From owner-freebsd-net@FreeBSD.ORG  Mon Mar 15 00:47:28 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 26BDA16A4CE
	for <freebsd-net@freebsd.org>; Mon, 15 Mar 2004 00:47:28 -0800 (PST)
Received: from ns.egotop.com (unknown [220.202.4.34])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3070B43D46
	for <freebsd-net@freebsd.org>; Mon, 15 Mar 2004 00:47:26 -0800 (PST)
	(envelope-from chenbo@egotop.com)
Received: ( www.egotop.com qmail 68322 invoked from network);
	15 Mar 2004 16:47:23 +0800
Received: from unknown (HELO RavProxy) (172.16.12.76)
  by 172.16.1.10 with SMTP; 15 Mar 2004 16:47:23 +0800
From: "chenbo" <chenbo@egotop.com>
To: freebsd-net@freebsd.org <freebsd-net@freebsd.org>
X-mailer: Foxmail 4.2 [cn]
Mime-Version: 1.0
Content-Type: text/plain;
      charset="GB2312"
Content-Transfer-Encoding: 7bit
Date: Mon, 15 Mar 2004 16:47:20 +0800
Message-Id: <20040315084726.3070B43D46@mx1.FreeBSD.org>
Subject: help:FreeBSD4.8+IP Filter: v3.4.32,and error:/kernel: in_cksum: out
	of data by 3
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Mar 2004 08:47:28 -0000

Hi:
  I have installed the FreeBSD4.8 and IP Filter3.4.32.
  The FreeBSD BOX is used to NAT.
  But , i always get the messages "in_cksum: out of data by 3" , And the IP Packets always are droped.
  How to resolve the problem?



the message is:
cat /var/log/messages
Mar  8 17:13:49 nat /kernel: in_cksum: out of data by 2
Mar  8 17:14:19 nat last message repeated 4 times
Mar  8 20:10:03 nat /kernel: in_cksum: out of data by 4
Mar  9 11:59:47 nat /kernel: in_cksum: out of data by 2
Mar  9 11:59:48 nat /kernel: in_cksum: out of data by 2
Mar  9 12:40:06 nat /kernel: in_cksum: out of data by 2
Mar  9 13:32:47 nat /kernel: in_cksum: out of data by 2
Mar  9 17:27:48 nat /kernel: in_cksum: out of data by 2
Mar  9 17:28:16 nat last message repeated 3 times
Mar  9 17:37:19 nat /kernel: in_cksum: out of data by 3
Mar  9 18:04:03 nat /kernel: in_cksum: out of data by 1
Mar  9 19:35:19 nat /kernel: in_cksum: out of data by 2
Mar  9 19:35:23 nat last message repeated 2 times
Mar 10 09:27:43 nat /kernel: in_cksum: out of data by 2
Mar 10 15:43:08 nat /kernel: in_cksum: out of data by 3
Mar 10 15:43:09 nat /kernel: in_cksum: out of data by 3
Mar 10 19:22:34 nat /kernel: in_cksum: out of data by 2
Mar 10 19:22:55 nat last message repeated 4 times
Mar 12 19:30:00 nat /kernel: in_cksum: out of data by 3
Mar 12 20:48:29 nat /kernel: in_cksum: out of data by 3
Mar 13 13:56:40 nat /kernel: in_cksum: out of data by 3
Mar 13 15:45:40 nat /kernel: in_cksum: out of data by 1
Mar 13 16:25:45 nat /kernel: in_cksum: out of data by 3
Mar 13 16:25:53 nat /kernel: in_cksum: out of data by 3
Mar 13 18:28:38 nat /kernel: in_cksum: out of data by 2
Mar 13 18:42:54 nat /kernel: in_cksum: out of data by 3
Mar 13 18:42:57 nat last message repeated 2 times
Mar 13 19:04:05 nat /kernel: in_cksum: out of data by 1
Mar 13 19:33:58 nat /kernel: in_cksum: out of data by 3
Mar 13 19:34:16 nat last message repeated 3 times
Mar 15 16:06:10 nat /kernel: in_cksum: out of data by 1
Mar 15 16:06:37 nat last message repeated 4 times



the system information is:

nat# netstat -m
213/432/240000 mbufs in use (current/peak/max):
        213 mbufs allocated to data
211/432/60000 mbuf clusters in use (current/peak/max)
972 Kbytes allocated to network (0% of mb_map in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines

