From owner-freebsd-pf@FreeBSD.ORG  Thu Sep 16 03:56:49 2004
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 674)
	id 09C8416A4CF; Thu, 16 Sep 2004 03:56:49 +0000 (GMT)
Delivered-To: mlaier@vampire.homelinux.org
Received: (qmail 45875 invoked by uid 1005); 14 Nov 2003 11:00:59 -0000
Delivered-To: max@vampire.homelinux.org
Received: (qmail 45872 invoked from network); 14 Nov 2003 11:00:59 -0000
Received: from moutng.kundenserver.de (212.227.126.183)
  by pd95307cb.dip.t-dialin.net with SMTP; 14 Nov 2003 11:00:59 -0000
Received: from [212.227.126.213] (helo=mxng17.kundenserver.de)
	by moutng5.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1AKbeG-0000Nw-00
	for max@vampire.homelinux.org; Fri, 14 Nov 2003 11:57:56 +0100
Received: from [206.53.239.180] (helo=turing.freelists.org)
	by mxng17.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1AKbe6-0005E8-00
	for max@love2party.net; Fri, 14 Nov 2003 11:57:47 +0100
Received: from turing (localhost [127.0.0.1])ESMTP
	id 9F8A63909AC; Fri, 14 Nov 2003 05:40:29 -0500 (EST)
Received: with ECARTIS (v1.0.0; list pf4freebsd);
	Fri, 14 Nov 2003 05:40:22 -0500 (EST)
X-Original-To: pf4freebsd@freelists.org
Delivered-To: pf4freebsd@freelists.org
Received: from ns.kt-is.co.kr (ns.kt-is.co.kr [211.218.149.125])
	ESMTP id 30EB539091D
	for <pf4freebsd@freelists.org>; Fri, 14 Nov 2003 05:40:21 -0500 (EST)
Received: from michelle.kt-is.co.kr ([211.55.51.210])
	(authenticated bits=128)
	by ns.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id hAEAnCAh066179
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL)
	for <pf4freebsd@freelists.org>; Fri, 14 Nov 2003 19:49:12 +0900 (KST)
Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1])
	by michelle.kt-is.co.kr (8.12.9/8.12.9) with ESMTP id hAEApFWV032999
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <pf4freebsd@freelists.org>; Fri, 14 Nov 2003 19:51:15 +0900 (KST)
	(envelope-from yongari@kt-is.co.kr)
Received: (from yongari@localhost)
	by michelle.kt-is.co.kr (8.12.9/8.12.9/Submit) id hAEApFoF032998
	for pf4freebsd@freelists.org; Fri, 14 Nov 2003 19:51:15 +0900 (KST)
	(envelope-from yongari@kt-is.co.kr)
From: Pyun YongHyeon <yongari@kt-is.co.kr>
To: pf4freebsd@freelists.org
Message-ID: <20031114105114.GC32359@kt-is.co.kr>
References: <3FB2ACA6.7030302@kasimir.com>
	<20031112220709.GO17343@insomnia.benzedrine.cx> <3FB2B203.1030704@kasimir.com>
	<3FB2B5AB.50601@kasimir.com> <20031113163911.GR17343@insomnia.benzedrine.cx>
	<3FB3EBBA.5070405@kasimir.com> <20031114092424.GA32359@kt-is.co.kr>
	<20031114093317.GB20224@insomnia.benzedrine.cx>
	<20031114100704.GB32359@kt-is.co.kr>
Mime-Version: 1.0
Content-type: text/plain;
  charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20031114100704.GB32359@kt-is.co.kr>
User-Agent: Mutt/1.4.1i
X-Filter-Version: 1.11a (ns.kt-is.co.kr)
X-archive-position: 219
X-ecartis-version: Ecartis v1.0.0
Sender: pf4freebsd-bounce@freelists.org
Errors-To: pf4freebsd-bounce@freelists.org
X-original-sender: yongari@kt-is.co.kr
Precedence: normal
X-list: pf4freebsd
Content-Transfer-Encoding: quoted-printable
X-Provags-Forward: ad1e83286d02b5e55817d47b0d69ba84
X-UID: 337
X-Length: 6872
X-Mailman-Approved-At: Thu, 16 Sep 2004 03:59:49 +0000
Subject: [pf4freebsd] Re: nfsd send error 1 probably caused by pf ?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Reply-To: pf4freebsd@freelists.org
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
Date: Thu, 16 Sep 2004 03:56:49 -0000
X-Original-Date: Fri, 14 Nov 2003 19:51:14 +0900
X-List-Received-Date: Thu, 16 Sep 2004 03:56:49 -0000

