[Bug 239749] Issues path MTU discovery on IPv6 and SSH.

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239749

--- Comment #1 from Niclas Zeising <zeising at FreeBSD.org> ---
So, I did some more digging, and I think my initial conclusions weren't
entirely correct.

I set up the following mini network, with a client on one subnet, and a server
on another, and a router in between running PF.  All machines are running
FreeBSD 12.0.


|server| ---- <MTU 1280> ---- |router| ---- <MTU 1500> ---- |client|

server IP: 2001:db8:ffff:ff00::2
client IP: 2001:db8:ffff:ff10::2

I then try two connections to the server:
One with ssh, running ssh on the client to connect to sshd on the server.
One using netcat:
nc command on server: nc -6 -l 1234
nc command on client: cat /usr/share/examples/IPv6/USAGE | nc -6 ip-of-server
Between the ssh and nc invocations, I wipe the TCP host cache using
sysctl net.inet.tcp.hostcache.purgenow=1


I run the above tests with three different router configurations.
First, I use the ruleset modulate.pf.conf, which uses modulate state for state
tracking of TCP connections.
Second, I use the ruleset keep.pf.conf, which uses keep state for state
tracking.
Third, I disable PF completely.


In the first case, using modulate state, the ssh connection stalls, and it
looks like the path mtu discovery fails.  The nc connection works though.
In the second and third case, things work as normal.

I am guessing that 'modulate state' somehow screws up path MTU discovery, so
that the ptb packet sent by the router isn't recognized by the client, but this
is just a guess.


I've attached the two different PF rule sets used, as well as /etc/rc.conf from
the router, and pcap traffic dumps from all three runs.

-- 
You are receiving this mail because:
You are the assignee for the bug.