Problem reports for n...@freebsd.org that need special attention

2019-08-18 Thread bugzilla-noreply 
To view an individual PR, use:
  https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id).

The following is a listing of current problems submitted by FreeBSD users,
which need special attention. These represent problem reports covering
all versions including experimental development code and obsolete releases.

Status  |Bug Id | Description
+---+---
In Progress |221146 | [ixgbe] Problem with second laggport  
In Progress |235700 | oce(4) driver causes fatal trap 12 on boot with e 
New |204438 | setsockopt() handling of kern.ipc.maxsockbuf limi 
New |205592 | TCP processing in IPSec causes kernel panic   
New |213410 | [carp] service netif restart causes hang only whe 
Open|193452 | Dell PowerEdge 210 II -- Kernel panic bce (broadc 
Open|194485 | Userland cannot add IPv6 prefix routes
Open|200319 | Bridge+CARP crashes/freezes   
Open|202510 | [CARP] advertisements sourced from CARP IP cause  
Open|73 | igb(4): Kernel panic (fatal trap 12) due to netwo 
Open|225438 | panic in6_unlink_ifa() due to race
Open|227720 | Kernel panic in ppp server
Open|233952 | jme NICs non functional after 11.2 to 12.0 upgrad 
Open|236888 | ppp daemon: Allow MTU to be overridden for PPPoE  
Open|236983 | bnxt(4) VLAN not operational unless explicit "ifc 
Open|237072 | netgraph(4): performance issue [on HardenedBSD]?  
Open|237391 | route get returns no result for network addresses 
Open|237840 | Removed dummynet dependency on ipfw   

18 problems total for which you should take action.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 209471] Listen queue overflow due to too many sockets stuck in CLOSED state

2019-08-18 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209471

y2wjegieo...@opayq.com changed:

   What|Removed |Added

 CC||y2wjegieo...@opayq.com

--- Comment #22 from y2wjegieo...@opayq.com ---
I am facing the same issue with Freebsd 11.2 (freenas machine).
In the log I have this:
Aug 18 18:50:19 freenas ctld[2680]: 192.168.0.122: exiting due to timeout
Aug 18 18:50:19 freenas ctld[2683]: 192.168.0.122: exiting due to timeout
Aug 18 18:50:19 freenas ctld[2679]: 192.168.0.122: exiting due to timeout
Aug 18 18:50:19 freenas ctld[2681]: 192.168.0.122: exiting due to timeout
Aug 18 18:50:19 freenas ctld[2682]: 192.168.0.122: exiting due to timeout
sonewconn: pcb 0xf80045e88ae0: Listen queue overflow: 193 already in queue
awaiting acceptance (1 occurrences)
sonewconn: pcb 0xf80045e88ae0: Listen queue overflow: 193 already in queue
awaiting acceptance (322 occurrences)
sonewconn: pcb 0xf80045e88ae0: Listen queue overflow: 193 already in queue
awaiting acceptance (340 occurrences)
sonewconn: pcb 0xf80045e88ae0: Listen queue overflow: 193 already in queue
awaiting acceptance (340 occurrences)

netstat -Lan reported the issue about the port 3260 (iscsi)
It seems to happened while I try to rename a ZVOL (zfs rename ...)

I tried to stop the iscsi service from the GUIwith no luck:
/etc/rc.d/ctld stop did not produce any effect (process was stuck)
I tried to kill the process manually: (2281 is for /usr/sbin/ctld) 
kill -9 2481
kill -HUP 2481
kill -KILL 2481
kill -19 2481
but no luck.

For a strange reason: /etc/rc.d/ctld stop returned:
ctld not running? (check /var/run/ctld.pid). (the service was definitely
running)

ps aux | awk '$8=="Z" {print $2}' returns nothing

At the end, I rebooted the VM (I had to force the poweroff as I was getting
extra message on the console about sonewconn after the sync message)

Hope it helps

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: pf (rules and nat) + (ipfw + dummynet)

2019-08-18 Thread Goran Mekić 
On Sun, Aug 18, 2019 at 01:15:17PM +0100, Andrew White wrote:
> https://github.com/opnsense/src/commit/7514cc670601b566f30e0386ef8885660a27aa5a#diff-f038606be7fc68e05878b9cdbb32e21f
I already talked to this commiter, and this is also PfSense patch, but
for 11.0-RELEASE. That's the second thing we tried (first was
understanding what Apple did). As for PfSense guys, I can not be any
louder: https://twitter.com/meka_floss/status/1163035309224992768. If
anyone knows how to reach PfSense people willing to help upstream their
patch, I'm really glad to hear about them.


signature.asc
Description: PGP signature

Re: pf (rules and nat) + (ipfw + dummynet)

2019-08-18 Thread Andrew White 
Best of luck with this endeavor !

A very quick scan of that patch seems to include a lot more changes to ipfw
than I would expect, perhaps other bug fixes or feature changes that are
unrelated ?  It also reads like it defines new pf rule actions, so I
imagine you configure pf by setting the rule action to be dnpipe or
something similar.  mac OS seems to use an anchor type called
dummynet-anchor fwiw.

If this works in pfsense, perhaps the developers there would assist getting
their patches into freebsd so they don't have to maintain them outside of
freebsd source.

