[Bug 170081] [fxp] pf/nat/jails not working if checksum offloading is enabled on fxp0

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=170081

Kristof Provost <kp at freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kp at freebsd.org
             Status|In Progress                 |Closed
           Assignee|freebsd-net at FreeBSD.org     |kp at freebsd.org
         Resolution|---                         |FIXED

--- Comment #4 from Kristof Provost <kp at freebsd.org> ---
The fix for this issue went in in r289703 (for stable/10). See also 154428,
193579, 198868.

The commit message, for reference:
pf: Fix TSO issues

In certain configurations (mostly but not exclusively as a VM on Xen) pf
produced packets with an invalid TCP checksum.

The problem was that pf could only handle packets with a full checksum. The
FreeBSD IP stack produces TCP packets with a pseudo-header checksum (only
addresses, length and protocol).
Certain network interfaces expect to see the pseudo-header checksum, so they
end up producing packets with invalid checksums.

To fix this stop calculating the full checksum and teach pf to only update TCP
checksums if TSO is disabled or the change affects the pseudo-header checksum.

-- 
You are receiving this mail because:
You are the assignee for the bug.