From owner-freebsd-current@freebsd.org  Tue Apr  6 15:31:21 2021
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 117985D58D7;
 Tue,  6 Apr 2021 15:31:21 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FFBMD0kF4z3Phw;
 Tue,  6 Apr 2021 15:31:19 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5])
 by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 136FV7Jn027738
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 6 Apr 2021 15:31:16 GMT (envelope-from eugen@grosbein.net)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: freebsd-rwg@gndrsh.dnsmgr.net
Received: from [10.58.0.10] (dadvw [10.58.0.10])
 by eg.sd.rdtc.ru (8.16.1/8.16.1) with ESMTPS id 136F1Utm003469
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT);
 Tue, 6 Apr 2021 22:01:31 +0700 (+07)
 (envelope-from eugen@grosbein.net)
Subject: Re: TCP Connection hang - MSS again
To: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>
References: <202104061254.136CsRZB005421@gndrsh.dnsmgr.net>
Cc: freebsd-net <freebsd-net@freebsd.org>, freebsd-current@freebsd.org
From: Eugene Grosbein <eugen@grosbein.net>
Message-ID: <8d211e78-bccc-47a0-ab91-bfbf5d22911c@grosbein.net>
Date: Tue, 6 Apr 2021 22:01:24 +0700
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <202104061254.136CsRZB005421@gndrsh.dnsmgr.net>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM,
 NICE_REPLY_A,SPF_FAIL,SPF_HELO_NONE autolearn=no autolearn_force=no
 version=3.4.2
X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1%
 *      [score: 0.0000]
 *  0.0 SPF_FAIL SPF: sender does not match SPF record (fail)
 *      [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;
 id=eugen%40grosbein.net; ip=2a03%3A3100%3Ac%3A13%3A%3A5; r=hz.grosbein.net]
 *  0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
 *  2.6 LOCAL_FROM From my domains
 * -0.0 NICE_REPLY_A Looks like a legit reply (A)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net
X-Rspamd-Queue-Id: 4FFBMD0kF4z3Phw
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=fail (mx1.freebsd.org: domain of eugen@grosbein.net does not designate
 2a01:4f8:c2c:26d8::2 as permitted sender) smtp.mailfrom=eugen@grosbein.net
X-Spamd-Result: default: False [-0.10 / 15.00]; MID_RHS_MATCH_FROM(0.00)[];
 R_SPF_FAIL(1.00)[-all]; FREEFALL_USER(0.00)[eugen];
 FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3];
 TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000];
 MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net];
 ARC_NA(0.00)[]; NEURAL_SPAM_MEDIUM(1.00)[1.000];
 SPAMHAUS_ZRD(0.00)[2a01:4f8:c2c:26d8::2:from:127.0.2.255];
 RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 RBL_DBL_DONT_QUERY_IPS(0.00)[2a01:4f8:c2c:26d8::2:from];
 NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE];
 RCVD_TLS_ALL(0.00)[];
 MAILMAN_DEST(0.00)[freebsd-net,freebsd-current]
X-Mailman-Approved-At: Tue, 06 Apr 2021 16:45:49 +0000
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Apr 2021 15:31:21 -0000

06.04.2021 19:54, Rodney W. Grimes wrote:
>> 05.04.2021 19:44, Rozhuk Ivan wrote:
>>
>>>>> As I understand, in some cases remote host does not reply with MSS
>>>>> option, and host behind router continue use mss 8960, that dropped
>>>>> by router.  
>>>> If the peer does not provide an MSS option, your local FreeBSD based
>>>> host should use an MSS of net.inet.tcp.mssdflt bytes. The default is
>>>> 536. So I don't think this should be a problem.
>>>
>>> Thats it!
>>> Thanks, it was ~64k in mine config.
>>
>> This is also per-host setting, you know :-)
>>
>> It is generally bad idea using MTU over 1500 for an interface facing public network
>> without -mtu 1500. You see, because TCP MSS affects only TCP and there is also UDP
>> that happily produces oversized datagramms for DNS or RTP or NFS or tunneling like L2TP or OpenVPN etc.
>> relying on IP fragmentation.
>>
>> I still recommend using -mtu 1500 in addition to mssdflt in your case.
> 
> I do not recommend such a setting.  That would defeat any jumbo frame usage
> locally!

Why? Default route should not be used for local delivery.

> The gateway/router that is forwarding packets to the internet connection
> needs its upstream interface mtu set properly, and configured to properly
> return icmp need fragement messages on the interfaces towards the
> internal network.

This results in extra delays and retransmission during outgoing data transfer, not good.
The mechanics is much more fragile than default route's mtu attribute.