From nobody Fri Jun 07 08:10:53 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VwYms6H3bz5N3Mh for ; Fri, 07 Jun 2024 08:11:09 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (plan-b.pwste.edu.pl [IPv6:2001:678:618::40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "plan-b.pwste.edu.pl", Issuer "GEANT OV RSA CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VwYms3gN4z41n5; Fri, 7 Jun 2024 08:11:09 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=plan-b.pwste.edu.pl header.s=plan-b-mailer header.b=gQNxH20g; dmarc=pass (policy=quarantine) header.from=plan-b.pwste.edu.pl; spf=pass (mx1.freebsd.org: domain of zarychtam@plan-b.pwste.edu.pl designates 2001:678:618::40 as permitted sender) smtp.mailfrom=zarychtam@plan-b.pwste.edu.pl Received: from [192.168.7.70] (dom.potoki.eu [62.133.140.50]) (authenticated bits=0) by plan-b.pwste.edu.pl (8.18.1/8.17.2) with ESMTPSA id 4578As2a030495 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Fri, 7 Jun 2024 10:10:54 +0200 (CEST) (envelope-from zarychtam@plan-b.pwste.edu.pl) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=plan-b.pwste.edu.pl; s=plan-b-mailer; t=1717747856; bh=Ry/Kf0B6ywSKHDB4ft/WeIr3zikAqq6x3DOkvuD6pKo=; h=Date:To:From:Subject:Cc; b=gQNxH20gmcbALnVDNjfxtv3atZiNk+mXg+1qcudxHXYt09qJeUfyBmeuXaVFK7xq7 xBYucuMm4W0fkDfiF1/AhH0y5x11We1L/q5WP3eAuLlMK2X0PFnRyfK2u0FZbEM6RF esckg5W3yjhCMfwRc16WIo5MWjPfGqN7Ph3bveEyl7w80ltFbyxLWOPSife6zss039 KqCtuG+coF5luaCxRQ4QESB1wKTYORW41gDGG3sTq4CpJEHiZ5u9pvHaF/YK4aSaa4 DHGVPQ+qHmF8hfGjNgWNalz0fWKp51skgPqtqP8u0gvAhZ1epFDysPFixxa2hY9slf D86zFRqvlkC3A== X-Authentication-Warning: plan-b.pwste.edu.pl: Host dom.potoki.eu [62.133.140.50] claimed to be [192.168.7.70] Message-ID: <972cd3b3-e64a-46e6-a8ea-1bdd6ab7033e@plan-b.pwste.edu.pl> Date: Fri, 7 Jun 2024 10:10:53 +0200 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Gleb Smirnoff , emaste@freebsd.org, Zhenlei Huang From: Marek Zarychta Autocrypt: addr=zarychtam@plan-b.pwste.edu.pl; keydata= xsBNBFfi3cMBCADLecMTFXad4uDXqv3eRuB4qJJ8G9tzzFezeRnnwxOsPdytW5ES2z1ibSrR IsiImx6+PTqrAmXpTInxAi7yiZGdSiONRI4CCxKY9d1YFiNYT/2WyNXCekm9x29YeIU7x0JB Llbz0f/9HC+styBIu2H+PY/X98Clzm110CS+n/b9l1AtiGxTiVFj7/uavYAKxH6LNWnbkuc5 v8EVNc7NkEcl5h7Z9X5NEtzDxTOiBIFQ/kOT7LAtkYUPo1lqLeOM2DtWSXTXQgXl0zJI4iP1 OAu4qQYm2nXwq4b2AH9peknelvnt1mpfgDCGSKnhc26q6ibTfMwydp+tvUtQIQYpA6b9ABEB AAHNN01hcmVrIFphcnljaHRhIChQbGFuLWIpIDx6YXJ5Y2h0YW1AcGxhbi1iLnB3c3RlLmVk dS5wbD7CwHcEEwEIACEFAlfi4LkCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQHZW8 vIFppoJXdgf8D9X3VRFSNaR9lthSx/+uqas17J3FJKBo1xMQsC2a+44vzNvYJSuPGLLJ+LW2 HPVazjP/BWZJbxOYpliY4zxNRU0YCp0BLIVLibc//yax+mE42FND/+NiIZhqJscl6MLPrSwo sIwXec4XYkldkyqW/xBbBYXoIkBqdKB9j5j42Npy1IV/RizOSdmvTWY27ir8e/yGMR1RLr4F 8P5K3OWTdlGy2H2F/3J8bIPBLG6FpaIyLQw4dHSx8V02PYqDxK1cNo2kAOnU8PnZL/AGuMOH iv3MN1VYL8ehcmpBBsrZGebQJxrjY2/5IaTSgp9xHYT70kshuU6Qb97vk1mOjNZxgc7ATQRX 4t3DAQgA10h6RCXuBLMHxq5B8X/ZIlj9sgLoeyfRdDZEc9rT2KUeUJVHDsbvOFf4/7F1ovWY hJbA6GK/LUZeHHTjnbZcH1uDYQeHly4UOLxeEvhGoz4JhS2C7JzN/uRnwbdOAUbJr8rUj/IY a7gk906rktsc/Ldrxrxh7O6WO0JCh2XO/p4pDfEwwB37g4xHprSab28ECYJ9JMbtA8Sy4M55 g3+GQ28FvSlGnx48OoGXU2BZdc1vZKSQmNOlikB+9/hDX8zdYWVfDaX1TLQ8Ib4+xTUmapza mV/bxIsaZRBw+jFjLQHhTbIMfPEU+4mxFDvTdbKPruKPqVf1ydgMnPZWngowdwARAQABwsBf