From nobody Thu Dec 12 12:11:42 2024 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Y8BCk3BtCz5gBxJ for ; Thu, 12 Dec 2024 12:11:46 +0000 (UTC) (envelope-from ronald@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Y8BCk2gnSz4LbF; Thu, 12 Dec 2024 12:11:46 +0000 (UTC) (envelope-from ronald@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734005506; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=1bWfePJb7c/cTM84xlrdRXgL16Thc7p4n1X3E2ZKOtc=; b=IIbWpebDms1keBglihwy1Odysthc+ux3XZp9bMUAz9uK1m9yifjXFGBQTL6fTCpyvayEBc atG45+FtdGQ/+1aPmq8Tmd+wavQ1flqnQsMrWH1F9fnX5VWUNs7JCLHp8Ayy73Heql19LO PwlVoCwTHRgbv4ZGhvnrC7oGX66hqhCOxitLqY5Rt/dPa9kdl54Ez/BI5klUTfv6BtuMxH 2rqpm9qX00KeTfl5ilZMkMCP5NziaNf3JqJpMKPOvreMcEychGd57Vo/4QCJ5Y4KwO1P6h pjnYL7JL+hqlhgDWKs7zt0EIt5/4Ln0AmehOL8KyKeCwpvLhjdXHDvnoPpqpDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734005506; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=1bWfePJb7c/cTM84xlrdRXgL16Thc7p4n1X3E2ZKOtc=; b=CQKS8FCLqJtKBuvMwJk9B1VR0PRAxy/LupRaVCeeY7w/nsphd4SkJvm2k0WrKu9snvaZSo TV/CiVV6/NwwT1vjL1VTfLlnCgNnQrjOT2AfvNVSRHXZzi/fdz1BeWvdevNFEmgEulOjMj M2aX258aH/GMa0NrgFjhVr6AxgNS87GDRqmF88xZUucs1P25+FcGMAGakIYCLApJ7HvpxO 3mb8qO6KKVSrUPBTdLYVfpgLVvuh5BUa7lLi4dWWnUuuU5mLLZ41BpoV3a47aigKdzCuEa paaUYt3jnCtOwxPAqVtetTB5yea9LiNBBk85S6NQJ7PNXnungag9ezX4K1y8Yg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734005506; a=rsa-sha256; cv=none; b=a/IuM/zoAQlKb53qrpaBUbafrrvYMVqugrhjf08AFdU4/nkWda+3hvIB/9KEhHlxAE797u QkvwbJrmuC8Umht9ew8KVWK9p1ho8oHyY6lejJ8IubsA6duTVUK9Q/DgsxbAB3tA2i75FZ ec/Rl1DXrW9FUIG3TpzNtaSw9rAGa/vXVG++0lCfNpEL9w75frydyki5XvCNXNeDrBLmg7 an8HKL/No7FY+Cpb1t0KTNnhsjcO0fBH+bpj6aMCZK8X65bqNVHOXopvbf0+IO4pFHexdu UatDEVXIl/gmXrfPr/zc4C0lD7ELFMLTKHbP90dhG1HXlwKPskKnA8CgB0CS1g== Received: from [IPV6:2001:1c00:2709:2010:c129:38:42e1:4c97] (2001-1c00-2709-2010-c129-0038-42e1-4c97.cable.dynamic.v6.ziggo.nl [IPv6:2001:1c00:2709:2010:c129:38:42e1:4c97]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: ronald/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4Y8BCk0LpYz1HV2; Thu, 12 Dec 2024 12:11:45 +0000 (UTC) (envelope-from ronald@FreeBSD.org) Content-Type: multipart/alternative; boundary="------------Rq1g26V7jo6qrFVI1I9FqJGt" Message-ID: <33cbcbbd-bf36-4059-a012-842c7ff80568@FreeBSD.org> Date: Thu, 12 Dec 2024 13:11:42 +0100 List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Ronald Klop Subject: Re: (ipfw) Re: HELP! fetch: stuck forever OR error: RPC failed: curl 56 recv failure: Operation timed out To: "Andrey V. Elsukov" Cc: freebsd-current@freebsd.org References: <20241206034709.4dd32cc5@thor.intern.walstatt.dynvpn.de> <279848701.11738.1733510402875@localhost> <20241206210947.3ae835e4@thor.intern.walstatt.dynvpn.de> <8E43EAA1-BA3E-4655-ACE1-2E4523E901DE@FreeBSD.org> <20241209214314.2443b590d774423a2b97f0a8@dec.sakura.ne.jp> <20241209174541.39c286f5@thor.intern.walstatt.dynvpn.de> <20241210022710.88c9087dd7cb09774507f232@dec.sakura.ne.jp> <20241209191947.39ac4843@thor.intern.walstatt.dynvpn.de> <6B720B82-09EF-4208-B814-B6BD75FC2F0E@FreeBSD.org> Content-Language: