Date: Thu, 28 Jun 2007 15:07:41 -0300 From: Hugo Koji Kobayashi <koji@registro.br> To: Max Laier <max@love2party.net> Cc: freebsd-pf@freebsd.org Subject: Re: udp fragmentation Message-ID: <20070628180741.GA7323@registro.br> In-Reply-To: <200706281919.41777.max@love2party.net> References: <20070528224225.GC40678@registro.br> <20070604194430.GD21681@registro.br> <200706042200.14860.max@love2party.net> <200706281919.41777.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--0F1p//8PRICkK4MW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Hi Max,
On Thu, Jun 28, 2007 at 07:19:25PM +0200, Max Laier wrote:
> On Monday 04 June 2007, Max Laier wrote:
> > Hi again,
> >
> > On Monday 04 June 2007, Hugo Koji Kobayashi wrote:
> > > pf is running on the DNS client machine. The DNS server is on a
> > > completely different network (I don't control this server). The
> > > client can send the udp request with no problem (it's a small udp
> > > datagram; less than 512 bytes), the server sends the udp response
> > > fragmented, but the client can't receive it.
> > >
> > > Please, find attached a new test with the requested information.
> > >
> > > udp:
> > > 36 datagrams received
> > > 2 with bad checksum
> > > 34 delivered
> > > 40 datagrams output
> >
> > <test>
> >
> > > udp:
> > > 36 datagrams received
> > > 3 with bad checksum
> > > 33 delivered
> > > 41 datagrams output
> >
> > Aha! Can you confirm that "bad checksum" increases for every
> > fragmented packet and I'll look for a cure.
>
> I can't reproduce this. What hardware are you running on? (arch, nic
> (rx/txcsum), non-standart CFLAGS).
It's a Dell Latitude D610 notebook. dmesg and ifconfig are attached.
I have nothing in my /etc/make.conf.
> Just to confirm I'm testing the right
> cases, my setup looks like:
>
> Host1 Host2 Host3
>
> netsend -> pf scrub -> pf scrub -> netreceive
>
I'm not sure I understood your setup. Why there are 3 hosts?
I think a query should be sth like this:
Client[netsend->pf scrub] -> Internet -> DNS server
And the response should be:
DNS server -> Internet -> Client[pf scrub->netreceive]
>
> Everthing works as expected with various UDP payloads > MTU.
>
Are you saying that you're able to receive responses to the following
dig command when it's run from a client machine running pf scrub?
dig @a.ns.se se dnskey +dnssec +bufsize=4500
This query is supposed to receive a DNS answer of more than 4KB.
Thanks,
Hugo
--0F1p//8PRICkK4MW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=dmesg-ifconfig
Copyright (c) 1992-2007 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 7.0-CURRENT #1: Tue Jun 19 14:57:32 BRT 2007
root@fbsd7.0:/usr/obj/usr/src/sys/GENERIC
WARNING: WITNESS option enabled, expect reduced performance.
ACPI APIC Table: <DELL CPi R >
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Pentium(R) M processor 2.00GHz (1994.97-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x6d8 Stepping = 8
Features=0xafe9fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE>
Features2=0x180<EST,TM2>
AMD Features=0x100000<NX>
real memory = 1073549312 (1023 MB)
avail memory = 1036935168 (988 MB)
Security auditing service present
BSM auditing present
ioapic0: Changing APIC ID to 1
ioapic0 <Version 2.0> irqs 0-23 on motherboard
kbd1 at kbdmux0
ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
acpi0: <DELL CPi R > on motherboard
acpi0: [ITHREAD]
acpi0: reservation of 0, 9fc00 (3) failed
acpi0: reservation of 100000, 3fed1800 (3) failed
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0
cpu0: <ACPI CPU> on acpi0
acpi_perf0: <ACPI CPU Frequency Control> on cpu0
acpi_perf0: failed in PERF_STATUS attach
device_attach: acpi_perf0 attach returned 6
acpi_perf0: <ACPI CPU Frequency Control> on cpu0
acpi_perf0: failed in PERF_STATUS attach
device_attach: acpi_perf0 attach returned 6
acpi_throttle0: <ACPI CPU Throttling> on cpu0
acpi_acad0: <AC Adapter> on acpi0
battery0: <ACPI Control Method Battery> on acpi0
battery1: <ACPI Control Method Battery> on acpi0
acpi_lid0: <Control Method Lid Switch> on acpi0
acpi_button0: <Power Button> on acpi0
acpi_button1: <Sleep Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0
pci1: <ACPI PCI bus> on pcib1
vgapci0: <VGA-compatible display> port 0xde00-0xdeff mem 0xd0000000-0xd7ffffff,0xdfdf0000-0xdfdfffff irq 16 at device 0.0 on pci1
