From owner-freebsd-bugs@FreeBSD.ORG Sun Feb 14 20:10:05 2010 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2BCE41065676 for ; Sun, 14 Feb 2010 20:10:05 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E0A068FC13 for ; Sun, 14 Feb 2010 20:10:04 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o1EKA4YZ053948 for ; Sun, 14 Feb 2010 20:10:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o1EKA4Si053947; Sun, 14 Feb 2010 20:10:04 GMT (envelope-from gnats) Resent-Date: Sun, 14 Feb 2010 20:10:04 GMT Resent-Message-Id: <201002142010.o1EKA4Si053947@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Dmitriy Demidov Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 936EA106570B for ; Sun, 14 Feb 2010 20:06:37 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 805BB8FC1D for ; Sun, 14 Feb 2010 20:06:37 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o1EK6bWt045025 for ; Sun, 14 Feb 2010 20:06:37 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id o1EK6bu7045024; Sun, 14 Feb 2010 20:06:37 GMT (envelope-from nobody) Message-Id: <201002142006.o1EK6bu7045024@www.freebsd.org> Date: Sun, 14 Feb 2010 20:06:37 GMT From: Dmitriy Demidov To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/143940: ipfw nat and em interface rxcsum problem X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Feb 2010 20:10:05 -0000 >Number: 143940 >Category: kern >Synopsis: ipfw nat and em interface rxcsum problem >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Feb 14 20:10:04 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Dmitriy Demidov >Release: FreeBSD 7.3-PRERELEASE i386 >Organization: >Environment: FreeBSD hius.local.home 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0: Sun Feb 14 15:21:11 EET 2010 terminus@hius.local.home:/usr/obj/usr/src/sys/STABLE i386 >Description: There is a problem with UDP pass throughout ipfw nat then em driver have rxcsum enabled. In the same time TCP traffic is not affected - I can use telnet to IP then rxcsum is on. For example tcpdump whith rxcsum: tcpdump -i 2 -v -n -l udp == tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes 21:40:27.130983 IP (tos 0x0, ttl 64, id 6748, offset 0, flags [none], proto UDP (17), length 71) 95.68.114.78.20152 > 192.5.6.30.53: 62854% [1au] A? www.redhat.com. (43) 21:40:27.507620 IP (tos 0x0, ttl 64, id 6749, offset 0, flags [none], proto UDP (17), length 71) 95.68.114.78.18912 > 192.35.51.30.53: 13850% [1au] A? www.redhat.com. (43) 21:40:27.884586 IP (tos 0x0, ttl 64, id 6750, offset 0, flags [none], proto UDP (17), length 71) 95.68.114.78.29135 > 192.55.83.30.53: 41425% [1au] A? www.redhat.com. (43) 21:40:28.263572 IP (tos 0x0, ttl 64, id 6751, offset 0, flags [none], proto UDP (17), length 71) 95.68.114.78.10444 > 192.52.178.30.53: 6087% [1au] A? www.redhat.com. (43) 21:40:28.615537 IP (tos 0x0, ttl 64, id 6752, offset 0, flags [none], proto UDP (17), length 71) 95.68.114.78.58118 > 192.43.172.30.53: 63884% [1au] A? www.redhat.com. (43) 21:40:28.992486 IP (tos 0x0, ttl 64, id 6753, offset 0, flags [none], proto UDP (17), length 71) 95.68.114.78.19810 > 192.33.14.30.53: 62148% [1au] A? www.redhat.com. (43) 21:40:29.369452 IP (tos 0x0, ttl 64, id 6754, offset 0, flags [none], proto UDP (17), length 71) 95.68.114.78.6475 > 192.5.6.30.53: 40935% [1au] A? www.redhat.com. (43) 21:40:30.122434 IP (tos 0x0, ttl 64, id 6755, offset 0, flags [none], proto UDP (17), length 