gif(4) MTU problem

Dima Veselov kab00m at lich.phys.spbu.ru
Mon Oct 9 15:15:07 UTC 2017 

Greetings!

Am here today to share a problem I can't solve by myself.
For some reason connections which have 1240(1284) bytes packets are
dropped between gif and real (igb) interfaces.

The configuration is the following (and it was working before):

    A net
172.22.22.0/24
      |
172.22.22.1 (igb1)
    FreeBSD host (with pf)
172.22.22.2 (gif0)
IPSEC transport mode
External IP (igb0)
      |
  Internet
      |
External IP (vlan1122)
IPSEC transport mode
172.20.27.10 (gif0)
   NetBSD host (with ipf)
172.20.27.10 (vlan27)
       |
     B net
172.20.0.0/16

When host in A try to reach host in B - it freeze and cannot connect.
tcpdump says that TCP connection begin and stall when B try to reply
with packets of 1240 bytes size. Most of interesting part of the story
is that 1240-byte response can be seen from B to gif0 of FreeBSD host, 
it does not go out on igb1, i.e. on very last piece of direct cable.

17:22:50.109790 AF IPv4 (2), length 224: 172.20.24.187.22 > 172.22.22.60.4219: Flags [P.], seq 1484:1664, ack 645, win 30016, length 180
17:22:50.110272 AF IPv4 (2), length 56: 172.22.22.60.4219 > 172.20.24.187.22: Flags [.], ack 24, win 65512, options [nop,nop,sack 1 {1484:1664}], length 0
17:22:50.320582 AF IPv4 (2), length 1284: 172.20.24.187.22 > 172.22.22.60.4219: Flags [.], seq 24:1264, ack 645, win 30016, length 1240
17:22:50.743342 AF IPv4 (2), length 1284: 172.20.24.187.22 > 172.22.22.60.4219: Flags [.], seq 24:1264, ack 645, win 30016, length 1240
17:22:51.589444 AF IPv4 (2), length 1284: 172.20.24.187.22 > 172.22.22.60.4219: Flags [.], seq 24:1264, ack 645, win 30016, length 1240
17:22:53.281611 AF IPv4 (2), length 1284: 172.20.24.187.22 > 172.22.22.60.4219: Flags [.], seq 24:1264, ack 645, win 30016, length 1240
17:22:56.661635 AF IPv4 (2), length 1284: 172.20.24.187.22 > 172.22.22.60.4219: Flags [.], seq 24:1264, ack 645, win 30016, length 1240
17:23:03.430137 AF IPv4 (2), length 1284: 172.20.24.187.22 > 172.22.22.60.4219: Flags [.], seq 24:1264, ack 645, win 30016, length 1240

B will retry its 1240-byte packet until issuing reset.

Even more - when A try to reach B once again - connection
establishing and work well until closure, but most big packet 
will be not more than 1170.

Both gif mtu are set to 1280 bytes, real interfaces are 1500.

pf has "scrub in all" statement, however i tried with or without it.

All other cases like B to A or A to NetBSD or B to FreeBSD work well.
Also this servers have other similar gif interfaces and they 
all work well.

Also I don't know why - but both FreeBSD and NetBSD can't set mtu 
for gif interface lower than 1280 despite of man page telling 
it should be possible.

I totally lost about this problem and would love to get some help.

Thanks in advance.

-- 
Sincerely yours

More information about the freebsd-questions mailing list