pcib2: <ACPI PCI-PCI bridge> at device 28.0 on pci0
pci2: <ACPI PCI bus> on pcib2
pci2:0:0: bad VPD cksum, remain 14
bge0: <Broadcom NetXtreme Gigabit Ethernet Controller, ASIC rev. 0x4001> mem 0xdfcf0000-0xdfcfffff irq 16 at device 0.0 on pci2
miibus0: <MII bus> on bge0
brgphy0: <BCM5750 10/100/1000baseTX PHY> PHY 1 on miibus0
brgphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
bge0: Ethernet address: 00:12:3f:15:36:7d
bge0: [ITHREAD]
uhci0: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-A> port 0xbf80-0xbf9f irq 16 at device 29.0 on pci0
uhci0: [GIANT-LOCKED]
uhci0: [ITHREAD]
usb0: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-A> on uhci0
usb0: USB revision 1.0
uhub0: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb0
uhub0: 2 ports with 2 removable, self powered
uhci1: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-B> port 0xbf60-0xbf7f irq 17 at device 29.1 on pci0
uhci1: [GIANT-LOCKED]
uhci1: [ITHREAD]
usb1: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-B> on uhci1
usb1: USB revision 1.0
uhub1: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb1
uhub1: 2 ports with 2 removable, self powered
uhci2: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-C> port 0xbf40-0xbf5f irq 18 at device 29.2 on pci0
uhci2: [GIANT-LOCKED]
uhci2: [ITHREAD]
usb2: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-C> on uhci2
usb2: USB revision 1.0
uhub2: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb2
uhub2: 2 ports with 2 removable, self powered
uhci3: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-D> port 0xbf20-0xbf3f irq 19 at device 29.3 on pci0
uhci3: [GIANT-LOCKED]
uhci3: [ITHREAD]
usb3: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-D> on uhci3
usb3: USB revision 1.0
uhub3: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb3
uhub3: 2 ports with 2 removable, self powered
ehci0: <Intel 82801FB (ICH6) USB 2.0 controller> mem 0xffa80800-0xffa80bff irq 16 at device 29.7 on pci0
ehci0: [GIANT-LOCKED]
ehci0: [ITHREAD]
usb4: EHCI version 1.0
usb4: companion controllers, 2 ports each: usb0 usb1 usb2 usb3
usb4: <Intel 82801FB (ICH6) USB 2.0 controller> on ehci0
usb4: USB revision 2.0
uhub4: <Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1> on usb4
uhub4: 8 ports with 8 removable, self powered
pcib3: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci3: <ACPI PCI bus> on pcib3
cbb0: <PCI-CardBus Bridge> at device 1.0 on pci3
cardbus0: <CardBus bus> on cbb0
pccard0: <16-bit PCCard bus> on cbb0
cbb0: [ITHREAD]
pci3: <simple comms> at device 1.5 (no driver attached)
pci3: <network> at device 3.0 (no driver attached)
pci0: <multimedia, audio> at device 30.2 (no driver attached)
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel ICH6M SATA150 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xbfa0-0xbfaf irq 17 at device 31.2 on pci0
ata0: <ATA channel 0> on atapci0
ata0: [ITHREAD]
ata1: <ATA channel 1> on atapci0
ata1: [ITHREAD]
acpi_tz0: <Thermal Zone> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64,0x62,0x66 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: [ITHREAD]
psm0: model GlidePoint, device ID 0
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A
sio0: [FILTER]
sio1 port 0x2f8-0x2ff,0x280-0x287 irq 3 drq 3 on acpi0
sio1: type 16550A
sio1: [FILTER]
pmtimer0 on isa0
orm0: <ISA Option ROM> at iomem 0xc0000-0xcffff pnpid ORM0000 on isa0
ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/8 bytes threshold
ppbus0: <Parallel port bus> on ppc0
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
ppc0: [GIANT-LOCKED]
ppc0: [ITHREAD]
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
ugen0: <vendor 0x413c product 0x8103, class 224/1, rev 2.00/16.57, addr 2> on uhub1
Timecounter "TSC" frequency 1994973610 Hz quality 800
Timecounters tick every 1.000 msec
ad0: 76319MB <HTS548080M9AT00 MG4OA5EA> at ata0-master UDMA100
acd0: DVDR <NEC DVD+/-RW ND-6500A/202C> at ata1-master UDMA33
WARNING: WITNESS option enabled, expect reduced performance.
Trying to mount root from ufs:/dev/ad0s2a
bge0: link state changed to UP
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:12:3f:15:36:7d
inet xxx.xxx.xxx.xxx netmask 0xffffffc0 broadcast xxx.xxx.xxx.xxx
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204
--0F1p//8PRICkK4MW--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070628180741.GA7323>