From owner-freebsd-stable  Sun May 21  8:24: 4 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from prism.flugsvamp.com (cb58709-a.mdsn1.wi.home.com [24.17.241.9])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0D70B37B955; Sun, 21 May 2000 08:23:59 -0700 (PDT)
	(envelope-from jlemon@flugsvamp.com)
Received: (from jlemon@localhost)
	by prism.flugsvamp.com (8.9.3/8.9.3) id KAA74857;
	Sun, 21 May 2000 10:28:08 -0500 (CDT)
	(envelope-from jlemon)
Date: Sun, 21 May 2000 10:28:08 -0500
From: Jonathan Lemon <jlemon@flugsvamp.com>
To: Darren Reed <darrenr@reed.wattle.id.au>
Cc: jlemon@freebsd.org, freebsd-stable@freebsd.org, ps@freebsd.org,
	Cy.Schubert@uumail.gov.bc.ca
Subject: Re: FTP proxy without translation no longer working? (fwd)
Message-ID: <20000521102808.C5468@prism.flugsvamp.com>
References: <200005210038.e4L0cTx00858@cwsys.cwsent.com> <200005210428.OAA12435@avalon.reed.wattle.id.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre2i
In-Reply-To: <200005210428.OAA12435@avalon.reed.wattle.id.au>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, May 21, 2000 at 02:28:30PM +1000, Darren Reed wrote:
> Jonathan,
>          Can you please back these changes out for 4.0_STABLE ?  They appear
> to interfere with the operation IP Filter.  I'm happy for these to on the
> head and for there to be work required to get things working again.  If I
> don't hear/see from you within the next week, I'll assume that you otherwise
> are not that concerned and offer to backout the changes myself.

Well, instead of backing the changes out, how about we fix the problem
instead?  I'm not familiar with IPFilter, but I know that there were
some initial problems with ipfw, perhaps the problems here are similar.

What happens now is that the TCP/UDP layer will place the pseudo 
checksum in the TCP/UDP header, and set a flag in the mbuf.  After
the IP layer determines which interface the packet is going out on,
it will compute the checksum if: 1. the interface indicates it does
not support delayed checksums, and 2. the delayed csum flag is set
in the mbuf.

If the packet is intercepted/redirected at some point between the 
upper (TCP) and lower (IP) layers, then it will not have a valid
checksum.  In this case, there needs to be a small bit of code to 
force the checksum to be computed if necessary.  E.g.:

	if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
		in_delayed_cksum(m);
		m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
	}

I don't know where IPFilter hooks into the stack, so I don't know 
where the appropriate point to put this would be.
--
Jonathan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message