[Bug 225536] ipfw tcp-setmss doesn't seems to work

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Jan 29 15:39:33 UTC 2018 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225536

            Bug ID: 225536
           Summary: ipfw tcp-setmss doesn't seems to work
           Product: Base System
           Version: 11.1-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: manu at freebsd.org

Hello,

I'm trying to rewrite the mss option on one of my gateway.
I have two interfaces (each one is a lagg to a ix VF), both are in fib 1,
traffic is natted from lagg1 to lagg0.

ifconfig output :
ixv0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu
1500
       
options=405bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,LRO,VLAN_HWTSO>
        ether 00:16:3e:22:ac:63
        hwaddr 00:16:3e:22:ac:63
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: active
ixv1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu
1500
       
options=405bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,LRO,VLAN_HWTSO>
        ether 00:16:3e:22:ac:63
        hwaddr 00:16:3e:fd:31:cb
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: active
ixv2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu
9000
       
options=405bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,LRO,VLAN_HWTSO>
        ether 00:16:3e:26:17:b5
        hwaddr 00:16:3e:26:17:b5
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: active
ixv3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu
9000
       
options=405bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,LRO,VLAN_HWTSO>
        ether 00:16:3e:26:17:b5
        hwaddr 00:16:3e:3a:73:21
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 
        inet 127.0.0.1 netmask 0xff000000 
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo 
lagg0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu
1500
       
options=405bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,LRO,VLAN_HWTSO>
        ether 00:16:3e:22:ac:63
        inet XXX.XXX.XXX.XXX netmask 0xffffff80 broadcast 155.133.140.127 
        inet XXX.XXX.XXX.XXX netmask 0xffffffff broadcast 155.133.142.65 
        nd6 options=2b<PERFORMNUD,ACCEPT_RTADV,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: active
        fib: 1
        groups: lagg 
        laggproto failover lagghash l2,l3,l4
        laggport: ixv0 flags=5<MASTER,ACTIVE>
        laggport: ixv1 flags=0<>
lagg1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu
9000
       
options=405bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,LRO,VLAN_HWTSO>
        ether 00:16:3e:26:17:b5
        inet 172.23.0.253 netmask 0xffff8000 broadcast 172.23.127.255 
        inet 172.23.0.254 netmask 0xffff0000 broadcast 172.23.255.255 
        nd6 options=2b<PERFORMNUD,ACCEPT_RTADV,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: active
        fib: 1
        groups: lagg 
        laggproto failover lagghash l2,l3,l4
        laggport: ixv2 flags=5<MASTER,ACTIVE>
        laggport: ixv3 flags=0<>

ipfw rules :
ipfw pipe 1 config bw 2000Mbit/s
ipfw pipe 2 config bw 2000Mbit/s
ipfw queue 1 config pipe 1 mask src-ip 0xffffffff
ipfw queue 2 config pipe 2 mask dst-ip 0xffffffff

# Setup tables
ipfw table blacklist create type addr
ipfw table nonat create type addr
ipfw table nonat add XXX.XXX.XXX.XXX/24
ipfw table nat create type addr
ipfw table nat add 172.23.0.0/17

# Setup rules
ipfw add 00100 allow ip from any to any via lo0
ipfw add 00200 deny ip from any to 127.0.0.0/8
ipfw add 00201 deny ip from 127.0.0.0/8 to any
ipfw add 00202 deny ip from 'table(blacklist)' to any
ipfw add 00203 deny ip from any to 'table(blacklist)'
ipfw add 00500 queue 1 ip from any to any xmit lagg1 out
ipfw add 00501 queue 2 ip from any to any recv lagg1 in
ipfw add 02100 nat 123 ip from any to not 'table(nonat)' fib 1
ipfw add 64999 allow ip from any to any fib 1
ipfw add 65000 allow ip from any to any fib 0
ipfw add 65535 deny ip from any to any

ipfw nat 123 config ip XXX.XXX.XXX.XXX log reset

All the configuration above works correctly.

If I add :
ipfw add 02005 tcp-setmss 1460 tcp from any to any fib 1

I can see that the rule is hit but the mss isn't updated :

This is from lagg1 so I guess it's normal that the mss isn't rewritten at this
point :
15:17:34.928408 IP 172.23.6.163.58048 > 83.166.144.237.http: Flags [S], seq
1940485466, win 26880, options [mss 8960,sackOK,TS val 414737643 ecr
0,nop,wscale 9], length 0

>From lagg0:
15:17:34.929409 IP XXX.XXX.XXX.XXX.53942 > 83.166.144.237.http: Flags [S], seq
1940485466, win 26880, options [mss 8960,sackOK,TS val 414737643 ecr
0,nop,wscale 9], length 0

Is there something I miss ?

Thanks

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list