From nobody Mon Dec 15 10:45:16 2025 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dVGt42vyTz6KyFB for ; Mon, 15 Dec 2025 10:45:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dVGt41D4kz3tB5 for ; Mon, 15 Dec 2025 10:45:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1765795516; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8w5k/rCtm7+l9eie5VaJIolRDL5MRMboTPwQxGVQuJA=; b=ghRm1ZI9uonnjZxIEwo3u9UvP5s9rk/lKBUkcHHgpMjGbppACLX1fVrWwWTZdipjz6yarc ZHoFbYUJzIbynaHvrh5IlfFQR0pQ5yBde1QYTilRjaWh+tY+jdzaY7Gw1UVq/XNPRTXSXY jJ+i3yYm/bFFjHhUpEFVL3wxH7ckSyHC6z89AdI71O6vsnrmCXF1nyet6c+mHW/KMPWwEE beZrno7u5870S/rkJMK3P3i38k7SJwrO6y7C0WCU4ac6q9WVRgp69A2czlVbeZvf1YoYhe ABQvyTGAhNBKyv95pMp4IluGoQq5QoFRxewEt2Q+Bh1cCDnHiX+6xQbo0AFdlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1765795516; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8w5k/rCtm7+l9eie5VaJIolRDL5MRMboTPwQxGVQuJA=; b=vBs+ycUSUH8BnKNJxI+4mdmVH6WXWP4iiRwHduCJDFusKVD/rSzFfDJjs6nG1I1eEWFiDg syvTA9+KunY3cDCq3iG/l5rm/93kSAb/+ZXqmWc5lH6fG4nUpl/Eawe7Gmwbewb1hFN1+L gLuLJy+FvwtE223kNn7RRvNYvZPc8tokb8tFCNKHJK4X6JDbaaULOAZebF2PzsrvNo6fw6 7SyK38DCF35HzNkSjc6H82FW9vuwD96A7o/d5zLM4TPJKNFUVAwn/P7q0yVrGwbh30VqZE UKlKlEwYFhwD6gDO9PRSKj0kYkJakDO6W1MgbgwbEYrxA55sCM3a9OgHf6QVQA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1765795516; a=rsa-sha256; cv=none; b=CKoSZ/+5SuEgnNKRQ7qANwQsXE8Q9aK7mUmCLVhEBj6pFgWTQwRCVYaZynzgxxlXwa7ipb x5whCr4Fz1jZebKjd3T9r4ldHmn+HA/+k4u5+uS/jpg9Qpa9UEO0/gLe3BB2hB0m5nMNuF wh2LtSa4R81PbXeR+mbmtPTDmx9VuiFRwX6wEokKawm8TPa80Ocefmg/Evuau2aFgC5c41 O1Idy8zxYgZJ0+fCWsqxiI5bzHjX313004PwzvGHjTRgScNUv/tdsiGkGB2tbf3M/Cku3m tQZ+J8Y0xWblORrVjX5u8TDbb0c//RKnTTskO3a69G/Kdq8DNB7KeaCVho7OLQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4dVGt40RXfz1lx for ; Mon, 15 Dec 2025 10:45:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 5BFAjFDn054671 for ; Mon, 15 Dec 2025 10:45:15 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 5BFAjFEL054670 for net@FreeBSD.org; Mon, 15 Dec 2025 10:45:15 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 291420] [epair] Bad UDP packet checksum with epair(4) and txcsum enabled Date: Mon, 15 Dec 2025 10:45:16 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.3-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: timo.voelker@fh-muenster.de X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: tuexen@freebsd.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D291420 --- Comment #27 from Timo Voelker --- (In reply to leper from comment #22) Thanks for sharing your setup. If I got it right, it looks like this: DNS-Jail Host VM-Jail Ubuntu-VM e0b_dns---e0a_dns e0a_vmjail---e0b_vmjail tap0---vtnet0 \ / \ / bridge0 bridge1 That's a good example where bridge capability synchronization fails. In an unpatched FreeBSD tap0 has no txcsum and it cannot be enabled. When adding = tap0 to bridge1, the bridge disables txcsum on all other member interfaces (and = will disable txcsum on interfaces newly added to that bridge). Thus, it disables txcsum on e0b_vmjail, which, due to the capability sync between epair interfaces, will disable txcsum on e0a_vmjail. The core problem here is that the bridge does not notice changes made after adding an interface. In this example, disabling txcsum on e0a_vmail does not result in disabling txcsum on e0a_dns, which would disable txcsum on e0b_dn= s. With txcsum enabled on e0b_dns, the DNS-Server uses checksum offloading for outgoing packets and writes only the header checksum in the checksum field.= For a packet to the Ubuntu-VM, bridge1 forwards the packet that still needs a v= alid checksum out over tap0 which has txcsum disabled. I guess we need to add txcsum to the bridge, which then computes the checks= um in software if the outgoing interface does not support txcsum. --=20 You are receiving this mail because: You are on the CC list for the bug.=