Date: Fri, 29 Jun 2007 14:31:29 +0200 From: Max Laier <max@love2party.net> To: pyunyh@gmail.com Cc: Hugo Koji Kobayashi <koji@registro.br>, freebsd-pf@freebsd.org Subject: Re: udp fragmentation Message-ID: <200706291431.37159.max@love2party.net> In-Reply-To: <20070629000630.GA52912@cdnetworks.co.kr> References: <20070528224225.GC40678@registro.br> <200706282256.10397.max@love2party.net> <20070629000630.GA52912@cdnetworks.co.kr>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart39438829.3daMIfHbTA Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 29 June 2007, Pyun YongHyeon wrote: > On Thu, Jun 28, 2007 at 10:56:01PM +0200, Max Laier wrote: > > [ Please don't top post, fixed ] > > > > On Thursday 28 June 2007, Vadym Chepkov wrote: > > > From: "Max Laier" <max@love2party.net>, Thursday, June 28, 2007 > > > 3:34 PM > > > > > > > On Thursday 28 June 2007, Hugo Koji Kobayashi wrote: > > > > > On Thu, Jun 28, 2007 at 07:19:25PM +0200, Max Laier wrote: > > > > > > Just to confirm I'm testing the right > > > > > > cases, my setup looks like: > > > > > > > > > > > > Host1 Host2 Host3 > > > > > > > > > > > > netsend -> pf scrub -> pf scrub -> netreceive > > > > > > > > > > I'm not sure I understood your setup. Why there are 3 hosts? > > > > > > > > In order to test scrub on forward and receiver at the same time > > > > (but taking Host2 out of the stream doesn't change the result). > > > > > > > > > I think a query should be sth like this: > > > > > > > > > > Client[netsend->pf scrub] -> Internet -> DNS server > > > > > > > > > > And the response should be: > > > > > > > > > > DNS server -> Internet -> Client[pf scrub->netreceive] > > > > > > > > > > > Everthing works as expected with various UDP payloads > MTU. > > > > > > > > > > Are you saying that you're able to receive responses to the > > > > > following dig command when it's run from a client machine > > > > > running pf scrub? > > > > > > > > > > dig @a.ns.se se dnskey +dnssec +bufsize=3D4500 > > > > > > > > > > This query is supposed to receive a DNS answer of more than > > > > > 4KB. > > > > > > > > See the attached script I did just now. > > > > > > > > The only thing common about your setup seems to be the bge(4) > > > > NIC. Can you try disabling hardware checksumming (ifconfig > > > > -txcsum -rxcsum)? My test is over a hardware checksumming > > > > fxp(4) card, though. > > > > > > Yes, this eliminated the issue. Bug in bge driver? > > > > Kind of - the driver claims to have done UDP checksum testing on the > > fragment (which is impossible). The attached patch should fix the > > issue for bge(4) and any other similar NIC. > > I guess bge(4) has Rx checksum offload bug on fragmented UDP > datagrams. Since other hardwares with checksum offload capability > does not show this issue, it could be related with UDP pseudo header > calculation. How about disabling UDP pseudo header calculation? > > I don't have bge(4) hardwares so the patch is just guess work. In fact it doesn't seem broken at all, we would just have to do something=20 along the lines of ip_input.c::ip_reass() (line 1001 ff): for (q =3D nq; q !=3D NULL; q =3D nq) { nq =3D q->m_nextpkt; q->m_nextpkt =3D NULL; m->m_pkthdr.csum_flags &=3D q->m_pkthdr.csum_flags; m->m_pkthdr.csum_data +=3D q->m_pkthdr.csum_data; m_cat(m, q); } /* * In order to do checksumming faster we do 'end-around carry' here * (and not in for{} loop), though it implies we are not going to * reassemble more than 64k fragments. */ m->m_pkthdr.csum_data =3D (m->m_pkthdr.csum_data & 0xffff) + (m->m_pkthdr.csum_data >> 16); Have to ponder a bit, if this is easily possible in pf's reassembly. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart39438829.3daMIfHbTA Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (FreeBSD) iD8DBQBGhPupXyyEoT62BG0RAjhTAJ0Zj/SPl9/fgaGZ36+7fEZbzft3vACdH8Qn 3l5UUFXeZPmfcW5indYZ7LU= =eR+S -----END PGP SIGNATURE----- --nextPart39438829.3daMIfHbTA--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200706291431.37159.max>