From nobody Tue Nov 16 07:15:31 2021
X-Original-To: stable@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id F136718909F1
	for <stable@mlmmj.nyi.freebsd.org>; Tue, 16 Nov 2021 07:15:50 +0000 (UTC)
	(envelope-from graham@menhennitt.com.au)
Received: from bumble.maple.relay.mailchannels.net (bumble.maple.relay.mailchannels.net [23.83.214.25])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Htcm10Kbfz4Tfb
	for <stable@freebsd.org>; Tue, 16 Nov 2021 07:15:44 +0000 (UTC)
	(envelope-from graham@menhennitt.com.au)
X-Sender-Id: dreamhost|x-authsender|graham@menhennitt.com.au
Received: from relay.mailchannels.net (localhost [127.0.0.1])
	by relay.mailchannels.net (Postfix) with ESMTP id EC54B5427AD
	for <stable@freebsd.org>; Tue, 16 Nov 2021 07:15:34 +0000 (UTC)
Received: from pdx1-sub0-mail-a299.dreamhost.com (100-96-133-208.trex.outbound.svc.cluster.local [100.96.133.208])
	(Authenticated sender: dreamhost)
	by relay.mailchannels.net (Postfix) with ESMTPA id 67F59541E82
	for <stable@freebsd.org>; Tue, 16 Nov 2021 07:15:34 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|graham@menhennitt.com.au
Received: from pdx1-sub0-mail-a299.dreamhost.com (pop.dreamhost.com
 [64.90.62.162])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)
	by 100.96.133.208 (trex/6.4.3);
	Tue, 16 Nov 2021 07:15:34 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|graham@menhennitt.com.au
X-MailChannels-Auth-Id: dreamhost
X-Slimy-Spill: 1e5766690accef09_1637046934661_2029781703
X-MC-Loop-Signature: 1637046934661:1473818357
X-MC-Ingress-Time: 1637046934660
Received: from [203.2.73.68] (14-202-237-130.tpgi.com.au [14.202.237.130])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	(Authenticated sender: graham@menhennitt.com.au)
	by pdx1-sub0-mail-a299.dreamhost.com (Postfix) with ESMTPSA id 4Htcln5kZ9z3J
	for <stable@freebsd.org>; Mon, 15 Nov 2021 23:15:33 -0800 (PST)
Subject: Re: packet loss between interfaces on the router
To: stable@freebsd.org
References: <216340c2-795d-d7ad-87d8-e07d9336564d@zhegan.in>
 <baa67203-42a7-196e-cdd6-3edbafc040b8@zhegan.in>
From: Graham Menhennitt <graham@menhennitt.com.au>
Message-ID: <8c8e724a-d9c2-9465-2e35-4422b736aaf9@menhennitt.com.au>
Date: Tue, 16 Nov 2021 18:15:31 +1100
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101
 Thunderbird/78.9.1
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-stable
List-Help: <mailto:stable+help@freebsd.org>
List-Post: <mailto:stable@freebsd.org>
List-Subscribe: <mailto:stable+subscribe@freebsd.org>
List-Unsubscribe: <mailto:stable+unsubscribe@freebsd.org>
Sender: owner-freebsd-stable@freebsd.org
X-BeenThere: freebsd-stable@freebsd.org
MIME-Version: 1.0
In-Reply-To: <baa67203-42a7-196e-cdd6-3edbafc040b8@zhegan.in>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Rspamd-Queue-Id: 4Htcm10Kbfz4Tfb
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	dmarc=none;
	spf=pass (mx1.freebsd.org: domain of graham@menhennitt.com.au designates 23.83.214.25 as permitted sender) smtp.mailfrom=graham@menhennitt.com.au
X-Spamd-Result: default: False [0.70 / 15.00];
	 RCVD_VIA_SMTP_AUTH(0.00)[];
	 ARC_NA(0.00)[];
	 RCVD_COUNT_FIVE(0.00)[5];
	 FROM_HAS_DN(0.00)[];
	 TO_MATCH_ENVRCPT_ALL(0.00)[];
	 R_SPF_ALLOW(-0.20)[+ip4:23.83.208.0/20];
	 MIME_GOOD(-0.10)[text/plain];
	 TO_DN_NONE(0.00)[];
	 PREVIOUSLY_DELIVERED(0.00)[stable@freebsd.org];
	 NEURAL_SPAM_MEDIUM(1.00)[1.000];
	 RCPT_COUNT_ONE(0.00)[1];
	 NEURAL_HAM_LONG(-1.00)[-1.000];
	 DMARC_NA(0.00)[menhennitt.com.au];
	 NEURAL_SPAM_SHORT(1.00)[0.997];
	 RCVD_IN_DNSWL_NONE(0.00)[23.83.214.25:from];
	 FROM_EQ_ENVFROM(0.00)[];
	 RCVD_TLS_LAST(0.00)[];
	 R_DKIM_NA(0.00)[];
	 ASN(0.00)[asn:36483, ipnet:23.83.208.0/21, country:CA];
	 MIME_TRACE(0.00)[0:+];
	 MID_RHS_MATCH_FROM(0.00)[];
	 RECEIVED_SPAMHAUS_PBL(0.00)[14.202.237.130:received]
X-ThisMailContainsUnwantedMimeParts: N

On 15/11/21 6:58 pm, Eugene M. Zheganin wrote:
> Hello,
>
> 15.11.2021 2:14, Eugene M. Zheganin пишет:
>> [...]
>> The host is running PF as a packet filter, several dozens of rules. I 
>> disable the scrub on outer interface (since the lost packet wasn'ta  
>> fragment, I was sceptical about it, and it doesn't help indeed).
>> [...]
>>
> ...and seems like it's a PF problem (so I probably should've started 
> this conversation in pf@)
>
> Here's another stalled session with PF debug turned "loud". Below are 
> caprtures on outer and inner interfaces, along with PF debug messages. 
> What is the "3" condition ? I only managed to find that this is some 
> sort of ackskew clashing.
>
> Could something be done here via pf configuration ?
>
> Outer interface:


I've never used pf, so I have no idea if this is relevant, but...

Are you doing NAT on this interface? If so, maybe you need to turn off 
various hardware checksum options in the interface.

     ifconfig_igb1="-vlanhwtso -tso4 -txcsum -rxcsum" (in /etc/rc.conf - 
replace igb1 with your interface name)

Maybe not all of those are needed.

It fixed problems for me with ipfw. It's worth a try anyway.

Good luck,

     Graham