Date: Thu, 28 Jun 2007 22:56:01 +0200 From: Max Laier <max@love2party.net> To: "Vadym Chepkov" <vchepkov@gmail.com> Cc: Hugo Koji Kobayashi <koji@registro.br>, freebsd-pf@freebsd.org Subject: Re: udp fragmentation Message-ID: <200706282256.10397.max@love2party.net> In-Reply-To: <009f01c7b9bc$b7a3bd20$c40a0a0a@chepkov.lan> References: <20070528224225.GC40678@registro.br> <200706282134.26140.max@love2party.net> <009f01c7b9bc$b7a3bd20$c40a0a0a@chepkov.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1649234.KhUMJNcvLm Content-Type: multipart/mixed; boundary="Boundary-01=_jBChGvBpz/2jKbS" Content-Transfer-Encoding: 7bit Content-Disposition: inline --Boundary-01=_jBChGvBpz/2jKbS Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline [ Please don't top post, fixed ] On Thursday 28 June 2007, Vadym Chepkov wrote: > From: "Max Laier" <max@love2party.net>, Thursday, June 28, 2007 3:34 PM > > On Thursday 28 June 2007, Hugo Koji Kobayashi wrote: > > > On Thu, Jun 28, 2007 at 07:19:25PM +0200, Max Laier wrote: > > > > Just to confirm I'm testing the right > > > > cases, my setup looks like: > > > > > > > > Host1 Host2 Host3 > > > > > > > > netsend -> pf scrub -> pf scrub -> netreceive > > > > > > I'm not sure I understood your setup. Why there are 3 hosts? > > > > In order to test scrub on forward and receiver at the same time (but > > taking Host2 out of the stream doesn't change the result). > > > > > I think a query should be sth like this: > > > > > > Client[netsend->pf scrub] -> Internet -> DNS server > > > > > > And the response should be: > > > > > > DNS server -> Internet -> Client[pf scrub->netreceive] > > > > > > > Everthing works as expected with various UDP payloads > MTU. > > > > > > Are you saying that you're able to receive responses to the > > > following dig command when it's run from a client machine running > > > pf scrub? > > > > > > dig @a.ns.se se dnskey +dnssec +bufsize=3D4500 > > > > > > This query is supposed to receive a DNS answer of more than 4KB. > > > > See the attached script I did just now. > > > > The only thing common about your setup seems to be the bge(4) NIC.=20 > > Can you try disabling hardware checksumming (ifconfig -txcsum > > -rxcsum)? My test is over a hardware checksumming fxp(4) card, > > though. > > Yes, this eliminated the issue. Bug in bge driver? Kind of - the driver claims to have done UDP checksum testing on the=20 fragment (which is impossible). The attached patch should fix the issue=20 for bge(4) and any other similar NIC. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --Boundary-01=_jBChGvBpz/2jKbS Content-Type: text/x-diff; charset="iso-8859-6"; name="frag_csum.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="frag_csum.diff" Index: pf_norm.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/store/mlaier/fcvs/src/sys/contrib/pf/net/pf_norm.c,v retrieving revision 1.17 diff -u -r1.17 pf_norm.c =2D-- pf_norm.c 25 Mar 2006 21:15:25 -0000 1.17 +++ pf_norm.c 28 Jun 2007 20:49:33 -0000 @@ -411,6 +411,11 @@ /* Strip off ip header */ m->m_data +=3D hlen; m->m_len -=3D hlen; +#ifdef __FreeBSD__ + /* Checksum is not applicable to the reassembled packet */ + m->m_pkthdr.csum_flags &=3D ~(CSUM_IP_CHECKED | CSUM_IP_VALID |=20 + CSUM_DATA_VALID | CSUM_PSEUDO_HDR); +#endif =20 /* Create a new reassembly queue for this packet */ if (*frag =3D=3D NULL) { --Boundary-01=_jBChGvBpz/2jKbS-- --nextPart1649234.KhUMJNcvLm Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (FreeBSD) iD8DBQBGhCBqXyyEoT62BG0RAourAJ49FbP63nxiFrHGGL2T1YdG4NJJnACeMesC GPdZulUbQfCL9NdWAiW1j/E= =ZvGF -----END PGP SIGNATURE----- --nextPart1649234.KhUMJNcvLm--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200706282256.10397.max>