From owner-freebsd-stable@FreeBSD.ORG Mon May 11 20:08:14 2009 Return-Path: Delivered-To: FreeBSD-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 94591106566C for ; Mon, 11 May 2009 20:08:14 +0000 (UTC) (envelope-from jchambers@ucla.edu) Received: from out-61.smtp.ucla.edu (smtp-12.smtp.ucla.edu [IPv6:2607:f010:3fe:102:101c:23ff:febe:116e]) by mx1.freebsd.org (Postfix) with ESMTP id 7557F8FC18 for ; Mon, 11 May 2009 20:08:14 +0000 (UTC) (envelope-from jchambers@ucla.edu) Received: from mail.ucla.edu (mail.ucla.edu [169.232.46.158]) by smtp-12.smtp.ucla.edu (8.14.3/8.14.3) with ESMTP id n4BK7lh7016263; Mon, 11 May 2009 13:07:47 -0700 Received: from computer-2.local ([149.142.36.207]) (authenticated bits=0) by mail.ucla.edu (8.14.3/8.14.3) with ESMTP id n4BK7k85022839 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 11 May 2009 13:07:47 -0700 Message-ID: <4A088592.9070305@ucla.edu> Date: Mon, 11 May 2009 13:07:46 -0700 From: Jason Chambers Organization: UCLA User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302) MIME-Version: 1.0 To: =?ISO-8859-1?Q?Jonas_B=FClow?= References: <196E4005-25E9-4C46-99BD-8F717849703F@jongel.net> In-Reply-To: <196E4005-25E9-4C46-99BD-8F717849703F@jongel.net> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Probable-Spam: no X-Scanned-By: smtp.ucla.edu on 169.232.46.248 Cc: FreeBSD-stable@freebsd.org Subject: Re: ipfilter seems to be broken on 7.2-PRERELEASE as of April 25:th 2009. X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 May 2009 20:08:14 -0000 Jonas Bülow wrote: > > After reboot it was not reachable from the network. After some > troubleshooting I found that ipfilter seems to be the problem. Returning > traffic originating from my host (XXX) is blocked: > (... snip ...) > > Anyone seen this behaviour? > Yes. This appears to have made it to the RELEASE as well. I believe it is due to updates to the FXP driver that allow checksumming for tx/rx. My guess is checksumming is enabled by default and you (and I) happen to have the cards recognized by FXP that do not support it. (The BAD in the ipf log represents bad checksum) If you do "ifconfig fxp0 -txcsum -rxcsum" your problem should go away. For /etc/rc.conf, just add -txcsum -rxcsum to the interface definition. Regards, --Jason