Date: Tue, 9 May 2006 08:33:57 +0900 From: Pyun YongHyeon <pyunyh@gmail.com> To: Adam McDougall <mcdouga9@egr.msu.edu> Cc: Andrew Thompson <thompsa@freebsd.org>, freebsd-pf@freebsd.org Subject: Re: broken ip checksum after frag reassemble of nfs READDIR? Message-ID: <20060508233357.GA6572@cdnetworks.co.kr> In-Reply-To: <20060508154929.GS30200@egr.msu.edu> References: <20060402054532.GF17711@egr.msu.edu> <20060404145704.GW2684@insomnia.benzedrine.cx> <20060404153443.GX2684@insomnia.benzedrine.cx> <200604051441.16865.max@love2party.net> <20060405130645.GB5683@insomnia.benzedrine.cx> <20060416053023.GD56603@heff.fud.org.nz> <20060508154929.GS30200@egr.msu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 08, 2006 at 11:49:30AM -0400, Adam McDougall wrote: > On Sun, Apr 16, 2006 at 05:30:23PM +1200, Andrew Thompson wrote: > > On Wed, Apr 05, 2006 at 03:06:45PM +0200, Daniel Hartmeier wrote: > > On Wed, Apr 05, 2006 at 02:41:09PM +0200, Max Laier wrote: > > > > > The other big problem that just crossed my mind: Reassembly in the bridge > > > path!? It doesn't look like the current bridge code on either OS is ready to > > > deal with packets > MTU coming out of the filter. The question here is > > > probably how much IP processing we want to do in the bridge code? > > > > OpenBSD's bridge does, see bridge_fragment(). IIRC, we slightly adjusted > > ip_fragment() so it could be called from there, and not too much code > > had to be duplicated. > > > > Here is a patch that adds fragmenting, largely based on whats in > OpenBSD. I didnt bring over bridge_send_icmp_err() as we can only get a > large packet to fragment by reassembling a previous fragment, checking > for DF and sending an icmp doesnt apply to us. > As You can get jumbo frames(which is common feature for modern GigE) you should be prepared to fragment the frame. Because you may get the first ethernet member's MTU for bridge(4) there is still chance to get other sized MTU which could be larger than the first ethernet member's MTU. Personally I beleive OpenBSD's bridge_send_icmp_err() or equivalent is needed for FreeBSD too. > Can I get a review, esp. the traversal of the mbufs. > > > cheers, > Andrew > > I should have a chance to test this support this week, thanks for working > on it. Could someone possibly produce a patch to force if_bridge to > recalculate the checksum on every packet so I can test that as well? > To me, the extra load on the firewall is less important than breaking > packets I am trying to pass. -- Regards, Pyun YongHyeon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060508233357.GA6572>