HomeFreeBSD
Diffusion FreeBSD src repository - subversion rS289316

pf: Fix TSO issues
rS289316
Actions

Description

pf: Fix TSO issues

In certain configurations (mostly but not exclusively as a VM on Xen) pf
produced packets with an invalid TCP checksum.

The problem was that pf could only handle packets with a full checksum. The
FreeBSD IP stack produces TCP packets with a pseudo-header checksum (only
addresses, length and protocol).
Certain network interfaces expect to see the pseudo-header checksum, so they
end up producing packets with invalid checksums.

To fix this stop calculating the full checksum and teach pf to only update TCP
checksums if TSO is disabled or the change affects the pseudo-header checksum.

PR: 154428, 193579, 198868
Reviewed by: sbruno
MFC after: 1 week
Relnotes: yes
Sponsored by: RootBSD
Differential Revision: https://reviews.freebsd.org/D3779

Details

Provenance
kpAuthored on
Reviewer
sbruno
Differential Revision
D3779: pf: Fix TSO issues
Parents
rS289315: resolver: automatically reload /etc/resolv.conf
Branches
Unknown
Tags
Unknown

Changes (4)

PathSize
head/
sys/
net/
netpfil/
pf/

rS289316

View Options

head/sys/net/pfvar.h

Loading...
View Options

head/sys/netpfil/pf/pf.c

Loading...
View Options

head/sys/netpfil/pf/pf_ioctl.c

Loading...
View Options

head/sys/netpfil/pf/pf_norm.c

Loading...