[Bug 254675] ICMP Unreach needfrag is broken in 13.0-RC4
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Mar 31 11:17:06 UTC 2021
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254675
Bug ID: 254675
Summary: ICMP Unreach needfrag is broken in 13.0-RC4
Product: Base System
Version: 13.0-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: afedorov at FreeBSD.org
Hello.
I have the following setup with two VM's:
<public net> --- [ FreeBSD 13.0 RC4 GW_VM + NAT ] --- <private net> --- [Linux
VM]
GW_VM:
Interfaces:
vtnet1 <public ip>
vtnet2 192.168.1.1/24
net.inet.ip.forwarding=1
NAT pf.conf:
nat on vtnet1 from 192.168.1.0/24 to any -> vtnet1
Linux VM:
enp0s2 192.168.1
When I'm trying iperf3 from Linux VM to public host:
[ 4] local 192.168.1.4 port 49412 connected to <PUBLIC_HOST> port 5201
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 4] 0.00-1.01 sec 263 KBytes 2.14 Mbits/sec 45 5.66 KBytes
[ 4] 1.01-2.00 sec 156 KBytes 1.28 Mbits/sec 32 5.66 KBytes
[ 4] 2.00-3.00 sec 156 KBytes 1.27 Mbits/sec 26 5.66 KBytes
The low upload speed is predictable due to virtio-net offload are enabled.
But what I did not expect was the absence of the needfrag ICMP packet.
I setup 12.2 RELEASE with same configuration, and
root at edge-12:~ # tcpdump -i vtnet2 proto ICMP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vtnet2, link-type EN10MB (Ethernet), capture size 262144 bytes
14:07:09.803538 IP 192.168.1.1 > 192.168.1.4: ICMP 10.78.28.17 unreachable -
need to frag (mtu 1500), length 176
14:07:09.803581 IP 192.168.1.1 > 192.168.1.4: ICMP 10.78.28.17 unreachable -
need to frag (mtu 1500), length 176
14:07:09.803605 IP 192.168.1.1 > 192.168.1.4: ICMP 10.78.28.17 unreachable -
need to frag (mtu 1500), length 176
14:07:09.806829 IP 192.168.1.1 > 192.168.1.4: ICMP 10.78.28.17 unreachable -
need to frag (mtu 1500), length 176
14:07:09.806856 IP 192.168.1.1 > 192.168.1.4: ICMP 10.78.28.17 unreachable -
need to frag (mtu 1500), length 176
14:07:09.810143 IP 192.168.1.1 > 192.168.1.4: ICMP 10.78.28.17 unreachable -
need to frag (mtu 1500), length 176
14:07:09.810172 IP 192.168.1.1 > 192.168.1.4: ICMP 10.78.28.17 unreachable -
need to frag (mtu 1500), length 176
Using the following DTrace script: dtrace -n 'fbt:kernel:icmp_error:entry {
stack(); printf("type: %d code: %d", arg1, arg2);}'
12.2-RELEASE work as expected: ip_forward() call ip_output() which return
EMSGSIZE -> generate ICMP unreach needsfrag.
0 53981 icmp_error:entry
kernel`ip_forward+0x5c4
kernel`ip_input+0x7a7
kernel`netisr_dispatch_src+0xca
kernel`ether_demux+0x138
kernel`ether_nh_input+0x33b
kernel`netisr_dispatch_src+0xca
kernel`ether_input+0x4b
kernel`vtnet_rxq_eof+0x7a5
kernel`vtnet_rx_vq_process+0xb7
kernel`ithread_loop+0x23c
kernel`fork_exit+0x7e
kernel`0xffffffff81067f6e
type: 3 code: 4
0 53981 icmp_error:entry
kernel`ip_forward+0x5c4
kernel`ip_input+0x7a7
kernel`netisr_dispatch_src+0xca
kernel`ether_demux+0x138
kernel`ether_nh_input+0x33b
kernel`netisr_dispatch_src+0xca
kernel`ether_input+0x4b
kernel`vtnet_rxq_eof+0x7a5
kernel`vtnet_rx_vq_process+0xb7
kernel`ithread_loop+0x23c
kernel`fork_exit+0x7e
kernel`0xffffffff81067f6e
type: 3 code: 4
13-RC4:
0 54326 icmp_error:entry
kernel`ip_tryforward+0x730
kernel`ip_input+0x356
kernel`netisr_dispatch_src+0xca
kernel`ether_demux+0x148
kernel`ether_nh_input+0x34c
kernel`netisr_dispatch_src+0xca
kernel`ether_input+0x69
kernel`vtnet_rxq_eof+0x7d4
kernel`vtnet_rx_vq_process+0xb7
kernel`ithread_loop+0x24d
kernel`fork_exit+0x7e
kernel`0xffffffff810625ae
type: 3 code: 4
1 54326 icmp_error:entry
kernel`ip_forward+0x9c
kernel`ip_input+0x6cc
kernel`swi_net+0x12b
kernel`ithread_loop+0x24d
kernel`fork_exit+0x7e
kernel`0xffffffff810625ae
type: 3 code: 1
So, As I understand ip_tryforward() trying to generate ICMP needsfrag, but
after that generated ICMP ICMP_UNREACH_HOST.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list