On Fri, Jan 31, 2020 at 06:20:33PM +0100, Alexander Bluhm wrote: > On Fri, Jan 31, 2020 at 03:21:00PM +0000, Peter M??ller wrote: > > tcp_output(ffff800000584ee0) at tcp_output+0x1941 > > tcp_output(ffff800000584ee0) at tcp_output+0x1941 > > tcp_output(ffff800000584ee0) at tcp_output+0x1941 > > Looks like stack exhaustion. tcp_output() calls tcp_mtudisc() calls > tcp_output(). > > /usr/src/sys/netinet/tcp_output.c:1084 > > if (error == EMSGSIZE) { > /* > * ip_output() will have already fixed the route > * for us. tcp_mtudisc() will, as its last action, > * initiate retransmission, so it is important to > * not do so here. > */ > tcp_mtudisc(tp->t_inpcb, -1); > return (0); > } >
Looks like tcp_mss() is not reducing the mss enough and is probably confused by IPsec stealing the packets via a flow and so the route used for MSS is incorrect and in the end the MTU. My assumption is that the MSS remains the same and the stack produces EMSGSIZE over and over again. Not entierly sure how to fix this right now. Alexander, do you have any ideas? -- :wq Claudio