en-US In-Reply-To: This is a multi-part message in MIME format. --------------Rq1g26V7jo6qrFVI1I9FqJGt Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 SGkgQW5kcmV5LA0KDQpXaXRoIHlvdXIgcGF0Y2ggYXBwbGllZCBJIGRvbid0IGhhdmUgdGhl IHN5bXB0b21zIG9mICdoYW5naW5nJyB0Y3AgY29ubmVjdGlvbnMgYW55bW9yZS4NClRoYW5r cyBmb3IgbG9va2luZyBpbnRvIGl0Lg0KDQpSZWdhcmRzLA0KUm9uYWxkLg0KDQoqVmFuOiog IkFuZHJleSBWLiBFbHN1a292IiA8YnU3Y2hlckB5YW5kZXgucnU+DQoqRGF0dW06KiBkb25k ZXJkYWcsIDEyIGRlY2VtYmVyIDIwMjQgMDk6NTMNCipBYW46KiBmcmVlYnNkLWN1cnJlbnRA ZnJlZWJzZC5vcmcNCipPbmRlcndlcnA6KiBSZTogKGlwZncpIFJlOiBIRUxQISBmZXRjaDog c3R1Y2sgZm9yZXZlciBPUiBlcnJvcjogUlBDIGZhaWxlZDogY3VybCA1NiByZWN2IGZhaWx1 cmU6IE9wZXJhdGlvbiB0aW1lZCBvdXQNCg0KICAgIE9uIDExLjEyLjIwMjQgMTY6MjUsIFJv bmFsZCBLbG9wIHdyb3RlOg0KICAgICA+IEkgZGlkIGEgYmlzZWN0IG9mIGNvbW1pdHMgYW5k IG15IGZpbmRpbmcgaXMgdGhhdCBjb21taXQgMzQ3ZGQwNTMgb24gPiAyMDI0LTExLTI5IGlz IHRoZSBjYXVzZS4NCiAgICAgPg0KICAgICA+ICJ0Y3A6IGFkZCBUSF9BRSBjYXBhYmlsaXRp ZXMgdG8gcHBwIGFuZCBwZiINCiAgICAgPiBodHRwczovL2dpdGh1Yi5jb20vZnJlZWJzZC9m cmVlYnNkLXNyYy9jb21taXQvMzQ3ZGQwNTM5ZjNhNzVmZGYyMTI4ZGQ0NjIwY2E5OWU5NmYz MTFlOQ0KICAgICA+DQogICAgID4gVGhlIGNvbW1pdCBiZWZvcmUgKDBmYzdiZGM5NzgpIHdv cmtzIGZpbmUuDQogICAgID4NCiAgICAgPiBJIGNjJ2VkIHRoZSBhdXRob3Igb2YgdGhlIGNv bW1pdC4NCiAgICAgPiAoZm9yIGNvbnRleHQ6IHN0YXJ0IG9mIHRoZSB0aHJlYWQgaXMgaGVy ZTogPiBodHRwczovL2xpc3RzLmZyZWVic2Qub3JnL2FyY2hpdmVzL2ZyZWVic2QtY3VycmVu dC8yMDI0LURlY2VtYmVyLzAwNjc3OC5odG1sLCBpdCBsb29rcyBsaWtlIHRoZSBjb21taXQg YnJlYWtzIGEgc3RhdGVmdWxsIGlwZncgZmlyZXdhbGwpDQoNCiAgICBIaSwNCg0KICAgIHRo YW5rcyBmb3IgYmlzZWN0aW5nLiBJIHRoaW5rIHRoaXMgcGF0Y2ggc2hvdWxkIGZpeCBwcm9i bGVtIHdpdGggc3RhdGVmdWxsIGlwZnc6DQoNCiAgICAtLS0gYS9zeXMvbmV0cGZpbC9pcGZ3 L2lwX2Z3X2R5bmFtaWMuYw0KICAgICsrKyBiL3N5cy9uZXRwZmlsL2lwZncvaXBfZndfZHlu YW1pYy5jDQogICAgQEAgLTkyNyw3ICs5MjcsNyBAQCBwcmludF9keW5fcnVsZV9mbGFncyhj b25zdCBzdHJ1Y3QgaXBmd19mbG93X2lkICppZCwgaW50IGR5bl90eXBlLA0KICAgICDCoMKg I2RlZmluZSDCoMKgwqDCoMKgwqDCoF9TRVFfR0UoYSxiKSDCoMKgwqAoKGludCkoKGEpLShi KSkgPj0gMCkNCiAgICAgwqDCoCNkZWZpbmUgwqDCoMKgwqDCoMKgwqBCT1RIX1NZTiDCoMKg wqDCoMKgwqDCoChUSF9TWU4gfCAoVEhfU1lOIDw8IDgpKQ0KICAgICDCoMKgI2RlZmluZSDC oMKgwqDCoMKgwqDCoEJPVEhfRklOIMKgwqDCoMKgwqDCoMKgKFRIX0ZJTiB8IChUSF9GSU4g PDwgOCkpDQogICAgLSNkZWZpbmUgwqDCoMKgwqDCoMKgwqBUQ1BfRkxBR1MgwqDCoMKgwqDC oMKgKFRIX0ZMQUdTIHwgKFRIX0ZMQUdTIDw8IDgpKQ0KICAgICsjZGVmaW5lIMKgwqDCoMKg wqDCoMKgVENQX0ZMQUdTIMKgwqDCoMKgwqDCoCgoVEhfRkxBR1MgJiAweGZmKSB8ICgoVEhf RkxBR1MgJiAweGZmKSA8PCA4KSkNCiAgICAgwqDCoCNkZWZpbmUgwqDCoMKgwqDCoMKgwqBB Q0tfRldEIMKgwqDCoMKgwqDCoMKgwqAweDAwMDEwMDAwIMKgwqDCoMKgwqAvKiBmd2QgYWNr IHNlZW4gKi8NCiAgICAgwqDCoCNkZWZpbmUgwqDCoMKgwqDCoMKgwqBBQ0tfUkVWIMKgwqDC oMKgwqDCoMKgwqAweDAwMDIwMDAwIMKgwqDCoMKgwqAvKiByZXYgYWNrIHNlZW4gKi8NCiAg ICAgwqDCoCNkZWZpbmUgwqDCoMKgwqDCoMKgwqBBQ0tfQk9USCDCoMKgwqDCoMKgwqDCoChB Q0tfRldEIHwgQUNLX1JFVikNCg0KICAgIC0tIA0KICAgIFdCUiwgQW5kcmV5IFYuIEVsc3Vr b3YNCg0KICAgIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQoNCg== --------------Rq1g26V7jo6qrFVI1I9FqJGt Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit Hi Andrey,

