From owner-freebsd-i386@FreeBSD.ORG Tue Aug 10 12:50:03 2010 Return-Path: Delivered-To: freebsd-i386@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ED31D106567E for ; Tue, 10 Aug 2010 12:50:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B136E8FC12 for ; Tue, 10 Aug 2010 12:50:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o7ACo2jY006560 for ; Tue, 10 Aug 2010 12:50:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o7ACo2YG006559; Tue, 10 Aug 2010 12:50:02 GMT (envelope-from gnats) Resent-Date: Tue, 10 Aug 2010 12:50:02 GMT Resent-Message-Id: <201008101250.o7ACo2YG006559@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-i386@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Eugenijus Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A9F501065674 for ; Tue, 10 Aug 2010 12:45:45 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 99C668FC16 for ; Tue, 10 Aug 2010 12:45:45 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o7ACjjTB073320 for ; Tue, 10 Aug 2010 12:45:45 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id o7ACjjof073317; Tue, 10 Aug 2010 12:45:45 GMT (envelope-from nobody) Message-Id: <201008101245.o7ACjjof073317@www.freebsd.org> Date: Tue, 10 Aug 2010 12:45:45 GMT From: Eugenijus To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: i386/149497: 8.1-release, problem with fxp driver X-BeenThere: freebsd-i386@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: I386-specific issues for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Aug 2010 12:50:03 -0000 >Number: 149497 >Category: i386 >Synopsis: 8.1-release, problem with fxp driver >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-i386 >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Aug 10 12:50:02 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Eugenijus >Release: 8.1-RELEASE >Organization: >Environment: FreeBSD ftp.jucom.lv 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Tue Aug 10 13:59:23 EEST 2010 root@ftp.jucom.lv:/usr/src/sys/i386/compile/KRN20100810002 i386 >Description: When I was running this hardware under FreeBSD 7.0 control, everything was ok. Problem accured when I installed FreeBSD 8.1 on the same hardware with same kernel and configuration. I have rules in my /etc/ipf.rules: pass out quick on fxp0 all pass in log quick on fxp0 proto tcp from any to any port = 80 block in log first quick on fxp0 all in this case ipmon shows: .. fxp0 *@0:1 p *xx.xx.xx.xx -> xx.xx.xx.xx,80 PR tcp len ... that is OK now I change second rule to: pass in log quick on fxp0 proto tcp from any to any port = 80 flags S keep state because I want to use statefull firewall ofcourse in this case ipmon shows: .. fxp0 *@0:2 b* xx.xx.xx.xx -> xx.xx.xx.xx,80 PR tcp len ... and that is NOT OK As I figured out problem root is in this log: ipmon[508]: 17:21:14.434180 fxp0 @0:1 p yyy.yyy.yyy.yyy,3843 -> xxx.xxx.xxx.xxx,80 PR tcp len 20 48 -S IN bad May be problem is in the checksum or somethik similar When I installed another interface with Rhino III chipset, problem dissapear. So I believe, that problem is somewhere in drivers. >How-To-Repeat: Install an Intel interface, supported by fxp and see the ipmon output, I believe problem will be out there. >Fix: I think, the way to fix this problem is to create somekind of patch, if it does not exist yet... >Release-Note: >Audit-Trail: >Unformatted: