Index: share/man/man4/tcp.4 =================================================================== --- share/man/man4/tcp.4 +++ share/man/man4/tcp.4 @@ -34,7 +34,7 @@ .\" From: @(#)tcp.4 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd March 29, 2020 +.Dd March 30, 2020 .Dt TCP 4 .Os .Sh NAME @@ -628,21 +628,31 @@ This is needed to help with connection establishment when a broken firewall is in the network path. .It Va pmtud_blackhole_detection -Turn on automatic path MTU blackhole detection. -In case of retransmits OS will -lower the MSS to check if it's MTU problem. -If current MSS is greater than -configured value to try +Enable automatic path MTU blackhole detection. +In case of retransmits of MSS sized segments, +the OS will lower the MSS to check if it's an MTU problem. +If the current MSS is greater than the configured value to try .Po Va net.inet.tcp.pmtud_blackhole_mss and .Va net.inet.tcp.v6pmtud_blackhole_mss .Pc , it will be set to this value, otherwise, -MSS will be set to default values +the MSS will be set to the default values .Po Va net.inet.tcp.mssdflt and .Va net.inet.tcp.v6mssdflt .Pc . +Settings: +.Bl -tag -compact +.It 0 +Disable path MTU blackhole detection. +.It 1 +Enable path MTU blackhole detection for IPv4 and IPv6. +.It 2 +Enable path MTU blackhole detection only for IPv4. +.It 3 +Enable path MTU blackhole detection only for IPv6. +.El .It Va pmtud_blackhole_mss MSS to try for IPv4 if PMTU blackhole detection is turned on. .It Va v6pmtud_blackhole_mss Index: sys/netinet/tcp_timer.c =================================================================== --- sys/netinet/tcp_timer.c +++ sys/netinet/tcp_timer.c @@ -614,6 +614,7 @@ int rexmt; struct inpcb *inp; struct epoch_tracker et; + bool isipv6; #ifdef TCPDEBUG int ostate; @@ -712,12 +713,16 @@ * packets and process straight to FIN. In that case we won't catch * ESTABLISHED state. */ - if (V_tcp_pmtud_blackhole_detect && (((tp->t_state == TCPS_ESTABLISHED)) - || (tp->t_state == TCPS_FIN_WAIT_1))) { #ifdef INET6 - int isipv6; + isipv6 = (tp->t_inpcb->inp_vflag & INP_IPV6) ? true : false; +#else + isipv6 = false; #endif - + if (((V_tcp_pmtud_blackhole_detect == 1) || + (V_tcp_pmtud_blackhole_detect == 2 && !isipv6) || + (V_tcp_pmtud_blackhole_detect == 3 && isipv6)) && + ((tp->t_state == TCPS_ESTABLISHED) || + (tp->t_state == TCPS_FIN_WAIT_1))) { /* * Idea here is that at each stage of mtu probe (usually, 1448 * -> 1188 -> 524) should be given 2 chances to recover before @@ -746,7 +751,6 @@ * in an attempt to retransmit. */ #ifdef INET6 - isipv6 = (tp->t_inpcb->inp_vflag & INP_IPV6) ? 1 : 0; if (isipv6 && tp->t_maxseg > V_tcp_v6pmtud_blackhole_mss) { /* Use the sysctl tuneable blackhole MSS. */