With your patch applied I don't have the symptoms of 'hanging' tcp connections anymore.
Thanks for looking into it.

Regards,
Ronald.

 

Van: "Andrey V. Elsukov" <bu7cher@yandex.ru>
Datum: donderdag, 12 december 2024 09:53
Aan: freebsd-current@freebsd.org
Onderwerp: Re: (ipfw) Re: HELP! fetch: stuck forever OR error: RPC failed: curl 56 recv failure: Operation timed out

On 11.12.2024 16:25, Ronald Klop wrote:
> I did a bisect of commits and my finding is that commit 347dd053 on > 2024-11-29 is the cause.
>
> "tcp: add TH_AE capabilities to ppp and pf"
> https://github.com/freebsd/freebsd-src/commit/347dd0539f3a75fdf2128dd4620ca99e96f311e9
>
> The commit before (0fc7bdc978) works fine.
>
> I cc'ed the author of the commit.
> (for context: start of the thread is here: > https://lists.freebsd.org/archives/freebsd-current/2024-December/006778.html, it looks like the commit breaks a statefull ipfw firewall)

Hi,

thanks for bisecting. I think this patch should fix problem with statefull ipfw:

--- a/sys/netpfil/ipfw/ip_fw_dynamic.c
+++ b/sys/netpfil/ipfw/ip_fw_dynamic.c
@@ -927,7 +927,7 @@ print_dyn_rule_flags(const struct ipfw_flow_id *id, int dyn_type,
  #define        _SEQ_GE(a,b)    ((int)((a)-(b)) >= 0)
  #define        BOTH_SYN        (TH_SYN | (TH_SYN << 8))
  #define        BOTH_FIN        (TH_FIN | (TH_FIN << 8))
-#define        TCP_FLAGS       (TH_FLAGS | (TH_FLAGS << 8))
+#define        TCP_FLAGS       ((TH_FLAGS & 0xff) | ((TH_FLAGS & 0xff) << 8))
  #define        ACK_FWD         0x00010000      /* fwd ack seen */
  #define        ACK_REV         0x00020000      /* rev ack seen */
  #define        ACK_BOTH        (ACK_FWD | ACK_REV)

-- 
WBR, Andrey V. Elsukov

 

  --------------Rq1g26V7jo6qrFVI1I9FqJGt--