From nobody Wed Jan 15 23:59:58 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YYNKS5ZQtz5krCn; Thu, 16 Jan 2025 00:00:12 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx-01.divo.sbone.de (mx-01.divo.sbone.de [IPv6:2003:a:140a:2200:6:594:fffe:19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (prime256v1) client-digest SHA256) (Client CN "mx-01.divo.sbone.de", Issuer "E6" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YYNKR14Fjz3vRj; Thu, 16 Jan 2025 00:00:10 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=zabbadoz.net header.s=20240622 header.b=lxBM9gdv; spf=pass (mx1.freebsd.org: domain of bzeeb-lists@lists.zabbadoz.net designates 2003:a:140a:2200:6:594:fffe:19 as permitted sender) smtp.mailfrom=bzeeb-lists@lists.zabbadoz.net; dmarc=pass (policy=none) header.from=zabbadoz.net Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:1025]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by mx-01.divo.sbone.de (Postfix) with ESMTPS id 5F97CA64805; Wed, 15 Jan 2025 23:59:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=zabbadoz.net; s=20240622; t=1736985595; bh=W1cKtsnIo5ExKhTnaNvy7rzhzx+menk84GGMk967h0E=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=lxBM9gdvWMctWf52QWbAOlnsim+jxIplqBtIkb3jjPLtg30RS9zu83funKWDdd3sl XdlqsD76gNDsJgywHUCc92nOQl2cVCpGXf0Zl196KSrVPnCsl1iHAikzsT7rZYWvrq BqxaGQAMP1OscUNTubPkBrfJFvJa8IjGw8FBPetnh9VdjCZY9camPH9c4Vs7Ra/w0L ogUTPxk8lHD72gJ8o/W0vBBJHCw5Q8bCb8xCG2FUm+9Zr4JVQVnjCtoFBoX0183ZAS d0d1Pi3D5X7xhAELzTtbVeOV3wfb+GYv0ce5rUFL8hpGnLak3uWNPxIMfkYnK5sGDO 5emvoSDt6KZ4USXWot7TuKNJ04KEiHUOcfyUb6ae849QmT34OdO1O/vhyG6H3LJOjk 3Oz2NE0siQkwDhHK8a1BTAOJxtkO20VEDTLFdiPfBnvG73T2rV+uiTqBvNXgICxAN1 bawcg4gpGRgAJnws2mpS8dxnfPiWKiI5EBAYE+Ke2lBiRWb7RvP8g4vjMnLQVs/Ce/ gwNNWZUAZNHk6ojxYiMEy8mlxw2GJGkqJKK0pH2O0/AlSMpOO+F/DXazatTXNnq3Ax 3xA86rTdx59osAGZiY/iE3POkFzn0faLlFGPpQPKHSPEzhy1VUx2oAow5dvH3o3I0O hd066OZqGBmP19tTWzje9Uiw= Received: from content-filter.t4-02.sbone.de (content-filter.t4-02.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:2742]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id BB4BD2D029DD; Thu, 16 Jan 2025 00:00:01 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:4902:0:7404:2:1025]) by content-filter.t4-02.sbone.de (content-filter.t4-02.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:2742]) (amavisd-new, port 10024) with ESMTP id EJxPww25q2Iy; Thu, 16 Jan 2025 00:00:00 +0000 (UTC) Received: from strong-aiccu0.sbone.de (strong-aiccu0.sbone.de [IPv6:fde9:577b:c1a9:f491::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 399A52D029D8; Thu, 16 Jan 2025 00:00:00 +0000 (UTC) Date: Wed, 15 Jan 2025 23:59:58 +0000 (UTC) From: "Bjoern A. Zeeb" To: Konstantin Belousov cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: b0e020764aae - main - ipsec + ktls: cannot coexists In-Reply-To: <202501131930.50DJUCFg047113@gitrepo.freebsd.org> Message-ID: <71p14p04-5o5o-1385-1551-7733rr1qo57o@yvfgf.mnoonqbm.arg> References: <202501131930.50DJUCFg047113@gitrepo.freebsd.org> X-OpenPGP-Key-Id: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Spamd-Result: default: False [-4.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[zabbadoz.net,none]; R_DKIM_ALLOW(-0.20)[zabbadoz.net:s=20240622]; R_SPF_ALLOW(-0.20)[+ip6:2003:a:140a:2200:6:594:fffe:19]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MISSING_XM_UA(0.00)[]; MIME_TRACE(0.00)[0:+]; TO_DN_SOME(0.00)[]; FROM_HAS_DN(0.00)[]; ASN(0.00)[asn:3320, ipnet:2003::/19, country:DE]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; MLMMJ_DEST(0.00)[dev-commits-src-all@FreeBSD.org,dev-commits-src-main@FreeBSD.org]; DKIM_TRACE(0.00)[zabbadoz.net:+] X-Spamd-Bar: --- X-Rspamd-Queue-Id: 4YYNKR14Fjz3vRj On Mon, 13 Jan 2025, Konstantin Belousov wrote: > The branch main has been updated by kib: > > URL: https://cgit.FreeBSD.org/src/commit/?id=b0e020764aae970545357b0f146dcba7b4b55864 > > commit b0e020764aae970545357b0f146dcba7b4b55864 > Author: Konstantin Belousov > AuthorDate: 2024-12-28 08:30:49 +0000 > Commit: Konstantin Belousov > CommitDate: 2025-01-13 19:29:31 +0000 > > ipsec + ktls: cannot coexists Ignore my ignorance but that description sounds bad. Do you mean on a per-packet base or in general on a machine, i.e., (1) an individual packet cannot be processed by ktls and ipsec (2) a host can either run ktls or ipsec but not both? Either sounds like (half) a bug to me that should be fixed by the way but I am so out of the ipsec stack that I don't know current implications. What is the reason a packet could not first be KTLS handled and then put into IPsec (for some part of its journey)? /bz > but instead of tripping the assert in debug kernel, and silently falling > into UB for prod, skip IPSEC processing for KTLS framed packets when > mb_unmapped_to_ext() failed. > > Reviewed by: markj > Sponsored by: NVidia networking > MFC after: 1 week > Differential revision: https://reviews.freebsd.org/D48265 > --- > sys/netinet/ip_output.c | 33 +++++++++++++++++++++++++-------- > sys/netinet6/ip6_output.c | 34 ++++++++++++++++++++++++++-------- > 2 files changed, 51 insertions(+), 16 deletions(-) -- Bjoern A. Zeeb r15:7