Date: Wed, 12 Apr 2006 00:56:20 +0200 From: Matthieu Michaud <matthieu.michaud@epita.info> To: Daniel Hartmeier <daniel@benzedrine.cx> Cc: pf@freebsd.org Subject: Re: broken ip checksum after frag reassemble of nfs READDIR? Message-ID: <1144796180.805.41.camel@localhost> In-Reply-To: <20060404145704.GW2684@insomnia.benzedrine.cx> References: <20060402054532.GF17711@egr.msu.edu> <200604021734.09622.max@love2party.net> <20060404145704.GW2684@insomnia.benzedrine.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2006-04-04 at 16:57 +0200, Daniel Hartmeier wrote:
> It begins to look like OpenBSD does fix IP checksums on bridges outside
> of pf, while FreeBSD doesn't.
>
> The weird thing is that I haven't found where exactly this happens. It's
> kind of a layer violation for bridge code to do that, but maybe it's
> somewhere else along the code path.
>
> Instead of adding checksum fixup code again, I think it's better to take
> a step back and find out why the checksums are correct on OpenBSD. The
> previous fixes assumed the checksums would be wrong on OpenBSD as well,
> but they related to pf actions more subtle than basic fragment
> reassembly.
i noticed a nfs freeze which might be related to the same issue. the
setup is : one bridge with four interfaces (dc driver) + clients and
servers on dc1 and dc2. bridge, client and server are running
6.0-RELEASE-p6 with pf. dc0 is my external interface where i apply
filtering. pf does not filter on three others (set skip {dc1, dc2,
dc3}). ls -R /mnt from client to server on the same interface works
well. but if it goes through different interfaces it freezes after few
entries. i changed the transport protocol from udp to tcp and it fixed
it. can it be related to udp handling ?
i have an other question out of this topic. i read on openbsd pf's faq
that filtering on only one interface is highly recommended. can you give
me more information about that ?
--
Matthieu Michaud <matthieu.michaud@epita.info>
EPITA SRS 2007 - Adaptive Hacking
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1144796180.805.41.camel>