Date: Thu, 14 Jun 2018 00:02:28 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 229006] ipfw+nat and ng_nat Silently Drop Packets over 4k Message-ID: <bug-229006-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229006 Bug ID: 229006 Summary: ipfw+nat and ng_nat Silently Drop Packets over 4k Product: Base System Version: 11.1-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: jeff+freebsd@wagsky.com As discovered on 11.1-RELEASE-p9 and present on -p10, reassembled packets o= ver 4k are silently dropped by in-kernel NAT. Patch based on suggestion of Andrey V. Elsukov supplied. Cause identified by Andrey V. Elsukov on the freebsd-net and freebsd-ipfw l= ists on 2018-06-13 as being due to buffer allocation limits in the in-kernel implementation of libalias. "The kernel version of libalias uses m_megapullup() function to make single contiguous buffer. m_megapullup() uses m_get2() function to allocate mbuf of appropriate size. If size of packet greater than 4k it will fail. So, if you use MTU greater than 4k or if after fragments reassembly you get a packet with length greater than 4k, ipfw_nat() function will drop this packet." Additional communication on those lists by Andrey suggested a patch might resolve this issue. The following is his code, I take no credit for it. Tes= ted and "works for me" on kernel sources from 11.1-RELEASE-p10 and GENERIC kernconf. /usr/src/sys/netinet/libalias]$ diff -u alias.c.orig alias.c 8< --- alias.c.orig 2017-07-20 16:42:02.000000000 -0700 +++ alias.c 2018-06-13 15:41:46.862121000 -0700 @@ -1758,7 +1758,14 @@ if (m->m_next =3D=3D NULL && M_WRITABLE(m)) return (m); - mcl =3D m_get2(len, M_NOWAIT, MT_DATA, M_PKTHDR); + if (len <=3D MJUMPAGESIZE) + mcl =3D m_get2(len, M_NOWAIT, MT_DATA, M_PKTHDR); + else if (len <=3D MJUM9BYTES) + mcl =3D m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUM9BYTES); + else if (len <=3D MJUM16BYTES) + mcl =3D m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUM16BYTES); + else + goto bad; if (mcl =3D=3D NULL) goto bad; m_align(mcl, len); >8 Additional details on the situation that highlighted this can be found at=20 https://forums.freebsd.org/threads/in-kernel-nat-dropping-large-udp-return-= packets.66262/ --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-229006-227>