kern/121257: TSO + natd -> slow outgoing tcp traffic
Vitezslav Novy
vnovy at vnovy.net
Sat Mar 1 10:10:07 UTC 2008
>Number: 121257
>Category: kern
>Synopsis: TSO + natd -> slow outgoing tcp traffic
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Mar 01 10:10:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Vitezslav Novy
>Release: 7.0-RELEASE
>Organization:
>Environment:
FreeBSD vn.chello.upc.cz 7.0-RELEASE FreeBSD 7.0-RELEASE #2: Fri Feb 29 21:37:33 CET 2008 rumik at vn.chello.upc.cz:/usr/obj/usr/src/sys/GENERIC i386
>Description:
If TSO flag is set on interface and packets are diverted to natd by ipfw on
same interface, tcp traffic going out through this interface is very slow.
It's because tcp layer sends big packet with TSO flag set, packet is
diverted by ipfw and tcp layer gets OK return value.
Then packet is reinjected to ip stack by natd, but TSO flag is lost. Packet
is dropped by ip_output and ERR return value is delivered to natd, which can
do nothing with it.
Because tcp layer has no info about problem, packet is resend after tcp
retransmit timeout. retransmited packets are sent without TSO flag, so it is
sent successfully.
>How-To-Repeat:
Just look at outgoing tcp traffic on interface with tso flag set and natd
running on it.
>Fix:
Ad hoc:
Disable TSO flag on interface OR
if possible, change ipfw rules to not divert all traffic on interface
OR
in natd rc script
clear tso flag on interface when natd is started on it
OR
in kernel
during divert, reject packet with tso flag set. It gives tcp layer feedback
and connection tso flag will be cleared.
It's easy to make this change in ipfw code. Maybe packet diverted by divert
rule should be rejected, and packet diverted by tee rule should be accepted
(they are not reinjected to ip stack usually).
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list