[Bug 283649] pf blocks locally originated TCP packet

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 27 Dec 2024 07:24:45 UTC 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=283649

            Bug ID: 283649
           Summary: pf blocks locally originated TCP packet
           Product: Base System
           Version: 15.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: glebius@FreeBSD.org

Running FreeBSD-CURRENT at ff4c19bb5427 aka main-stabweek-2024-Nov. This
definitely is a regression, since the bug was most likely not present in
October stabweek snapshot and I'm 100% sure it was not present in the September
stabweek snapshot. It is still unclear to me is it a regression in pf(4) or in
TCP sending machine.

I have a local minidlna server that serves content over TCP. It basically sends
data to a local client in an endless write(2) loop. The pf rules on the
internal interface are pretty relaxed:

pass in on $iif from $local to any

However, once in a while pf(4) returns PFIL_DROPPED to the sending syscall. In
my case it usually takes 1-5 minutes of watching a movie over minidlna, which
is sending about 10-100 megabytes of data. With loud mode, pf would print:

Dec 26 22:45:58 cell kernel: pf: BAD state: TCP in wire: 10.1.10.180:44977
10.1.10.1:8200 stack: - [lo=657121872 high=657187600 win=14209 modulator=0
wscale=7] [lo=124961762 high=124962586 win=1027 modulator=0 wscale=6] 4:4 @3 A
seq=124961762 (124961762) ack=657121872 len=1448 ackskew=0 pkts=7246:7242
dir=out,rev

The other side is a Samsung TV, and looks like it has its own weirdness. For
example it would ACK with a sequence number, that is was in the middle of the
sent packet. Note that there is no fragmentation on the network. It will also
report SACK holes that cross. Here is excerpt from the tcpdump around
seq=124961762:

22:45:58.153441 IP 10.1.10.180.44977 > 10.1.10.1.8200: Flags [.], ack
124838682, win 968, options [nop,nop,TS val 15322271 ecr 418474971,nop,nop,sack
3 {124871986:124961762}{124867642:124870538}{124844474:124866194}], length 0
22:45:58.153573 IP 10.1.10.180.44977 > 10.1.10.1.8200: Flags [.], ack
124840130, win 957, options [nop,nop,TS val 15322271 ecr 418474984,nop,nop,sack
3 {124871986:124961762}{124867642:124870538}{124844474:124866194}], length 0
22:45:58.153606 IP 10.1.10.1.8200 > 10.1.10.180.44977: Flags [.], ack
657121872, win 1027, options [nop,nop,TS val 418474993 ecr 15322271], length 0
22:45:58.153820 IP 10.1.10.180.44977 > 10.1.10.1.8200: Flags [.], ack
124841578, win 946, options [nop,nop,TS val 15322271 ecr 418474984,nop,nop,sack
3 {124871986:124961762}{124867642:124870538}{124844474:124866194}], length 0
22:45:58.153849 IP 10.1.10.1.8200 > 10.1.10.180.44977: Flags [.], ack
657121872, win 1027, options [nop,nop,TS val 418474994 ecr 15322271], length 0
22:45:58.153865 IP 10.1.10.180.44977 > 10.1.10.1.8200: Flags [.], ack
124843026, win 935, options [nop,nop,TS val 15322271 ecr 418474985,nop,nop,sack
3 {124871986:124961762}{124867642:124870538}{124844474:124866194}], length 0
22:45:58.153892 IP 10.1.10.1.8200 > 10.1.10.180.44977: Flags [.], ack
657121872, win 1027, options [nop,nop,TS val 418474994 ecr 15322271], length 0
22:45:58.153920 IP 10.1.10.180.44977 > 10.1.10.1.8200: Flags [.], ack
124866194, win 754, options [nop,nop,TS val 15322271 ecr 418474985,nop,nop,sack
2 {124871986:124961762}{124867642:124870538}], length 0
22:45:58.153947 IP 10.1.10.1.8200 > 10.1.10.180.44977: Flags [.], ack
657121872, win 1027, options [nop,nop,TS val 418474994 ecr 15322271], length 0
22:45:58.154043 IP 10.1.10.180.44977 > 10.1.10.1.8200: Flags [.], ack
124870538, win 721, options [nop,nop,TS val 15322271 ecr 418474986,nop,nop,sack
1 {124871986:124961762}], length 0
22:45:58.154070 IP 10.1.10.1.8200 > 10.1.10.180.44977: Flags [.], ack
657121872, win 1027, options [nop,nop,TS val 418474994 ecr 15322271], length 0
22:45:58.154188 IP 10.1.10.180.44977 > 10.1.10.1.8200: Flags [.], ack
124961762, win 9, options [nop,nop,TS val 15322271 ecr 418474986], length 0
22:45:58.154230 IP 10.1.10.1.8200 > 10.1.10.180.44977: Flags [.], seq
124961762:124962914, ack 657121872, win 1027, options [nop,nop,TS val 418474994
ecr 15322271], length 1152
22:45:58.190890 IP 10.1.10.180.44977 > 10.1.10.1.8200: Flags [.], ack
124962914, win 0, options [nop,nop,TS val 15322281 ecr 418474994], length 0
22:45:58.210143 IP 10.1.10.180.44977 > 10.1.10.1.8200: Flags [.], ack
124962914, win 1003, options [nop,nop,TS val 15322285 ecr 418474994], length 0
22:45:58.210171 IP 10.1.10.1.8200 > 10.1.10.180.44977: Flags [.], seq
124962914:124964362, ack 657121872, win 1027, options [nop,nop,TS val 418475050
ecr 15322285], length 1448
22:45:58.211119 IP 10.1.10.180.44977 > 10.1.10.1.8200: Flags [.], ack
124965810, win 1116, options [nop,nop,TS val 15322286 ecr 418475050], length 0
22:45:58.211157 IP 10.1.10.1.8200 > 10.1.10.180.44977: Flags [.], seq
124965810:124967258, ack 657121872, win 1027, options [nop,nop,TS val 418475051
ecr 15322286], length 1448
22:45:58.211614 IP 10.1.10.180.44977 > 10.1.10.1.8200: Flags [.], ack
124968706, win 1229, options [nop,nop,TS val 15322286 ecr 418475051], length 0
22:45:58.211651 IP 10.1.10.1.8200 > 10.1.10.180.44977: Flags [.], seq
124971602:124973050, ack 657121872, win 1027, options [nop,nop,TS val 418475052
ecr 15322286], length 1448
22:45:58.250909 IP 10.1.10.180.44977 > 10.1.10.1.8200: Flags [.], ack
124977394, win 1186, options [nop,nop,TS val 15322296 ecr 418475051], length 0

Of course packet dropped by pf is missing from the above dump. I can also share
full tcpdump file via private email.

-- 
You are receiving this mail because:
You are the assignee for the bug.