From owner-freebsd-bugs@freebsd.org Thu Oct 8 03:01:43 2015 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EFB0E9D0C20 for ; Thu, 8 Oct 2015 03:01:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C295721F for ; Thu, 8 Oct 2015 03:01:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t9831hlD009668 for ; Thu, 8 Oct 2015 03:01:43 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 203630] [Hyper-V] [nat] [tcp] 10.2 NAT bug in TCP stack or hyperv netsvc driver Date: Thu, 08 Oct 2015 03:01:43 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kjcamann.lists@gmail.com X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2015 03:01:44 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203630 Bug ID: 203630 Summary: [Hyper-V] [nat] [tcp] 10.2 NAT bug in TCP stack or hyperv netsvc driver Product: Base System Version: 10.2-RELEASE Hardware: arm64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: kjcamann.lists@gmail.com I have encountered a bug in FreeBSD 10.2 (and also -CURRENT) when using NAT with either pf or ipfw. My setup for the gateway host is: * Microsoft Client Hyper-V on Windows 10 host machine * FreeBSD 10.2 Release (no upgrades or updates) * Two network interfaces, hn0 (the LAN "private switch") and hn1 (the gateway "external switch") * A simple pf.conf: nat on hn1 inet from hn0:network to any -> (hn1) pass all I tried the equivalent for ipfw, i.e., setting firewall_type to "open" and the and nat interface to hn1. Both configurations work fine in FreeBSD 10.1 Release, using the exact same Hyper-V setup. On FreeBSD 10.2 (and -CURRENT), connections to the Internet from the gateway itself are working, but other VMs forwarding through the gateway from the LAN while using NAT does not work. I have done some basic investigation, including disabling the checksum and TSO offloading options (via ifconfig) that were added to the netsvc driver for 10.2 (in R285236), but that didn't help. Whatever it is, it is in a common code path shared by pf and ipfw, or perhaps the netsvc driver. In looking around the Internet, I saw a few unanswered posts (which predate 10.2) about pf mysteriously dropping state and TCP connections entering the SYN_SENT:CLOSED state immediately. That is the symptom I see in 10.2. The outbound NAT translation is successful, and tcpdump shows the packets being sent out of the external interface. But then nothing else happens (no response from the server seems to come back), and the state is dropped. This problem is easy for me to reproduce; it happens on any new Hyper-V VM I create with 10.2 Release, and likewise it always works fine with 10.1 Release. -- You are receiving this mail because: You are the assignee for the bug.