disabling ipv6 checksum offloading with ifconfig / netstat -s output

Ruben mail at osfux.nl
Thu Jan 7 12:02:34 UTC 2021


Hi,

Whilst debugging a connectivity issue I've stumbled on something I'm 
scratching my head about.

I was using tcpdump to inspect a traffic flow and noticed a lot of 
checksum errors like these:

10:33:36.953033 IP6 (flowlabel 0x2fea8, hlim 64, next-header TCP (6) 
payload length: 28) BLURRED.587 > BLURRED.55038: Flags [S.], cksum 
0xa3be (incorrect -> 0x79bc), seq 3397582504, ack 1199668437, win 65535, 
options [mss 1440,sackOK,eol], length 0

These "incorrect chksum"-errors were displayed on ip6 traffic (I only 
checked ssh and mail connections).

A coworker advised turning of checksum offloading. Familiar with the 
ifconfig capabilities I tried disabling offloading with these options in 
rc.conf (and "on the fly" as well):

-rxcsum -txcsum / -rxcsum6 -txcsum6

These are the lines in rc.conf :

ifconfig_vtnet0="inet BLURRED/XX -tso4 -rxcsum -txcsum"
defaultrouter="BLURRED"

ifconfig_vtnet0_ipv6="inet6 BLURRED prefixlen XX -rxcsum6 -txcsum6 -tso6"
ipv6_defaultrouter="BLURRED"

This did not put a halt to the incorrect chksums reported by tcpdump. I 
found it peculiar that netstat did not report any chksum errors, but 
tcpdump did. This is how I used netstat , moments after tcpdump 
displayed the "(incorrect -> 0x79bc)" errors:

netstat -s |grep checksum
		0 discarded for bad checksums
	0 with bad checksum
	0 with no checksum
	0 checksum error
	0 bad header checksums
	0 messages with bad checksum
	0 messages received with bad checksum
	0 bad checksums
	0 checksum calculations on inbound
	0 messages with bad checksum

This output was generated shortly after the vm was rebooted which 
explains the "perfect bill of health" as reported by netstat.

In order to "stop" tcpdump from reporting checksum errors I had to 
configure this tunable in /boot/loader.conf :

hw.vtnet.csum_disable=1

.

This put a stop to the incorrect checksum errors as reported by tcpdump. 
I'm puzzled though: shouldn't the ifconfig line in rc.conf :

ifconfig_vtnet0_ipv6="inet6 BLURRED prefixlen 48 -rxcsum6 -txcsum6 -tso6"

have instructed the vtnet driver to stop the hardware checksum 
offloading  as well?

And why did netstat not report any checksum errors, but tcpdump did?

Any thoughts appreaciated :)

Kind regards,

Ruben


More information about the freebsd-questions mailing list