From owner-freebsd-bugs@freebsd.org  Mon Jan 29 15:39:33 2018
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8EEF2ECD8C5
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 29 Jan 2018 15:39:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.ysv.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 286F9788B5
 for <freebsd-bugs@FreeBSD.org>; Mon, 29 Jan 2018 15:39:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 791EE119D5
 for <freebsd-bugs@FreeBSD.org>; Mon, 29 Jan 2018 15:39:32 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w0TFdWjx096687
 for <freebsd-bugs@FreeBSD.org>; Mon, 29 Jan 2018 15:39:32 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w0TFdWqI096686
 for freebsd-bugs@FreeBSD.org; Mon, 29 Jan 2018 15:39:32 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to
 bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 225536] ipfw tcp-setmss doesn't seems to work
Date: Mon, 29 Jan 2018 15:39:32 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.1-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: manu@freebsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-225536-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jan 2018 15:39:33 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D225536

            Bug ID: 225536
           Summary: ipfw tcp-setmss doesn't seems to work
           Product: Base System
           Version: 11.1-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: manu@freebsd.org

Hello,

I'm trying to rewrite the mss option on one of my gateway.
I have two interfaces (each one is a lagg to a ix VF), both are in fib 1,
traffic is natted from lagg1 to lagg0.

ifconfig output :
ixv0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0=
 mtu
1500
=20=20=20=20=20=20=20
options=3D405bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM=
,TSO4,LRO,VLAN_HWTSO>
        ether 00:16:3e:22:ac:63
        hwaddr 00:16:3e:22:ac:63
        nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: active
ixv1: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0=
 mtu
1500
=20=20=20=20=20=20=20
options=3D405bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM=
,TSO4,LRO,VLAN_HWTSO>
        ether 00:16:3e:22:ac:63
        hwaddr 00:16:3e:fd:31:cb
        nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: active
ixv2: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0=
 mtu
9000
=20=20=20=20=20=20=20
options=3D405bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM=
,TSO4,LRO,VLAN_HWTSO>
        ether 00:16:3e:26:17:b5
        hwaddr 00:16:3e:26:17:b5
        nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: active
ixv3: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0=
 mtu
9000
=20=20=20=20=20=20=20
options=3D405bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM=
,TSO4,LRO,VLAN_HWTSO>
        ether 00:16:3e:26:17:b5
        hwaddr 00:16:3e:3a:73:21
        nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: active
lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3D600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128=20
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5=20
        inet 127.0.0.1 netmask 0xff000000=20
        nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo=20
lagg0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric =
0 mtu
1500
=20=20=20=20=20=20=20
options=3D405bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM=
,TSO4,LRO,VLAN_HWTSO>
        ether 00:16:3e:22:ac:63
        inet XXX.XXX.XXX.XXX netmask 0xffffff80 broadcast 155.133.140.127=20
        inet XXX.XXX.XXX.XXX netmask 0xffffffff broadcast 155.133.142.65=20
        nd6 options=3D2b<PERFORMNUD,ACCEPT_RTADV,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: active
        fib: 1
        groups: lagg=20
        laggproto failover lagghash l2,l3,l4
        laggport: ixv0 flags=3D5<MASTER,ACTIVE>
        laggport: ixv1 flags=3D0<>
lagg1: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric =
0 mtu
9000
=20=20=20=20=20=20=20
options=3D405bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM=
,TSO4,LRO,VLAN_HWTSO>
        ether 00:16:3e:26:17:b5
        inet 172.23.0.253 netmask 0xffff8000 broadcast 172.23.127.255=20
        inet 172.23.0.254 netmask 0xffff0000 broadcast 172.23.255.255=20
        nd6 options=3D2b<PERFORMNUD,ACCEPT_RTADV,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: active
        fib: 1
        groups: lagg=20
        laggproto failover lagghash l2,l3,l4
        laggport: ixv2 flags=3D5<MASTER,ACTIVE>
        laggport: ixv3 flags=3D0<>

ipfw rules :
ipfw pipe 1 config bw 2000Mbit/s
ipfw pipe 2 config bw 2000Mbit/s
ipfw queue 1 config pipe 1 mask src-ip 0xffffffff
ipfw queue 2 config pipe 2 mask dst-ip 0xffffffff

# Setup tables
ipfw table blacklist create type addr
ipfw table nonat create type addr
ipfw table nonat add XXX.XXX.XXX.XXX/24
ipfw table nat create type addr
ipfw table nat add 172.23.0.0/17

# Setup rules
ipfw add 00100 allow ip from any to any via lo0
ipfw add 00200 deny ip from any to 127.0.0.0/8
ipfw add 00201 deny ip from 127.0.0.0/8 to any
ipfw add 00202 deny ip from 'table(blacklist)' to any
ipfw add 00203 deny ip from any to 'table(blacklist)'
ipfw add 00500 queue 1 ip from any to any xmit lagg1 out
ipfw add 00501 queue 2 ip from any to any recv lagg1 in
ipfw add 02100 nat 123 ip from any to not 'table(nonat)' fib 1
ipfw add 64999 allow ip from any to any fib 1
ipfw add 65000 allow ip from any to any fib 0
ipfw add 65535 deny ip from any to any

ipfw nat 123 config ip XXX.XXX.XXX.XXX log reset

All the configuration above works correctly.

If I add :
ipfw add 02005 tcp-setmss 1460 tcp from any to any fib 1

I can see that the rule is hit but the mss isn't updated :

This is from lagg1 so I guess it's normal that the mss isn't rewritten at t=
his
point :
15:17:34.928408 IP 172.23.6.163.58048 > 83.166.144.237.http: Flags [S], seq
1940485466, win 26880, options [mss 8960,sackOK,TS val 414737643 ecr
0,nop,wscale 9], length 0

>From lagg0:
15:17:34.929409 IP XXX.XXX.XXX.XXX.53942 > 83.166.144.237.http: Flags [S], =
seq
1940485466, win 26880, options [mss 8960,sackOK,TS val 414737643 ecr
0,nop,wscale 9], length 0

Is there something I miss ?

Thanks

--=20
You are receiving this mail because:
You are the assignee for the bug.=