Date: Sun, 29 Jan 2006 12:27:20 +1100 From: Peter Jeremy <peterjeremy@optushome.com.au> To: Koen Martens <fbsd@metro.cx> Cc: freebsd-stable@freebsd.org Subject: Re: ipfilter + bge strangeness Message-ID: <20060129012720.GH2341@turion.vk2pj.dyndns.org> In-Reply-To: <43DB8EA6.7070503@metro.cx> References: <43DB8EA6.7070503@metro.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 2006-Jan-28 16:32:54 +0100, Koen Martens wrote: >Yesterday night, i was going to send the message below. However, >just before pressing send, i found a solution to the problem: >disable checksum checks (ifconfig bge0 -rxcsum -txcsum). Though this >is a solution, it has me puzzled. Is this a bug^H^H^Hfeature of >6-STABLE, as it works with 5.4. > >With 5.4, there was only the rxcsum option for the bge card, not a >txcsum. It worked fine with rxcsum enabled on 5.4.. At least on Solaris, you need to disable checksum offloading to pass packets through an IPfilter firewall (check the IPFilter FAQ). I gather that the outgoing packets are marked as "checksum valid" so the NIC doesn't re-compute the checksum and it winds up wrong. If you disable IPfilter and just use the box as a straight router, does it then work when you enable checksum offloading? If so, then I think you've bumped into the same (mis-)feature. -- Peter Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060129012720.GH2341>