Subject: Re: kern/34799: IP Filter does not work correctly with gem(4) when hardware chec
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: David H. GUTTERIDGE <dhgutteridge@sympatico.ca>
List: netbsd-bugs
Date: 10/18/2006 03:15:08
The following reply was made to PR kern/34799; it has been noted by GNATS.
From: "David H. GUTTERIDGE" <dhgutteridge@sympatico.ca>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/34799: IP Filter does not work correctly with gem(4) when hardware chec
Date: Wed, 18 Oct 2006 02:02:05 +0000
> I'm having trouble reproducing this bug on my sparc64. I assume I've
>made
> an error in mbuf handling. Could you share your ipf.conf?
Here's my ipf.conf:
pass in quick on lo0 all
pass out quick on lo0 all
block return-rst in log quick proto tcp all
block in log quick proto udp all
block in log quick proto icmp all
block out log quick all head 1
pass out proto tcp from any to any flags S keep state keep frags group 1
pass out proto udp from any to any keep state keep frags group 1
pass out proto icmp from any to any keep state keep frags group 1
block out log quick from any to 127.0.0.0/8 group 1
block out log quick from any to 172.16.0.0/12 group 1
block out log quick from any to 10.0.0.0/8 group 1
block out log quick from any to 255.255.255.255/32 group 1
block out log quick from any to 0.0.0.0/8 group 1
block out log quick from any to 169.254.0.0/16 group 1
block out log quick from any to 192.0.2.0/24 group 1
block out log quick from any to 204.152.64.0/23 group 1
block out log quick from any to 224.0.0.0/3 group 1
Relevant ifconfig details are:
gem0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
capabilities=66<TCP4CSUM,UDP4CSUM,TCP4CSUM_Rx,UDP4CSUM_Rx>
enabled=6<TCP4CSUM,UDP4CSUM>
Here is a transcript of a sample test I did:
[root@arcusv:root]# ifconfig gem0 tcp4csum
[root@arcusv:root]# ifconfig gem0 udp4csum
[root@arcusv:root]# date
Tue Oct 17 21:20:43 EDT 2006
[root@arcusv:root]# ping www.onetbsd.org
ping: Cannot resolve "www.onetbsd.org" (Host name lookup failure)
[root@arcusv:root]# tail -1 /var/log/messages
Oct 17 21:21:14 arcusv ipmon[255]: 21:21:13.891345 gem0 @0:3 b
arcus0.nonus-porta.net[192.168.1.6],domain ->
arcusv.nonus-porta.net[192.168.1.5],65532 PR udp len 20 150 IN bad
[root@arcusv:root]# ifconfig gem0 -tcp4csum
[root@arcusv:root]# ifconfig gem0 -udp4csum
[root@arcusv:root]# ping www.onetbsd.org
PING www.onetbsd.org (213.28.202.226): 56 data bytes
64 bytes from 213.28.202.226: icmp_seq=0 ttl=236 time=322.561 ms
64 bytes from 213.28.202.226: icmp_seq=1 ttl=236 time=165.242 ms
64 bytes from 213.28.202.226: icmp_seq=2 ttl=236 time=164.031 ms
^C
----www.onetbsd.org PING Statistics----
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 164.031/217.278/322.561/91.180 ms
Dave