From owner-freebsd-pf@FreeBSD.ORG  Thu Jun 28 18:07:43 2007
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id A2C4B16A400
	for <freebsd-pf@freebsd.org>; Thu, 28 Jun 2007 18:07:43 +0000 (UTC)
	(envelope-from koji@registro.br)
Received: from clone.registro.br (clone.registro.br [200.160.2.4])
	by mx1.freebsd.org (Postfix) with ESMTP id EC9BF13C44B
	for <freebsd-pf@freebsd.org>; Thu, 28 Jun 2007 18:07:42 +0000 (UTC)
	(envelope-from koji@registro.br)
Received: by clone.registro.br (Postfix, from userid 1002)
	id D31D59589F; Thu, 28 Jun 2007 15:07:41 -0300 (BRT)
Date: Thu, 28 Jun 2007 15:07:41 -0300
From: Hugo Koji Kobayashi <koji@registro.br>
To: Max Laier <max@love2party.net>
Message-ID: <20070628180741.GA7323@registro.br>
References: <20070528224225.GC40678@registro.br>
	<20070604194430.GD21681@registro.br>
	<200706042200.14860.max@love2party.net>
	<200706281919.41777.max@love2party.net>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="0F1p//8PRICkK4MW"
Content-Disposition: inline
In-Reply-To: <200706281919.41777.max@love2party.net>
User-Agent: Mutt/1.4.2.2i
X-Organization: Registro.br
X-URL: http://registro.br/
X-Operating-System: FreeBSD
Cc: freebsd-pf@freebsd.org
Subject: Re: udp fragmentation
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jun 2007 18:07:43 -0000


--0F1p//8PRICkK4MW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hi Max,

On Thu, Jun 28, 2007 at 07:19:25PM +0200, Max Laier wrote:
> On Monday 04 June 2007, Max Laier wrote:
> > Hi again,
> >
> > On Monday 04 June 2007, Hugo Koji Kobayashi wrote:
> > > pf is running on the DNS client machine. The DNS server is on a
> > > completely different network (I don't control this server). The
> > > client can send the udp request with no problem (it's a small udp
> > > datagram; less than 512 bytes), the server sends the udp response
> > > fragmented, but the client can't receive it.
> > >
> > > Please, find attached a new test with the requested information.
> > >
> > > udp:
> > >         36 datagrams received
> > >         2 with bad checksum
> > >         34 delivered
> > >         40 datagrams output
> >
> > <test>
> >
> > > udp:
> > >         36 datagrams received
> > >         3 with bad checksum
> > >         33 delivered
> > >         41 datagrams output
> >
> > Aha!  Can you confirm that "bad checksum" increases for every
> > fragmented packet and I'll look for a cure.
> 
> I can't reproduce this.  What hardware are you running on?  (arch, nic 
> (rx/txcsum), non-standart CFLAGS).  

It's a Dell Latitude D610 notebook. dmesg and ifconfig are attached.

I have nothing in my /etc/make.conf.

> Just to confirm I'm testing the right 
> cases, my setup looks like:
> 
> Host1       Host2      Host3
> 
> netsend -> pf scrub -> pf scrub -> netreceive
> 

I'm not sure I understood your setup. Why there are 3 hosts? 

I think a query should be sth like this:

   Client[netsend->pf scrub] -> Internet -> DNS server

And the response should be:

   DNS server -> Internet -> Client[pf scrub->netreceive]

>
> Everthing works as expected with various UDP payloads > MTU.
>

Are you saying that you're able to receive responses to the following
dig command when it's run from a client machine running pf scrub?

  dig @a.ns.se se dnskey +dnssec +bufsize=4500

This query is supposed to receive a DNS answer of more than 4KB.

Thanks,
Hugo


--0F1p//8PRICkK4MW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=dmesg-ifconfig

