From owner-freebsd-net@FreeBSD.ORG Tue Jun 28 13:09:06 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4CE68106566C for ; Tue, 28 Jun 2011 13:09:06 +0000 (UTC) (envelope-from benoit.panizzon@imp.ch) Received: from godot.imp.ch (godot.imp.ch [157.161.4.8]) by mx1.freebsd.org (Postfix) with ESMTP id B237E8FC16 for ; Tue, 28 Jun 2011 13:09:05 +0000 (UTC) Received: from go.imp.ch (go.imp.ch [IPv6:2001:4060:1:4133:20f:1fff:fe7d:d3da]) by godot.imp.ch (8.14.1/8.14.1) with ESMTP id p5S9mbn3005705 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 28 Jun 2011 11:48:37 +0200 (CEST) (envelope-from benoit.panizzon@imp.ch) From: Benoit Panizzon Organization: ImproWare AG To: freebsd-net@freebsd.org Date: Tue, 28 Jun 2011 11:48:34 +0200 User-Agent: KMail/1.9.9 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart6617720.nWCGMWR6Ov"; protocol="application/pkcs7-signature"; micalg=sha1 Content-Transfer-Encoding: 7bit Message-Id: <201106281148.36754.benoit.panizzon@imp.ch> X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: udp checksum implementation error in FreeBSD 7.2? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2011 13:09:06 -0000 --nextPart6617720.nWCGMWR6Ov Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi We are running a DHCP Server on a FreeBSD 7.2-RELEASE-p4 box. This works for most of our customers, except ones with some kind of SonicWa= ll=20 =46irewalls. We have analyzed the problem with the sonicwall tech support: We found the problem being in the sonicwall setting a UDP checksum of 0x000= 0=20 for DHCP Requests. According to the RFC this is a valid value and tells the receiving UDP stac= k=20 not to check the checksum: http://www.faqs.org/rfcs/rfc768.html If the value is different from 0x0000 the receiving UDP stack can perform a= =20 checksum check and if this fails, silently drop that packet. What we observe is: DHCP Request with UDP checksum set =3D> Packet reaches DHCP Daemon and is b= eing=20 answered. DHCP Request with UDP checksum 0x0000 =3D> ICMP Port Unreachable from FreeB= SD. Can someone confirm this non RFC conform behaviour and knows how to fix it? As I understand, setting net.inet.udp.checksum to zero would not fix the=20 problem, as this is only for packet generation. Kind regards Benoit Panizzon =2D-=20 I m p r o W a r e A G - =20 ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 07 CH-4133 Pratteln Fax +41 61 826 93 02 Schweiz Web http://www.imp.ch ______________________________________________________ --nextPart6617720.nWCGMWR6Ov--