[Bug 264193] Broken scrub max-mss

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 264193] pf: scrub max-mss rule stops working (but still counts) after 13.1-RELEASE upgrade"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 23 May 2022 21:47:21 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264193

            Bug ID: 264193
           Summary: Broken scrub max-mss
           Product: Base System
           Version: 13.1-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: oleg@mamontov.net

I use pf scrub feature for adjusting TCP MSS on policy routed via wireguard
tunnel SMTP traffic:

# pfctl -sr | grep scrub
scrub on wg-ep proto tcp all max-mss 1380 fragment reassemble

The rule suddenly stopped working after upgrading from 13.0-RELEASE-p11 to
13.1-RELEASE.

Below is the result on 13.0 (works as expected):

12:10:48.016196 IP 212.109.198.23.465 > 192.168.24.44.56695: Flags [S.], seq
687795294, ack 3030165102, win 65535, options [mss 1380,nop,wscale 6,sackOK,TS
val
4107107091 ecr 1376219825], length 0

But 13.1 shows that MSS remains intact (default for ethernet with mtu 1500):

11:52:23.910283 IP 212.109.198.23.465 > 192.168.24.44.55961: Flags [S.], seq
3877530257, ack 3326182804, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS
val
2918817557 ecr 1485323373], length 0

However, matching counter is still increasing:
# pfctl -vvsr | grep -A1 scrub
@0 scrub on wg-ep proto tcp all max-mss 1380 fragment reassemble
  [ Evaluations: 1370      Packets: 38        Bytes: 1543        States: 0    
]

Downgrading to 13.0 fixes the behaviour again.

-- 
You are receiving this mail because:
You are the assignee for the bug.