On Fri, Nov 14, 2003 at 07:07:04PM +0900, To pf4freebsd@freelists.org wro=
te:
 > On Fri, Nov 14, 2003 at 10:33:17AM +0100, Daniel Hartmeier wrote:
 >  > On Fri, Nov 14, 2003 at 06:24:24PM +0900, Pyun YongHyeon wrote:
 >  >=20
 >  > > It seems that your problem is reproducable on my SMP machine.
 >  > > I used a single rule 'pass out on xl0 keep state'.
 >  > > However, I can't see 'nfsd send error' message. nfs client
 >  > > works well even though pf still outputs 'BAD state' message.
 >  >=20
 >  > Are you running nfsd on the pf machine? If pf is blocking outgoing
 > Yes.
 >=20
 >  > packets due to state mismatches (BAD state messages), and the proce=
ss
 >  > trying to send the blocked packets is running on the pf box, it get=
s a
 >  > an error code from the stack. If nfsd is reporting those errors, th=
at
 >  > would imply you'd have to run nfsd on the pf box (not the nfs clien=
t).
 >  > If the theory is correct up to this point, that is ;)
 >  >=20
 > Yes. Florian C. Smeets reported a error message "nfsd send error 1"
 > error code 1 is EPERM and this might come from pf's blocking.
 > At present, I think, actual cause may be in somewhere in H/W
 > checksum offload routine in FreeBSD pf. I need more investigation.
 >=20

It seems that xl driver on FreeBSD-CURRENT is broken!
On my SMP box I get the following output from tcpdump.

5.1-CURRENT -------------------------> 5.1-RELEASE
192.168.10.9     ssh                  192.168.10.6

19:37:05.735690 192.168.10.9.49153 > 192.168.10.6.22: S [bad tcp cksum 7a=
04!] 1927186913:1927186913(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,ti=
mestamp 89798 0> (DF) (ttl 64, id 0, len 60, bad cksum 0!)
19:37:05.736127 192.168.10.9.49153 > 192.168.10.6.22: . [bad tcp cksum 99=
05!] 1927186914:1927186914(0) ack 1415654180 win 33304 <nop,nop,timestamp=
 89798 37889726> (DF) (ttl 64, id 0, len 52, bad cksum 0!)
19:37:05.743396 192.168.10.9.49153 > 192.168.10.6.22: P 1927186914:192718=
6955(41) ack 1415654222 win 33304 <nop,nop,timestamp 89798 37889727> (DF)=
 (ttl 64, id 0, len 93, bad cksum 0!)
19:37:05.748437 192.168.10.9.49153 > 192.168.10.6.22: P 1927186955:192718=
7499(544) ack 1415654758 win 33036 <nop,nop,timestamp 89799 37889728> (DF=
) (ttl 64, id 0, len 596, bad cksum 0!)
19:37:05.847524 192.168.10.9.49153 > 192.168.10.6.22: P [bad tcp cksum 88=
ce!] 1927187499:1927187523(24) ack 1415654758 win 33304 <nop,nop,timestam=
p 89809 37889738> (DF) (ttl 64, id 0, len 76, bad cksum 0!)
19:37:05.913245 192.168.10.9.49153 > 192.168.10.6.22: P 1927187523:192718=
7939(416) ack 1415655182 win 33304 <nop,nop,timestamp 89815 37889739> (DF=
) (ttl 64, id 0, len 468, bad cksum 0!)

#ifconfig xl0
xl0: flags=3D9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST> mtu 1500
        options=3Db<RXCSUM,TXCSUM,VLAN_MTU>
                  ^^^^^^^^^^^^^
        inet 192.168.10.9 netmask 0xffffff00 broadcast 192.168.10.255
        inet6 fe80::204:76ff:fed9:bdb7%xl0 prefixlen 64 scopeid 0x1=20
        ether 00:04:76:d9:bd:b7
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

Of course, -CURRENT machine had not loaded pf kernel module.
It was rebuilt with todays cvsup.(Nov. 14 2003 KST).
If I use fxp interface on the same machine, it does not show any
'bad cksum' messages.

 > Thanks for your comment.
 >=20
 >  > Daniel
 >  >=20
 >=20

Regards,
Pyun YongHyeon
--=20
Pyun YongHyeon <http://www.kr.freebsd.org/~yongari>