From owner-freebsd-stable@FreeBSD.ORG Sun Jan 29 13:59:22 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6689416A420; Sun, 29 Jan 2006 13:59:22 +0000 (GMT) (envelope-from SRS0=XUQBJnbc=3Z=metro.cx=fbsd@sonologic.nl) Received: from mx1.sonologic.nl (mx1.sonologic.nl [82.94.245.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC61343D46; Sun, 29 Jan 2006 13:59:21 +0000 (GMT) (envelope-from SRS0=XUQBJnbc=3Z=metro.cx=fbsd@sonologic.nl) Received: from [10.1.5.2] (a80-127-84-188.adsl.xs4all.nl [80.127.84.188]) (authenticated bits=0) by mx1.sonologic.nl (8.13.3/8.13.3) with ESMTP id k0TDxFE1012699; Sun, 29 Jan 2006 13:59:20 GMT Message-ID: <43DCCAA8.4050600@metro.cx> Date: Sun, 29 Jan 2006 15:01:12 +0100 From: Koen Martens Organization: Sonologic User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050317 Thunderbird/1.0.2 Mnenhy/0.7.2.0 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Oleg Bulyzhin References: <43DB8EA6.7070503@metro.cx> <20060128211710.GA29790@lath.rinet.ru> <43DBED3F.3000408@metro.cx> <20060128230015.GC29790@lath.rinet.ru> In-Reply-To: <20060128230015.GC29790@lath.rinet.ru> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Helo-Milter-Authen: gmc@sonologic.nl, fbsd@metro.cx, mx1 Received-SPF: pass (mx1.sonologic.nl: 80.127.84.188 is authenticated by a trusted mechanism) Cc: freebsd-stable@freebsd.org Subject: Re: ipfilter + bge strangeness X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Jan 2006 13:59:22 -0000 Oleg Bulyzhin wrote: > On Sat, Jan 28, 2006 at 11:16:31PM +0100, Koen Martens wrote: >>Sure thing, although it happens with other kinds of traffic too (in >>the dump, there's some NTP for example). Here's the netstat output >>before: > .... > > Btw, until recent changes bge had txcsum (not rxcsum) only. > > As i can see there is no problem with checksum's at all (at least inside > bge driver). tcpdump reports bad checksum on outgoing packets due to > nature of tx checksum offloading: packet will get it's checksum calculated > right before it goes on wire (If you want to check tx checksum offloading > you should look on incoming packets on other end of wire). > > Looks like something is wrong inside ipfilter. Can you test with ipfilter > turned off (ipf -D or, if you using module, kld_unload ipl.ko)? With ipfilter disabled and rxcsum enabled all is well (also, with ipfilter and rxcsum enabled but just two rules to allow anything in/out it works fine too). The tcpdump output looks the same (see below). It is not a purely ipfilter thing i guess, since on an em interface on another box with txcsum/rxcsum on, there is no problem. It is something in the combination of bge and ipfilter, although that is as far as my speculation goes right now.. 14:47:18.040321 IP (tos 0x0, ttl 59, id 51416, offset 0, flags [DF], proto: TCP (6), length: 60) 80.127.84.188.59069 > 82.9 4.245.40.22: S, cksum 0xea0e (correct), 713466200:713466200(0) win 5840 14:47:18.040367 IP (tos 0x0, ttl 64, id 51996, offset 0, flags [DF], proto: TCP (6), length: 64, bad cksum 0 (->82d9)!) 82. 94.245.40.22 > 80.127.84.188.59069: S, cksum 0xecf4 (incorrect (-> 0xd09b), 845513065:845513065(0) ack 713466201 win 65535 < mss 1460,nop,wscale 1,nop,nop,timestamp 136536892 1043425664,sackOK,eol> 14:47:18.049970 IP (tos 0x0, ttl 59, id 51418, offset 0, flags [DF], proto: TCP (6), length: 52) 80.127.84.188.59069 > 82.9 4.245.40.22: ., cksum 0x0aa9 (correct), ack 1 win 1460 14:47:18.050726 IP (tos 0x0, ttl 59, id 51420, offset 0, flags [DF], proto: TCP (6), length: 52) 80.127.84.188.59069 > 82.9 4.245.40.22: F, cksum 0x0aa8 (correct), 1:1(0) ack 1 win 1460 14:47:18.050781 IP (tos 0x0, ttl 64, id 51997, offset 0, flags [DF], proto: TCP (6), length: 52, bad cksum 0 (->82e4)!) 82. 94.245.40.22 > 80.127.84.188.59069: ., cksum 0xece8 (incorrect (-> 0x8e39), ack 2 win 33304 14:47:18.062894 IP (tos 0x0, ttl 64, id 51998, offset 0, flags [DF], proto: TCP (6), length: 91, bad cksum 0 (->82bc)!) 82. 94.245.40.22 > 80.127.84.188.59069: P 1:40(39) ack 2 win 33304 14:47:18.063214 IP (tos 0x0, ttl 64, id 51999, offset 0, flags [DF], proto: TCP (6), length: 52, bad cksum 0 (->82e2)!) 82. 94.245.40.22 > 80.127.84.188.59069: F, cksum 0xece8 (incorrect (-> 0x8e04), 40:40(0) ack 2 win 33304 14:47:18.072664 IP (tos 0x0, ttl 59, id 29403, offset 0, flags [DF], proto: TCP (6), length: 40) 80.127.84.188.59069 > 82.9 4.245.40.22: R, cksum 0x106a (correct), 713466202:713466202(0) win 0 14:47:18.073376 IP (tos 0x0, ttl 59, id 29404, offset 0, flags [DF], proto: TCP (6), length: 40) 80.127.84.188.59069 > 82.9 4.245.40.22: R, cksum 0x106a (correct), 713466202:713466202(0) win 0 14:47:19.063671 802.1d config 8000.00:d0:03:d8:85:55.21e9 root 8000.00:d0:01:2f:51:55 pathcost 4 age 1 max 20 hello 2 fdelay 15 14:47:20.095251 IP (tos 0x0, ttl 64, id 52004, offset 0, flags [none], proto: UDP (17), length: 59, bad cksum 0 (->9f57)!) 82.94.245.40.53815 > 194.109.6.66.53: 39684+ A? www.xs4all.nl. (31) 14:47:20.095949 IP (tos 0x0, ttl 62, id 55312, offset 0, flags [none], proto: UDP (17), length: 75) 194.109.6.66.53 > 82.94 .245.40.53815: 39684 1/0/0 www.xs4all.nl. A 194.109.6.92 (47) 14:47:21.060071 802.1d config 8000.00:d0:03:d8:85:55.21e9 root 8000.00:d0:01:2f:51:55 pathcost 4 age 1 max 20 hello 2 fdelay 15 -- K.F.J. Martens, Sonologic, http://www.sonologic.nl/ Networking, hosting, embedded systems, unix, artificial intelligence. Public PGP key: http://www.metro.cx/pubkey-gmc.asc Wondering about the funny attachment your mail program can't read? Visit http://www.openpgp.org/