Date: Tue, 28 Jun 2011 19:31:34 +0400 From: Dmitry Banschikov <d.banschikov@peterhost.ru> To: freebsd-net@freebsd.org Subject: Re: udp checksum implementation error in FreeBSD 7.2? Message-ID: <4E09F3D6.3060206@peterhost.ru> In-Reply-To: <201106281148.36754.benoit.panizzon@imp.ch> References: <201106281148.36754.benoit.panizzon@imp.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms030206000303050501000706 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable On 28.06.2011 13:48, Benoit Panizzon wrote: > Hi > > We are running a DHCP Server on a FreeBSD 7.2-RELEASE-p4 box. > > This works for most of our customers, except ones with some kind of Son= icWall > Firewalls. We have analyzed the problem with the sonicwall tech support= : > > We found the problem being in the sonicwall setting a UDP checksum of 0= x0000 > for DHCP Requests. > > According to the RFC this is a valid value and tells the receiving UDP = stack > not to check the checksum: > > http://www.faqs.org/rfcs/rfc768.html > > If the value is different from 0x0000 the receiving UDP stack can perfo= rm a > checksum check and if this fails, silently drop that packet. > > What we observe is: > > DHCP Request with UDP checksum set =3D> Packet reaches DHCP Daemon and= is being > answered. > DHCP Request with UDP checksum 0x0000 =3D> ICMP Port Unreachable from = FreeBSD. > > Can someone confirm this non RFC conform behaviour and knows how to fix= it? > > As I understand, setting net.inet.udp.checksum to zero would not fix th= e > problem, as this is only for packet generation. DHCP (isc-dhcp) uses bpf(4) device for reading and writing dhcp packets. = Since bpf(4) device provides raw access to ether frames, udp checksum=20 calculation must take place in the dhcp server code. You could use=20 ktrace(1) if you want to make sure that a icmp packet is generated by=20 the dhcp server. Also, you have said that icmp error message is port=20 unreachable, that means, that there is no any udp socket which listens=20 on 67 port. Can you check if dhcp-server listens on 67-udp port and=20 there is no any firewall rules, which forbids udp packet to 67 port? --=20 Dmitry Banschikov --------------ms030206000303050501000706--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E09F3D6.3060206>