Date: Mon, 26 Apr 2021 20:28:10 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 255432] pf fragment reassembly leads to invalid IP checksum since 13.0-RELEASE Message-ID: <bug-255432-227-00ccvH1WiM@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-255432-227@https.bugs.freebsd.org/bugzilla/> References: <bug-255432-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D255432 --- Comment #3 from topical <topical@gmx.net> --- Executing ping -4 -s 2000 ns1 Captured with tshark -V -ni vtnet0 -o ip.check_checksum:TRUE On sender (mtu 1500): Frame 1: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) = on interface vtnet0, id 0 <snip> Internet Protocol Version 4, Src: 10.1.11.2, Dst: 10.1.2.5 0100 .... =3D Version: 4 .... 0101 =3D Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. =3D Differentiated Services Codepoint: Default (0) .... ..00 =3D Explicit Congestion Notification: Not ECN-Capable Tra= nsport (0) Total Length: 1500 Identification: 0x7bed (31725) Flags: 0x20, More fragments 0... .... =3D Reserved bit: Not set .0.. .... =3D Don't fragment: Not set ..1. .... =3D More fragments: Set Fragment Offset: 0 Time to Live: 64 Protocol: ICMP (1) Header Checksum: 0xb82b [correct] [Header checksum status: Good] [Calculated Checksum: 0xb82b] Source Address: 10.1.11.2 Destination Address: 10.1.2.5 Data (1480 bytes) <snip> Data: 0800f36266e6000000101623267d28ee08090a0b0c0d0e0f101112131415161718191a1b=E2= =80=A6 [Length: 1480] Frame 2: 562 bytes on wire (4496 bits), 562 bytes captured (4496 bits) on interface vtnet0, id 0 <snip> Internet Protocol Version 4, Src: 10.1.11.2, Dst: 10.1.2.5 0100 .... =3D Version: 4 .... 0101 =3D Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. =3D Differentiated Services Codepoint: Default (0) .... ..00 =3D Explicit Congestion Notification: Not ECN-Capable Tra= nsport (0) Total Length: 548 Identification: 0x7bed (31725) Flags: 0x00 0... .... =3D Reserved bit: Not set .0.. .... =3D Don't fragment: Not set ..0. .... =3D More fragments: Not set Fragment Offset: 1480 Time to Live: 64 Protocol: ICMP (1) Header Checksum: 0xdb2a [correct] [Header checksum status: Good] [Calculated Checksum: 0xdb2a] Source Address: 10.1.11.2 Destination Address: 10.1.2.5 [2 IPv4 Fragments (2008 bytes): #1(1480), #2(528)] [Frame: 1, payload: 0-1479 (1480 bytes)] [Frame: 2, payload: 1480-2007 (528 bytes)] [Fragment count: 2] [Reassembled IPv4 length: 2008] [Reassembled IPv4 data: 0800f36266e6000000101623267d28ee08090a0b0c0d0e0f101112131415161718191a1b=E2= =80=A6] Internet Control Message Protocol Type: 8 (Echo (ping) request) Code: 0 Checksum: 0xf362 [correct] [Checksum Status: Good] Identifier (BE): 26342 (0x66e6) Identifier (LE): 58982 (0xe666) Sequence Number (BE): 0 (0x0000) Sequence Number (LE): 0 (0x0000) Data (2000 bytes) Data: 00101623267d28ee08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223=E2= =80=A6 [Length: 2000] On receiver (mtu 9000): Frame 1: 2042 bytes on wire (16336 bits), 2042 bytes captured (16336 bits) = on interface e0a_ns1, id 0 Internet Protocol Version 4, Src: 10.1.11.2, Dst: 10.1.2.5 0100 .... =3D Version: 4 .... 0101 =3D Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. =3D Differentiated Services Codepoint: Default (0) .... ..00 =3D Explicit Congestion Notification: Not ECN-Capable Tra= nsport (0) Total Length: 2028 Identification: 0x7bed (31725) Flags: 0x00 0... .... =3D Reserved bit: Not set .0.. .... =3D Don't fragment: Not set ..0. .... =3D More fragments: Not set Fragment Offset: 0 Time to Live: 63 Protocol: ICMP (1) Header Checksum: 0xb92b incorrect, should be 0xd71b(may be caused by "IP checksum offload"?) [Expert Info (Error/Checksum): Bad checksum [should be 0xd71b]] [Bad checksum [should be 0xd71b]] [Severity level: Error] [Group: Checksum] [Header checksum status: Bad] [Calculated Checksum: 0xd71b] Source Address: 10.1.11.2 Destination Address: 10.1.2.5 Internet Control Message Protocol Type: 8 (Echo (ping) request) Code: 0 Checksum: 0xf362 [correct] [Checksum Status: Good] Identifier (BE): 26342 (0x66e6) Identifier (LE): 58982 (0xe666) Sequence Number (BE): 0 (0x0000) Sequence Number (LE): 0 (0x0000) Data (2000 bytes) <snip> Data: 00101623267d28ee08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223=E2= =80=A6 [Length: 2000] You see: packet is reassembled and IP checksum is broken. Interestingly, if I increase packets size to 20000 (i.e. it needs to be fragmented again), checksum is correct. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-255432-227-00ccvH1WiM>