ipfilter + bge strangeness

Darren Reed darrenr at hub.freebsd.org
Sun Feb 26 04:16:05 PST 2006 

On Tue, Jan 31, 2006 at 12:09:13PM +0300, Oleg Bulyzhin wrote:
> > > Btw, until recent changes bge had txcsum (not rxcsum) only.
> > > 
> > > As i can see there is no problem with checksum's at all (at least inside
> > > bge driver). tcpdump reports bad checksum on outgoing packets due to
> > > nature of tx checksum offloading: packet will get it's checksum calculated
> > > right before it goes on wire (If you want to check tx checksum offloading
> > > you should look on incoming packets on other end of wire).
> > > 
> > > Looks like something is wrong inside ipfilter. Can you test with ipfilter
> > > turned off (ipf -D or, if you using module, kld_unload ipl.ko)?
> > 
> > With ipfilter disabled and rxcsum enabled all is well (also, with
> > ipfilter and rxcsum enabled but just two rules to allow anything
> > in/out it works fine too).
> > 
> > The tcpdump output looks the same (see below).
> > 
> > It is not a purely ipfilter thing i guess, since on an em interface
> > on another box with txcsum/rxcsum on, there is no problem. It is
> > something in the combination of bge and ipfilter, although that is
> > as far as my speculation goes right now..
> 
> Could you please test attached patch?
> 
> Root of the problem is inside ipfilter - if driver use 'partial' (i.e. without
> pseudo header) rx checksum offloading ipfilter fails to calculate checksum
> correctly (it's using ip packet length (ip_fil_freebsd.c:1561) instead of
> tcp/udp length).
> This patch enables 'full' rxcsum offloading so ipfilter's bug should not be
> triggered.

I think what you're saying is that this is wrong:
                        sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
                                        htonl(m->m_pkthdr.csum_data +
                                        fin->fin_ip->ip_len + fin->fin_p));

And that "fin->fin_ip->ip_len" needs to be replaced by something
that is like "ip_len - ip_hl - tcp/icmp/udp_hl" ?

Just so that I understand the interactions here properly, is there
a way to tell when FreeBSD will use partial checksums like it was
before compare to now ?

Darren
Darren

More information about the freebsd-stable mailing list