CURRENT and only then write dnctl. > > As always, all help is more than welcome as this is my first kernel > development task ever. > > Regards, > meka > ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: pf (rules and nat) + (ipfw + dummynet)
On Sat, Aug 17, 2019 at 10:51 PM Kristof Provost wrote: > On 2019-08-17 22:25:44 (+0100), Andrew White wrote: > > Using 11.3 , I've been trying to configure pf with dummynet. Having ipfw > > reply traffic sent into a dummynet pipe causes pf to reject the traffic. > > > > Searching around and looking at ip_input.c it looks like dummynet > reinjects > > the packet back into input and this is what causes the problem , I'm > > guessing the checksum changes. > > > I would expect both firewalls to leave the packets with correct > checksums, but I have to add the disclaimer that I do not consider > mixing firewalls to be a supported use case. I can think of several > things (IPv6 fragment handling, route-to at least) where combining pf > with another firewall is very likely to break. > > I agree, mixing firewalls carrys risks, but afaik the only current way to use pf with dummynet in freebsd is to mix with ipfw. my use case is simple and would only cover basic permits to route into dummynet, so I would hope some of the edgecases around frags etc wouldn't apply. A sample patch (that doesn't appear to work for me) is https://github.com/opnsense/src/commit/7514cc670601b566f30e0386ef8885660a27aa5a#diff-f038606be7fc68e05878b9cdbb32e21f I'll debug a bit more and find/write/modify a patch to see if I can address it. > I agree, mixing firewalls carrys risks, but afaik the only current way to > use pf with dummynet is to mix with ipfw > > Regards, > Kristof > ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: addrs capability of rtadvd?
On 17 Aug 2019, at 6:03, John-Mark Gurney wrote: I am setting up ipv6, and going through the guide at: https://www.freebsd.org/doc/handbook/network-ipv6.html#idp71931000 And noticed the addrs#1 property in the example. I checked the rtadvd.conf man page, and I do not see an entry for addrs. Should this be removed? I also did a quick check of the rtadvd source code, and I don't see a makeentry for addrs either. If no one objects, I'll remove it. Or replace it with a working example? Would something like this work to even show multiple prefixes (beyond the handbook example)? :addr=“2001:db8:4242:::”:prefixlen#64:\ :addr2="2001:db8:4242:1::”:prefixlen2#64: And yes, removing the “:addrs#1” from the handbook should be fine. /bz ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: pf (rules and nat) + (ipfw + dummynet)
Hello, If I knew we almost made it compile and boot (with dummynet, pf and pflog loaded), I would postpone the previous email. :o) The code I'm working on is https://github.com/mekanix/freebsd/tree/feature/pf+dummynet/12.0. It is nothing more than releng/12.0 branch into which I copied parts of PFSense code until it started working. I still don't know how to test it, as I'm not sure what's the PFSense's syntax for pf.conf. I know you can use "ipfw pipe list" to show the pipes without ipfw module loaded. Once loaded, ipfw lets you manage dummynet. What I do for now is load ipfw, set the pipes, unload ipfw. If anyone knows how to configure pf.conf so that it passes everything it receives to dummynet, I'm all ears. I will "fork" /sbin/ipfw and create /sbin/dnctl so we don't have to depend on IPFW at all, but I would like it to start working like this, first. My concerns about this patch is that it changes IPFW, too. I don't know if the following link is visible if you're not logged into github, but it shows the difference between releng/12.0 and this branch: https://github.com/freebsd/freebsd/compare/releng/12.0...mekanix:feature/pf+dummynet/12.0?expand=1 Anyway, my priority is to make it work somehow, then clean it up, port to -CURRENT and only then write dnctl. As always, all help is more than welcome as this is my first kernel development task ever. Regards, meka signature.asc Description: PGP signature
Re: pf (rules and nat) + (ipfw + dummynet)
On Sat, Aug 17, 2019 at 11:51:51PM +0200, Kristof Provost wrote: > This work was started by a prospective gsoc student, but they were not > selected, and I have not seen any big patches come out of it. The student is a junior I teach and we're still working on the patch, but still no success. PFSense is about to release 2.5 which is based on FreeBSD 12.0 so we are trying to reimport the patch to make it work on 12-RELEASE (the last patch we tried to import was for 11.0). So, there is some effort, but it's very slow. Regards, meka signature.asc Description: PGP signature