disabling ipv6 checksum offloading with ifconfig / netstat -s output
Ruben
mail at osfux.nl
Thu Jan 7 12:02:34 UTC 2021
Hi,
Whilst debugging a connectivity issue I've stumbled on something I'm
scratching my head about.
I was using tcpdump to inspect a traffic flow and noticed a lot of
checksum errors like these:
10:33:36.953033 IP6 (flowlabel 0x2fea8, hlim 64, next-header TCP (6)
payload length: 28) BLURRED.587 > BLURRED.55038: Flags [S.], cksum
0xa3be (incorrect -> 0x79bc), seq 3397582504, ack 1199668437, win 65535,
options [mss 1440,sackOK,eol], length 0
These "incorrect chksum"-errors were displayed on ip6 traffic (I only
checked ssh and mail connections).
A coworker advised turning of checksum offloading. Familiar with the
ifconfig capabilities I tried disabling offloading with these options in
rc.conf (and "on the fly" as well):
-rxcsum -txcsum / -rxcsum6 -txcsum6
These are the lines in rc.conf :
ifconfig_vtnet0="inet BLURRED/XX -tso4 -rxcsum -txcsum"
defaultrouter="BLURRED"
ifconfig_vtnet0_ipv6="inet6 BLURRED prefixlen XX -rxcsum6 -txcsum6 -tso6"
ipv6_defaultrouter="BLURRED"
This did not put a halt to the incorrect chksums reported by tcpdump. I
found it peculiar that netstat did not report any chksum errors, but
tcpdump did. This is how I used netstat , moments after tcpdump
displayed the "(incorrect -> 0x79bc)" errors:
netstat -s |grep checksum
0 discarded for bad checksums
0 with bad checksum
0 with no checksum
0 checksum error
0 bad header checksums
0 messages with bad checksum
0 messages received with bad checksum
0 bad checksums
0 checksum calculations on inbound
0 messages with bad checksum
This output was generated shortly after the vm was rebooted which
explains the "perfect bill of health" as reported by netstat.
In order to "stop" tcpdump from reporting checksum errors I had to
configure this tunable in /boot/loader.conf :
hw.vtnet.csum_disable=1
.
This put a stop to the incorrect checksum errors as reported by tcpdump.
I'm puzzled though: shouldn't the ifconfig line in rc.conf :
ifconfig_vtnet0_ipv6="inet6 BLURRED prefixlen 48 -rxcsum6 -txcsum6 -tso6"
have instructed the vtnet driver to stop the hardware checksum
offloading as well?
And why did netstat not report any checksum errors, but tcpdump did?
Any thoughts appreaciated :)
Kind regards,
Ruben
More information about the freebsd-questions
mailing list