[Bug 255432] pf fragment reassembly leads to invalid IP checksum since 13.0-RELEASE

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Apr 26 20:28:10 UTC 2021 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255432

--- Comment #3 from topical <topical at gmx.net> ---
Executing

  ping -4 -s 2000 ns1

Captured with

  tshark -V -ni vtnet0 -o ip.check_checksum:TRUE

On sender (mtu 1500):

Frame 1: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) on
interface vtnet0, id 0
<snip>
Internet Protocol Version 4, Src: 10.1.11.2, Dst: 10.1.2.5
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport
(0)
    Total Length: 1500
    Identification: 0x7bed (31725)
    Flags: 0x20, More fragments
        0... .... = Reserved bit: Not set
        .0.. .... = Don't fragment: Not set
        ..1. .... = More fragments: Set
    Fragment Offset: 0
    Time to Live: 64
    Protocol: ICMP (1)
    Header Checksum: 0xb82b [correct]
    [Header checksum status: Good]
    [Calculated Checksum: 0xb82b]
    Source Address: 10.1.11.2
    Destination Address: 10.1.2.5
Data (1480 bytes)
<snip>
    Data:
0800f36266e6000000101623267d28ee08090a0b0c0d0e0f101112131415161718191a1b…
    [Length: 1480]

Frame 2: 562 bytes on wire (4496 bits), 562 bytes captured (4496 bits) on
interface vtnet0, id 0
<snip>
Internet Protocol Version 4, Src: 10.1.11.2, Dst: 10.1.2.5
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport
(0)
    Total Length: 548
    Identification: 0x7bed (31725)
    Flags: 0x00
        0... .... = Reserved bit: Not set
        .0.. .... = Don't fragment: Not set
        ..0. .... = More fragments: Not set
    Fragment Offset: 1480
    Time to Live: 64
    Protocol: ICMP (1)
    Header Checksum: 0xdb2a [correct]
    [Header checksum status: Good]
    [Calculated Checksum: 0xdb2a]
    Source Address: 10.1.11.2
    Destination Address: 10.1.2.5
    [2 IPv4 Fragments (2008 bytes): #1(1480), #2(528)]
        [Frame: 1, payload: 0-1479 (1480 bytes)]
        [Frame: 2, payload: 1480-2007 (528 bytes)]
        [Fragment count: 2]
        [Reassembled IPv4 length: 2008]
        [Reassembled IPv4 data:
0800f36266e6000000101623267d28ee08090a0b0c0d0e0f101112131415161718191a1b…]
Internet Control Message Protocol
    Type: 8 (Echo (ping) request)
    Code: 0
    Checksum: 0xf362 [correct]
    [Checksum Status: Good]
    Identifier (BE): 26342 (0x66e6)
    Identifier (LE): 58982 (0xe666)
    Sequence Number (BE): 0 (0x0000)
    Sequence Number (LE): 0 (0x0000)
    Data (2000 bytes)
        Data:
00101623267d28ee08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223…
        [Length: 2000]

On receiver (mtu 9000):

Frame 1: 2042 bytes on wire (16336 bits), 2042 bytes captured (16336 bits) on
interface e0a_ns1, id 0
Internet Protocol Version 4, Src: 10.1.11.2, Dst: 10.1.2.5
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport
(0)
    Total Length: 2028
    Identification: 0x7bed (31725)
    Flags: 0x00
        0... .... = Reserved bit: Not set
        .0.. .... = Don't fragment: Not set
        ..0. .... = More fragments: Not set
    Fragment Offset: 0
    Time to Live: 63
    Protocol: ICMP (1)
    Header Checksum: 0xb92b incorrect, should be 0xd71b(may be caused by "IP
checksum offload"?)
        [Expert Info (Error/Checksum): Bad checksum [should be 0xd71b]]
            [Bad checksum [should be 0xd71b]]
            [Severity level: Error]
            [Group: Checksum]
    [Header checksum status: Bad]
    [Calculated Checksum: 0xd71b]
    Source Address: 10.1.11.2
    Destination Address: 10.1.2.5
Internet Control Message Protocol
    Type: 8 (Echo (ping) request)
    Code: 0
    Checksum: 0xf362 [correct]
    [Checksum Status: Good]
    Identifier (BE): 26342 (0x66e6)
    Identifier (LE): 58982 (0xe666)
    Sequence Number (BE): 0 (0x0000)
    Sequence Number (LE): 0 (0x0000)
    Data (2000 bytes)
<snip>
        Data:
00101623267d28ee08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223…
        [Length: 2000]

You see: packet is reassembled and IP checksum is broken.

Interestingly, if I increase packets size to 20000 (i.e. it needs to be
fragmented again), checksum is correct.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list