Andrew

On Sun, Aug 18, 2019 at 10:33 AM Goran Mekić  wrote:

> Hello,
>
> If I knew we almost made it compile and boot (with dummynet, pf and pflog
> loaded),
> I would postpone the previous email. :o)
>
> The code I'm working on is
> https://github.com/mekanix/freebsd/tree/feature/pf+dummynet/12.0.
> It is nothing more than releng/12.0 branch into which I copied parts of
> PFSense
> code until it started working. I still don't know how to test it, as I'm
> not
> sure what's the PFSense's syntax for pf.conf. I know you can use "ipfw
> pipe list" to show the pipes without ipfw module loaded. Once loaded,
> ipfw lets you manage dummynet. What I do for now is load ipfw, set the
> pipes, unload ipfw.
>
> If anyone knows how to configure pf.conf so that it passes everything
> it receives to dummynet, I'm all ears. I will "fork" /sbin/ipfw and
> create /sbin/dnctl so we don't have to depend on IPFW at all, but I
> would like it to start working like this, first.
>
> My concerns about this patch is that it changes IPFW, too. I don't know
> if the following link is visible if you're not logged into github, but
> it shows the difference between releng/12.0 and this branch:
>
> https://github.com/freebsd/freebsd/compare/releng/12.0...mekanix:feature/pf+dummynet/12.0?expand=1
>
> Anyway, my priority is to make it work somehow, then clean it up, port
> to -CURRENT and only then write dnctl.
>
> As always, all help is more than welcome as this is my first kernel
> development task ever.
>
> Regards,
> meka
>
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: pf (rules and nat) + (ipfw + dummynet)

2019-08-18 Thread Andrew White 
On Sat, Aug 17, 2019 at 10:51 PM Kristof Provost  wrote:

> On 2019-08-17 22:25:44 (+0100), Andrew White  wrote:
> > Using 11.3 , I've been trying to configure pf with dummynet.  Having ipfw
> > reply traffic sent into a dummynet pipe causes pf to reject the traffic.
> >
> > Searching around and looking at ip_input.c it looks like dummynet
> reinjects
> > the packet back into input and this is what causes the problem , I'm
> > guessing the checksum changes.
> >
> I would expect both firewalls to leave the packets with correct
> checksums, but I have to add the disclaimer that I do not consider
> mixing firewalls to be a supported use case. I can think of several
> things (IPv6 fragment handling, route-to at least) where combining pf
> with another firewall is very likely to break.
>
> I agree, mixing firewalls carrys risks, but afaik the only current way to
use pf with dummynet in freebsd is to mix with ipfw. my use case is simple
and would only cover basic permits to route into dummynet, so I would hope
some of the edgecases around frags etc wouldn't apply.

A sample patch (that doesn't appear to work for me)  is
https://github.com/opnsense/src/commit/7514cc670601b566f30e0386ef8885660a27aa5a#diff-f038606be7fc68e05878b9cdbb32e21f

I'll debug a bit more and find/write/modify a patch to see if I can address
it.


> I agree, mixing firewalls carrys risks, but afaik the only current way to
> use pf with dummynet is to mix with ipfw
>
> Regards,
> Kristof
>
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: addrs capability of rtadvd?

2019-08-18 Thread Bjoern A. Zeeb 

On 17 Aug 2019, at 6:03, John-Mark Gurney wrote:


I am setting up ipv6, and going through the guide at:
https://www.freebsd.org/doc/handbook/network-ipv6.html#idp71931000

And noticed the addrs#1 property in the example.  I checked the
rtadvd.conf man page, and I do not see an entry for addrs.  Should
this be removed?  I also did a quick check of the rtadvd source code,
and I don't see a makeentry for addrs either.

If no one objects, I'll remove it.


Or replace it with a working example?  Would something like this work to 
even show multiple prefixes (beyond the handbook example)?


  :addr=“2001:db8:4242:::”:prefixlen#64:\
  :addr2="2001:db8:4242:1::”:prefixlen2#64:


And yes, removing the “:addrs#1” from the handbook should be fine.

/bz
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: pf (rules and nat) + (ipfw + dummynet)

2019-08-18 Thread Goran Mekić 
Hello,

If I knew we almost made it compile and boot (with dummynet, pf and pflog 
loaded),
I would postpone the previous email. :o)

The code I'm working on is 
https://github.com/mekanix/freebsd/tree/feature/pf+dummynet/12.0.
It is nothing more than releng/12.0 branch into which I copied parts of PFSense
code until it started working. I still don't know how to test it, as I'm not
sure what's the PFSense's syntax for pf.conf. I know you can use "ipfw
pipe list" to show the pipes without ipfw module loaded. Once loaded,
ipfw lets you manage dummynet. What I do for now is load ipfw, set the
pipes, unload ipfw.

If anyone knows how to configure pf.conf so that it passes everything
it receives to dummynet, I'm all ears. I will "fork" /sbin/ipfw and
create /sbin/dnctl so we don't have to depend on IPFW at all, but I
would like it to start working like this, first.

My concerns about this patch is that it changes IPFW, too. I don't know
if the following link is visible if you're not logged into github, but
it shows the difference between releng/12.0 and this branch:
https://github.com/freebsd/freebsd/compare/releng/12.0...mekanix:feature/pf+dummynet/12.0?expand=1

Anyway, my priority is to make it work somehow, then clean it up, port
to -CURRENT and only then write dnctl.

As always, all help is more than welcome as this is my first kernel
development task ever.

Regards,
meka


signature.asc
Description: PGP signature

Re: pf (rules and nat) + (ipfw + dummynet)

2019-08-18 Thread Goran Mekić 
On Sat, Aug 17, 2019 at 11:51:51PM +0200, Kristof Provost wrote:
> This work was started by a prospective gsoc student, but they were not
> selected, and I have not seen any big patches come out of it.
The student is a junior I teach and we're still working on the patch,
but still no success. PFSense is about to release 2.5 which is based on
FreeBSD 12.0 so we are trying to reimport the patch to make it work on
12-RELEASE (the last patch we tried to import was for 11.0). So, there
is some effort, but it's very slow.

Regards,
meka


signature.asc
Description: PGP signature