The following reply was made to PR kern/34799; it has been noted by GNATS.

From: "David H. Gutteridge" <dhgutteridge@sympatico.ca>
To: gnats-bugs@NetBSD.org, jdc@coris.org.uk
Cc: 
Subject: Re: kern/34799: IP Filter does not work correctly with gem(4) when hardware chec
Date: Tue, 18 Dec 2007 21:55:10 -0500

 Julian Coleman wrote:
 >I've been looking at the gem documentation that Sun recently released, in
 >order to make the fibre gem cards work.  I see that the gem card only 
 >supports
 >TCP checksums, so we should not enable UDP checksums.  Does turning off UDP
 >checksums only make things work?
 
 The problem occurs with both UDP and TCP.  If I enable only TCP
 checksums, I still see the problem with TCP packets, e.g.:
 
 [root@arcusv:root]# ifconfig gem0
 
 gem0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         capabilities=3c00<TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx>
         enabled=c00<TCP4CSUM_Rx,TCP4CSUM_Tx>
 ...
 [root@arcusv:root]# telnet www.google.ca 80
 
 Trying 72.14.253.103...
 ^C
 [root@arcusv:root]# tail -1 /var/log/messages
 Dec 18 21:39:33 arcusv ipmon[303]: 21:39:30.159629 gem0 @0:2 b 
 po-in-f103.google.com[72.14.253.103],http -> 
 arcusv.nonus-porta.net[192.168.1.5],65534 PR tcp len 20 52 -AS IN bad
 
 [root@arcusv:root]# ifconfig gem0 -tcp4csum
 
 [root@arcusv:root]# ifconfig gem0
 
 gem0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         capabilities=3c00<TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx>
         enabled=0
 ...
 
 [root@arcusv:root]# telnet www.google.ca 80
 
 Trying 72.14.253.147...
 Connected to www.l.google.com.
 
 ...
 
 The problem apparently affects (or affected) the same chip on Solaris,
 judging from the IP Filter FAQ entry I found on the subject:
 http://www.phildev.net/ipf/IPFsolaris.html#solaris15
 
 This problem only happens with IP Filter.  If I use OpenBSD's PF, UDP
 and TCP packets pass out the gem interface without issue.
 
 Dave