From owner-freebsd-bugs@FreeBSD.ORG  Sat Mar 24 11:30:11 2012
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 77111106564A
	for <freebsd-bugs@hub.freebsd.org>;
	Sat, 24 Mar 2012 11:30:11 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 4981B8FC12
	for <freebsd-bugs@hub.freebsd.org>;
	Sat, 24 Mar 2012 11:30:11 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q2OBUB6m077777
	for <freebsd-bugs@freefall.freebsd.org>; Sat, 24 Mar 2012 11:30:11 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q2OBUBqd077775;
	Sat, 24 Mar 2012 11:30:11 GMT (envelope-from gnats)
Resent-Date: Sat, 24 Mar 2012 11:30:11 GMT
Resent-Message-Id: <201203241130.q2OBUBqd077775@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Manuel Kasper <mk@neon1.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id AE4601065670
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sat, 24 Mar 2012 11:24:51 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 992198FC1A
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sat, 24 Mar 2012 11:24:51 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q2OBOpbS091166
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 24 Mar 2012 11:24:51 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q2OBOpZV091155;
	Sat, 24 Mar 2012 11:24:51 GMT (envelope-from nobody)
Message-Id: <201203241124.q2OBOpZV091155@red.freebsd.org>
Date: Sat, 24 Mar 2012 11:24:51 GMT
From: Manuel Kasper <mk@neon1.net>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: kern/166372: [patch] ipfilter drops UDP packets with zero checksum
	on some interfaces
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Mar 2012 11:30:11 -0000


>Number:         166372
>Category:       kern
>Synopsis:       [patch] ipfilter drops UDP packets with zero checksum on some interfaces
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 24 11:30:10 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Manuel Kasper
>Release:        8.2-RELEASE
>Organization:
>Environment:
FreeBSD builder82.m0n0.ch 8.2-RELEASE-p3 FreeBSD 8.2-RELEASE-p3 #0: Tue Sep 27 18:07:27 UTC 2011     root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
When using ipfilter with certain network interfaces (if_vr and if_bge are known to be affected), UDP packets with zero checksum are dropped (ipmon log entries show "bad"). This causes problems in applications that use such packets, such as the common Cisco VPN.

The problem is that not all drivers set csum_data to 0xffff for packets with zero UDP checksum, so the code in sys/contrib/ipfilter/netinet/ip_fil_freebsd.c should check for zero UDP checksums first.

The attached patch solves the issue.
>How-To-Repeat:

>Fix:
See attached patch.

Patch attached with submission follows:

--- sys/contrib/ipfilter/netinet/ip_fil_freebsd.c.orig	2010-12-21 18:09:25.000000000 +0100
+++ sys/contrib/ipfilter/netinet/ip_fil_freebsd.c	2012-03-24 12:10:52.000000000 +0100
@@ -1352,6 +1352,18 @@
 	ip = fin->fin_ip;
 
 	if (m->m_pkthdr.csum_flags & CSUM_DATA_VALID) {
+		/* UDP may have zero checksum */
+		if (fin->fin_p == IPPROTO_UDP && (fin->fin_flx & (FI_FRAG|FI_SHORT|FI_BAD)) == 0) {
+			udphdr_t *udp = fin->fin_dp;
+			if (udp->uh_sum == 0) {
+				/* we're good no matter what the hardware checksum flags
+				   and csum_data say (handling of csum_data for zero UDP
+				   checksum is not consistent across all drivers) */
+				fin->fin_cksum = 1;
+				return;
+			}
+		}
+
 		if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR)
 			sum = m->m_pkthdr.csum_data;
 		else


>Release-Note:
>Audit-Trail:
>Unformatted: