Date: Mon, 9 Oct 2017 18:08:14 +0300 From: Dima Veselov <kab00m@lich.phys.spbu.ru> To: freebsd-questions@freebsd.org Subject: gif(4) MTU problem Message-ID: <20171009150814.GA29277@laura.ws.pu.ru>
next in thread | raw e-mail | index | archive | help
Greetings! Am here today to share a problem I can't solve by myself. For some reason connections which have 1240(1284) bytes packets are dropped between gif and real (igb) interfaces. The configuration is the following (and it was working before): A net 172.22.22.0/24 | 172.22.22.1 (igb1) FreeBSD host (with pf) 172.22.22.2 (gif0) IPSEC transport mode External IP (igb0) | Internet | External IP (vlan1122) IPSEC transport mode 172.20.27.10 (gif0) NetBSD host (with ipf) 172.20.27.10 (vlan27) | B net 172.20.0.0/16 When host in A try to reach host in B - it freeze and cannot connect. tcpdump says that TCP connection begin and stall when B try to reply with packets of 1240 bytes size. Most of interesting part of the story is that 1240-byte response can be seen from B to gif0 of FreeBSD host, it does not go out on igb1, i.e. on very last piece of direct cable. 17:22:50.109790 AF IPv4 (2), length 224: 172.20.24.187.22 > 172.22.22.60.4219: Flags [P.], seq 1484:1664, ack 645, win 30016, length 180 17:22:50.110272 AF IPv4 (2), length 56: 172.22.22.60.4219 > 172.20.24.187.22: Flags [.], ack 24, win 65512, options [nop,nop,sack 1 {1484:1664}], length 0 17:22:50.320582 AF IPv4 (2), length 1284: 172.20.24.187.22 > 172.22.22.60.4219: Flags [.], seq 24:1264, ack 645, win 30016, length 1240 17:22:50.743342 AF IPv4 (2), length 1284: 172.20.24.187.22 > 172.22.22.60.4219: Flags [.], seq 24:1264, ack 645, win 30016, length 1240 17:22:51.589444 AF IPv4 (2), length 1284: 172.20.24.187.22 > 172.22.22.60.4219: Flags [.], seq 24:1264, ack 645, win 30016, length 1240 17:22:53.281611 AF IPv4 (2), length 1284: 172.20.24.187.22 > 172.22.22.60.4219: Flags [.], seq 24:1264, ack 645, win 30016, length 1240 17:22:56.661635 AF IPv4 (2), length 1284: 172.20.24.187.22 > 172.22.22.60.4219: Flags [.], seq 24:1264, ack 645, win 30016, length 1240 17:23:03.430137 AF IPv4 (2), length 1284: 172.20.24.187.22 > 172.22.22.60.4219: Flags [.], seq 24:1264, ack 645, win 30016, length 1240 B will retry its 1240-byte packet until issuing reset. Even more - when A try to reach B once again - connection establishing and work well until closure, but most big packet will be not more than 1170. Both gif mtu are set to 1280 bytes, real interfaces are 1500. pf has "scrub in all" statement, however i tried with or without it. All other cases like B to A or A to NetBSD or B to FreeBSD work well. Also this servers have other similar gif interfaces and they all work well. Also I don't know why - but both FreeBSD and NetBSD can't set mtu for gif interface lower than 1280 despite of man page telling it should be possible. I totally lost about this problem and would love to get some help. Thanks in advance. -- Sincerely yours
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20171009150814.GA29277>