Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 1 Mar 2008 10:02:10 GMT
From:      Vitezslav Novy <vnovy@vnovy.net>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/121257: TSO + natd  -> slow outgoing tcp traffic
Message-ID:  <200803011002.m21A2ACM078074@www.freebsd.org>
Resent-Message-ID: <200803011010.m21AA6N6053676@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         121257
>Category:       kern
>Synopsis:       TSO + natd  -> slow outgoing tcp traffic
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 01 10:10:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Vitezslav Novy
>Release:        7.0-RELEASE
>Organization:
>Environment:
FreeBSD vn.chello.upc.cz 7.0-RELEASE FreeBSD 7.0-RELEASE #2: Fri Feb 29 21:37:33 CET 2008     rumik@vn.chello.upc.cz:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
If TSO flag is set on interface and packets are diverted to natd by ipfw on 
same interface, tcp traffic going out through this interface is very slow.

It's because tcp layer sends big packet with  TSO flag set, packet is       
diverted by ipfw and tcp layer gets OK return value.

Then packet is reinjected to ip stack by natd, but TSO flag is lost. Packet 
is dropped by ip_output and ERR return value is delivered to natd, which can 
do nothing with it.

Because tcp layer has no info about problem, packet is resend after tcp     
retransmit timeout. retransmited packets are sent without TSO flag, so it is 
sent successfully.
>How-To-Repeat:
Just look at outgoing tcp traffic on interface with tso flag set and natd   
running on it.
>Fix:
Ad hoc:
Disable TSO flag on interface OR
if possible, change ipfw rules to not divert all traffic on interface

OR

in natd rc script
clear tso flag on interface when natd is started on it

OR
 
in kernel
during divert, reject packet with tso flag set. It gives tcp layer feedback 
and connection tso flag will be cleared.
It's easy to make this change in ipfw code. Maybe packet diverted by divert 
rule should be rejected, and packet diverted by tee rule should be accepted 
(they are not reinjected to ip stack usually).

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803011002.m21A2ACM078074>