[Bug 229006] ipfw+nat and ng_nat Silently Drop Packets over 4k

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu Jun 14 00:02:31 UTC 2018 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229006

            Bug ID: 229006
           Summary: ipfw+nat and ng_nat Silently Drop Packets over 4k
           Product: Base System
           Version: 11.1-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs at FreeBSD.org
          Reporter: jeff+freebsd at wagsky.com

As discovered on 11.1-RELEASE-p9 and present on -p10, reassembled packets over
4k are silently dropped by in-kernel NAT.

Patch based on suggestion of Andrey V. Elsukov supplied.

Cause identified by Andrey V. Elsukov on the freebsd-net and freebsd-ipfw lists
on 2018-06-13 as being due to buffer allocation limits in the in-kernel
implementation of libalias.

"The kernel version of libalias uses m_megapullup() function to make
single contiguous buffer. m_megapullup() uses m_get2() function to
allocate mbuf of appropriate size. If size of packet greater than 4k it
will fail. So, if you use MTU greater than 4k or if after fragments
reassembly you get a packet with length greater than 4k, ipfw_nat()
function will drop this packet."

Additional communication on those lists by Andrey suggested a patch might
resolve this issue. The following is his code, I take no credit for it. Tested
and "works for me" on kernel sources from 11.1-RELEASE-p10 and GENERIC
kernconf.

/usr/src/sys/netinet/libalias]$ diff -u alias.c.orig alias.c
8<
--- alias.c.orig        2017-07-20 16:42:02.000000000 -0700
+++ alias.c     2018-06-13 15:41:46.862121000 -0700
@@ -1758,7 +1758,14 @@
        if (m->m_next == NULL && M_WRITABLE(m))
                return (m);

-       mcl = m_get2(len, M_NOWAIT, MT_DATA, M_PKTHDR);
+       if (len <= MJUMPAGESIZE)
+               mcl = m_get2(len, M_NOWAIT, MT_DATA, M_PKTHDR);
+       else if (len <= MJUM9BYTES)
+               mcl = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUM9BYTES);
+       else if (len <= MJUM16BYTES)
+               mcl = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUM16BYTES);
+       else
+               goto bad;
        if (mcl == NULL)
                goto bad;
        m_align(mcl, len);
>8

Additional details on the situation that highlighted this can be found at 
https://forums.freebsd.org/threads/in-kernel-nat-dropping-large-udp-return-packets.66262/

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list