Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 13 Aug 2019 18:42:15 +0000
From:      bugzilla-noreply@freebsd.org
To:        net@FreeBSD.org
Subject:   [Bug 239749] Issues path MTU discovery on IPv6 and SSH.
Message-ID:  <bug-239749-7501-wYijMqfNP1@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-239749-7501@https.bugs.freebsd.org/bugzilla/>
References:  <bug-239749-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D239749

--- Comment #1 from Niclas Zeising <zeising@FreeBSD.org> ---
So, I did some more digging, and I think my initial conclusions weren't
entirely correct.

I set up the following mini network, with a client on one subnet, and a ser=
ver
on another, and a router in between running PF.  All machines are running
FreeBSD 12.0.


|server| ---- <MTU 1280> ---- |router| ---- <MTU 1500> ---- |client|

server IP: 2001:db8:ffff:ff00::2
client IP: 2001:db8:ffff:ff10::2

I then try two connections to the server:
One with ssh, running ssh on the client to connect to sshd on the server.
One using netcat:
nc command on server: nc -6 -l 1234
nc command on client: cat /usr/share/examples/IPv6/USAGE | nc -6 ip-of-serv=
er
Between the ssh and nc invocations, I wipe the TCP host cache using
sysctl net.inet.tcp.hostcache.purgenow=3D1


I run the above tests with three different router configurations.
First, I use the ruleset modulate.pf.conf, which uses modulate state for st=
ate
tracking of TCP connections.
Second, I use the ruleset keep.pf.conf, which uses keep state for state
tracking.
Third, I disable PF completely.


In the first case, using modulate state, the ssh connection stalls, and it
looks like the path mtu discovery fails.  The nc connection works though.
In the second and third case, things work as normal.

I am guessing that 'modulate state' somehow screws up path MTU discovery, so
that the ptb packet sent by the router isn't recognized by the client, but =
this
is just a guess.


I've attached the two different PF rule sets used, as well as /etc/rc.conf =
from
the router, and pcap traffic dumps from all three runs.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-239749-7501-wYijMqfNP1>