Date: Wed, 15 Oct 2025 07:59:18 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 276760] vtnet driver incorrectly calculates checksums Message-ID: <bug-276760-7501-o67KdewUWC@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-276760-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-276760-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276760 --- Comment #21 from vova@fbsd.ru --- (In reply to Michael Tuexen from comment #20) About my setup: It is CX11 VM on hetzner (the cheapest one: 1 vCPU 2Gb RAM, 20 GB disk) all tests are with IPv4 (IPv6 is set up) VM basically does nothing, there are two if_wg links=20 (I did not spot any significant difference running iperf3 over wireguard li= nks) there are few vnet jails connected to bridge there is one jail with bind918 keeping few domains (not busy et all) also, in another jail telegram proxy with not much traffic also also there are frr10 running few BGP sessions over links=20 just a little routes: # netstat -rn -f inet | wc -l 25 net/firewall - with pf jl0 -> epair connected to the same bridge=20 # cat /etc/pf.conf # Interfaces ext_if =3D "vtnet0" # External interface int_ifs =3D "{ wg0, wg1, jl0 }" # Internal interfaces ns3 =3D "..." # Internal NAT address=20 nz =3D "..." # Internal NAT address mtp =3D "..." # Internal NAT address bricks =3D "..." # Internal networks table <sshguard> persist # Define a persistent table for blocked IPs set skip on lo # Skip loopback traffic set loginterface $ext_if # Enable logging on the external interface scrub in all # Normalize all incoming traffic nat on $ext_if inet from $bricks to any -> ($ext_if) # NAT for internal networks nat on $ext_if inet from ($ext_if) to any -> ($ext_if) # NAT for packets originating from $ext_if rdr pass on $ext_if proto { tcp, udp } from any to ($ext_if) port 53 -> $ns3 rdr pass on $ext_if proto tcp from any to ($ext_if) port 2202 -> $nz port 2= 2=20=20 rdr pass on $ext_if proto tcp from any to ($ext_if) port 8443 -> 172.22.15.5 port 8443=20 pass out quick on vtnet0 from $mtp to any keep state pass out quick on $ext_if from any to any keep state pass in on $int_ifs keep state pass in quick on $ext_if inet6 proto ipv6-icmp keep state pass in quick on $ext_if inet6 proto tcp to ($ext_if) port 22 keep state block in quick log from <sshguard> # Block and log traffic from blocklist block in log on vtnet0 all # Block and log all incoming traffic by default pass in on $ext_if proto tcp to ($ext_if) port 22 keep state # Allow = SSH (TCP/22) pass in on $ext_if proto { tcp, udp } to $ns3 port 53 keep state # Allow = DNS traffic pass in on $ext_if proto tcp to ($ext_if) port 2202 keep state # Allow custom SSH port (TCP/2202) pass in on $ext_if proto tcp to ($ext_if) port 8443 keep state # Allow = MTP pass in on $ext_if inet proto icmp icmp-type echoreq keep state # Allow = ICMP Echo Request (ping) antispoof quick for $ext_if # cat /etc/sysctl.conf vfs.zfs.min_auto_ashift=3D12 kern.init_shutdown_timeout=3D"900" net.inet.ip.fw.one_pass=3D0 net.route.multipath=3D0 net.inet.ip.fw.dyn_udp_lifetime=3D30 kern.ipc.maxsockbuf=3D16777216 --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-276760-7501-o67KdewUWC>