Date: Thu, 28 Jun 2007 15:07:41 -0300 From: Hugo Koji Kobayashi <koji@registro.br> To: Max Laier <max@love2party.net> Cc: freebsd-pf@freebsd.org Subject: Re: udp fragmentation Message-ID: <20070628180741.GA7323@registro.br> In-Reply-To: <200706281919.41777.max@love2party.net> References: <20070528224225.GC40678@registro.br> <20070604194430.GD21681@registro.br> <200706042200.14860.max@love2party.net> <200706281919.41777.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--0F1p//8PRICkK4MW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi Max, On Thu, Jun 28, 2007 at 07:19:25PM +0200, Max Laier wrote: > On Monday 04 June 2007, Max Laier wrote: > > Hi again, > > > > On Monday 04 June 2007, Hugo Koji Kobayashi wrote: > > > pf is running on the DNS client machine. The DNS server is on a > > > completely different network (I don't control this server). The > > > client can send the udp request with no problem (it's a small udp > > > datagram; less than 512 bytes), the server sends the udp response > > > fragmented, but the client can't receive it. > > > > > > Please, find attached a new test with the requested information. > > > > > > udp: > > > 36 datagrams received > > > 2 with bad checksum > > > 34 delivered > > > 40 datagrams output > > > > <test> > > > > > udp: > > > 36 datagrams received > > > 3 with bad checksum > > > 33 delivered > > > 41 datagrams output > > > > Aha! Can you confirm that "bad checksum" increases for every > > fragmented packet and I'll look for a cure. > > I can't reproduce this. What hardware are you running on? (arch, nic > (rx/txcsum), non-standart CFLAGS). It's a Dell Latitude D610 notebook. dmesg and ifconfig are attached. I have nothing in my /etc/make.conf. > Just to confirm I'm testing the right > cases, my setup looks like: > > Host1 Host2 Host3 > > netsend -> pf scrub -> pf scrub -> netreceive > I'm not sure I understood your setup. Why there are 3 hosts? I think a query should be sth like this: Client[netsend->pf scrub] -> Internet -> DNS server And the response should be: DNS server -> Internet -> Client[pf scrub->netreceive] > > Everthing works as expected with various UDP payloads > MTU. > Are you saying that you're able to receive responses to the following dig command when it's run from a client machine running pf scrub? dig @a.ns.se se dnskey +dnssec +bufsize=4500 This query is supposed to receive a DNS answer of more than 4KB. Thanks, Hugo --0F1p//8PRICkK4MW Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=dmesg-ifconfig Copyright (c) 1992-2007 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 7.0-CURRENT #1: Tue Jun 19 14:57:32 BRT 2007 root@fbsd7.0:/usr/obj/usr/src/sys/GENERIC WARNING: WITNESS option enabled, expect reduced performance. ACPI APIC Table: <DELL CPi R > Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Pentium(R) M processor 2.00GHz (1994.97-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x6d8 Stepping = 8 Features=0xafe9fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE> Features2=0x180<EST,TM2> AMD Features=0x100000<NX> real memory = 1073549312 (1023 MB) avail memory = 1036935168 (988 MB) Security auditing service present BSM auditing present ioapic0: Changing APIC ID to 1 ioapic0 <Version 2.0> irqs 0-23 on motherboard kbd1 at kbdmux0 ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413) acpi0: <DELL CPi R > on motherboard acpi0: [ITHREAD] acpi0: reservation of 0, 9fc00 (3) failed acpi0: reservation of 100000, 3fed1800 (3) failed Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0 cpu0: <ACPI CPU> on acpi0 acpi_perf0: <ACPI CPU Frequency Control> on cpu0 acpi_perf0: failed in PERF_STATUS attach device_attach: acpi_perf0 attach returned 6 acpi_perf0: <ACPI CPU Frequency Control> on cpu0 acpi_perf0: failed in PERF_STATUS attach device_attach: acpi_perf0 attach returned 6 acpi_throttle0: <ACPI CPU Throttling> on cpu0 acpi_acad0: <AC Adapter> on acpi0 battery0: <ACPI Control Method Battery> on acpi0 battery1: <ACPI Control Method Battery> on acpi0 acpi_lid0: <Control Method Lid Switch> on acpi0 acpi_button0: <Power Button> on acpi0 acpi_button1: <Sleep Button> on acpi0 pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0 pci0: <ACPI PCI bus> on pcib0 pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0 pci1: <ACPI PCI bus> on pcib1 vgapci0: <VGA-compatible display> port 0xde00-0xdeff mem 0xd0000000-0xd7ffffff,0xdfdf0000-0xdfdfffff irq 16 at device 0.0 on pci1 pcib2: <ACPI PCI-PCI bridge> at device 28.0 on pci0 pci2: <ACPI PCI bus> on pcib2 pci2:0:0: bad VPD cksum, remain 14 bge0: <Broadcom