tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

IP Filter does not seem to work correctly with bge(4) when hardware checksums are enabled

I think there's a similar problem to PR#34799 still happening with
bge(4) in netbsd-4 on an HP Proliant box I'm setting up as a NAT and

I.e. ipmon is reporting "bad" packets blocked even though the "pass"
rule they match is triggered.  (too bad "bad" isn't well documented!)


        address: 00:12:79:90:6a:0a
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet netmask 0xffffff00 broadcast


bge0 at pci6 dev 2 function 0: Broadcom BCM5704C Dual Gigabit Ethernet
bge0: interrupting at ioapic1 pin 1 (irq 5)
bge0: ASIC unknown BCM5704 (0x2100), Ethernet address 00:12:79:90:6a:0a
brgphy0 at bge0 phy 1: BCM5704 1000BASE-T media interface, rev. 0

some relevant output from "ipfstat -viohn":

357 27201 @11 pass in quick proto udp from to any port = domain 
keep state group 350 # count 0
362 27201 @31 block in log quick all group 350

some example log records from syslog:

Jan 28 00:01:02 fw ipmon[340]: 00:01:01.980307 bge0 @350:31 b,54202 ->[],domain PR udp len 20 
87 IN bad
Jan 28 00:01:05 fw ipmon[340]: 00:01:04.979956 bge0 @350:31 b,57393 ->[],domain PR 
udp len 20 87 IN bad

then as soon as I made the client DNS queries go to an inside caching
server I saw lots like this:

Jan 28 00:19:30 fw ipmon[340]: 00:19:29.944216 bge0 @350:31 b,50031 ->[],http PR tcp len 20 60 
-S IN bad
Jan 28 00:19:36 fw ipmon[340]: 00:19:35.943206 bge0 @350:31 b,50031 ->[],http PR tcp len 20 60 
-S IN bad

However once I turned off tcp4csum and udp4csum on bge0 then everything
seemed to begin working OK.

(this machine also has a dual wm(4) board, and I've got all the *4csum
features enabled on it and there are no apparent complaints)

Is this a known problem with bge(4) (vs. IPFilter)?  Is this specific to
just the one BCM5704C chip, or more generic?

                                                Greg A. Woods

H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack 
Planix, Inc. <>       Secrets of the Weird 

Attachment: pgp9EcFvH9qAH.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index