Fwd: Re: maybe bug in version 4.1.28

[Jim Klimov]

-------- Исходное сообщение --------
Тема: Re: maybe bug in version 4.1.28
Дата: Fri, 04 May 2012 18:00:18 +0100
От: Andrew White <andy...@gmail.com>
Кому: Jim Klimov <j...@cos.ru>



+1 too. I'm guessing this is freebsd. There are some bugs with
ipfilter and freebsd that fall into this space, particularly around
checksumming and some intel nics etc.

for example , read through this bug
http://www.freebsd.org/cgi/query-pr.cgi?pr=106438

On Fri, May 4, 2012 at 5:52 PM, Jim Klimov <jimk...@cos.ru
<mailto:jimk...@cos.ru>> wrote:

2012-05-04 20:17, Michael T. Davis wrote:

Where might we find the full thread of this topic?

+1


> Reading between

the lines, is it recommended that we should not enable NIC-based
offload
processing under ipfilter?


That's what we had to do (on OpenSolaris SXCE). You can google up
many hits on "dohwcksum ipfilter" keywords, including PhilDev's
IPFilter FAQ. And yes, the problem is very old:

http://www.phildev.net/ipf/__IPFsolaris.html#solaris15
<http://www.phildev.net/ipf/IPFsolaris.html#solaris15>


http://mail.opensolaris.org/__pipermail/networking-discuss/__2005-September/000192.html

<http://mail.opensolaris.org/pipermail/networking-discuss/2005-September/000192.html>


http://mail.opensolaris.org/__pipermail/networking-discuss/__2006-March/000953.html

<http://mail.opensolaris.org/pipermail/networking-discuss/2006-March/000953.html>


http://comments.gmane.org/__gmane.comp.security.firewalls.__ipfilter/6026
<http://comments.gmane.org/gmane.comp.security.firewalls.ipfilter/6026>

"As is known, ipfilter NAT does not work correctly with hardware
checksumming."


http://www.colby.edu/personal/__j/jaearick/sysadmin/sol10.__ipfilter.upgrade

<http://www.colby.edu/personal/j/jaearick/sysadmin/sol10.ipfilter.upgrade>

We could go on and on :)

//Jim