NetXtreme Gigabit Ethernet Controller, ASIC rev. 0x4001> mem 0xdfcf0000-0xdfcfffff irq 16 at device 0.0 on pci2 miibus0: <MII bus> on bge0 brgphy0: <BCM5750 10/100/1000baseTX PHY> PHY 1 on miibus0 brgphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto bge0: Ethernet address: 00:12:3f:15:36:7d bge0: [ITHREAD] uhci0: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-A> port 0xbf80-0xbf9f irq 16 at device 29.0 on pci0 uhci0: [GIANT-LOCKED] uhci0: [ITHREAD] usb0: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-A> on uhci0 usb0: USB revision 1.0 uhub0: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb0 uhub0: 2 ports with 2 removable, self powered uhci1: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-B> port 0xbf60-0xbf7f irq 17 at device 29.1 on pci0 uhci1: [GIANT-LOCKED] uhci1: [ITHREAD] usb1: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-B> on uhci1 usb1: USB revision 1.0 uhub1: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb1 uhub1: 2 ports with 2 removable, self powered uhci2: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-C> port 0xbf40-0xbf5f irq 18 at device 29.2 on pci0 uhci2: [GIANT-LOCKED] uhci2: [ITHREAD] usb2: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-C> on uhci2 usb2: USB revision 1.0 uhub2: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb2 uhub2: 2 ports with 2 removable, self powered uhci3: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-D> port 0xbf20-0xbf3f irq 19 at device 29.3 on pci0 uhci3: [GIANT-LOCKED] uhci3: [ITHREAD] usb3: <Intel 82801FB/FR/FW/FRW (ICH6) USB controller USB-D> on uhci3 usb3: USB revision 1.0 uhub3: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb3 uhub3: 2 ports with 2 removable, self powered ehci0: <Intel 82801FB (ICH6) USB 2.0 controller> mem 0xffa80800-0xffa80bff irq 16 at device 29.7 on pci0 ehci0: [GIANT-LOCKED] ehci0: [ITHREAD] usb4: EHCI version 1.0 usb4: companion controllers, 2 ports each: usb0 usb1 usb2 usb3 usb4: <Intel 82801FB (ICH6) USB 2.0 controller> on ehci0 usb4: USB revision 2.0 uhub4: <Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1> on usb4 uhub4: 8 ports with 8 removable, self powered pcib3: <ACPI PCI-PCI bridge> at device 30.0 on pci0 pci3: <ACPI PCI bus> on pcib3 cbb0: <PCI-CardBus Bridge> at device 1.0 on pci3 cardbus0: <CardBus bus> on cbb0 pccard0: <16-bit PCCard bus> on cbb0 cbb0: [ITHREAD] pci3: <simple comms> at device 1.5 (no driver attached) pci3: <network> at device 3.0 (no driver attached) pci0: <multimedia, audio> at device 30.2 (no driver attached) isab0: <PCI-ISA bridge> at device 31.0 on pci0 isa0: <ISA bus> on isab0 atapci0: <Intel ICH6M SATA150 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xbfa0-0xbfaf irq 17 at device 31.2 on pci0 ata0: <ATA channel 0> on atapci0 ata0: [ITHREAD] ata1: <ATA channel 1> on atapci0 ata1: [ITHREAD] acpi_tz0: <Thermal Zone> on acpi0 atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64,0x62,0x66 irq 1 on acpi0 atkbd0: <AT Keyboard> irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] atkbd0: [ITHREAD] psm0: <PS/2 Mouse> irq 12 on atkbdc0 psm0: [GIANT-LOCKED] psm0: [ITHREAD] psm0: model GlidePoint, device ID 0 sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 sio0: type 16550A sio0: [FILTER] sio1 port 0x2f8-0x2ff,0x280-0x287 irq 3 drq 3 on acpi0 sio1: type 16550A sio1: [FILTER] pmtimer0 on isa0 orm0: <ISA Option ROM> at iomem 0xc0000-0xcffff pnpid ORM0000 on isa0 ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/8 bytes threshold ppbus0: <Parallel port bus> on ppc0 plip0: <PLIP network interface> on ppbus0 lpt0: <Printer> on ppbus0 lpt0: Interrupt-driven port ppi0: <Parallel I/O> on ppbus0 ppc0: [GIANT-LOCKED] ppc0: [ITHREAD] sc0: <System console> at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 ugen0: <vendor 0x413c product 0x8103, class 224/1, rev 2.00/16.57, addr 2> on uhub1 Timecounter "TSC" frequency 1994973610 Hz quality 800 Timecounters tick every 1.000 msec ad0: 76319MB <HTS548080M9AT00 MG4OA5EA> at ata0-master UDMA100 acd0: DVDR <NEC DVD+/-RW ND-6500A/202C> at ata1-master UDMA33 WARNING: WITNESS option enabled, expect reduced performance. Trying to mount root from ufs:/dev/ad0s2a bge0: link state changed to UP bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM> ether 00:12:3f:15:36:7d inet xxx.xxx.xxx.xxx netmask 0xffffffc0 broadcast xxx.xxx.xxx.xxx media: Ethernet autoselect (1000baseTX <full-duplex>) status: active plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204 --0F1p//8PRICkK4MW--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070628180741.GA7323>