From nobody Wed Oct 15 07:59:18 2025 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cmk4m2J1sz6Bwg7 for ; Wed, 15 Oct 2025 07:59:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cmk4l1X6kz3W8P for ; Wed, 15 Oct 2025 07:59:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760515160; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=etFeAGxp2J5W3P7KWgy8wB6dWCGl0PmM7zoL1qZ3c9s=; b=kcO3Go2YZtHlDmurRJE15zJNHElrIvy/RWXFNog0nf3rwhGMaJkMpSkEdcJdj5/nTukdob gzYIQz55km9/+CBhdiyd09wwba6eE+HRVIKMS9UchsRJn9cIGaOMVMHrFQTiVLn5nHmBfN 5xRDVFNl6JsLFFlKb3fzpmYu3dtCZOwpgeVLM/mC4bkyLnBdZyY543cpBit7ksAeiyd2Yj P4KiYZhgABbRSbYAaysN5uHe0R2/Zmm93PRZOjv+o4GLYrs/Mdsk0beKlDWeqPB9KRrY3u Elqs4tlCjLOhtxSR05c7EGtJrCkYjYHKij8OKG4VNbrkfY5RPED+GUmM6YmwyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760515160; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=etFeAGxp2J5W3P7KWgy8wB6dWCGl0PmM7zoL1qZ3c9s=; b=lAP4ILArigayOzHJYmxFo3M2hb09nUbdi9DZdsH+rrPxOWL805YW2s/FhcuZOr7EzRmyW8 FcJ1B+2igb3d3pXLrynZSRd9A8EUQAIk83ddDWvK7JLMQ6wEI/N4x6djI/eZyPOern/fhq hCjXSGdneR7SYZ8dCntqy7Mp/4ID9jjMJoGTrORf6JeKKs9NXDqN+5qUIDhzScvWMDut3o V6cfhahXi0HDxraTbPOH0p6PUY2iXdurVZP1lPzEKD7f6PV4rbmgE7LrQ3eLhjWdCJKBSW bWM3P8omktoBV00bXBMr3te7QeoDW/VF3k14ZaHGVYq8f6YcrUSgqj6eH41b9Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760515160; a=rsa-sha256; cv=none; b=uFVFoSjV2tPG8zjDtDcPQuHAJ7JFNW8WwVlIDIZOXZYGt/9La5FHTjDxHIq0WYRn8htAtU zs9dnGrmC02D2OiRfQt4DpHEcTD4MLaQ8/k0a2SteNPXlb8MJtgUoAroDd4JehYZtOtEo5 2hAMRbFJGQcZnL0c1/Q5ET8zsqOFQZzI8Fu4qZgRmP9fMGhd2HO/zAL31y02eycIoQcGKz CtfNB9sLV4w/ChuFEGfvoUkaqpPn4CC+MHEoyj63nIMOtuOHfXcFBOQSKyezX1RHvuVJza +U8TME1RthVKxIOaYBq9bReq0miGQSVKlbI/Jfxpa3xUR393v7837cFAB/T8pA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cmk4l0R2rzTsG for ; Wed, 15 Oct 2025 07:59:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 59F7xIhN060906 for ; Wed, 15 Oct 2025 07:59:18 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 59F7xI4W060905 for net@FreeBSD.org; Wed, 15 Oct 2025 07:59:18 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 276760] vtnet driver incorrectly calculates checksums Date: Wed, 15 Oct 2025 07:59:18 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.2-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vova@fbsd.ru X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: tuexen@freebsd.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276760 --- Comment #21 from vova@fbsd.ru --- (In reply to Michael Tuexen from comment #20) About my setup: It is CX11 VM on hetzner (the cheapest one: 1 vCPU 2Gb RAM, 20 GB disk) all tests are with IPv4 (IPv6 is set up) VM basically does nothing, there are two if_wg links=20 (I did not spot any significant difference running iperf3 over wireguard li= nks) there are few vnet jails connected to bridge there is one jail with bind918 keeping few domains (not busy et all) also, in another jail telegram proxy with not much traffic also also there are frr10 running few BGP sessions over links=20 just a little routes: # netstat -rn -f inet | wc -l 25 net/firewall - with pf jl0 -> epair connected to the same bridge=20 # cat /etc/pf.conf # Interfaces ext_if =3D "vtnet0" # External interface int_ifs =3D "{ wg0, wg1, jl0 }" # Internal interfaces ns3 =3D "..." # Internal NAT address=20 nz =3D "..." # Internal NAT address mtp =3D "..." # Internal NAT address bricks =3D "..." # Internal networks table persist # Define a persistent table for blocked IPs set skip on lo # Skip loopback traffic set loginterface $ext_if # Enable logging on the external interface scrub in all # Normalize all incoming traffic nat on $ext_if inet from $bricks to any -> ($ext_if) # NAT for internal networks nat on $ext_if inet from ($ext_if) to any -> ($ext_if) # NAT for packets originating from $ext_if rdr pass on $ext_if proto { tcp, udp } from any to ($ext_if) port 53 -> $ns3 rdr pass on $ext_if proto tcp from any to ($ext_if) port 2202 -> $nz port 2= 2=20=20 rdr pass on $ext_if proto tcp from any to ($ext_if) port 8443 -> 172.22.15.5 port 8443=20 pass out quick on vtnet0 from $mtp to any keep state pass out quick on $ext_if from any to any keep state pass in on $int_ifs keep state pass in quick on $ext_if inet6 proto ipv6-icmp keep state pass in quick on $ext_if inet6 proto tcp to ($ext_if) port 22 keep state block in quick log from # Block and log traffic from blocklist block in log on vtnet0 all # Block and log all incoming traffic by default pass in on $ext_if proto tcp to ($ext_if) port 22 keep state # Allow = SSH (TCP/22) pass in on $ext_if proto { tcp, udp } to $ns3 port 53 keep state # Allow = DNS traffic pass in on $ext_if proto tcp to ($ext_if) port 2202 keep state # Allow custom SSH port (TCP/2202) pass in on $ext_if proto tcp to ($ext_if) port 8443 keep state # Allow = MTP pass in on $ext_if inet proto icmp icmp-type echoreq keep state # Allow = ICMP Echo Request (ping) antispoof quick for $ext_if # cat /etc/sysctl.conf vfs.zfs.min_auto_ashift=3D12 kern.init_shutdown_timeout=3D"900" net.inet.ip.fw.one_pass=3D0 net.route.multipath=3D0 net.inet.ip.fw.dyn_udp_lifetime=3D30 kern.ipc.maxsockbuf=3D16777216 --=20 You are receiving this mail because: You are on the CC list for the bug.=