Re: vtnet rxcsum broken for forwarding RELENG_13 ?

From: Matt Garber <>
Date: Tue, 12 Apr 2022 00:07:43 UTC
On Mon, Apr 11, 2022 at 7:15 PM mike tancsa <> wrote:

> I was setting up a VM pf firewall and noticed I was not able to nat out
> for some reason. Looking at the pcap, it seems when the vm is in
> forwarding mode, I get tcp checksum errors. If I do a
> ifconfig vtnet1 -rxcsum
> ifconfig vtnet0 -rxcsum
> nat then seems to work fine
> The setup is a simple VM with the hypervisor libvirt/KVM ubuntu 20 LTS.
> Guest is RELENG_13 from Apr 11/2022. If I change to em nics in the VM,
> all is fine out of the box.
> I opened up

Unless someone knows otherwise, I’ve been under the impression that PF — or
potentially any of the other FreeBSD firewalls (?), but I use PF — has been
“broken” in that regard on Linux KVM-based FreeBSD guests for years. As
such I’ve always needed to use csum_disable flags on the vtnet interfaces
or suffer *extremely* poor network performance, even for servers not doing
NAT forwarding.

E.g., see: