From nobody Fri Apr 15 22:11:13 2022 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id A420B8D59CF for ; Fri, 15 Apr 2022 22:11:22 +0000 (UTC) (envelope-from imb@protected-networks.net) Received: from mail.protected-networks.net (mail.protected-networks.net [202.12.127.228]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.protected-networks.net", Issuer "R3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Kg9X94lgRz3Q6p for ; Fri, 15 Apr 2022 22:11:21 +0000 (UTC) (envelope-from imb@protected-networks.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= protected-networks.net; h=content-transfer-encoding:content-type :content-type:in-reply-to:from:from:references:content-language :subject:subject:user-agent:mime-version:date:date:message-id; s=201508; t=1650060673; bh=S5Am48HHOAQRyHlxIbWwTB0J3fF95a8ct7GZ TJbr+9A=; b=Or2BlNr0vbZVAFxwU1xNc8zYbi3ffmecxztcFeaZCf5mFqnAQHip w68pOXdgvtUdsacQFgVxULv80PrHr+gjMZUMJQauf4Y/ajVjsBcpH2dFxh4UQBUg L8oO3X8SrcDed9XkPJNSYa6GDnHV1bUxMbyYo5lL6sLDeRdgeS69JM0= Received: from [IPV6:2001:470:8d59:2:f21f:afff:fe66:957e] (toshi.auburn.protected-networks.net [IPv6:2001:470:8d59:2:f21f:afff:fe66:957e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: imb@mail.protected-networks.net) by mail.protected-networks.net (Postfix) with ESMTPSA id C71743E702 for ; Fri, 15 Apr 2022 18:11:13 -0400 (EDT) Message-ID: Date: Fri, 15 Apr 2022 18:11:13 -0400 List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1 Subject: Re: IPv6 TCP: first two SYN packets to local v6 unicast addresses ignored Content-Language: en-NZ To: freebsd-current@freebsd.org References: <131c363a-7b7d-a106-5b8a-6838e7a66567@smeets.xyz> <9679642b-5de6-28be-a64b-07375c3efeba@smeets.xyz> From: Michael Butler In-Reply-To: <9679642b-5de6-28be-a64b-07375c3efeba@smeets.xyz> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4Kg9X94lgRz3Q6p X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=protected-networks.net header.s=201508 header.b=Or2BlNr0; dmarc=pass (policy=reject) header.from=protected-networks.net; spf=pass (mx1.freebsd.org: domain of imb@protected-networks.net designates 202.12.127.228 as permitted sender) smtp.mailfrom=imb@protected-networks.net X-Spamd-Result: default: False [-4.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[protected-networks.net:s=201508]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DKIM_TRACE(0.00)[protected-networks.net:+]; DMARC_POLICY_ALLOW(-0.50)[protected-networks.net,reject]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MLMMJ_DEST(0.00)[freebsd-current]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:5716, ipnet:202.12.127.0/24, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-ThisMailContainsUnwantedMimeParts: N On 4/15/22 17:39, Florian Smeets wrote: > On 15.04.22 21:24, tuexen@freebsd.org wrote: >>> On 15. Apr 2022, at 20:20, Florian Smeets wrote: >>> >>> >>> Hi, >>> >>> there seems to be an issue with local IPv6 TCP connections on main. I >>> have been seeing this for a couple of months at least. pkg upgr on my >>> webserver hosting the pkg repo is very slow, all other hosts can >>> connect to the pkg repo just fine. So IPv6 connections from external >>> hosts are not affected. >>> >>> I thought I must have misconfigured something, as my setup is a bit >>> weird. Yesterday I noticed the same issue on a different host, turns >>> out all my 14.0 hosts seem to be affected, cognet@ could also >>> reproduce it on one of his systems. >>> >>> The service/software used does not seem to matter, I tried with port >>> 22, 25, 80 and 443. >>> >>> ICMP and UDP don't seem to be affected. ping6 gets replies >>> immediately. And UDP connections with nc -l -u / nc -u don't have any >>> delay, sent data is received immediately. >>> >>> Testing local TCP connections show this: >>> >>> flo@rp64:~ $ ifconfig dwc0|grep 2003 >>>     inet6 2003:cf:df49:c97:4c59:ebff:fec1:463d prefixlen 64 autoconf >>> flo@rp64:~ $ nc -v 2003:cf:df49:c97:4c59:ebff:fec1:463d 22 >>> [3 second delay here] >>> Connection to 2003:cf:df49:c97:4c59:ebff:fec1:463d 22 port [tcp/ssh] >>> succeeded! >>> SSH-2.0-OpenSSH_8.9 FreeBSD-20220413 >>> > >>> >>> I need help debugging this, I don't know how to analyze this further. >>> I will start bisecting this, but I thought maybe someone has an idea. >> Hi Florian, >> >> I can reproduce this locally, will try to figure out what is going on. >> If you can bisect it, it would be great. > > Found the culprit 1817be481b8703ae86730b151a6f49cc3022930f. And indeed > toggling net.inet6.ip6.source_address_validation makes the issue go away > on latest main. I found this commit and the ipv4 analog also cause packets between non-VNET jails on the same host and to the host itself to be dropped :-( Michael