Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 8 May 2006 11:49:30 -0400
From:      Adam McDougall <mcdouga9@egr.msu.edu>
To:        Andrew Thompson <thompsa@freebsd.org>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: broken ip checksum after frag reassemble of nfs READDIR?
Message-ID:  <20060508154929.GS30200@egr.msu.edu>
In-Reply-To: <20060416053023.GD56603@heff.fud.org.nz>
References:  <20060402054532.GF17711@egr.msu.edu> <20060404145704.GW2684@insomnia.benzedrine.cx> <20060404153443.GX2684@insomnia.benzedrine.cx> <200604051441.16865.max@love2party.net> <20060405130645.GB5683@insomnia.benzedrine.cx> <20060416053023.GD56603@heff.fud.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Apr 16, 2006 at 05:30:23PM +1200, Andrew Thompson wrote:

  On Wed, Apr 05, 2006 at 03:06:45PM +0200, Daniel Hartmeier wrote:
  > On Wed, Apr 05, 2006 at 02:41:09PM +0200, Max Laier wrote:
  > 
  > > The other big problem that just crossed my mind:  Reassembly in the bridge 
  > > path!?  It doesn't look like the current bridge code on either OS is ready to 
  > > deal with packets > MTU coming out of the filter.  The question here is 
  > > probably how much IP processing we want to do in the bridge code?
  > 
  > OpenBSD's bridge does, see bridge_fragment(). IIRC, we slightly adjusted
  > ip_fragment() so it could be called from there, and not too much code
  > had to be duplicated.
  > 
  
  Here is a patch that adds fragmenting, largely based on whats in
  OpenBSD. I didnt bring over bridge_send_icmp_err() as we can only get a
  large packet to fragment by reassembling a previous fragment, checking
  for DF and sending an icmp doesnt apply to us.
  
  Can I get a review, esp. the traversal of the mbufs.
  
  
  cheers,
  Andrew

I should have a chance to test this support this week, thanks for working
on it.  Could someone possibly produce a patch to force if_bridge to 
recalculate the checksum on every packet so I can test that as well?
To me, the extra load on the firewall is less important than breaking
packets I am trying to pass.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060508154929.GS30200>