[Bug 264193] pf: scrub max-mss rule stops working (but still counts) after 13.1-RELEASE upgrade
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264193 Ed Maste changed: What|Removed |Added Status|Open|Closed Resolution|--- |Works As Intended --- Comment #13 from Ed Maste --- It appears the change in 13.1 is expected/intentional. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 264193] pf: scrub max-mss rule stops working (but still counts) after 13.1-RELEASE upgrade
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264193 --- Comment #12 from o...@mamontov.net --- (In reply to Ed Maste from comment #11) I think we can agree on this. Please feel free to close the case. Thank you. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 264193] pf: scrub max-mss rule stops working (but still counts) after 13.1-RELEASE upgrade
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264193 Ed Maste changed: What|Removed |Added CC||ema...@freebsd.org --- Comment #11 from Ed Maste --- Is it the case that this "worked" by accident on 13.0 then, and the behaviour on 13.1 and later is as expected? -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 264193] pf: scrub max-mss rule stops working (but still counts) after 13.1-RELEASE upgrade
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264193 Xin LI changed: What|Removed |Added CC||delp...@freebsd.org Assignee|p...@freebsd.org |k...@freebsd.org -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 264193] pf: scrub max-mss rule stops working (but still counts) after 13.1-RELEASE upgrade
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264193 --- Comment #10 from Kristof Provost --- (In reply to Gleb Smirnoff from comment #8) It must have changed something to change the behaviour. We've fixed a number of bugs in pf between 13.0 and 13.1, but I'm not sure which of this fixes is responsible. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 264193] pf: scrub max-mss rule stops working (but still counts) after 13.1-RELEASE upgrade
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264193 --- Comment #9 from o...@mamontov.net --- Indeed, changing "scrub on epair1b" to "scrub on epair0b" fixes the behaviour on 13.1 Just a side note: on 13.0 both variants (epair0b and epair1b) work with the same correct result. Thus, we can summarize that starting from 13.1 the only correct option is: --- scrub on epair0b proto tcp to port 25 max-mss 1380 pass out route-to (epair1b 10.0.1.1) proto tcp to port 25 --- So we should duplicate *all* the conditions for scrub and route-to rules. In my real case route-to contains not only destination ports but also set of source/destination addresses. Not very convenient, but not fatal :) Thank you. (In reply to Kristof Provost from comment #7) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 264193] pf: scrub max-mss rule stops working (but still counts) after 13.1-RELEASE upgrade
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264193 Gleb Smirnoff changed: What|Removed |Added CC||gleb...@freebsd.org --- Comment #8 from Gleb Smirnoff --- Does it mean on 13.0 it passed pf twice? -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 264193] pf: scrub max-mss rule stops working (but still counts) after 13.1-RELEASE upgrade
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264193 --- Comment #7 from Kristof Provost --- (In reply to oleg from comment #6) Packets can pass through pf multiple times. When forwarding they pass through coming into the network and again on the way out (post-routing), for example. In this case what I'm saying is that the original SYN packet that starts the connection (and carries the MSS option) passes through pf once, does not hit the scrub rule, because its going to go out epair0b, is then processed by the 'pass route-to' rule, which it matches and causes it to be sent out through epair1b. It does not pass through pf a second time, so it does not hit the scrub rule and does not get its MSS adjusted. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 264193] pf: scrub max-mss rule stops working (but still counts) after 13.1-RELEASE upgrade
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264193 --- Comment #6 from o...@mamontov.net --- That's weird, did you have a chance to reproduce my test case step by step without any deviation? What do you mean by "not passed through pf again"? This is the very first packet of new TCP connection, why "again" ? Thank you.(In reply to Kristof Provost from comment #5) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 264193] pf: scrub max-mss rule stops working (but still counts) after 13.1-RELEASE upgrade
