On 09.11.2012 17:51, Adrian Chadd wrote:
On 9 November 2012 00:08, Andre Oppermann <an...@freebsd.org> wrote:
Firewalling doesn't change the packet and no checksum is needed.
NAT does change the packet and the pesky pseudo-header in the TCP/
UDP checksum. However here only the pseudo-header checksum is
recalculated and reintegrated into the one-complement payload checksum.
The payload itself is not being looked at, except for protocols that
do contain IP addresses in their internal commands or such. There
the payload is modified. The same reintegration trick can be used.
In the majority of cases these packets are very small though and
the entire checksum is simply recalculated. As the packets are very
small no fragmentation is occuring.
The IPv4 header checksum is never ever a problem and always works.
Can we please put this to rest now.
Andre,
I'm assuming that Pyun fixed a real bug that he really did see. My day
job is dealing with these kinds of corner cases with embedded hardware
that does offload-y type stuff.
So yes, I'd really like to know what's going on under the hood and fix it.
There isn't anything to fix other than removing a poorly supported
and implemented feature. Nothings breaks if it goes away.
You may be able to make it all go away with a bunch of logical
reasoning but if it weren't a problem, Pyun would've never stumbled
across it and had to disable checksumming.
I found the problem and wanted to remove this particular mis-feature
from the stack. To do that he removed it from two drivers, one of them
very old with no known users.
--
Andre
I'll chase this up privately with him and see what was really going on.
Thanks,
Adrian
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
