From owner-freebsd-pf@FreeBSD.ORG Sat Aug 31 01:31:46 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 8E3B77A0 for ; Sat, 31 Aug 2013 01:31:46 +0000 (UTC) (envelope-from jdavidlists@gmail.com) Received: from mail-ie0-x231.google.com (mail-ie0-x231.google.com [IPv6:2607:f8b0:4001:c03::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 640A52D32 for ; Sat, 31 Aug 2013 01:31:46 +0000 (UTC) Received: by mail-ie0-f177.google.com with SMTP id e14so4673788iej.36 for ; Fri, 30 Aug 2013 18:31:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=Pz5ZLyYf5F28QhrTXb3iCc0A62ueTi2Nq0UXn0njxr0=; b=Fl2cUV7xCz8U/uAwlZBY6bEMcnG18mRY/rgeg4yQ2JB0WnCwYYkWSWJreP6LIO3KBN TU2IaiiXfZYXEEYviCjeHLJ6VIFs8bZ1/8znQm7W0PnRk6dLUWUHgW12FEOmIOEvBGzK XbjbJ75+XXiDu6c+KQytyIeWUzbHAjrO5D8T/V718Q99GWfGPQbGB1H3pA9tMK5nt7S4 xw12ajapfl4FNjWK63kpp+ijIM7mlHE3ywj1SbZOfIg3rgdnohrQ5p+FJqiI3TULYVMH xo84q1QmU/npxzB4IN+snSBxCnZ7lWLkyUKnahN0293VzugnO7C/q/5qY7h3PL9UaLL/ +aqw== MIME-Version: 1.0 X-Received: by 10.50.178.234 with SMTP id db10mr4421953igc.35.1377912705607; Fri, 30 Aug 2013 18:31:45 -0700 (PDT) Sender: jdavidlists@gmail.com Received: by 10.43.157.8 with HTTP; Fri, 30 Aug 2013 18:31:45 -0700 (PDT) Date: Fri, 30 Aug 2013 21:31:45 -0400 X-Google-Sender-Auth: GykpkdhpSaLk9LhAMvsDoT6LwhY Message-ID: Subject: pf unconditionally disables TCP checksum offloading From: J David To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Aug 2013 01:31:46 -0000 Hello, While testing 9.2, we discovered that merely having pf enabled (no rules of any kind) was sufficient to completely, unconditionally disables hardware checksum offloading. If pf is disabled ("pfctl -d") then checksum offloading works fine. If pf is merely enabled with no rules ("pfctl -e -F all"), checksum offloading no longer works. The culprit appears to be this code in pf_check_out: if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { in_delayed_cksum(*m); (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; } CSUM_DELAY_DATA is defined as (CSUM_TCP | CSUM_UDP) in sys/mbuf.h, so this effectively clears (*m)->m_pkthdr.csum_flags and never puts it back. Is this behavior intentional? Thanks!