Re: 12.2-STABLE: Commit 367740 breaks IMAP/SMTP server authentication
Hi - Michael Grimm wrote: > Well, now I am able to omit this commit, but I would love to know what is > going on, and why this commit may break 'authentication/certificate > exchange/what so ever' of IMAP and SMTP/submission clients running in a VNET > jail ... It just came to my mind, that I had had a strange issue with my setup almots three years ago: https://lists.freebsd.org/pipermail/freebsd-net/2018-January/049528.html /boot/loader.conf: # needs to become turned off (LRO) in order to restore tcp performance within VNET jails: hw.vtnet.lro_disable="1" hw.vtnet.tso_disable="1" That is FYI, only. I have no clue if that's related anyhow. Regards, Michael ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: 12.2-STABLE: Commit 367740 breaks IMAP/SMTP server authentication
Ronald Klop wrote: > On Sun, 22 Nov 2020 14:37:33 +0100, Michael Grimm wrote: >> P.S. How may I update a local svn copy and simultaneously omit commit 367740 >> from being applied, or how may I revert commit 367740, only? > > > From the top of my head you can do something like: > > Assuming your svn checkout is in /usr/src: > cd /usr/src > svn up > svn diff -c -367740 | patch > > This will get the reverse of commit 367740 (because of the -) and patch the > code with it. Thanks, someone else pointed me to: svn merge -c -367740 . Worked as expected. Well, now I am able to omit this commit, but I would love to know what is going on, and why this commit may break 'authentication/certificate exchange/what so ever' of IMAP and SMTP/submission clients running in a VNET jail ... With kind regards, Michael ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: 12.2-STABLE: Commit 367740 breaks IMAP/SMTP server authentication
On Sun, 22 Nov 2020 14:37:33 +0100, Michael Grimm wrote: Hi, I am running 12.2-STABLE and VNET jails, one of which host a recent Dovecot IMAP and a recent postfix SMTP server. Authentication is forced via TLS/SSL for both services (ports 587 and 993). Setup is as follows: extIF0/pf/NAT <—> epairXa (bridge0) epairXb <-> jail A recent upgrade broke mailing of IMAP clients running at macOS 10.14.6 (Mojave) und AVM's push service (Fritzbox), but *not* for IMAP clients running at macOS 10.15.7 (Catalina). Strange. Findings at macOS 10.14.6 (examplified for IMAP): 1) mac$ nc -4vw 1 mail.xyz.zzz 993 found 0 associations found 1 connections: 1: flags=82 outif en0 src 1.2.3.4 port 49583 dst 11.22.33.44 port 993 rank info not available TCP aux info available Connection to mail.xyz.zzz port 993 [tcp/imaps] succeeded! 2) mac$ openssl s_client -crlf -connect mail.xyz.zzz:993 -debug CONNECTED(0005) write to 0x7fa32ef01ae0 [0x7fa33080a803] (200 bytes => 200 (0xC8)) - 16 03 01 00 c3 01 00 00-bf 03 03 32 f7 fe fa b4 ...2 0010 - e8 9a 60 38 ef 34 99 70-84 ce dc 1a 08 b8 76 90 ..`8.4.p……v. 0020 - 19 8c 81 f4 a6 37 19 37-09 70 6f 00 00 60 c0 30 .7.7.po..`.0 0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 9f 00 6b 00 39 .,.(.$...k.9 0040 - cc a9 cc a8 cc aa ff 85-00 c4 00 88 00 81 00 9d …. 0050 - 00 3d 00 35 00 c0 00 84-c0 2f c0 2b c0 27 c0 23 .=.5./.+.'.# 0060 - c0 13 c0 09 00 9e 00 67-00 33 00 be 00 45 00 9c ...g.3...E.. 0070 - 00 3c 00 2f 00 ba 00 41-c0 11 c0 07 00 05 00 04 .<./...A…….. 0080 - c0 12 c0 08 00 16 00 0a-00 15 00 09 00 ff 01 00 …. 0090 - 00 36 00 0b 00 02 01 00-00 0a 00 08 00 06 00 1d .6.. 00a0 - 00 17 00 18 00 23 00 00-00 0d 00 1c 00 1a 06 01 .#………. 00b0 - 06 03 ef ef 05 01 05 03-04 01 04 03 ee ee ed ed …. 