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264193 --- Comment #5 from Kristof Provost --- (In reply to oleg from comment #4) I'm still unable to reproduce this, even with a route-to rule the MSS is changed. However, my current suspicion is that this is actually expected behaviour, given that the traffic is expected to route out through epair0b and there is no scrub rule on epair0b, only on epair1b. Once traffic is routed out epair1b (as per the route-to rule) it is not passed through pf again, so the scrub rule does not apply. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 264193] pf: scrub max-mss rule stops working (but still counts) after 13.1-RELEASE upgrade
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264193 --- Comment #4 from o...@mamontov.net --- Sorry if I didn't explain clearly. I meant that I reproduced the behaviour difference between 13.0 and 13.1. So, the regression exists only in 13.1, 13.0 works as expected. Thank you. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 264193] pf: scrub max-mss rule stops working (but still counts) after 13.1-RELEASE upgrade
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264193 Kubilay Kocak changed: What|Removed |Added Version|13.1-RELEASE|13.0-RELEASE --- Comment #3 from Kubilay Kocak --- @Reporter Original description stated: "stopped working after upgrading from 13.0-RELEASE-p11 to 13.1-RELEASE." then comment 2: 'I reproduce it in bhyve vms freshly installed from FreeBSD-13.0-RELEASE-amd64-disc1.iso...' Can you confirm this was an issue in 13.0-R (comment 2 seems to indicate that), or are there other considerations/changes relevent here, indicating a 13.1 *only* regression? -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 264193] pf: scrub max-mss rule stops working (but still counts) after 13.1-RELEASE upgrade
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264193 --- Comment #2 from o...@mamontov.net --- Hello. My test case looks more complicated, sorry about this. I reproduce it in bhyve vms freshly installed from FreeBSD-13.0-RELEASE-amd64-disc1.iso and FreeBSD-13.1-RELEASE-amd64-disc1.iso without any setup customizations. Below is the preparations (the same for 13.0 and 13.1): # kldload pf # touch /etc/pf.conf # cat /tmp/pf.conf scrub on epair1b proto tcp max-mss 1380 pass out route-to (epair1b 10.0.1.1) proto tcp to port 25 # cat /etc/jail.conf mss { path = /; persist; vnet new; vnet.interface = epair0b; vnet.interface += epair1b; exec.prestart = "ifconfig epair0 create"; exec.prestart += "ifconfig epair0a inet 10.0.0.1/24"; exec.prestart += "ifconfig epair1 create"; exec.prestart += "ifconfig epair1a inet 10.0.1.1/24"; exec.start = "ifconfig epair0b inet 10.0.0.2/24"; exec.start += "ifconfig epair1b inet 10.0.1.2/24"; exec.start += "route add default 10.0.0.1"; exec.start += "service pf onestart"; exec.start += "pfctl -f /tmp/pf.conf"; exec.poststop = "ifconfig epair0a destroy"; exec.poststop += "ifconfig epair1a destroy"; } # service jail onestart mss Starting jails: mss. Now testing on 13.0-RELEASE: # jexec mss telnet -N 1.2.3.4 25 Trying 1.2.3.4... # tcpdump -ni epair1a 10:18:27.724252 IP 10.0.0.2.43516 > 1.2.3.4.25: Flags [S], seq 1151646480, win 65535, options [mss 1380,nop,wscale 6,sackOK,TS val 518156570 ecr 0], length 0 The same on 13.1-RELEASE: -- # jexec mss telnet -N 1.2.3.4 25 Trying 1.2.3.4... # tcpdump -ni epair1a 10:24:27.627525 IP 10.0.0.2.42802 > 1.2.3.4.25: Flags [S], seq 2537751742, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 185378837 ecr 0], length 0 I believe you can see the difference (mss 1380 vs 1460). Thank you. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 264193] pf: scrub max-mss rule stops working (but still counts) after 13.1-RELEASE upgrade
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264193 Kristof Provost changed: What|Removed |Added CC||k...@freebsd.org --- Comment #1 from Kristof Provost --- Created attachment 234397 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=234397=edit Teset case I can't seem to reproduce this here. The attached test cases passes on main and stable/13 for me. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 264193] pf: scrub max-mss rule stops working (but still counts) after 13.1-RELEASE upgrade
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264193 Kubilay Kocak changed: What|Removed |Added Status|New |Open Flags||mfc-stable13?, ||mfc-stable12- Summary|Broken scrub max-mss|pf: scrub max-mss rule ||stops working (but still ||counts) after 13.1-RELEASE ||upgrade Blocks||264030 CC||n...@freebsd.org Assignee|b...@freebsd.org|p...@freebsd.org Keywords||needs-qa, regression Referenced Bugs: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264030 [Bug 264030] [tracking] 13.1-RELEASE issue reports -- You are receiving this mail because: You are on the CC list for the bug.