https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293227
Bug ID: 293227
Summary: VNET jail regression on 14-STABLE from 14.3 using
bridge and epair
Product: Base System
Version: 14.3-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
I am running a recent 14-STABLE (14-n273651-d7207388cc58) and I see a network
regression from 14.3-RELEASE running VNET jails using bridge(4) and epair(4).
The problem occurs when a client receives data from an IPv6 TCP server running
in a VNET jail when the jail has a larger MTU than either the client or another
device that packets route through. I noticed this using a wg(4) tunnel with
mtu 1420 between the client and server.
On 14.3-RELEASE, the jail receives an "ICMP6, packet too big" message which
causes it to send smaller packets, but on 14-STABLE the jail repeatedly
receives these ICMP messages but does not decrease the size of packets it
sends.
I first noticed this problem running an nginx server in the jail and curl(1) on
the client, but can also reproduce it running nc(1).
To reproduce the problem, create a VNET jail using bridge(4) in epair(4), with
the bridge and jailed epair interface having IPv6 addresses within the same
prefix. The jail host needs the "net.inet6.ip6.forwarding" sysctl set. The
client needs to have a smaller mtu that the jail's bridge and epair interfaces,
which default to 1500.
I notice that 503bf058cd0 was committed to STABLE-14 after 14.3 release to
checksum offloading support for epair, but I don't know if this matters.
Please let me know if you would like me to run any specific diagnostic
commands, test experimental code, or if you need more detail about what I
observe.
--
You are receiving this mail because:
You are the assignee for the bug.
