Re: bridge with tap - trying to set up openvpn server

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Wed, Apr 06, 2011 at 07:15:57AM -0400, yancm%sdf.lonestar.org@localhost 
wrote:
> > On Wed, Apr 06, 2011 at 06:34:15AM -0400, yancm%sdf.lonestar.org@localhost 
> > wrote:
> >> Anything else to try?
> >
> > Hum, just a though. Do you have some vlans configured on wm1 ?
> > Did you setup checksum offlload ?
> 
> vlans - no (though was wondering if it would save me some steps to
> the server room if I set up a vlan on a different subnet so I can
> reset the server when I'm playing with bridge0 debugging...)
> 
> checksum offload IS configured:
> wm1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
> mtu 1500
>      capabilities=2bf80<TSO4,IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,
>        TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx,TCP6CSUM_Tx,UDP6CSUM_Tx>
> 
>      enabled=3f80<TSO4,IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,
>        TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx>
> 
> Bridging seems to work when I disable it! Why would that be?

I guess the brige drop some flags from the outgoing packet indicating that
checksum should be performed by the adapter.

> 
> Should I submit a PR on this? I think my system work better
> when offload is enabled.

I'm not sure offload can be made to work with bridges. When a packet is
being built at the IP level, the IP layer knows the interface with the outgoing
route as the outgoing interface, but the bridge may then reroute this
packet to some other interface, with different capabilities.
So the IP layer has to way to know what capabilities the outgoing interface
will really have ...

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--