From owner-freebsd-net@FreeBSD.ORG  Sat Jul 23 18:02:56 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9C0441065670
	for <freebsd-net@FreeBSD.org>; Sat, 23 Jul 2011 18:02:56 +0000 (UTC)
	(envelope-from dima_bsd@inbox.lv)
Received: from smtp3.apollo.lv (smtp3.apollo.lv [80.232.168.198])
	by mx1.freebsd.org (Postfix) with ESMTP id 5E4A28FC08
	for <freebsd-net@FreeBSD.org>; Sat, 23 Jul 2011 18:02:56 +0000 (UTC)
Received: from [46.109.211.70] (unknown [46.109.211.70])
	by smtp3.apollo.lv (Postfix) with ESMTP id 3674F11EC50;
	Sat, 23 Jul 2011 20:44:31 +0300 (EEST)
From: Dmitriy Demidov <dima_bsd@inbox.lv>
Date: Sat, 23 Jul 2011 17:44:29 +0000
User-Agent: KMail/1.9.10
MIME-Version: 1.0
Content-Disposition: inline
To: ae@FreeBSD.org,
 freebsd-net@FreeBSD.org
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <201107231744.29444.dima_bsd@inbox.lv>
X-Brightmail-Tracker: AAAAAA==
Cc: 
Subject: Re: kern/143939: [ipfw] [em] ipfw nat and em interface rxcsum
	problem
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Jul 2011 18:02:56 -0000

Hi,

I have tested this config on today's CURRENT, and i do not got any problems with ipfw nat on em.
Looks like problem is solved - UDP traffic is not damaged anymore!

Thanks.


=====================
em0@pci0:2:9:0: class=0x020000 card=0x30138086 chip=0x100e8086 rev=0x02 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '82540EM Gigabit Ethernet Controller'
    class      = network
    subclass   = ethernet


em0: <Intel(R) PRO/1000 Legacy Network Connection 1.0.3> port 0xa400-0xa43f mem 0xdb200000-0xdb21ffff irq 21 at device 9.0 on pci2
em0: Ethernet address: 00:20:ed:71:45:67


uname -a
FreeBSD celeron 9.0-CURRENT FreeBSD 9.0-CURRENT #0: Sat Jul 23 16:24:58 EEST 2011     root@celeron:/usr/obj/usr/src/sys/GENERIC  i386


celeron# ifconfig em0
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
        ether 00:20:ed:71:45:67
        inet 46.109.209.50 netmask 0xfffff800 broadcast 255.255.255.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active


celeron# ipfw nat 1 show config
ipfw nat 1 config if em0 log deny_in same_ports reset


celeron# ipfw show
00100  24  3398 allow ip from any to any via lo0
00200   0     0 deny ip from any to 127.0.0.0/8
00300   0     0 deny ip from 127.0.0.0/8 to any
00400   0     0 deny ip from any to ::1
00500   0     0 deny ip from ::1 to any
00600   0     0 allow ipv6-icmp from :: to ff02::/16
00700   0     0 allow ipv6-icmp from fe80::/10 to fe80::/10
00800   0     0 allow ipv6-icmp from fe80::/10 to ff02::/16
00900   0     0 allow ipv6-icmp from any to any ip6 icmp6types 1
01000   0     0 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
01100 918 98707 allow ip from any to any via fxp1
01200 339 54933 nat 1 ip from any to any via em0
01300   0     0 deny ip from any to any
65535   0     0 deny ip from any to any

=====================