ipfilter + bge strangeness

Koen Martens fbsd at metro.cx
Sun Jan 29 05:59:22 PST 2006 

Oleg Bulyzhin wrote:
> On Sat, Jan 28, 2006 at 11:16:31PM +0100, Koen Martens wrote:
>>Sure thing, although it happens with other kinds of traffic too (in
>>the dump, there's some NTP for example). Here's the netstat output
>>before:
> ....
>
> Btw, until recent changes bge had txcsum (not rxcsum) only.
> 
> As i can see there is no problem with checksum's at all (at least inside
> bge driver). tcpdump reports bad checksum on outgoing packets due to
> nature of tx checksum offloading: packet will get it's checksum calculated
> right before it goes on wire (If you want to check tx checksum offloading
> you should look on incoming packets on other end of wire).
> 
> Looks like something is wrong inside ipfilter. Can you test with ipfilter
> turned off (ipf -D or, if you using module, kld_unload ipl.ko)?

With ipfilter disabled and rxcsum enabled all is well (also, with
ipfilter and rxcsum enabled but just two rules to allow anything
in/out it works fine too).

The tcpdump output looks the same (see below).

It is not a purely ipfilter thing i guess, since on an em interface
on another box with txcsum/rxcsum on, there is no problem. It is
something in the combination of bge and ipfilter, although that is
as far as my speculation goes right now..



14:47:18.040321 IP (tos 0x0, ttl  59, id 51416, offset 0, flags
[DF], proto: TCP (6), length: 60) 80.127.84.188.59069 > 82.9
4.245.40.22: S, cksum 0xea0e (correct), 713466200:713466200(0) win
5840 <mss 1460,sackOK,timestamp 1043425664 0,nop,wscale 2
>
14:47:18.040367 IP (tos 0x0, ttl  64, id 51996, offset 0, flags
[DF], proto: TCP (6), length: 64, bad cksum 0 (->82d9)!) 82.
94.245.40.22 > 80.127.84.188.59069: S, cksum 0xecf4 (incorrect (->
0xd09b), 845513065:845513065(0) ack 713466201 win 65535 <
mss 1460,nop,wscale 1,nop,nop,timestamp 136536892 1043425664,sackOK,eol>
14:47:18.049970 IP (tos 0x0, ttl  59, id 51418, offset 0, flags
[DF], proto: TCP (6), length: 52) 80.127.84.188.59069 > 82.9
4.245.40.22: ., cksum 0x0aa9 (correct), ack 1 win 1460
<nop,nop,timestamp 1043425674 136536892>
14:47:18.050726 IP (tos 0x0, ttl  59, id 51420, offset 0, flags
[DF], proto: TCP (6), length: 52) 80.127.84.188.59069 > 82.9
4.245.40.22: F, cksum 0x0aa8 (correct), 1:1(0) ack 1 win 1460
<nop,nop,timestamp 1043425674 136536892>
14:47:18.050781 IP (tos 0x0, ttl  64, id 51997, offset 0, flags
[DF], proto: TCP (6), length: 52, bad cksum 0 (->82e4)!) 82.
94.245.40.22 > 80.127.84.188.59069: ., cksum 0xece8 (incorrect (->
0x8e39), ack 2 win 33304 <nop,nop,timestamp 136536902 104
3425674>
14:47:18.062894 IP (tos 0x0, ttl  64, id 51998, offset 0, flags
[DF], proto: TCP (6), length: 91, bad cksum 0 (->82bc)!) 82.
94.245.40.22 > 80.127.84.188.59069: P 1:40(39) ack 2 win 33304
<nop,nop,timestamp 136536914 1043425674>
14:47:18.063214 IP (tos 0x0, ttl  64, id 51999, offset 0, flags
[DF], proto: TCP (6), length: 52, bad cksum 0 (->82e2)!) 82.
94.245.40.22 > 80.127.84.188.59069: F, cksum 0xece8 (incorrect (->
0x8e04), 40:40(0) ack 2 win 33304 <nop,nop,timestamp 1365
36915 1043425674>
14:47:18.072664 IP (tos 0x0, ttl  59, id 29403, offset 0, flags
[DF], proto: TCP (6), length: 40) 80.127.84.188.59069 > 82.9
4.245.40.22: R, cksum 0x106a (correct), 713466202:713466202(0) win 0
14:47:18.073376 IP (tos 0x0, ttl  59, id 29404, offset 0, flags
[DF], proto: TCP (6), length: 40) 80.127.84.188.59069 > 82.9
4.245.40.22: R, cksum 0x106a (correct), 713466202:713466202(0) win 0
14:47:19.063671 802.1d config 8000.00:d0:03:d8:85:55.21e9 root
8000.00:d0:01:2f:51:55 pathcost 4 age 1 max 20 hello 2 fdelay
 15
14:47:20.095251 IP (tos 0x0, ttl  64, id 52004, offset 0, flags
[none], proto: UDP (17), length: 59, bad cksum 0 (->9f57)!)
82.94.245.40.53815 > 194.109.6.66.53:  39684+ A? www.xs4all.nl. (31)
14:47:20.095949 IP (tos 0x0, ttl  62, id 55312, offset 0, flags
[none], proto: UDP (17), length: 75) 194.109.6.66.53 > 82.94
.245.40.53815:  39684 1/0/0 www.xs4all.nl. A 194.109.6.92 (47)
14:47:21.060071 802.1d config 8000.00:d0:03:d8:85:55.21e9 root
8000.00:d0:01:2f:51:55 pathcost 4 age 1 max 20 hello 2 fdelay
 15







-- 
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, hosting, embedded systems, unix, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

More information about the freebsd-stable mailing list