netbsd-bugs: kern/32444: Small packets are dropped by IPfilter

Subject: kern/32444: Small packets are dropped by IPfilter
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <imago@13thmonkey.org>
List: netbsd-bugs
Date: 01/03/2006 12:55:00
	Note: There was a bad value `ciritical' for the field `Severity'.
	It was set to the default value of `serious'.

>Number:         32444
>Category:       kern
>Synopsis:       Small packets are dropped by IPfilter
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jan 03 12:55:00 +0000 2006
>Originator:     Reinoud Zandijk
>Release:        NetBSD 2.99.16
>Organization:
	
>Environment:
System: NetBSD rangerover 2.99.16 NetBSD 2.99.16 (GENERIC) #1: Tue Feb 22 20:57:13 CET 2005 imago@heethoofdje.kasbah:/usr/sources/cvs.netbsd.org/src/sys/arch/sparc/compile/obj/GENERIC sparc
Architecture: sparc
Machine: sparc

(server machine)

Some idents:
     $NetBSD: bpf_filter.c,v 1.20 2003/08/07 16:32:47 agc Exp $
     $NetBSD: ip_flow.c,v 1.29 2005/02/03 22:43:34 perry Exp $
     $NetBSD: ip_icmp.c,v 1.90 2005/02/03 22:51:50 perry Exp $
     $NetBSD: ip_id.c,v 1.8 2004/03/23 05:31:54 itojun Exp $
     $NetBSD: ip_input.c,v 1.211 2005/02/03 22:56:42 perry Exp $
     $NetBSD: ip_output.c,v 1.143 2005/02/18 00:52:56 heas Exp $
     $NetBSD: ip_auth.c,v 1.3 2005/02/08 07:01:55 martti Exp $
     $NetBSD: ip_frag.c,v 1.1 2004/10/01 15:26:00 christos Exp $
     $NetBSD: ip_log.c,v 1.2 2005/02/08 07:01:55 martti Exp $
     $NetBSD: ip_ftp_pxy.c,v 1.6 2005/02/19 21:30:25 martti Exp $
     $NetBSD: ip_rcmd_pxy.c,v 1.6 2005/02/19 21:30:25 martti Exp $
     $NetBSD: ip_raudio_pxy.c,v 1.2 2005/02/19 21:30:25 martti Exp $
     $NetBSD: ip_h323_pxy.c,v 1.1 2004/10/02 07:51:53 christos Exp $
     $NetBSD: ip_netbios_pxy.c,v 1.1 2004/10/02 07:51:53 christos Exp $
     $NetBSD: ip_ipsec_pxy.c,v 1.2 2005/02/19 21:30:25 martti Exp $
     $NetBSD: ip_state.c,v 1.5 2005/02/19 21:30:25 martti Exp $
     $NetBSD: ip_ecn.c,v 1.13 2005/02/03 03:49:01 perry Exp $
     $NetBSD: ip_encap.c,v 1.23 2005/02/03 03:49:01 perry Exp $

>Description:
Small packages are not sent over the wire or are not accepted over the wire 
when ipfilter is enabled. This especially affects NFS resulting in vnode 
locks and nfsrclk locks that won't get resolved for the retransmitted 
packets keep on being rejected
	

>How-To-Repeat:
"ping -s X" works for X=[0..1472], fails for X=[1473..1479], then works 
again for X=[1480..]

>Fix:
Disable ipfilter on the server and the pings will come trough. Re-enabling 
it stops the pings again.

When ipfilter is disabled for a few seconds the NFS locks gets resolved and 
the machine returns to normal operation.

>Unformatted:
 Userland might be older, say a 2.x snapshot.