Discussion:
[Bug 254675] ICMP Unreach needfrag is broken in 13.0-RC4
b***@freebsd.org
2021-03-31 11:18:09 UTC
Permalink
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254675

Aleksandr Fedorov <***@FreeBSD.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |***@FreeBSD.org,
| |***@FreeBSD.org
--
You are receiving this mail because:
You are on the CC list for the bug.
b***@freebsd.org
2021-03-31 13:05:23 UTC
Permalink
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254675

--- Comment #1 from Aleksandr Fedorov <***@FreeBSD.org> ---
This is very funny:

***@GW_13RC4:~ # tcpdump -i lo0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo0, link-type NULL (BSD loopback), capture size 262144 bytes
15:32:30.655851 IP localhost > <GW_13RC4 public IP>: ICMP <remote public host>
unreachable - need to frag (mtu 1500), length 576
15:32:30.693492 IP localhost > <GW_13RC4 public IP>: ICMP <remote public host>
unreachable - need to frag (mtu 1500), length 576
15:32:30.713231 IP localhost > <GW_13RC4 public IP>: ICMP <remote public host>
unreachable - need to frag (mtu 1500), length 576

So, ICMP packets were sent, but from localhost to localhost.

It seems that the 12.2-RELEASE checks the packet size before NAT, but the
13-RC4 after.
--
You are receiving this mail because:
You are on the CC list for the bug.
b***@freebsd.org
2021-03-31 20:04:41 UTC
Permalink
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254675

Marek Zarychta <***@plan-b.pwste.edu.pl> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |***@plan-b.pwste.edu.
| |pl

--- Comment #2 from Marek Zarychta <***@plan-b.pwste.edu.pl> ---
It looks like PF's behaviour has changed with regard to loopback interfaces.
Could this observation[1] be relevant to the breakage reported in this PR?

[1] https://lists.freebsd.org/pipermail/freebsd-pf/2021-February/009390.html
--
You are receiving this mail because:
You are on the CC list for the bug.
b***@freebsd.org
2021-03-31 20:35:44 UTC
Permalink
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254675

--- Comment #3 from Alexander V. Chernikov <***@FreeBSD.org> ---
For the context, we have switched fastforwarding on by default:
https://cgit.freebsd.org/src/commit/?id=8ad114c082a159c0dde95aa35d2e3e108aa30a75

In 12.2 the codepath was ip_input() -> ip_forward() -> ip_output(), where
ip_forward() created mbuf copy for the purposes of generating various ICMP
messages.

Fastforward code currently don't do this for performance reasons, except for
the redirect usecase.

As a result, we use (possibly altered) packet to generate the redirect.
--
You are receiving this mail because:
You are on the CC list for the bug.
b***@freebsd.org
2021-03-31 21:03:02 UTC
Permalink
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254675

Alexander V. Chernikov <***@FreeBSD.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Assignee|***@FreeBSD.org |***@FreeBSD.org
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Loading...