Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 10 Aug 2010 12:45:45 GMT
From:      Eugenijus <eugenijusu@inbox.lv>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   i386/149497: 8.1-release, problem with fxp driver
Message-ID:  <201008101245.o7ACjjof073317@www.freebsd.org>
Resent-Message-ID: <201008101250.o7ACo2YG006559@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         149497
>Category:       i386
>Synopsis:       8.1-release, problem with fxp driver
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-i386
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 10 12:50:02 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Eugenijus
>Release:        8.1-RELEASE
>Organization:
>Environment:
FreeBSD ftp.jucom.lv 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Tue Aug 10 13:59:23 EEST 2010     root@ftp.jucom.lv:/usr/src/sys/i386/compile/KRN20100810002  i386
>Description:
When I was running this hardware under FreeBSD 7.0 control, everything was ok.
Problem accured when I installed FreeBSD 8.1 on the same hardware with same kernel and configuration.
 I have rules in my /etc/ipf.rules:

pass out quick on fxp0 all
pass in log quick on fxp0 proto tcp from any to any port = 80
block in log first quick on fxp0 all

in this case ipmon shows:

.. fxp0 *@0:1 p *xx.xx.xx.xx -> xx.xx.xx.xx,80 PR tcp len ...

that is OK

now I change second rule to:

pass in log quick on fxp0 proto tcp from any to any port = 80 flags S keep state

because I want to use statefull firewall ofcourse
in this case ipmon shows:

.. fxp0 *@0:2 b* xx.xx.xx.xx -> xx.xx.xx.xx,80 PR tcp len ...

and that is NOT OK

As I figured out problem root is in this log:
ipmon[508]: 17:21:14.434180 fxp0 @0:1 p yyy.yyy.yyy.yyy,3843 -> xxx.xxx.xxx.xxx,80 PR tcp len 20 48 -S IN bad

May be problem is in the checksum or somethik similar

When I installed another interface with Rhino III chipset, problem dissapear.
So I believe, that problem is somewhere in drivers.
>How-To-Repeat:
Install an Intel interface, supported by fxp and see the ipmon output, I believe problem will be out there.
>Fix:
I think, the way to fix this problem is to create somekind of patch, if it does not exist yet...

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201008101245.o7ACjjof073317>