From owner-freebsd-stable@FreeBSD.ORG Tue May 12 00:49:00 2009 Return-Path: Delivered-To: FreeBSD-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A4DE106564A for ; Tue, 12 May 2009 00:49:00 +0000 (UTC) (envelope-from pyunyh@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.230]) by mx1.freebsd.org (Postfix) with ESMTP id CA6358FC15 for ; Tue, 12 May 2009 00:48:59 +0000 (UTC) (envelope-from pyunyh@gmail.com) Received: by rv-out-0506.google.com with SMTP id k40so2561775rvb.43 for ; Mon, 11 May 2009 17:48:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:received:from:date:to:cc :subject:message-id:reply-to:references:mime-version:content-type :content-disposition:in-reply-to:user-agent; bh=jBtZtGAiD4yFb8LDBigU6ldNQ7jtmRBERH1JwiUI0jQ=; b=nC6eTOUnsJcNN5auuTgg3mBXQqnd9l7L8vAGv4mYARlMRrM1xfo/7iVLCmUFcwAB4l NuOsj9d6ZufC8B0oZ2jBy2kgQgnDI3X1hlg/m7XHrHPzUJeGy0nVrKx1Q5fVoNJYbfxe ywcKYpM9ySRFR3EoRaBeZVLIc8jwhrMW7WEGc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:date:to:cc:subject:message-id:reply-to:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=qtULoPW130SFgqm0EhG+fHfDJ2L7lHfNggqf1zYKumYbo8mh9KreGxupLqoWj+B0M3 sm9yUTAWaoaSP9OR2YM7Ac1RSIT6QA/PNnEtNnvgqJGDlPjyV1Si7lOuI/xmjcV3r8rB jMQ1hLh4qH42WP2uUus5dNKSnltwGFC2A3iyA= Received: by 10.141.100.15 with SMTP id c15mr3019220rvm.79.1242089339436; Mon, 11 May 2009 17:48:59 -0700 (PDT) Received: from michelle.cdnetworks.co.kr ([114.111.62.249]) by mx.google.com with ESMTPS id b8sm12367787rvf.44.2009.05.11.17.48.56 (version=SSLv3 cipher=RC4-MD5); Mon, 11 May 2009 17:48:58 -0700 (PDT) Received: by michelle.cdnetworks.co.kr (sSMTP sendmail emulation); Tue, 12 May 2009 09:57:07 +0900 From: Pyun YongHyeon Date: Tue, 12 May 2009 09:57:07 +0900 To: Jason Chambers Message-ID: <20090512005707.GI65350@michelle.cdnetworks.co.kr> References: <196E4005-25E9-4C46-99BD-8F717849703F@jongel.net> <4A088592.9070305@ucla.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4A088592.9070305@ucla.edu> User-Agent: Mutt/1.4.2.3i Cc: FreeBSD-stable@freebsd.org, Jonas B?low Subject: Re: ipfilter seems to be broken on 7.2-PRERELEASE as of April 25:th 2009. X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: pyunyh@gmail.com List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2009 00:49:00 -0000 On Mon, May 11, 2009 at 01:07:46PM -0700, Jason Chambers wrote: > Jonas B?low wrote: > > > > After reboot it was not reachable from the network. After some > > troubleshooting I found that ipfilter seems to be the problem. Returning > > traffic originating from my host (XXX) is blocked: > > > (... snip ...) > > > > Anyone seen this behaviour? > > > > Yes. This appears to have made it to the RELEASE as well. > > I believe it is due to updates to the FXP driver that allow checksumming > for tx/rx. My guess is checksumming is enabled by default and you (and > I) happen to have the cards recognized by FXP that do not support it. I guess your controller is 82559 or compatibles. If you can receive packets without problems after disabling ipfilter it's not fault of fxp(4). You have a good controller that do support Rx checksum offloading. > (The BAD in the ipf log represents bad checksum) > No, ipfilter's notion of Rx checksum offloading was broken. ipfilter simply does not understand partial checksummed frame(e.g. checksummed frame without pseudo header) so driver that supports this type of checksum offloading(gem(4), hme(4), sk(4) and fxp(4)) wouldn't work on ipfilter. > If you do "ifconfig fxp0 -txcsum -rxcsum" your problem should go away. > For /etc/rc.conf, just add -txcsum -rxcsum to the interface definition. > Yeah, that would fix it or you can switch to pf(4).