From nobody Sat Apr 16 13:19:57 2022
X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 8C872CFA3B3
	for <freebsd-current@mlmmj.nyi.freebsd.org>; Sat, 16 Apr 2022 13:20:05 +0000 (UTC)
	(envelope-from imb@protected-networks.net)
Received: from mail.protected-networks.net (mail.protected-networks.net [IPv6:2001:470:8d59:1::8])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mail.protected-networks.net", Issuer "R3" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4KgYhh3ZP7z3CJg;
	Sat, 16 Apr 2022 13:20:04 +0000 (UTC)
	(envelope-from imb@protected-networks.net)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=
	protected-networks.net; h=content-transfer-encoding:content-type
	:content-type:in-reply-to:from:from:references:content-language
	:subject:subject:user-agent:mime-version:date:date:message-id;
	 s=201508; t=1650115197; bh=Bp8zwmn9edONAlYY9SYAsVI+COa5C53cbAbv
	SoxOU2A=; b=XcPs9WdZoIk2ssFwt8rHVttrqtylHorrPtWhunr2zvkvPJQeO76M
	E/QnP2coITkDeKxhfqRqvPPrCxNJ8s/rHpU7LBIrDSrOXstEdIkz4kIIKXViV3IF
	6iSJyJrxD04bDo5327zyZyL2KX2ogNlJ0PZi0zcGW4kC1aQyVTbWVso=
Received: from [IPV6:2001:470:8d59:2:f21f:afff:fe66:957e] (toshi.auburn.protected-networks.net [IPv6:2001:470:8d59:2:f21f:afff:fe66:957e])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: imb@mail.protected-networks.net)
	by mail.protected-networks.net (Postfix) with ESMTPSA id A86F14E734;
	Sat, 16 Apr 2022 09:19:57 -0400 (EDT)
Message-ID: <0c261aa6-93d4-5627-d44d-f160323a7ca3@protected-networks.net>
Date: Sat, 16 Apr 2022 09:19:57 -0400
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:91.0) Gecko/20100101
 Thunderbird/91.8.1
Subject: Re: IPv6 TCP: first two SYN packets to local v6 unicast addresses
 ignored
Content-Language: en-NZ
To: Gleb Smirnoff <glebius@freebsd.org>, Florian Smeets <flo@smeets.xyz>
Cc: freebsd-current@freebsd.org
References: <131c363a-7b7d-a106-5b8a-6838e7a66567@smeets.xyz>
 <E0584477-0F2E-454D-871C-368F14A9AF1D@freebsd.org>
 <9679642b-5de6-28be-a64b-07375c3efeba@smeets.xyz>
 <b12a74b2-cd7d-2066-ff60-b14c08d70d6f@protected-networks.net>
 <YlpSs8p/3Gh1JDI5@FreeBSD.org>
From: Michael Butler <imb@protected-networks.net>
In-Reply-To: <YlpSs8p/3Gh1JDI5@FreeBSD.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4KgYhh3ZP7z3CJg
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=protected-networks.net header.s=201508 header.b=XcPs9WdZ;
	dmarc=pass (policy=reject) header.from=protected-networks.net;
	spf=pass (mx1.freebsd.org: domain of imb@protected-networks.net designates 2001:470:8d59:1::8 as permitted sender) smtp.mailfrom=imb@protected-networks.net
X-Spamd-Result: default: False [-3.96 / 15.00];
	 RCVD_VIA_SMTP_AUTH(0.00)[];
	 ARC_NA(0.00)[];
	 R_DKIM_ALLOW(-0.20)[protected-networks.net:s=201508];
	 MID_RHS_MATCH_FROM(0.00)[];
	 FROM_HAS_DN(0.00)[];
	 RCPT_COUNT_THREE(0.00)[3];
	 TO_DN_SOME(0.00)[];
	 R_SPF_ALLOW(-0.20)[+mx];
	 MIME_GOOD(-0.10)[text/plain];
	 NEURAL_HAM_LONG(-1.00)[-1.000];
	 TO_MATCH_ENVRCPT_SOME(0.00)[];
	 DKIM_TRACE(0.00)[protected-networks.net:+];
	 DMARC_POLICY_ALLOW(-0.50)[protected-networks.net,reject];
	 NEURAL_HAM_SHORT(-0.96)[-0.955];
	 NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	 MLMMJ_DEST(0.00)[freebsd-current];
	 FROM_EQ_ENVFROM(0.00)[];
	 MIME_TRACE(0.00)[0:+];
	 ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US];
	 RCVD_COUNT_TWO(0.00)[2];
	 RCVD_TLS_ALL(0.00)[]
X-ThisMailContainsUnwantedMimeParts: N

On 4/16/22 01:22, Gleb Smirnoff wrote:
>    Hi Florian, Hi Michael,
> 
> On Fri, Apr 15, 2022 at 06:11:13PM -0400, Michael Butler wrote:
> M> >> I can reproduce this locally, will try to figure out what is going on.
> M> >> If you can bisect it, it would be great.
> M> >
> M> > Found the culprit 1817be481b8703ae86730b151a6f49cc3022930f. And indeed
> M> > toggling net.inet6.ip6.source_address_validation makes the issue go away
> M> > on latest main.
> M>
> M> I found this commit and the ipv4 analog also cause packets between
> M> non-VNET jails on the same host and to the host itself to be dropped :-(
> 
> I see your mails and will look into the problem ASAP.
> 
> Meanwhile...
> 
> Florian, can you please confirm you are using jails too?
> 
> Michael, can you please confirm or decline that you see the packets
> that are dropped when you tcpdump on lo0?

All the jails are aliased to share a single bridge interface. That 
results in the route to each jail being on lo0 so .. probably :-)

	Michael