Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 25 Dec 2006 00:22:35 +0300
From:      "Andrew Pantyukhin" <infofarmer@FreeBSD.org>
To:        "Ruslan Ermilov" <ru@freebsd.org>
Cc:        David Xu <davidxu@freebsd.org>, current@freebsd.org, Kris Kennaway <kris@obsecurity.org>
Subject:   Re: vge(4) bad checksum
Message-ID:  <cb5206420612241322q25436f1dx8d6e6829b6d73d49@mail.gmail.com>
In-Reply-To: <20061222080202.GB77429@rambler-co.ru>
References:  <cb5206420612171246q54ac783h1fd9d420b80ba84c@mail.gmail.com> <20061217205249.GA73132@xor.obsecurity.org> <20061222080202.GB77429@rambler-co.ru>

next in thread | previous in thread | raw e-mail | index | archive | help
On 12/22/06, Ruslan Ermilov <ru@freebsd.org> wrote:
> Hi,
>
> On Sun, Dec 17, 2006 at 03:52:49PM -0500, Kris Kennaway wrote:
> > On Sun, Dec 17, 2006 at 11:46:24PM +0300, Andrew Pantyukhin wrote:
> > > I'm not sure what it's all about, but with today's
> > > current whatever goes out my vge interface (icmp/
> > > tcp/udp) has bad checksum:
> >
> > This is a FAQ; it's probably using hardware checksum offloading.
> >
> > Since the packet passed down to the NIC does not yet have the checksum
> > computed, it looks to tcpdump like the checksum is incorrect.  However
> > if you look at the packet actually transmitted by the NIC
> > (e.g. tcpdump on another host), you'll see that it has the correct
> > checksum.
> >
> Kris, you probably missed a commit by csjp@ where it was fixed.
>
> : revision 1.220
> : date: 2006/11/18 23:17:22;  author: csjp;  state: Exp;  lines: +40 -0
> : Currently, drivers that support hardware offload of VLAN tag
> : processing are forced to toggle this functionality when the card
> : is put in and out of promiscuous mode.  The main reason for this
> : is because the hardware strips the VLAN tag, making it impossible
> : for the tag information to show up in network diagnostic tools like
> : tcpdump(1).
> : [...]
>
> Andrey, have you been able to narrow your problem down to
> either this commit, my vge(4) commit (though you tested it
> as well before it was committed), or to FAST_IPSEC?

I tried to communicate with another fast_ipsec-enabled
box (6-stable/rl0) and everything was okay, so I guess
vge0 works well with fast_ipsec. I'll have to investi-
gate re0 quirks.

Thanks!



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cb5206420612241322q25436f1dx8d6e6829b6d73d49>