71) 95.68.114.78.25595 > 192.48.79.30.53: 51119% [1au] A? www.redhat.com. (43) 21:40:30.499349 IP (tos 0x0, ttl 64, id 6756, offset 0, flags [none], proto UDP (17), length 71) 95.68.114.78.60447 > 192.48.79.30.53: 850% [1au] A? www.redhat.com. (43) 21:40:31.252291 IP (tos 0x0, ttl 64, id 6764, offset 0, flags [none], proto UDP (17), length 71) 95.68.114.78.29325 > 192.31.80.30.53: 16308% [1au] A? www.redhat.com. (43) 21:40:31.620152 IP (tos 0x0, ttl 64, id 6779, offset 0, flags [none], proto UDP (17), length 76) 95.68.114.78.123 > 80.90.20.19.123: NTPv4, length 48 == and then rxcsum is off: tcpdump -i 2 -v -n -l udp === 21:39:45.012101 IP (tos 0x0, ttl 64, id 6591, offset 0, flags [none], proto UDP (17), length 71) 95.68.114.78.60570 > 199.19.53.1.53: 12025% [1au] A? www.kernel.org. (43) 21:39:45.062332 IP (tos 0x0, ttl 247, id 60869, offset 0, flags [DF], proto UDP (17), length 835) 199.19.53.1.53 > 95.68.114.78.60570: 12025- 0/12/8 (807) 21:39:45.062744 IP (tos 0x0, ttl 64, id 6592, offset 0, flags [none], proto UDP (17), length 71) 95.68.114.78.41587 > 204.152.191.16.53: 49848% [1au] A? www.kernel.org. (43) 21:39:45.439379 IP (tos 0x0, ttl 64, id 6593, offset 0, flags [none], proto UDP (17), length 71) 95.68.114.78.53299 > 209.132.176.167.53: 17340% [1au] A? www.kernel.org. (43) 21:39:45.439608 IP (tos 0x0, ttl 64, id 6594, offset 0, flags [none], proto UDP (17), length 72) 95.68.114.78.55340 > 199.7.83.42.53: 50445% [1au] A? ns1.q.port80.se. (44) 21:39:45.482710 IP (tos 0x0, ttl 59, id 49090, offset 0, flags [none], proto UDP (17), length 664) 199.7.83.42.53 > 95.68.114.78.55340: 50445- 0/12/14 (636) 21:39:45.483110 IP (tos 0x0, ttl 64, id 6595, offset 0, flags [none], proto UDP (17), length 72) 95.68.114.78.48938 > 192.36.133.107.53: 16536% [1au] A? ns1.q.port80.se. (44) 21:39:45.528423 IP (tos 0x0, ttl 56, id 13488, offset 0, flags [none], proto UDP (17), length 376) 192.36.133.107.53 > 95.68.114.78.48938: 16536- 0/6/3 (348) 21:39:45.528672 IP (tos 0x0, ttl 64, id 6596, offset 0, flags [none], proto UDP (17), length 72) 95.68.114.78.63916 > 217.75.109.220.53: 29369% [1au] A? ns1.q.port80.se. (44) 21:39:45.528890 IP (tos 0x0, ttl 64, id 6597, offset 0, flags [none], proto UDP (17), length 70) 95.68.114.78.32319 > 192.55.83.30.53: 9045% [1au] A? ns4.q.p80.net. (42) 21:39:45.529066 IP (tos 0x0, ttl 64, id 6598, offset 0, flags [none], proto UDP (17), length 70) 95.68.114.78.6721 > 192.52.178.30.53: 1478% [1au] A? ns3.q.p80.net. (42) 21:39:45.571781 IP (tos 0x0, ttl 56, id 61364, offset 0, flags [DF], proto UDP (17), length 213) 217.75.109.220.53 > 95.68.114.78.63916: 29369*- 1/4/4 ns1.q.port80.se. A 217.75.109.220 (185) 21:39:45.590262 IP (tos 0x0, ttl 55, id 0, offset 0, flags [DF], proto UDP (17), length 197) 192.52.178.30.53 > 95.68.114.78.6721: 1478- 1/4/3 ns3.q.p80.net. A 82.96.9.250 (169) 21:39:45.590485 IP (tos 0x0, ttl 64, id 6599, offset 0, flags [none], proto UDP (17), length 70) 95.68.114.78.39731 > 82.96.2.250.53: 4565% [1au] A? ns3.q.p80.net. (42) 21:39:45.613763 IP (tos 0x0, ttl 54, id 0, offset 0, flags [DF], proto UDP (17), length 197) 192.55.83.30.53 > 95.68.114.78.32319: 9045- 1/4/3 ns4.q.p80.net. A 82.96.8.250 (169) 21:39:45.614087 IP (tos 0x0, ttl 64, id 6600, offset 0, flags [none], proto UDP (17), length 70) 95.68.114.78.60102 > 217.75.109.220.53: 32305% [1au] A? ns4.q.p80.net. (42) 21:39:45.660231 IP (tos 0x0, ttl 56, id 61366, offset 