From owner-freebsd-pf@FreeBSD.ORG Sun Apr 2 20:02:43 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BDCC416A41F for ; Sun, 2 Apr 2006 20:02:43 +0000 (UTC) (envelope-from mcdouga9@daemon.egr.msu.edu) Received: from daemon.egr.msu.edu (daemon.egr.msu.edu [35.9.44.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 69BF043D6E for ; Sun, 2 Apr 2006 20:02:43 +0000 (GMT) (envelope-from mcdouga9@daemon.egr.msu.edu) Received: by daemon.egr.msu.edu (Postfix, from userid 21281) id C3BAA1CC2A; Sun, 2 Apr 2006 16:02:42 -0400 (EDT) Date: Sun, 2 Apr 2006 16:02:42 -0400 From: Adam McDougall To: Max Laier Message-ID: <20060402200242.GO17711@egr.msu.edu> References: <20060402054532.GF17711@egr.msu.edu> <200604021734.09622.max@love2party.net> <20060402155608.GJ17711@egr.msu.edu> <20060402193346.GM17711@egr.msu.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060402193346.GM17711@egr.msu.edu> User-Agent: Mutt/1.5.11 Cc: freebsd-pf@freebsd.org Subject: Re: broken ip checksum after frag reassemble of nfs READDIR? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Apr 2006 20:02:43 -0000 On Sun, Apr 02, 2006 at 03:33:46PM -0400, Adam McDougall wrote: On Sun, Apr 02, 2006 at 11:56:09AM -0400, Adam McDougall wrote: the command hangs, not receiving a valid reply due to a bad checksum on the nfs READDIR reply: (tcpdump on the client system, I made sure I ifconfig em0 -txcsum -rxcsum and client mtu is also 8000 now for testing) 15:10:16.437881 IP (tos 0x0, ttl 64, id 33816, offset 0, flags [none], proto: UDP (17), length: 152) 10.0.44.18.1978945475 > 10.0.37.112.nfs: 124 readdir [|nfs] 15:10:16.438360 IP (tos 0x0, ttl 63, id 10076, offset 0, flags [none], proto: UDP (17), length: 6328, bad cksum b721 (->a445)!) 10.0.37.112.nfs > 10.0.44.18.1978945475: reply ok 6300 readdir POST: DIR 1777 ids 0/0 [|nfs] ... I just remembered that FreeBSD's mount_nfs uses udp by default and I should try tcp mounts. I just tested tcp and it works fine, because the nfs server appears to send out individual non-frag TCP packets, properly sized until the total data is sent, thus no reassembly is required by pf, and no new packet is produced, thus the checksum is fine. In my environment (before pf was introduced), TCP NFS is practically required anyway, so I don't care if UDP NFS works, but we should probably try to figure out if frag reassembly over a bridge is broken because it ought to work.