[FS#3958] nftables TCPMSS clamp to MTU not working correctly on BIG-ENDIAN
OpenWrt Bugs
openwrt-bugs at lists.openwrt.org
Fri Jul 30 21:49:27 PDT 2021
THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
A new Flyspray task has been opened. Details are below.
User who did this - fseek (fseek)
Attached to Project - OpenWrt/LEDE Project
Summary - nftables TCPMSS clamp to MTU not working correctly on BIG-ENDIAN
Task Type - Bug Report
Category - Kernel
Status - Unconfirmed
Assigned To -
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - openwrt-21.02
Due in Version - Undecided
Due Date - Undecided
Details - The problem manifested itself on a TP-Link Archer C7:
* mips_24kc BIG-ENDIAN architecture
* the latest git version of openwrt-21.02 (a205de5594)
* Linux kernel 5.4.132
* nftables 0.9.6
* when using PPPoE over a tagged VLAN.
The PPPoE headers take away 8 bytes of space from the 1500 bytes of ethernet packets, therefore the advertised tcpmss should be reduced accordingly from 1460 to 1452 bytes.
With nftables the documented way to clamp the tcp maximum segment size is with the following command:
nft add rule ip filter forward tcp flags syn tcp option maxseg size set 1452
or alternatively:
nft add rule ip filter forward tcp flags syn tcp option maxseg size set rt mtu
Unfortunately these rules don't work as intended on big-endian architectures because of a byte-swapping bug in the kernel that mangles the mss to 0, disrupting the tcp connections.
This kernel bug is fixed since linux v5.7 but apparently the [[https://github.com/torvalds/linux/commit/2e34328b396a69b73661ba38d47d92b7cf21c2c4|fix 2e34328b396a]] was never backported to v5.4
I've personally patched and tested the fix on my device and verified that it works, and I'm now carrying the patch in my personal git repo.
Given that nftables is not a first-class citizen of OpenWRT yet I assigned this bug-report a low priority, nonetheless it would be nice if it's fixed.
More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=3958
You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.
More information about the openwrt-bugs
mailing list