Bug 271010 - network traffic to vnet Jail fails one way
Summary: network traffic to vnet Jail fails one way
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 13.2-STABLE
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-net (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-04-22 21:07 UTC by Meyser+bugs.freebsd.org
Modified: 2023-04-24 20:22 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Meyser+bugs.freebsd.org 2023-04-22 21:07:32 UTC 
stable/13 as of today.

transfering data from external to a vnet Jail stalls an timeouts.

Host machine with vnet jail
ftpd inside jail.

Windows PC
Downloading 1G data file via FTP from Jail to Win works.
Uploading 1G data file via FTP to jail stalls and runs in a timeout.

this is the simplified testcase of

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270951

ftpd on host system works without a glich.
perhaps an bridge / epair Problem.

ifconfig -a on host (only igc0 / v310 / v310Hbridge / v310Bsamba are involved)
----------------8<--------------------------------
igc0: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4e427bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
        ether 1c:fd:08:74:9d:a0
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
re0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
        ether 74:56:3c:39:e9:3e
        media: Ethernet autoselect (none)
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
v310: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: lan.xenet-de
        options=4200401<RXCSUM,LRO,RXCSUM_IPV6,NOMAP>
        ether 1c:fd:08:74:9d:a0
        inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
        inet 10.0.0.198 netmask 0xffffff00 broadcast 10.0.0.255
        groups: vlan
        vlan: 310 vlanproto: 802.1q vlanpcp: 0 parent interface: igc0
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
v310Hbridge: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: lan.xenet-de
        ether 58:9c:fc:10:ff:d5
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: v310Bbuild13 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 10 priority 128 path cost 2000
        member: v310Bbuild12 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 9 priority 128 path cost 2000
        member: v310Bbuild11 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 8 priority 128 path cost 2000
        member: v310Bmaster flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 7 priority 128 path cost 2000
        member: v310Bsamba flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 6 priority 128 path cost 2000
        member: v310 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 4 priority 128 path cost 20000
        groups: bridge
        nd6 options=9<PERFORMNUD,IFDISABLED>
v310Bsamba: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: lan.xenet-de
        options=8<VLAN_MTU>
        ether b2:f2:ed:eb:61:01
        hwaddr 02:c1:4c:4c:bd:0a
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
v310Bmaster: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: lan.xenet-de
        options=8<VLAN_MTU>
        ether b2:12:04:15:03:01
        hwaddr 02:cb:18:e4:4e:0a
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
v310Bbuild11: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: lan.xenet-de
        options=8<VLAN_MTU>
        ether b2:d7:3c:02:96:01
        hwaddr 02:a1:4d:e5:33:0a
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
v310Bbuild12: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: lan.xenet-de
        options=8<VLAN_MTU>
        ether b2:50:e6:06:dc:01
        hwaddr 02:a5:a4:42:1f:0a
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
v310Bbuild13: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: lan.xenet-de
        options=8<VLAN_MTU>
        ether b2:43:1f:bb:23:01
        hwaddr 02:57:69:e8:48:0a
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
----------------8<--------------------------------

ifconfig -a inside jail  ( v310Jsamba ist epair to v310Bsamba )
----------------8<--------------------------------
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
v310Jsamba: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: lan.xenet-de
        options=8<VLAN_MTU>
        ether c2:f2:ed:eb:61:01
        hwaddr 02:c1:4c:4c:bd:0b
        inet 10.0.0.129 netmask 0xffffff00 broadcast 10.0.0.255
        inet 10.0.0.199 netmask 0xffffff00 broadcast 10.0.0.255
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
----------------8<--------------------------------

no firewall on host / jail.
Comment 1 Meyser+bugs.freebsd.org 2023-04-24 18:32:02 UTC 
Correction:

on both host an Jail 

firewall_enable="YES"
firewall_type="OPEN"

ist set so ipfw ist loaded.

Removing this lines solves the problem.


Another way to fix ist ist to set

net.link.bridge.ipfw to 1 

This is very obscure!