From owner-freebsd-bugs@FreeBSD.ORG Sat Mar 1 10:10:07 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE2401065670 for ; Sat, 1 Mar 2008 10:10:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C8C8C8FC17 for ; Sat, 1 Mar 2008 10:10:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m21AA6VH053677 for ; Sat, 1 Mar 2008 10:10:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m21AA6N6053676; Sat, 1 Mar 2008 10:10:06 GMT (envelope-from gnats) Resent-Date: Sat, 1 Mar 2008 10:10:06 GMT Resent-Message-Id: <200803011010.m21AA6N6053676@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Vitezslav Novy Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D678F1065671 for ; Sat, 1 Mar 2008 10:05:03 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id C2A3C8FC18 for ; Sat, 1 Mar 2008 10:05:03 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m21A2AF8078075 for ; Sat, 1 Mar 2008 10:02:10 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.2/8.14.1/Submit) id m21A2ACM078074; Sat, 1 Mar 2008 10:02:10 GMT (envelope-from nobody) Message-Id: <200803011002.m21A2ACM078074@www.freebsd.org> Date: Sat, 1 Mar 2008 10:02:10 GMT From: Vitezslav Novy To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/121257: TSO + natd -> slow outgoing tcp traffic X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Mar 2008 10:10:07 -0000 >Number: 121257 >Category: kern >Synopsis: TSO + natd -> slow outgoing tcp traffic >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Mar 01 10:10:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Vitezslav Novy >Release: 7.0-RELEASE >Organization: >Environment: FreeBSD vn.chello.upc.cz 7.0-RELEASE FreeBSD 7.0-RELEASE #2: Fri Feb 29 21:37:33 CET 2008 rumik@vn.chello.upc.cz:/usr/obj/usr/src/sys/GENERIC i386 >Description: If TSO flag is set on interface and packets are diverted to natd by ipfw on same interface, tcp traffic going out through this interface is very slow. It's because tcp layer sends big packet with TSO flag set, packet is diverted by ipfw and tcp layer gets OK return value. Then packet is reinjected to ip stack by natd, but TSO flag is lost. Packet is dropped by ip_output and ERR return value is delivered to natd, which can do nothing with it. Because tcp layer has no info about problem, packet is resend after tcp retransmit timeout. retransmited packets are sent without TSO flag, so it is sent successfully. >How-To-Repeat: Just look at outgoing tcp traffic on interface with tso flag set and natd running on it. >Fix: Ad hoc: Disable TSO flag on interface OR if possible, change ipfw rules to not divert all traffic on interface OR in natd rc script clear tso flag on interface when natd is started on it OR in kernel during divert, reject packet with tso flag set. It gives tcp layer feedback and connection tso flag will be cleared. It's easy to make this change in ipfw code. Maybe packet diverted by divert rule should be rejected, and packet diverted by tee rule should be accepted (they are not reinjected to ip stack usually). >Release-Note: >Audit-Trail: >Unformatted: