From owner-freebsd-stable@FreeBSD.ORG Sun Jan 29 01:27:25 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D626E16A422 for ; Sun, 29 Jan 2006 01:27:25 +0000 (GMT) (envelope-from peterjeremy@optushome.com.au) Received: from mail13.syd.optusnet.com.au (mail13.syd.optusnet.com.au [211.29.132.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 227C243D46 for ; Sun, 29 Jan 2006 01:27:24 +0000 (GMT) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail13.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id k0T1RKs5009727 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sun, 29 Jan 2006 12:27:23 +1100 Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by turion.vk2pj.dyndns.org (8.13.4/8.13.4) with ESMTP id k0T1RKet004719; Sun, 29 Jan 2006 12:27:20 +1100 (EST) (envelope-from peter@turion.vk2pj.dyndns.org) Received: (from peter@localhost) by turion.vk2pj.dyndns.org (8.13.4/8.13.4/Submit) id k0T1RKbe004718; Sun, 29 Jan 2006 12:27:20 +1100 (EST) (envelope-from peter) Date: Sun, 29 Jan 2006 12:27:20 +1100 From: Peter Jeremy To: Koen Martens Message-ID: <20060129012720.GH2341@turion.vk2pj.dyndns.org> References: <43DB8EA6.7070503@metro.cx> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <43DB8EA6.7070503@metro.cx> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.11 Cc: freebsd-stable@freebsd.org Subject: Re: ipfilter + bge strangeness X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Jan 2006 01:27:26 -0000 On Sat, 2006-Jan-28 16:32:54 +0100, Koen Martens wrote: >Yesterday night, i was going to send the message below. However, >just before pressing send, i found a solution to the problem: >disable checksum checks (ifconfig bge0 -rxcsum -txcsum). Though this >is a solution, it has me puzzled. Is this a bug^H^H^Hfeature of >6-STABLE, as it works with 5.4. > >With 5.4, there was only the rxcsum option for the bge card, not a >txcsum. It worked fine with rxcsum enabled on 5.4.. At least on Solaris, you need to disable checksum offloading to pass packets through an IPfilter firewall (check the IPFilter FAQ). I gather that the outgoing packets are marked as "checksum valid" so the NIC doesn't re-compute the checksum and it winds up wrong. If you disable IPfilter and just use the box as a straight router, does it then work when you enable checksum offloading? If so, then I think you've bumped into the same (mis-)feature. -- Peter Jeremy