0, flags [DF], proto UDP (17), length 213) 217.75.109.220.53 > 95.68.114.78.60102: 32305*- 1/4/4 ns4.q.p80.net. A 82.96.8.250 (185) 21:39:45.669840 IP (tos 0x0, ttl 55, id 58170, offset 0, flags [DF], proto UDP (17), length 213) 82.96.2.250.53 > 95.68.114.78.39731: 4565*- 1/4/4 ns3.q.p80.net. A 82.96.9.250 (185) 21:39:45.816298 IP (tos 0x0, ttl 64, id 6601, offset 0, flags [none], proto UDP (17), length 71) 95.68.114.78.20845 > 130.239.17.16.53: 56057% [1au] A? www.kernel.org. (43) 21:39:45.873856 IP (tos 0x0, ttl 53, id 55646, offset 0, flags [none], proto UDP (17), length 278) 130.239.17.16.53 > 95.68.114.78.20845: 56057*- 1/5/6 www.kernel.org. CNAME www.geo.kernel.org. (250) 21:39:45.874210 IP (tos 0x0, ttl 64, id 6602, offset 0, flags [none], proto UDP (17), length 75) 95.68.114.78.35195 > 149.20.20.140.53: 29216% [1au] A? www.geo.kernel.org. (47) 21:39:46.108721 IP (tos 0x0, ttl 59, id 3519, offset 0, flags [none], proto UDP (17), length 115) 149.20.20.140.53 > 95.68.114.78.35195: 29216*- 2/0/1 www.geo.kernel.org. CNAME pub.geo.kernel.org.[|domain] 21:39:46.109031 IP (tos 0x0, ttl 64, id 6603, offset 0, flags [none], proto UDP (17), length 75) 95.68.114.78.55896 > 130.239.17.11.53: 13112% [1au] A? pub.geo.kernel.org. (47) 21:39:46.166560 IP (tos 0x0, ttl 53, id 55647, offset 0, flags [none], proto UDP (17), length 97) 130.239.17.11.53 > 95.68.114.78.55896: 13112*- 1/0/1 pub.geo.kernel.org. CNAME[|domain] 21:39:46.166878 IP (tos 0x0, ttl 64, id 6604, offset 0, flags [none], proto UDP (17), length 75) 95.68.114.78.44098 > 195.92.253.2.53: 13925% [1au] A? pub.all.kernel.org. (47) 21:39:46.242006 IP (tos 0x0, ttl 52, id 63919, offset 0, flags [none], proto UDP (17), length 503) 195.92.253.2.53 > 95.68.114.78.44098: 13925* 4/10/11 pub.all.kernel.org. A 199.6.1.164, pub.all.kernel.org.[|domain] ^C == # ifconfig em0 em0: flags=8843 metric 0 mtu 1500 options=9b ether 00:20:ed:11:11:11 inet 95.68.114.78 netmask 0xffffe000 broadcast 255.255.255.255 media: Ethernet autoselect (100baseTX ) status: active # ifconfig em0 em0: flags=8843 metric 0 mtu 1500 options=98 ether 00:20:ed:11:11:11 inet 95.68.114.78 netmask 0xffffe000 broadcast 255.255.255.255 media: Ethernet autoselect (100baseTX ) status: active # ipfw show 00100 13532 2961560 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 5 200 deny ip from 127.0.0.0/8 to any 00400 0 0 count ip from any to any frag 00500 0 0 allow ip from any to any via fxp0 00600 4599 1966327 count ip from any to any 00700 0 0 deny ip from any to 192.168.0.0/16 in via em0 00800 0 0 deny ip from 192.168.0.0/16 to any in via em0 00900 0 0 deny ip from any to 172.16.0.0/12 in via em0 01000 0 0 deny ip from 172.16.0.0/12 to any in via em0 01100 0 0 deny ip from any to 10.0.0.0/8 in via em0 01200 0 0 deny ip from 10.0.0.0/8 to any in via em0 01300 0 0 deny ip from any to 169.254.0.0/16 in via em0 01400 0 0 deny ip from 169.254.0.0/16 to any in via em0 01500 4599 1966327 count ip from any to any 01600 4599 1966327 nat 1 ip from any to any via em0 01700 0 0 count ip from any to any 65535 3 516 deny ip from any to any # ipfw nat 1 show config ipfw nat 1 config if em0 log deny_in same_ports reset >How-To-Repeat: Configure an instance of ipfw nat on em NIC what have RXCSUM,TXCSUM enabled (it is enabled by default) and make a try to send traffic via. >Fix: Turn off RXCSUM,TXCSUM on em adapter >Release-Note: >Audit-Trail: >Unformatted: