From owner-freebsd-bugs@FreeBSD.ORG Fri Oct 12 19:10:01 2012 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EBC44680 for ; Fri, 12 Oct 2012 19:10:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [8.8.178.135]) by mx1.freebsd.org (Postfix) with ESMTP id C1D9C8FC0C for ; Fri, 12 Oct 2012 19:10:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q9CJA0JE040784 for ; Fri, 12 Oct 2012 19:10:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q9CJA0Oh040783; Fri, 12 Oct 2012 19:10:00 GMT (envelope-from gnats) Resent-Date: Fri, 12 Oct 2012 19:10:00 GMT Resent-Message-Id: <201210121910.q9CJA0Oh040783@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Mark Martinec Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9BAB1677 for ; Fri, 12 Oct 2012 19:08:59 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 6BB248FC0A for ; Fri, 12 Oct 2012 19:08:59 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.5/8.14.5) with ESMTP id q9CJ8xfk065045 for ; Fri, 12 Oct 2012 19:08:59 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.5/8.14.5/Submit) id q9CJ8wUF065044; Fri, 12 Oct 2012 19:08:58 GMT (envelope-from nobody) Message-Id: <201210121908.q9CJ8wUF065044@red.freebsd.org> Date: Fri, 12 Oct 2012 19:08:58 GMT From: Mark Martinec To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: misc/172648: pf(4): 'scrub reassemble tcp' breaks IPv6 packet checksum on SYN ACK X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Oct 2012 19:10:01 -0000 >Number: 172648 >Category: misc >Synopsis: pf(4): 'scrub reassemble tcp' breaks IPv6 packet checksum on SYN ACK >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Oct 12 19:10:00 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Mark Martinec >Release: 9.1-PRERELEASE (i.e. 9.1-RC2) >Organization: Jozef Stefan Institute, Ljubljana >Environment: FreeBSD neli.ijs.si 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #0: Fri Oct 12 18:10:04 CEST 2012 mark@neli.ijs.si:/usr/obj/usr/src/sys/NELI amd64 >Description: When pf (packet filter) is enabled and configured with 'scrub reassemble tcp', IPv6 TCP connections take 9 seconds to establish. Packet capture shows checksum errors on SYN ACK packets but not on other packets. A TCP connection establishment (SYN) on IPv6 is (re-)tried four times, with a 3 second delay between each attempt, while the TCP options are being simplified each time by the kernel (dropping ECN, CWR, window scaling, and dropping a timestamp options). Only the fourth attempt is successful, with no other options but SACK, and this TCP session then proceeds normally. Disabling 'scrub reassemble tcp' in the pf avoids the problem. Similarly, turning off net.inet.tcp.rfc1323 on either end also avoids the problem, even with 'reassemble tcp' enabled. The problem does not occur on IPv4 sessions, only on IPv6. The problem is not associated with interface checksum offloading, it is repeatable on gif, em, and re interfaces. Also a packet capture (wireshark) shows packet checksum errors on SYN ACK packets (but not on the SYN packet) in the first couple of failed attempts, and no checksum errors on other packets (e.g. after a successfully established session). My guess is that the TCP timestamp option triggers a pf bug, which then miscalculates a packet checksum on SYN ACK. >How-To-Repeat: Use the following trivial pf config file: scrub all reassemble tcp pass all Then try to establish any TCP session to any IPv6 address. Any client will do (telnet, ssh, curl, web browser). Try for example: curl -6 -L http://tools.ietf.org/rfc/rfc3021.txt | wc -l The connection will 'hang' for 9 seconds (until a sufficiently dumbed-down SYN options are tried), then it proceeds normally. >Fix: No known fix. Two workarounds: - don't use 'scrub reassemble tcp' in PF, or disable PF - sysctl net.inet.tcp.rfc1323=0 >Release-Note: >Audit-Trail: >Unformatted: