https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229003
Bug ID: 229003
Summary: [ipfw][ng_ipfw] In-kernel NAT Has "Undocumented" 4k
Packet-size Limit
Product: Documentation
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: Documentation
Assignee: d...@freebsd.org
Reporter: jeff+free...@wagsky.com
After much debugging, it was found that large packets (over 4k) were silently
dropped by the in-kernel NAT used by ipfw and ng_ipfw. This is not documented
on the man page for ipfw or ng_ipfw
Suggested resolution:
* Update the two man pages to document the limitation
* Suggest on those man pages that, if large packets are potentially to be
NAT-ed, reassembled or from "jumbo frames", natd be used rather than in-kernel
NAT
As revealed by Andrey V. Elsukov on freebsd-net and freebsd-ipfw on 2018-06-13:
"The kernel version of libalias uses m_megapullup() function to make
single contiguous buffer. m_megapullup() uses m_get2() function to
allocate mbuf of appropriate size. If size of packet greater than 4k it
will fail. So, if you use MTU greater than 4k or if after fragments
reassembly you get a packet with length greater than 4k, ipfw_nat()
function will drop this packet."
Examining the code in /usr/src/sys/netinet/libalias/alias.c
#ifdef _KERNEL
/*
* m_megapullup() - this function is a big hack.
* Thankfully, it's only used in ng_nat and ipfw+nat.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-doc@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-doc
To unsubscribe, send any mail to "freebsd-doc-unsubscr...@freebsd.org"
