NetBSD 9.0 IPfilter MSS clamp regression

To: tech-kern%netbsd.org@localhost
Subject: NetBSD 9.0 IPfilter MSS clamp regression
From: manu%netbsd.org@localhost (Emmanuel Dreyfus)
Date: Fri, 24 Apr 2020 04:07:18 +0200

Hello

IPfilter on NetBSD 9.0 seems to have issues. On all i386 XEN3PAE_DOMU
machines where I use filtering, it crashes (see
http://mail-index.netbsd.org/tech-kern/2020/04/18/msg026280.html)

Now I have a problem with MSS clamp. /etc/ipf.conf contains
pass in from any to any
pass out from any to any

And /etc/ipnat.conf
map xennet0 172.16.0.0/25 -> 0/0 mssclamp 512

Here is what happend when the local machine sends a DNS request:
03:40:01.561169 IP truncated-ip - 3 bytes missing! 192.0.2.14.65439 >
192.0.2.20.53: 15689+[|domain]

Depending on the request length, the packet is truncated of 1 to 3
bytes. 

If I disable ipfilter, everything goes back to normal.


-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost

Prev by Date: Re: Am I using bus_dma right?
Next by Date: Ipfilter truncates outgoing packets (was: Re: ipfilter crash in latest netbsd-9)
Previous by Thread: Am I using bus_dma right?
Next by Thread: kernfs from Xen code
Indexes:

Home | Main Index | Thread Index | Old Index