broken ip checksum after frag reassemble of nfs READDIR?
Adam McDougall
mcdouga9 at egr.msu.edu
Mon May 8 15:49:31 UTC 2006
On Sun, Apr 16, 2006 at 05:30:23PM +1200, Andrew Thompson wrote:
On Wed, Apr 05, 2006 at 03:06:45PM +0200, Daniel Hartmeier wrote:
> On Wed, Apr 05, 2006 at 02:41:09PM +0200, Max Laier wrote:
>
> > The other big problem that just crossed my mind: Reassembly in the bridge
> > path!? It doesn't look like the current bridge code on either OS is ready to
> > deal with packets > MTU coming out of the filter. The question here is
> > probably how much IP processing we want to do in the bridge code?
>
> OpenBSD's bridge does, see bridge_fragment(). IIRC, we slightly adjusted
> ip_fragment() so it could be called from there, and not too much code
> had to be duplicated.
>
Here is a patch that adds fragmenting, largely based on whats in
OpenBSD. I didnt bring over bridge_send_icmp_err() as we can only get a
large packet to fragment by reassembling a previous fragment, checking
for DF and sending an icmp doesnt apply to us.
Can I get a review, esp. the traversal of the mbufs.
cheers,
Andrew
I should have a chance to test this support this week, thanks for working
on it. Could someone possibly produce a patch to force if_bridge to
recalculate the checksum on every packet so I can test that as well?
To me, the extra load on the firewall is less important than breaking
packets I am trying to pass.
More information about the freebsd-pf
mailing list