From nobody Thu Jun 19 12:40:59 2025
X-Original-To: net@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bNKwD2hLjz5ydjN
	for <net@mlmmj.nyi.freebsd.org>; Thu, 19 Jun 2025 12:41:00 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bNKwD1FtWz49S7
	for <net@FreeBSD.org>; Thu, 19 Jun 2025 12:41:00 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1750336860;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=lJ8KO1644+lJm01Bvnms2BO83gjs4ejBhdubxzICWr4=;
	b=MTuNC+GodDo6cWzhh5CrCaszsJha4shIJI2lGf8qvfBBjipibAXxe4b65L6mOvowE72bcw
	FsW4MIcvzOygxclub0qEXT4maRnebxT2SA4uG8I/2Ry4EuxL36rJOIn2C4IRy68DvCQbtq
	+L84YnhPjgjQoNzGBGOXbNHl5r7WWr9o0d5SUp57OvOS4kSLGZW+34D5DzkxA2gtHOZ2Pk
	1Qe/lXZLXWSFACsbR+y3q1TLtLNTYOlu2gBC0rFmqbS2dNG2WulvRoN8BjIPpcCNTozYki
	Oq7xiY16YbW9gQfY13dr0mRZ6ZqwIaqwIPTg3brq3shMH8fmVBV43SAqqRNuOA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1750336860;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=lJ8KO1644+lJm01Bvnms2BO83gjs4ejBhdubxzICWr4=;
	b=XNsC1g9husJsCGYV9TgXovTJvaeGMSh8XfItBbJ2GiPdlKrGjqU6gFAv0KFdM4nwgw6NdP
	5QnFxmdS9H7OGSdl6lFuJ3WIQlMQ06MlW0vD0xi8T1VuZQL6psxpqonOwtBgySPhZFFBYE
	QhKe6aZqWxuRfEJzbMLVsE4eucVKZzPNn7ZKCPwlqRAmnp1vDHlVydq7pAT3rVaH7esCmk
	4qoECqoGv4gEBX1QtW+djDiitrhrvxYhI3eVGHVWDxTIJSfr95JeFlphx8kFZI43R3uWnB
	Mqwu7Fif8hAnAf2JUSawGsCWS80xv7VrtCUvpZdAhlWr9SPC5pmeUHQS6oAXrw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1750336860; a=rsa-sha256; cv=none;
	b=NlDucHH1WKd24H2hyYjxxCCxHwSgLN4FAzEHOUpHCsJjBaq97YvtMx7JPGFiG3/cl7dbTU
	nBIqlQueQwytyjxZOZLMdmH+9U9jTJy6bHybO0wp+2iREniPW+rnrbKOlnY1FdLk0+lJg3
	lS0JUcL3PD2NkmtxrpHx8W1Dk6i0TcNakRfs5KqZiqCxqFBP++oUkf+3q/adrPYGBAvubZ
	D7lqdvQMIFM1V8GLd01s64sUEiA9GMMyda3EYqoh2LO2dVU5REB4rif1VkhLy6uDpb9yi8
	KLXSmb5ceC9T4YxLbyZgBE1LUEhpO9s7ioblwcHUANLrbLK4FEdB4Fdm/+n8sA==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bNKwD0DYcz1DXk
	for <net@FreeBSD.org>; Thu, 19 Jun 2025 12:41:00 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 55JCexhY007298
	for <net@FreeBSD.org>; Thu, 19 Jun 2025 12:40:59 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 55JCexPN007297
	for net@FreeBSD.org; Thu, 19 Jun 2025 12:40:59 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: net@FreeBSD.org
Subject: [Bug 287229] IP reassembly issue in FreeBSD 14.1
Date: Thu, 19 Jun 2025 12:40:59 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 14.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: tuexen@freebsd.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: tuexen@freebsd.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-287229-7501-Xa6dsX86ow@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-287229-7501@https.bugs.freebsd.org/bugzilla/>
References: <bug-287229-7501@https.bugs.freebsd.org/bugzilla/>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-net
List-Help: <mailto:freebsd-net+help@freebsd.org>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Subscribe: <mailto:freebsd-net+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-net+unsubscribe@freebsd.org>
Sender: owner-freebsd-net@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D287229

--- Comment #18 from Michael Tuexen <tuexen@freebsd.org> ---
(In reply to Lucas Aubard from comment #15)
The maxfragbucketsize is computed (in your cases) as follows:
* We start with the kernel memory size, which you can observe via the
  sysctl variable vm.kmem_size.
  This is either set in /boot/loader.conf or it is a bit less then the
  memory of the machine.
* The maximum memory used for mbufs maxmbufmem is computed as half
  of the kernel memory.
* The maximum number of mbuf clusters is computed as
  nmbclusters =3D maxmbufmem / MCLBYTES / 4
  where MCLBYTES is 2048.
* The maximum number of fragments maxfrags is
  maxfrags =3D nmbclusters / 32.
* The maximum number of fragments per queue is
  maxfragbucketsize =3D imax(maxfrags / (V_ipq_hashsize / 2), 1)
  where V_ipq_hashsize is 1024 when not changed in /boot/loader.conf


kmem_size maxmbufmem nmbclusters maxfrags maxfragbucketsize
   200 MB     100 MB       12800      400                 1
   500 MB     250 MB       32000     1000                 1
  1000 MB     500 MB       64000     2000                 3
  2000 MB    1000 MB      128000     4000                 7

This explains the parameters you are observing. I was guessing the kmem_siz=
e,
so it might be a bit smaller or larger but it gives you an approximation of
maxfrags and the values you observed for maxfragbucketsize.

Please note that any host should avoid IP fragmentation. So, in my view, yo=
ur
tool tests the behavior under attack. We could increase maxfragbucketsize, =
but
then you could increase the number of threads you are using from 40 to 400.
Then you will hit the maxfrags limit.
Could you explain what attack you have in mind? Why are you testing with 40
packets in parallel and not with more or less?

--=20
You are receiving this mail because:
You are on the CC list for the bug.=