From owner-freebsd-net@FreeBSD.ORG Tue Aug 21 16:35:14 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7919D16A418 for ; Tue, 21 Aug 2007 16:35:14 +0000 (UTC) (envelope-from dhartmei@insomnia.benzedrine.cx) Received: from insomnia.benzedrine.cx (insomnia.benzedrine.cx [IPv6:2001:6f8:1098::2]) by mx1.freebsd.org (Postfix) with ESMTP id 626D313C474 for ; Tue, 21 Aug 2007 16:35:08 +0000 (UTC) (envelope-from dhartmei@insomnia.benzedrine.cx) Received: from insomnia.benzedrine.cx (localhost.benzedrine.cx [127.0.0.1]) by insomnia.benzedrine.cx (8.14.1/8.13.4) with ESMTP id l7LGZ5Xs021622 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO); Tue, 21 Aug 2007 18:35:05 +0200 (MEST) Received: (from dhartmei@localhost) by insomnia.benzedrine.cx (8.14.1/8.12.10/Submit) id l7LGZ5aR031035; Tue, 21 Aug 2007 18:35:05 +0200 (MEST) Date: Tue, 21 Aug 2007 18:35:05 +0200 From: Daniel Hartmeier To: Jacek Zapala Message-ID: <20070821163505.GA28667@insomnia.benzedrine.cx> References: <200708211010.l7LAA6V7082258@freefall.freebsd.org> <20070821121118.GF27160@insomnia.benzedrine.cx> <1187703472.22531.4.camel@localhost.localdomain> <20070821135048.GA32421@insomnia.benzedrine.cx> <1187705811.30269.5.camel@localhost.localdomain> <20070821143125.GB32421@insomnia.benzedrine.cx> <1187707117.846.3.camel@localhost.localdomain> <20070821145047.GC32421@insomnia.benzedrine.cx> <1187713068.3973.6.camel@localhost.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1187713068.3973.6.camel@localhost.localdomain> User-Agent: Mutt/1.5.12-2006-07-14 Cc: freebsd-net@freebsd.org Subject: Re: kern/115413: [ipv6] ipv6 pmtu not working X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Aug 2007 16:35:14 -0000 On Tue, Aug 21, 2007 at 06:17:48PM +0200, Jacek Zapala wrote: > I have applied the patch and it looks like it has helped. Great, thank you! > But I'm not sure if I understood well - you suspect that only 8 bytes of > tcp header are copied from the original tcp packet to the icmp message > by the router? No, the router is only required (by the RFCs) to quote the first 8 bytes of the TCP header. It may provide more. But pf can't rely on there being more (another router might legally only provide the minimum, and checking how many bytes there are would mean additional cost), so it only looks at the first 8 bytes. Before it can look at any header fields, it has to 'pull up' the bytes it wants to look at, making them adjacent in memory. It only does that for the first 8 bytes. The bug is/was that it then accessed th_flags, even though that field is beyond the first 8 bytes, and the result was that a random byte was used instead of the th_flags from the TCP header in the ICMP error. Hence, what pf perceived as th_flags randomly had TH_SYN set, which made pf not apply the window scaling factor in the sequence number check. The larger the window scaling factors, the higher the chance that failing to apply the factor will make the difference between allowing the packet and dropping it. I don't know why in your case 'random' means 'mostly/always TH_SYN set', but that might be due to your architecture, or mbuf memory layout. Who knows, that byte might contain a MAC address, and you happen to have a NIC with a specific MAC address byte ;) There's nothing wrong with the router, the bug is in pf. Let me know if anything changes, or when you're sure that the problem is resolved. Thanks for your help! Daniel