[pf4freebsd] Re: nfsd send error 1 probably caused by pf ?

Pyun YongHyeon yongari at kt-is.co.kr
Wed Sep 15 20:56:49 PDT 2004 

On Fri, Nov 14, 2003 at 07:07:04PM +0900, To pf4freebsd at freelists.org wrote:
 > On Fri, Nov 14, 2003 at 10:33:17AM +0100, Daniel Hartmeier wrote:
 >  > On Fri, Nov 14, 2003 at 06:24:24PM +0900, Pyun YongHyeon wrote:
 >  > 
 >  > > It seems that your problem is reproducable on my SMP machine.
 >  > > I used a single rule 'pass out on xl0 keep state'.
 >  > > However, I can't see 'nfsd send error' message. nfs client
 >  > > works well even though pf still outputs 'BAD state' message.
 >  > 
 >  > Are you running nfsd on the pf machine? If pf is blocking outgoing
 > Yes.
 > 
 >  > packets due to state mismatches (BAD state messages), and the process
 >  > trying to send the blocked packets is running on the pf box, it gets a
 >  > an error code from the stack. If nfsd is reporting those errors, that
 >  > would imply you'd have to run nfsd on the pf box (not the nfs client).
 >  > If the theory is correct up to this point, that is ;)
 >  > 
 > Yes. Florian C. Smeets reported a error message "nfsd send error 1"
 > error code 1 is EPERM and this might come from pf's blocking.
 > At present, I think, actual cause may be in somewhere in H/W
 > checksum offload routine in FreeBSD pf. I need more investigation.
 > 

It seems that xl driver on FreeBSD-CURRENT is broken!
On my SMP box I get the following output from tcpdump.

5.1-CURRENT -------------------------> 5.1-RELEASE
192.168.10.9     ssh                  192.168.10.6

19:37:05.735690 192.168.10.9.49153 > 192.168.10.6.22: S [bad tcp cksum 7a04!] 1927186913:1927186913(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 89798 0> (DF) (ttl 64, id 0, len 60, bad cksum 0!)
19:37:05.736127 192.168.10.9.49153 > 192.168.10.6.22: . [bad tcp cksum 9905!] 1927186914:1927186914(0) ack 1415654180 win 33304 <nop,nop,timestamp 89798 37889726> (DF) (ttl 64, id 0, len 52, bad cksum 0!)
19:37:05.743396 192.168.10.9.49153 > 192.168.10.6.22: P 1927186914:1927186955(41) ack 1415654222 win 33304 <nop,nop,timestamp 89798 37889727> (DF) (ttl 64, id 0, len 93, bad cksum 0!)
19:37:05.748437 192.168.10.9.49153 > 192.168.10.6.22: P 1927186955:1927187499(544) ack 1415654758 win 33036 <nop,nop,timestamp 89799 37889728> (DF) (ttl 64, id 0, len 596, bad cksum 0!)
19:37:05.847524 192.168.10.9.49153 > 192.168.10.6.22: P [bad tcp cksum 88ce!] 1927187499:1927187523(24) ack 1415654758 win 33304 <nop,nop,timestamp 89809 37889738> (DF) (ttl 64, id 0, len 76, bad cksum 0!)
19:37:05.913245 192.168.10.9.49153 > 192.168.10.6.22: P 1927187523:1927187939(416) ack 1415655182 win 33304 <nop,nop,timestamp 89815 37889739> (DF) (ttl 64, id 0, len 468, bad cksum 0!)

#ifconfig xl0
xl0: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST> mtu 1500
        options=b<RXCSUM,TXCSUM,VLAN_MTU>
                  ^^^^^^^^^^^^^
        inet 192.168.10.9 netmask 0xffffff00 broadcast 192.168.10.255
        inet6 fe80::204:76ff:fed9:bdb7%xl0 prefixlen 64 scopeid 0x1 
        ether 00:04:76:d9:bd:b7
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

Of course, -CURRENT machine had not loaded pf kernel module.
It was rebuilt with todays cvsup.(Nov. 14 2003 KST).
If I use fxp interface on the same machine, it does not show any
'bad cksum' messages.

 > Thanks for your comment.
 > 
 >  > Daniel
 >  > 
 > 

Regards,
Pyun YongHyeon
-- 
Pyun YongHyeon <http://www.kr.freebsd.org/~yongari>

More information about the freebsd-pf mailing list