From owner-p4-projects@FreeBSD.ORG  Thu Dec  7 16:28:26 2006
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 64C4116A4C9; Thu,  7 Dec 2006 16:28:26 +0000 (UTC)
X-Original-To: perforce@FreeBSD.org
Delivered-To: perforce@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 35A4B16A415;
	Thu,  7 Dec 2006 16:28:26 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E676E43F12;
	Thu,  7 Dec 2006 16:13:14 +0000 (GMT)
	(envelope-from rwatson@FreeBSD.org)
Received: from fledge.watson.org (fledge.watson.org [209.31.154.41])
	by cyrus.watson.org (Postfix) with ESMTP id 9F27B46F9A;
	Thu,  7 Dec 2006 11:14:06 -0500 (EST)
Date: Thu, 7 Dec 2006 16:14:06 +0000 (GMT)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: Gleb Smirnoff <glebius@FreeBSD.org>
In-Reply-To: <20061207124112.GW32700@FreeBSD.org>
Message-ID: <20061207160859.V50906@fledge.watson.org>
References: <200612062319.kB6NJgsq031755@repoman.freebsd.org>
	<20061207110225.GU32700@FreeBSD.org> <4578070A.2030609@freebsd.org>
	<20061207124112.GW32700@FreeBSD.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: Perforce Change Reviews <perforce@FreeBSD.org>,
	Andre Oppermann <andre@FreeBSD.org>, Paolo Pisati <piso@FreeBSD.org>
Subject: Re: PERFORCE change 111230 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Dec 2006 16:28:26 -0000


On Thu, 7 Dec 2006, Gleb Smirnoff wrote:

> A> >this isn't a fix. Another application will do write(,, 16k + 1) and
> A> >m_jumbo16pullup() will fail again. Please backout it, it is a hack.
> A> >
> A> >We need to fix TSO in such way that real packets, that will be
> A> >transmitted to wire, will be passed to pfil handlers.
> A>
> A> That is not possible.
>
> ATM this should be at least documented behavior. And a solution should be 
> thought, because pfil must see real packets, not their precursors.

This tension will always exist with offloaded services.  tcpdump sees 
"corrupted" checksums on transmitted packets, and now it sees "long" TCP 
packets.  Likewise, with reassembly offload, they'll come from the card in a 
reassembled form (this is present in the Neterion cards, which can do fragment 
reassembly, etc, in hardware, and pass a large datagram up the stack).  I 
don't see any way of getting around the fact that IP processing happens before 
or after the firewall in the New World Order.  If a firewall really wants to 
see the packets as they will be transmitted, it can always do the 
fragmentation and checksumming itself.  However, this is pretty undesirable 
from a performance perspective.  I think pfil seeing the cards as they transit 
the IP layer is the right approach.

Robert N M Watson
Computer Laboratory
University of Cambridge