FreeBSD 5.3BETA2 / Netra T1 & PF problem

Tue Sep 7 05:02:13 PDT 2004

On Tue, Sep 07, 2004 at 07:38:54PM +0900, To sparc64 at freebsd.org wrote:
 > On Tue, Sep 07, 2004 at 12:24:44PM +0200, nanard wrote:
 >  > Hi,
 >  > 
 >  > I'm running FreeBSD 5.3beta2 on a Sun Netra T1 box:
 >  > 
 >  > vroum# uname -a
 >  > FreeBSD vroum.fr.colt.net 5.3-BETA3 FreeBSD 5.3-BETA3 #1: Mon Sep  6 12:39:27 CEST 2004     root at vroum.fr.colt.net:/usr/src/sys/sparc64/compile/VROUM  sparc64
 >  > 
 >  > I recompiled the kernel with PF/ALTQ support:
 >  > 
 >  > options         PFIL_HOOKS              # pfil(9) framework
 >  > device          pf                      #PF OpenBSD packet-filter firewall
 >  > device          pflog                   #logging support interface for PF
 >  > options          ALTQ
 >  > 
 >  > In /etc/rc.conf, i added this:
 >  > 
 >  > pf_enable="YES"
 >  > pflog_enable="YES"
 >  > 
 >  > To test, I modified /etc/pf.conf with only this line:
 >  > 
 >  > vroum# cat /etc/pf.conf
 >  > pass log all
 >  > vroum#
 >  > 
 >  > I'm connected remotely and localy (port com) from a windows XP to the fbsd box.
 >  > 
 >  > (winXP:10.33.253.81) ----> (Fbsd:10.33.253.145)
 >  > 
 >  > When PF is disable, i can connect by SSH.
 >  > 
 >  > When PF is enable, i can't connect by SSH. (and i lost active ssh connexion)
 >  > 
 > 
 > Sorry. I know this issue. You can disable RX ckecksum offload to
 > work pf at present. However the real cause of this issue is still
 > under investigation. Since without pf, hme(4) works well with checksum
 > offload capability, I guess there is problems in pf code.
 > I'll let you know if I find the cause. Also CCed to Max.
 > 

Okay. Could you try attached patch?

Regards,
Pyun YongHyeon
-- 
Pyun YongHyeon <http://www.kr.freebsd.org/~yongari>
-------------- next part --------------

--- sys/contrib/pf/net/pf.c.orig	Mon Aug 16 20:29:43 2004
+++ sys/contrib/pf/net/pf.c	Tue Sep  7 20:49:31 2004
@@ -5620,8 +5620,8 @@
 				ip = mtod(m, struct ip *);	
 				sum = in_pseudo(ip->ip_src.s_addr,
 					ip->ip_dst.s_addr,
-					htonl(m->m_pkthdr.csum_data +
-					    IPPROTO_TCP + ntohs(ip->ip_len)));
+					htonl(m->m_pkthdr.csum_data + len +
+					    IPPROTO_TCP));
 			}
 			sum ^= 0xffff;
 			++hw_assist;
