ipfilter seems to be broken on 7.2-PRERELEASE as of April 25:th
2009.
Pyun YongHyeon
pyunyh at gmail.com
Tue May 12 00:49:00 UTC 2009
On Mon, May 11, 2009 at 01:07:46PM -0700, Jason Chambers wrote:
> Jonas B?low wrote:
> >
> > After reboot it was not reachable from the network. After some
> > troubleshooting I found that ipfilter seems to be the problem. Returning
> > traffic originating from my host (XXX) is blocked:
> >
> (... snip ...)
> >
> > Anyone seen this behaviour?
> >
>
> Yes. This appears to have made it to the RELEASE as well.
>
> I believe it is due to updates to the FXP driver that allow checksumming
> for tx/rx. My guess is checksumming is enabled by default and you (and
> I) happen to have the cards recognized by FXP that do not support it.
I guess your controller is 82559 or compatibles. If you can receive
packets without problems after disabling ipfilter it's not fault of
fxp(4). You have a good controller that do support Rx checksum
offloading.
> (The BAD in the ipf log represents bad checksum)
>
No, ipfilter's notion of Rx checksum offloading was broken.
ipfilter simply does not understand partial checksummed frame(e.g.
checksummed frame without pseudo header) so driver that supports
this type of checksum offloading(gem(4), hme(4), sk(4) and fxp(4))
wouldn't work on ipfilter.
> If you do "ifconfig fxp0 -txcsum -rxcsum" your problem should go away.
> For /etc/rc.conf, just add -txcsum -rxcsum to the interface definition.
>
Yeah, that would fix it or you can switch to pf(4).
More information about the freebsd-stable
mailing list