Copyright (c) 1992-2007 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 7.0-CURRENT #1: Tue Jun 19 14:57:32 BRT 2007
    root@fbsd7.0:/usr/obj/usr/src/sys/GENERIC
WARNING: WITNESS option enabled, expect reduced performance.
ACPI APIC Table: <DELL   CPi R  >
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Pentium(R) M processor 2.00GHz (1994.97-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x6d8  Stepping = 8
  Features=0xafe9fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE>
  Features2=0x180<EST,TM2>
  AMD Features=0x100000<NX>
real memory  = 1073549312 (1023 MB)
avail memory = 1036935168 (988 MB)
Security auditing service present
BSM auditing present
ioapic0: Changing APIC ID to 1
ioapic0 <Version 2.0> irqs 0-23 on motherboard
kbd1 at kbdmux0
ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
acpi0: <DELL CPi R  > on motherboard
acpi0: [ITHREAD]
acpi0: reservation of 0, 9fc00 (3) failed
acpi0: reservation of 100000, 3fed1800 (3) failed
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0
cpu0: <ACPI CPU> on acpi0
acpi_perf0: <ACPI CPU Frequency Control> on cpu0
acpi_perf0: failed in PERF_STATUS attach
device_attach: acpi_perf0 attach returned 6
acpi_perf0: <ACPI CPU Frequency Control> on cpu0
acpi_perf0: failed in PERF_STATUS attach
device_attach: acpi_perf0 attach returned 6
acpi_throttle0: <ACPI CPU Throttling> on cpu0
acpi_acad0: <AC Adapter> on acpi0
battery0: <ACPI Control Method Battery> on acpi0
battery1: <ACPI Control Method Battery> on acpi0
acpi_lid0: <Control Method Lid Switch> on acpi0
acpi_button0: <Power Button> on acpi0
acpi_button1: <Sleep Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0
pci1: <ACPI PCI bus> on pcib1
vgapci0: <VGA-compatible display> port 0xde00-0xdeff mem 0xd0000000-0xd7ffffff,0xdfdf0000-0xdfdfffff irq 16 at device 0.0 on pci1
pcib2: <ACPI PCI-PCI bridge> at device 28.0 on pci0
pci2: <ACPI PCI bus> on pcib2
pci2:0:0: bad VPD cksum, remain 14
bge0: <Broadcom NetXtreme Gigabit Ethernet Controller, ASIC rev. 0x4001> mem 0xdfcf0000-0xdfcfffff irq 16 at device 0.0 on pci2
miibus0: <MII bus> on bge0
brgphy0: <BCM5750 10/100/1000baseTX PHY> PHY 1 on miibus0
brgphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
bge0: Ethernet address: 00:12:3f:15:36:7d
bge0: [ITHREAD]
uhci0: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-A> port 0xbf80-0xbf9f irq 16 at device 29.0 on pci0
uhci0: [GIANT-LOCKED]
uhci0: [ITHREAD]
usb0: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-A> on uhci0
usb0: USB revision 1.0
uhub0: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb0
uhub0: 2 ports with 2 removable, self powered
uhci1: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-B> port 0xbf60-0xbf7f irq 17 at device 29.1 on pci0
uhci1: [GIANT-LOCKED]
uhci1: [ITHREAD]
usb1: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-B> on uhci1
usb1: USB revision 1.0
uhub1: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb1
uhub1: 2 ports with 2 removable, self powered
uhci2: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-C> port 0xbf40-0xbf5f irq 18 at device 29.2 on pci0
uhci2: [GIANT-LOCKED]
uhci2: [ITHREAD]
usb2: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-C> on uhci2
usb2: USB revision 1.0
uhub2: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb2
uhub2: 2 ports with 2 removable, self powered
uhci3: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-D> port 0xbf20-0xbf3f irq 19 at device 29.3 on pci0
uhci3: [GIANT-LOCKED]
uhci3: [ITHREAD]
usb3: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-D> on uhci3
usb3: USB revision 1.0
uhub3: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb3
uhub3: 2 ports with 2 removable, self powered
ehci0: <Intel 82801FB (ICH6) USB 2.0 controller> mem 0xffa80800-0xffa80bff irq 16 at device 29.7 on pci0
ehci0: [GIANT-LOCKED]
ehci0: [ITHREAD]
usb4: EHCI version 1.0
usb4: companion controllers, 2 ports each: usb0 usb1 usb2 usb3
usb4: <Intel 82801FB (ICH6) USB 2.0 controller> on ehci0
usb4: USB revision 2.0
uhub4: <Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1> on usb4
uhub4: 8 ports with 8 removable, self powered
pcib3: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci3: <ACPI PCI bus> on pcib3
cbb0: <PCI-CardBus Bridge> at device 1.0 on pci3
cardbus0: <CardBus bus> on cbb0
pccard0: <16-bit PCCard bus> on cbb0
cbb0: [ITHREAD]
pci3: <simple comms> at device 1.5 (no driver attached)
pci3: <network> at device 3.0 (no driver attached)
pci0: <multimedia, audio> at device 30.2 (no driver attached)
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel ICH6M SATA150 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xbfa0-0xbfaf irq 17 at device 31.2 on pci0
ata0: <ATA channel 0> on atapci0
ata0: [ITHREAD]
ata1: <ATA channel 1> on atapci0
ata1: [ITHREAD]
acpi_tz0: <Thermal Zone> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64,0x62,0x66 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: [ITHREAD]
psm0: model GlidePoint, device ID 0
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A
sio0: [FILTER]
sio1 port 0x2f8-0x2ff,0x280-0x287 irq 3 drq 3 on acpi0
sio1: type 16550A
sio1: [FILTER]
pmtimer0 on isa0
orm0: <ISA Option ROM> at iomem 0xc0000-0xcffff pnpid ORM0000 on isa0
ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/8 bytes threshold
ppbus0: <Parallel port bus> on ppc0
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
ppc0: [GIANT-LOCKED]
ppc0: [ITHREAD]
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
ugen0: <vendor 0x413c product 0x8103, class 224/1, rev 2.00/16.57, addr 2> on uhub1
Timecounter "TSC" frequency 1994973610 Hz quality 800
Timecounters tick every 1.000 msec
ad0: 76319MB <HTS548080M9AT00 MG4OA5EA> at ata0-master UDMA100
acd0: DVDR <NEC DVD+/-RW ND-6500A/202C> at ata1-master UDMA33
WARNING: WITNESS option enabled, expect reduced performance.
Trying to mount root from ufs:/dev/ad0s2a
bge0: link state changed to UP


bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
	ether 00:12:3f:15:36:7d
	inet xxx.xxx.xxx.xxx netmask 0xffffffc0 broadcast xxx.xxx.xxx.xxx
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 
	inet6 ::1 prefixlen 128 
	inet 127.0.0.1 netmask 0xff000000 
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204

--0F1p//8PRICkK4MW--