From owner-freebsd-current@FreeBSD.ORG Fri Aug 20 22:49:51 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0109916A4CE; Fri, 20 Aug 2004 22:49:51 +0000 (GMT) Received: from gw.catspoiler.org (217-ip-163.nccn.net [209.79.217.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD2B343D39; Fri, 20 Aug 2004 22:49:50 +0000 (GMT) (envelope-from truckman@FreeBSD.org) Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2]) by gw.catspoiler.org (8.12.11/8.12.11) with ESMTP id i7KMnX2h003904; Fri, 20 Aug 2004 15:49:37 -0700 (PDT) (envelope-from truckman@FreeBSD.org) Message-Id: <200408202249.i7KMnX2h003904@gw.catspoiler.org> Date: Fri, 20 Aug 2004 15:49:33 -0700 (PDT) From: Don Lewis To: ru@FreeBSD.org In-Reply-To: <20040820222026.GC73564@ip.net.ua> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii cc: David_Hankins@isc.org cc: sobomax@portaone.com cc: gallatin@cs.duke.edu cc: current@FreeBSD.org Subject: Re: on amd64 tcp4 cksums are bad (FYI) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Aug 2004 22:49:51 -0000 On 21 Aug, Ruslan Ermilov wrote: > On Fri, Aug 20, 2004 at 11:07:34PM +0300, Maxim Sobolev wrote: >> Andrew Gallatin wrote: >> >You're almost certainly using a driver which offloads transmit >> >checksums. (both fxp and em do) Since BPF sniffs the packet before it >> >leaves the host, the checksum has not yet been calculated, so it looks >> >bad. >> >> Is it possible to detect this situation and flag tcpdump somehow, so >> that it don't trust checksum? With the widespread adoption of GigE >> cards, this "problem" is likely to be more and more common. >> > It's easy to detect using the m_pkthdr.csum_flags. It shouldn't > be impossible to make a writable mbuf chain copy, and call > in_delayed_cksum() on a copy, before calling bpf_mtap(). >From a performance point of view, you'd probably want defer calculating the checksum until after the packet has passed the BPF filter, otherwise you'd consume an excessive amount of CPU time when sniffing for infrequently occurring packets on a high bandwidth network interface.