BBgBCAAJBQJX4t3DAhsMAAoJEB2VvLyBaaaC6qkIAJs9sDPqrqW0bYoRfzY6XjDWQ59p9tJi v8aogxacQNCfAu+WkJ8PNVUtC1dlVcG5NnZ80gXzd1rc8ueIvXlvdanUt/jZd8jbb3gaDbK3 wh1yMCGBl/1fOJTyEGYv1CRojv97KK89KP5+r8x1P1iHcSrunlDNqGxTMydNCwBH23QcOM+m u4spKnJ/s0VRBkw3xoKBZfZza6fTQ4gTpAipjyk7ldOGBV+PvkKATdhK2yLwuWXhKbg/GRlD 1r5P0gxzSqfV4My+KJuc2EDcrqp1y0wOpE1m9iZqCcd0fup5f7HDsYlLWshr7NQl28f6+fQb sylq/j672BHXsdeqf/Ip9V4= Subject: ICMP6 Cc: freebsd-net@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.10 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.59)[-0.588]; DMARC_POLICY_ALLOW(-0.50)[plan-b.pwste.edu.pl,quarantine]; SUBJ_ALL_CAPS(0.38)[5]; R_DKIM_ALLOW(-0.20)[plan-b.pwste.edu.pl:s=plan-b-mailer]; R_SPF_ALLOW(-0.20)[+mx:c]; MIME_GOOD(-0.10)[text/plain]; ONCE_RECEIVED(0.10)[]; XM_UA_NO_VERSION(0.01)[]; MIME_TRACE(0.00)[0:+]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; TO_DN_SOME(0.00)[]; ASN(0.00)[asn:206006, ipnet:2001:678:618::/48, country:PL]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-net@freebsd.org]; HAS_XAW(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[plan-b.pwste.edu.pl:+] X-Rspamd-Queue-Id: 4VwYms3gN4z41n5 Invaluable Committers, Dear Subscribers, I found Gleb's fixes to ICMP6 error rate limiting extremely useful, especially since this limiting is not working at all in stable/14 (as far as I was able to test). It looks to me like IPv6 bits in FreeBSD are not widely tested and seem to be neglected. In some places, they remain as they were initially imported from KAME.  Some time ago kaktus@ fixed logging for unforwarded packets [1] [2]. Recently glebius@ fixed ICMP6 error rate limiting, but there is still open PR 245103[3] and other bugs. It's appreciated by the community that Netflix uses IPv6 and their programmers are working on the improvements. So please let me ask here for the MFC of the few commits to the stable/14 branch. The commits I am asking for have the following hashes: 7142ab4790666022a2a3d85910e9cd8e241d9b87, 9d7f17d7467ed8c9740730a8db7a82e4768e5177, b508545ce044dbfdd83da772e73f969a3713d59d, ac44739fd834f51cacb26485a4140fd482e20150, c6c96aaba8dd74eb39469ed156ff19cc31d599b7, 32aeee8ce7e72738fff236ccd5629d55035458f8, 4f96be33fe7676c69c5abb476bb09bba0c63a3f4, a03aff88a14448c3084a0384082ec996d7213897, 4399e055ea610cdefa1470ad1ee614dd81ba5e56, 75d15e893b14188b83c5fb5e4979fa21c557934f, f7c4d12bcd5bd7f7fbf6bf9fa601c47e7f97bc5f. I have done the MFC in my local repo and while testing the stable/14 built from it on the bunch of hosts, I found the set complete, applicable, and most likely not breaking KBI. The only problem I spotted was the too-low default value of net.inet6.icmp6.errppslimit[4]. Fortunately, it's tunable, so bumping it to 200 fixed the error flooding for Nextcloud hosts. Let me mention here, that the value of the similar knob for IPv4 (net.inet.icmp.icmplim) was already bumped to 200 some time ago.  Maybe some brave committer will take on this MFC of the above set of commits to stable/14 and thus will contribute to preparing an even better future 14.2-RELEASE. 1. https://reviews.freebsd.org/D38644 2. https://reviews.freebsd.org/D38758 3. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245103 4. https://github.com/freebsd/freebsd-src/blob/main/sys/netinet6/icmp6.c#L2735 Best regards -- Marek Zarychta