00c0 - 03 01 03 03 02 01 02 03- hanging at that stage forever (and client complaining of its inability to authenticate and reports timeout after 60 seconds) I did identify commit 367740 being responsible for that: mike>svn up -r 367740 Updating '.': Usys/netinet/ip_fastfwd.c Usys/netinet/ip_input.c Usys/netinet/ip_var.h U . Updated to revision 367740. Any Ideas, especially why clients at different OS behave different? FYI: I do have no access to AVM's push service, and very limited access to the macOS 10.14.6 computer. Thanks in advance and with kind regards, Michael P.S. How may I update a local svn copy and simultaneously omit commit 367740 from being applied, or how may I revert commit 367740, only? From the top of my head you can do something like: Assuming your svn checkout is in /usr/src: cd /usr/src svn up svn diff -c -367740 | patch This will get the reverse of commit 367740 (because of the -) and patch the code with it. Regards, Ronald. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
12.2-STABLE: Commit 367740 breaks IMAP/SMTP server authentication
Hi, I am running 12.2-STABLE and VNET jails, one of which host a recent Dovecot IMAP and a recent postfix SMTP server. Authentication is forced via TLS/SSL for both services (ports 587 and 993). Setup is as follows: extIF0/pf/NAT <—> epairXa (bridge0) epairXb <-> jail A recent upgrade broke mailing of IMAP clients running at macOS 10.14.6 (Mojave) und AVM's push service (Fritzbox), but *not* for IMAP clients running at macOS 10.15.7 (Catalina). Strange. Findings at macOS 10.14.6 (examplified for IMAP): 1) mac$ nc -4vw 1 mail.xyz.zzz 993 found 0 associations found 1 connections: 1: flags=82 outif en0 src 1.2.3.4 port 49583 dst 11.22.33.44 port 993 rank info not available TCP aux info available Connection to mail.xyz.zzz port 993 [tcp/imaps] succeeded! 2) mac$ openssl s_client -crlf -connect mail.xyz.zzz:993 -debug CONNECTED(0005) write to 0x7fa32ef01ae0 [0x7fa33080a803] (200 bytes => 200 (0xC8)) - 16 03 01 00 c3 01 00 00-bf 03 03 32 f7 fe fa b4 ...2 0010 - e8 9a 60 38 ef 34 99 70-84 ce dc 1a 08 b8 76 90 ..`8.4.p……v. 0020 - 19 8c 81 f4 a6 37 19 37-09 70 6f 00 00 60 c0 30 .7.7.po..`.0 0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 9f 00 6b 00 39 .,.(.$...k.9 0040 - cc a9 cc a8 cc aa ff 85-00 c4 00 88 00 81 00 9d …. 0050 - 00 3d 00 35 00 c0 00 84-c0 2f c0 2b c0 27 c0 23 .=.5./.+.'.# 0060 - c0 13 c0 09 00 9e 00 67-00 33 00 be 00 45 00 9c ...g.3...E.. 0070 - 00 3c 00 2f 00 ba 00 41-c0 11 c0 07 00 05 00 04 .<./...A…….. 0080 - c0 12 c0 08 00 16 00 0a-00 15 00 09 00 ff 01 00 …. 0090 - 00 36 00 0b 00 02 01 00-00 0a 00 08 00 06 00 1d .6.. 00a0 - 00 17 00 18 00 23 00 00-00 0d 00 1c 00 1a 06 01 .#………. 00b0 - 06 03 ef ef 05 01 05 03-04 01 04 03 ee ee ed ed …. 00c0 - 03 01 03 03 02 01 02 03- hanging at that stage forever (and client complaining of its inability to authenticate and reports timeout after 60 seconds) I did identify commit 367740 being responsible for that: mike> svn up -r 367740 Updating '.': Usys/netinet/ip_fastfwd.c Usys/netinet/ip_input.c Usys/netinet/ip_var.h U . Updated to revision 367740. Any Ideas, especially why clients at different OS behave different? FYI: I do have no access to AVM's push service, and very limited access to the macOS 10.14.6 computer. Thanks in advance and with kind regards, Michael P.S. How may I update a local svn copy and simultaneously omit commit 367740 from being applied, or how may I revert commit 367740, only? ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
