From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dave.taht@gmail.com>
Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com
	[IPv6:2607:f8b0:4003:c01::231])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority G2" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id A4CB721F640
	for <cerowrt-devel@lists.bufferbloat.net>;
	Fri,  9 Jan 2015 13:34:50 -0800 (PST)
Received: by mail-ob0-f177.google.com with SMTP id va2so14734070obc.8
	for <cerowrt-devel@lists.bufferbloat.net>;
	Fri, 09 Jan 2015 13:34:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	bh=BnKioZ0HVxvAW+G/5YrhfUftanaKvha36SqRp3iS/ig=;
	b=qoJ0GneQiMNspsXK8RSBIPw2Ytfz+UPFChryceI1JF6uqtBYvkSSNV15kyjMyvO27C
	kA91neqZpNUi6Vl/+1PD1tdsiAlYb56Qg6jtLIdNtQzU9JQfHqhlbomFXNEPiEpvG5aV
	yI47cS4jDsi8Lw2auKgPqy38nOhura1k+jZzmug7xY/1j9R9GUIFEdKOk/+LjZscMlWr
	ISx8jqZ7F2epxFS09uM0IiDmZ98Hh1eoQhAfBzdfwS3SZ8FIbfa/UTiZsqOkkgOjh3Y2
	j1SUn14BD4an4B5HIKhs9jmgsqZ+EWkgmSg2UERYXKFrfvZXFqGIEyHXD4lfxXiZ9L3K
	J5/A==
MIME-Version: 1.0
X-Received: by 10.182.50.225 with SMTP id f1mr1142038obo.45.1420839289286;
	Fri, 09 Jan 2015 13:34:49 -0800 (PST)
Received: by 10.202.51.66 with HTTP; Fri, 9 Jan 2015 13:34:49 -0800 (PST)
In-Reply-To: <54B006AA.5060503@thekelleys.org.uk>
References: <CAGhGL2BeuvR4bNqWbTF5FfNnwW0LC28-z_MJsCQLpb8izHK2oA@mail.gmail.com>
	<CAA93jw6ukYcBSEdubFbqoT20MdLLdXHZUbU6Hq+gLWNCaCTY6Q@mail.gmail.com>
	<CAA93jw4D790r=UD0uKjfWZ2vDGO6u+dQG0GdYXbPXrTeiZWxYw@mail.gmail.com>
	<CAA93jw6+sfWqiLc3LgyNufRixUz_f9TCSpxf+aGoLo0cq-PZWw@mail.gmail.com>
	<535EACCB.7090104@thekelleys.org.uk>
	<20140428232459.GA55372@redoubt.spodhuis.org>
	<535FA793.8020502@thekelleys.org.uk> <542E6C43.9030002@mit.edu>
	<alpine.DEB.2.10.1410041743400.37760@buzzword-bingo.mit.edu>
	<54AEB183.7050000@thekelleys.org.uk>
	<CAA93jw76qUbcV8XVUzPnosqQ+HuSXGSaR2Cg8303Ahn-NocWFg@mail.gmail.com>
	<54AEC775.7070101@thekelleys.org.uk>
	<CAA93jw7wyGGhE6kQYe8E9Mia6vk1FJXmkfUvYWP0eRoMs2jpUw@mail.gmail.com>
	<CAA93jw6QvqRruhrFgzh9djXywwRwEBN-N4dA+e2_f4E9EoCC8Q@mail.gmail.com>
	<54B006AA.5060503@thekelleys.org.uk>
Date: Fri, 9 Jan 2015 13:34:49 -0800
Message-ID: <CAA93jw6GVYS=DrkG4V9qBA1-QtxwasgzO45jBuKabt5DdQF_0w@mail.gmail.com>
From: Dave Taht <dave.taht@gmail.com>
To: Simon Kelley <simon@thekelleys.org.uk>
Content-Type: text/plain; charset=UTF-8
Cc: dnsmasq-discuss <dnsmasq-discuss@thekelleys.org.uk>,
	"cerowrt-devel@lists.bufferbloat.net"
	<cerowrt-devel@lists.bufferbloat.net>, Anders Kaseorg <andersk@mit.edu>
Subject: Re: [Cerowrt-devel] Problems with DNSsec on Comcast,
 with Cero 3.10.38-1/DNSmasq 4-26-2014
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Fri, 09 Jan 2015 21:35:18 -0000

I strongly suspect an ipv6 fragmentation handling bug in the kernel
version cerowrt uses. Have tons of evidence pointing to that now,
starting with some tests run last year from iwl and also the tests
that netalyzer was doing. And: I just locked up the box completely
while doing some dnssec stuff.

will go through kernel git logs and see what has happened there since 3.10.50.

Turning on the edns-packet-max feature now, however, as I lack time to
poke into this in more detail, and we're supposed to be testing dnssec
as it is....