[Bug 170081] [fxp] pf/nat/jails not working if checksum offloading is enabled on fxp0
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Oct 24 17:46:55 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=170081
Kristof Provost <kp at freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kp at freebsd.org
Status|In Progress |Closed
Assignee|freebsd-net at FreeBSD.org |kp at freebsd.org
Resolution|--- |FIXED
--- Comment #4 from Kristof Provost <kp at freebsd.org> ---
The fix for this issue went in in r289703 (for stable/10). See also 154428,
193579, 198868.
The commit message, for reference:
pf: Fix TSO issues
In certain configurations (mostly but not exclusively as a VM on Xen) pf
produced packets with an invalid TCP checksum.
The problem was that pf could only handle packets with a full checksum. The
FreeBSD IP stack produces TCP packets with a pseudo-header checksum (only
addresses, length and protocol).
Certain network interfaces expect to see the pseudo-header checksum, so they
end up producing packets with invalid checksums.
To fix this stop calculating the full checksum and teach pf to only update TCP
checksums if TSO is disabled or the change affects the pseudo-header checksum.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-net
mailing list