Date: Fri, 14 Nov 2014 12:57:19 +0100 From: =?UTF-8?Q?Ermal_Lu=C3=A7i?= <eri@freebsd.org> To: Ilya Bakulin <ilya@bakulin.de> Cc: Freebsd hackers list <freebsd-hackers@freebsd.org>, freebsd-net <freebsd-net@freebsd.org>, owner-freebsd-net@freebsd.org, "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: Re: Checksumming outgoing packets in PF vs in ip[6]_output Message-ID: <CAPBZQG3GgS72wpTscxcQPA5pNSCimpFwquGC=4UOwY4tVyiQSA@mail.gmail.com> In-Reply-To: <9734b7d34828a102d9a2f5061c11ae3d@mail.bakulin.de> References: <d2f0c43909d9c9bada9a5bda7719cfca@mail.bakulin.de> <CABXB=RRWNX6NnxCbebig-L41W4n9ZSBDrzOWa_k_TVHowhSbYg@mail.gmail.com> <CAPBZQG1%2BVWZDYqwFjufO-hM58kbK_WLnnso_Dgsf=1nDQ%2Bi2Ww@mail.gmail.com> <9734b7d34828a102d9a2f5061c11ae3d@mail.bakulin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Here is a direct patch. Give it a try. For the reply-to issues there is another patch complementary to this i will send. On Fri, Nov 14, 2014 at 11:34 AM, Ilya Bakulin <ilya@bakulin.de> wrote: > Hi all, > > actually with _my_ checksumming patch the rdr-to is broken completely :-( > So I'm waiting for Ermal to send an updated version of his patch that may > really solve the problem! > > > On 2014-11-14 09:17, Ermal Luçi wrote: > >> Yes confirmed it will solve that issue as well. >> >> On Thu, Nov 13, 2014 at 9:30 PM, J David <j.david.lists@gmail.com> wrote: >> >> On Wed, Nov 5, 2014 at 9:28 AM, Ilya Bakulin <ilya@bakulin.de> wrote: >>> > Of course it was interesting what does the upstream PF do (@ OpenBSD). >>> Seems >>> > they have made the decision to >>> > leave the task of recalculating the checksums for outgoing packets to >>> > ip[6]_output, because currently >>> > the code there overwrites the checksum anyway. >>> > This seems a correct way to me. pf should not longer do any checksum >>> updates >>> > in inbound and outbound path. >>> >>> Is there any chance this change would help with bug 179392 as well? >>> >>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=179392 >>> >>> Or is that a separate issue? >>> >>> Thanks! >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >>> >>> > -- Ermal [-- Attachment #2 --] diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index dba5674..ca7f851 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -76,6 +76,7 @@ __FBSDID("$FreeBSD$"); #include <netinet/in.h> #include <netinet/ip.h> #include <netinet/ip_var.h> +#include <netinet6/ip6_var.h> #include <netinet/ip_icmp.h> #ifdef INET6 @@ -3619,12 +3620,9 @@ pf_check6_out(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, int chk; /* We need a proper CSUM before we start (s. OpenBSD ip_output) */ - if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { -#ifdef INET - /* XXX-BZ copy&paste error from r126261? */ - in_delayed_cksum(*m); -#endif - (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; + if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) { + in6_delayed_cksum(*m, (*m)->m_pkthdr.len - sizeof(struct ip6_hdr), sizeof(struct ip6_hdr)); + (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; } CURVNET_SET(ifp->if_vnet); chk = pf_test6(PF_OUT, ifp, m, inp);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPBZQG3GgS72wpTscxcQPA5pNSCimpFwquGC=4UOwY4tVyiQSA>