From owner-freebsd-net@freebsd.org  Tue Aug 13 18:42:16 2019
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4C064B885C
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Tue, 13 Aug 2019 18:42:16 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3])
 by mx1.freebsd.org (Postfix) with ESMTP id 467M5N1Dgmz4DMC
 for <freebsd-net@freebsd.org>; Tue, 13 Aug 2019 18:42:16 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.nyi.freebsd.org (Postfix)
 id 2A47FB885B; Tue, 13 Aug 2019 18:42:16 +0000 (UTC)
Delivered-To: net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2A0CDB885A
 for <net@mailman.nyi.freebsd.org>; Tue, 13 Aug 2019 18:42:16 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 467M5N01bdz4DMB
 for <net@FreeBSD.org>; Tue, 13 Aug 2019 18:42:16 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2610:1c1:1:606c::50:1d])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D6A8F1BCB9
 for <net@FreeBSD.org>; Tue, 13 Aug 2019 18:42:15 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x7DIgFBv058235
 for <net@FreeBSD.org>; Tue, 13 Aug 2019 18:42:15 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x7DIgFPV058234
 for net@FreeBSD.org; Tue, 13 Aug 2019 18:42:15 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to
 bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: net@FreeBSD.org
Subject: [Bug 239749] Issues path MTU discovery on IPv6 and SSH.
Date: Tue, 13 Aug 2019 18:42:15 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: zeising@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: net@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-239749-7501-wYijMqfNP1@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-239749-7501@https.bugs.freebsd.org/bugzilla/>
References: <bug-239749-7501@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Aug 2019 18:42:16 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D239749

--- Comment #1 from Niclas Zeising <zeising@FreeBSD.org> ---
So, I did some more digging, and I think my initial conclusions weren't
entirely correct.

I set up the following mini network, with a client on one subnet, and a ser=
ver
on another, and a router in between running PF.  All machines are running
FreeBSD 12.0.


|server| ---- <MTU 1280> ---- |router| ---- <MTU 1500> ---- |client|

server IP: 2001:db8:ffff:ff00::2
client IP: 2001:db8:ffff:ff10::2

I then try two connections to the server:
One with ssh, running ssh on the client to connect to sshd on the server.
One using netcat:
nc command on server: nc -6 -l 1234
nc command on client: cat /usr/share/examples/IPv6/USAGE | nc -6 ip-of-serv=
er
Between the ssh and nc invocations, I wipe the TCP host cache using
sysctl net.inet.tcp.hostcache.purgenow=3D1


I run the above tests with three different router configurations.
First, I use the ruleset modulate.pf.conf, which uses modulate state for st=
ate
tracking of TCP connections.
Second, I use the ruleset keep.pf.conf, which uses keep state for state
tracking.
Third, I disable PF completely.


In the first case, using modulate state, the ssh connection stalls, and it
looks like the path mtu discovery fails.  The nc connection works though.
In the second and third case, things work as normal.

I am guessing that 'modulate state' somehow screws up path MTU discovery, so
that the ptb packet sent by the router isn't recognized by the client, but =
this
is just a guess.


I've attached the two different PF rule sets used, as well as /etc/rc.conf =
from
the router, and pcap traffic dumps from all three runs.

--=20
You are receiving this mail because:
You are the assignee for the bug.=