From nobody Sat Aug 24 03:01:36 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WrMCj0V9Lz5V0HV for ; Sat, 24 Aug 2024 03:01:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WrMCh5DrBz47TF for ; Sat, 24 Aug 2024 03:01:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724468496; a=rsa-sha256; cv=none; b=x1P+TCbvnp6aSo2OG5quMbFcABaip2yZgzBxyb3e/EbzOssmd+P/mnvn85lm17If0UWI8T kdsqDM/spXNZnJ8AXjdguDpvVriUb3S7R7A99VI3Rv12U/UDHZrMxGqa7ACJ1srTiKl/+G zJopgJwKcb4WR5i+dSNYoF6Z4Y7quAcjmQWOOvUIjm21eTDu/SfEk0SyEZyjNpKcZZF3kp +wdLEHgKwWtcNpSbxsoSueDymM8QqPDD+0hA2OTZjO3qI7Yj4YTyOH6q34krppdQAL7g+7 kIbyIp8QKazG/FCURA0XQK2TMS6VRmE4ZQ42z1FA5i/HJSGIh5MK8xMODBllQg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724468496; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QjC3TWaOCgZz3iob0zbPGzTL22s91rj4tKY6YMHQE1A=; b=MzSQ7FlJhk/7rG7jOuhEXxx1n3u1Y1PpEUM0mD7PTjrnQ/V/W+sBFKSK2cJl3Lpv8PigMa Rj+H2mda+2NsUb6JKxj4oGbq3B4B9XJ2X2/IFRNvEy+xtnIVlfXfv2ho/xyVAlLzrtmA0t nWrjzYg0KXaxGUlVNQc0lhqlBk9j+85NpJr8RezSFsP9CL0A3aM5K59GppOFLgIeiKE/Vf wJTX/kUuP2tdMhTFjEFI0ZZE15jgAU5S4ejLx2/YVuIzo4aWJ+86PzjMPFymYWs7TAVlFi gPXwunvL0QfPXiSPcAUqi/sI0uR4qxbBIyF1bW3PxwiifBjYdXHzrVKdUDhX5w== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WrMCh4s5PzdbS for ; Sat, 24 Aug 2024 03:01:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47O31aiZ051112 for ; Sat, 24 Aug 2024 03:01:36 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47O31aF1051110 for net@FreeBSD.org; Sat, 24 Aug 2024 03:01:36 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280701] FreeBSD-SA-24:05 fix breaks ICMP/ICMP6 states handling in pf firewall (ping, traceroute) Date: Sat, 24 Aug 2024 03:01:36 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: franco@opnsense.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280701 --- Comment #45 from Franco Fichtner --- > we are not seeing this issue manifest itself in the stock FreeBSD kernel = once the fixes are applied I appreciate the whole of FreeBSD insiders sticking together on this. Though I'd like to verify what you said: Is this a statement based on observation main, stable/14, releng/14.1, releng/13.3? One, all? And are you talking about traceroute not working as initially suggested or neighbor discoveries being ignored intermittently specifically as found out later? Or both? I agree that traceroute seems fixed. This isn't in dispute. The evidence for the neighbor discovery suggests otherwise as we tested each commit in the original SA in an controlled environment that has no other changes at all. This is specifically with code from releng/14.1 although I don't see how a commit within the scope of any applicable FreeBSD branch (or downstream prjects) coupled with a relevant user side ruleset for pf would = not be affected in this case. I'm reading hereby FreeBSD doesn't see a neighbor discovery problem. Whethe= r or not this is because it all works as expected is covered by test cases or pu= rely by evidence with existing machines by developers is left to be guessed. I'm seeing intermittent IPv6 connectivity drops as well now. We have daily = user reports regarding this now. It's hard to pin it down which is likely where = the boldness in believing this doesn't apply to FreeBSD comes from. Fine, I understand why this message is being put out. I'm refraining from posting more links to our crowdsourced test methods for lack of enthusiasm from this end in the meantime and report back when we ha= ve proper evidence. I just don't want anyone to be surprised after the fact. Cheers, Franco --=20 You are receiving this mail because: You are the assignee for the bug.=