nat# netstat -in
Name  Mtu   Network       Address            Ipkts Ierrs    Opkts Oerrs  Coll
fxp0  1500  <Link#1>    xx:xx:xx:xx:xx:xx 3630613020    14 3601258558     0     0
fxp0  1500  xx.xx.xx.xx     xx.xx.xx.xx         7201     -  1332493     -     -
xl0   1500  <Link#2>    xx:xx:xx:xx:xx:xx 4036405001     1 3534131265     0     0
xl0   1500  xx.xx.xx.xx  xx.xx.xx.xx       285499286     -    11105     -     -
xl0   1500  xx.xx.xx.xx  xx.xx.xx.xx       4058     -        0     -     -
ppp0* 1500  <Link#3>                             0     0        0     0     0
lo0   16384 <Link#4>                            28     0       28     0     0
lo0   16384 127           127.0.0.1              0     -        0     -     -
nat#

nat# vmstat 1
 procs      memory      page                   disk   faults      cpu
 r b w     avm    fre  flt  re  pi  po  fr  sr ad0   in   sy  cs us sy id
 0 0 0   27516 790040    1   0   0   0   1   0   0  746   14   6  0 17 83
 0 0 0   27516 790036    5   0   0   0   0   0   0 19842   23   8  0 40 60
 0 0 0   27516 790036    3   0   0   0   0   0   0 19614   23   8  0 46 54
 0 0 0   27516 790036    3   0   0   0   0   0   3 20335   23   8  0 37 63
 0 0 0   27516 790036    3   0   0   0   0   0   0 20996   23   8  0 49 51
 0 0 0   27516 790036    3   0   0   0   0   0   1 19973   23   9  0 45 55
 0 0 0   27516 790036    3   0   0   0   0   0   0 20990   23   8  0 42 58
 0 0 0   27516 790036    3   0   0   0   0   0   0 20368   27   9  0 43 57
^C

nat# cat /boot/loader.conf
userconfig_script_load="YES"
hw.ata.wc="1" 
kern.ipc.nmbclusters="60000"

nat# cat /etc/sysctl.conf
vfs.vmiodirenable=1
kern.ipc.maxsockbuf=2097152
kern.ipc.somaxconn=8192
kern.ipc.maxsockets=16424
kern.maxfiles=65536
kern.maxfilesperproc=32768
net.inet.tcp.rfc1323=1
net.inet.tcp.delayed_ack=0
net.inet.tcp.sendspace=65535
net.inet.tcp.recvspace=65535
net.inet.udp.recvspace=65535
net.inet.udp.maxdgram=57344
net.local.stream.recvspace=65535
net.local.stream.sendspace=65535
net.inet.ipf.fr_tcpidletimeout=7200
net.inet.ipf.fr_tcpclosewait=120
net.inet.ipf.fr_tcplastack=120
net.inet.ipf.fr_tcptimeout=240
net.inet.ipf.fr_tcpclosed=60
net.inet.ipf.fr_tcphalfclosed=300
net.inet.ipf.fr_udptimeout=90
net.inet.ipf.fr_icmptimeout=35
net.link.ether.inet.log_arp_wrong_iface=0
net.inet.icmp.drop_redirect=1
net.inet.icmp.icmplim_output=0
net.inet.tcp.blackhole=2  
net.inet.udp.blackhole=1  
net.inet.icmp.icmplim=300

nat# ipnat -l |wc
   31572  279674 2310903

Dec 31 19:40:59 nat /kernel: Copyright (c) 1992-2003 The FreeBSD Project.
Dec 31 19:40:59 nat /kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
Dec 31 19:40:59 nat /kernel: The Regents of the University of California. All rights reserved.
Dec 31 19:40:59 nat /kernel: FreeBSD 4.8-RELEASE #1: Fri Sep 12 09:04:24 CST 2003
Dec 31 19:40:59 nat /kernel: Timecounter "i8254"  frequency 1193182 Hz
Dec 31 19:40:59 nat /kernel: Timecounter "TSC"  frequency 2398856292 Hz
Dec 31 19:40:59 nat /kernel: CPU: Intel(R) Pentium(R) 4 CPU 2.40GHz (2398.86-MHz 686-class CPU)
Dec 31 19:40:59 nat /kernel: Origin = "GenuineIntel"  Id = 0xf29  Stepping = 9
Dec 31 19:40:59 nat /kernel: Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS
,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Dec 31 19:40:59 nat /kernel: real memory  = 1065353216 (1040384K bytes)
Dec 31 19:40:59 nat /kernel: avail memory = 1033474048 (1009252K bytes)
Dec 31 19:40:59 nat /kernel: Preloaded elf kernel "kernel" at 0xc02f0000.
Dec 31 19:40:59 nat /kernel: Pentium Pro MTRR support enabled

Dec 31 19:40:59 nat /kernel: IP Filter: v3.4.32 initialized.  Default = pass all, Logging = enabled