From owner-freebsd-pf@FreeBSD.ORG Fri Jun 29 00:30:51 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DD1C216A469 for ; Fri, 29 Jun 2007 00:30:51 +0000 (UTC) (envelope-from pyunyh@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.178]) by mx1.freebsd.org (Postfix) with ESMTP id ACCCE13C480 for ; Fri, 29 Jun 2007 00:30:51 +0000 (UTC) (envelope-from pyunyh@gmail.com) Received: by wa-out-1112.google.com with SMTP id j37so977481waf for ; Thu, 28 Jun 2007 17:30:51 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:received:received:date:from:to:cc:subject:message-id:reply-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; b=S6ZdG4hJubBshV7HNThdbYlhx6RTNL0iWUPY2qWKsW8YpVna+Rv+npfZMn4sL0WFw/ejOYNPX8dWDtGKOiiMhEMreuaAaCX465A8PlBM+6qmGTW0xvB8P8a36yxg5Hr+6VARTwF9ytIHi6fgWzMOryT7y+2RGVp93XPLweKL/W8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:date:from:to:cc:subject:message-id:reply-to:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; b=bfBbdYH/PM/5gsNBU4qEMq3pVMhIsecEeiTRPHVI/x0OTkVwdXF9zGWY3U5sNihE85MDyfc4DA6/hzP44Q0NRnP481Bv96//5+r7RZTmCmd9Xoyoo3Ysqv/RnDsRiNbweMgrtVub9y3pMgP8owdkF078lS6GccB5WMlmG1JaP94= Received: by 10.114.178.1 with SMTP id a1mr2032564waf.1183075598150; Thu, 28 Jun 2007 17:06:38 -0700 (PDT) Received: from michelle.cdnetworks.co.kr ( [211.53.35.84]) by mx.google.com with ESMTP id n38sm12766368wag.2007.06.28.17.06.35 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 28 Jun 2007 17:06:36 -0700 (PDT) Received: from michelle.cdnetworks.co.kr (localhost.cdnetworks.co.kr [127.0.0.1]) by michelle.cdnetworks.co.kr (8.13.5/8.13.5) with ESMTP id l5T06W6C053110 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 29 Jun 2007 09:06:32 +0900 (KST) (envelope-from pyunyh@gmail.com) Received: (from yongari@localhost) by michelle.cdnetworks.co.kr (8.13.5/8.13.5/Submit) id l5T06UiM053109; Fri, 29 Jun 2007 09:06:30 +0900 (KST) (envelope-from pyunyh@gmail.com) Date: Fri, 29 Jun 2007 09:06:30 +0900 From: Pyun YongHyeon To: Max Laier Message-ID: <20070629000630.GA52912@cdnetworks.co.kr> References: <20070528224225.GC40678@registro.br> <200706282134.26140.max@love2party.net> <009f01c7b9bc$b7a3bd20$c40a0a0a@chepkov.lan> <200706282256.10397.max@love2party.net> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="PEIAKu/WMn1b1Hv9" Content-Disposition: inline In-Reply-To: <200706282256.10397.max@love2party.net> User-Agent: Mutt/1.4.2.1i Cc: Hugo Koji Kobayashi , freebsd-pf@freebsd.org Subject: Re: udp fragmentation X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: pyunyh@gmail.com List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2007 00:30:51 -0000 --PEIAKu/WMn1b1Hv9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Jun 28, 2007 at 10:56:01PM +0200, Max Laier wrote: > [ Please don't top post, fixed ] > > On Thursday 28 June 2007, Vadym Chepkov wrote: > > From: "Max Laier" , Thursday, June 28, 2007 3:34 PM > > > On Thursday 28 June 2007, Hugo Koji Kobayashi wrote: > > > > On Thu, Jun 28, 2007 at 07:19:25PM +0200, Max Laier wrote: > > > > > Just to confirm I'm testing the right > > > > > cases, my setup looks like: > > > > > > > > > > Host1 Host2 Host3 > > > > > > > > > > netsend -> pf scrub -> pf scrub -> netreceive > > > > > > > > I'm not sure I understood your setup. Why there are 3 hosts? > > > > > > In order to test scrub on forward and receiver at the same time (but > > > taking Host2 out of the stream doesn't change the result). > > > > > > > I think a query should be sth like this: > > > > > > > > Client[netsend->pf scrub] -> Internet -> DNS server > > > > > > > > And the response should be: > > > > > > > > DNS server -> Internet -> Client[pf scrub->netreceive] > > > > > > > > > Everthing works as expected with various UDP payloads > MTU. > > > > > > > > Are you saying that you're able to receive responses to the > > > > following dig command when it's run from a client machine running > > > > pf scrub? > > > > > > > > dig @a.ns.se se dnskey +dnssec +bufsize=4500 > > > > > > > > This query is supposed to receive a DNS answer of more than 4KB. > > > > > > See the attached script I did just now. > > > > > > The only thing common about your setup seems to be the bge(4) NIC. > > > Can you try disabling hardware checksumming (ifconfig -txcsum > > > -rxcsum)? My test is over a hardware checksumming fxp(4) card, > > > though. > > > > Yes, this eliminated the issue. Bug in bge driver? > > Kind of - the driver claims to have done UDP checksum testing on the > fragment (which is impossible). The attached patch should fix the issue > for bge(4) and any other similar NIC. > I guess bge(4) has Rx checksum offload bug on fragmented UDP datagrams. Since other hardwares with checksum offload capability does not show this issue, it could be related with UDP pseudo header calculation. How about disabling UDP pseudo header calculation? I don't have bge(4) hardwares so the patch is just guess work. -- Regards, Pyun YongHyeon --PEIAKu/WMn1b1Hv9 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="bge.patch" Index: if_bge.c =================================================================== RCS file: /home/ncvs/src/sys/dev/bge/if_bge.c,v retrieving revision 1.197 diff -u -r1.197 if_bge.c --- if_bge.c 4 Jun 2007 18:25:03 -0000 1.197 +++ if_bge.c 29 Jun 2007 00:06:13 -0000 @@ -1254,7 +1254,7 @@ */ CSR_WRITE_4(sc, BGE_MODE_CTL, BGE_DMA_SWAP_OPTIONS | BGE_MODECTL_MAC_ATTN_INTR | BGE_MODECTL_HOST_SEND_BDS | - BGE_MODECTL_TX_NO_PHDR_CSUM); + BGE_MODECTL_TX_NO_PHDR_CSUM | BGE_MODECTL_RX_NO_PHDR_CSUM); /* * Tell the firmware the driver is running @@ -2988,8 +2988,7 @@ m->m_pkthdr.len >= ETHER_MIN_NOPAD) { m->m_pkthdr.csum_data = cur_rx->bge_tcp_udp_csum; - m->m_pkthdr.csum_flags |= - CSUM_DATA_VALID | CSUM_PSEUDO_HDR; + m->m_pkthdr.csum_flags |= CSUM_DATA_VALID; } } --PEIAKu/WMn1b1Hv9--