2012-05-03 19:36, Fbsd8 wrote:
Darren Reed wrote:
I almost certainly guarantee you that this is to do with the different
NIC chips having different capabilities such as hardware checksum
and that these are interfering with ipfilter.
Darren
Ok I believe you that is the cause of the problem.
So this is really a bug in ipfilter that needs correction.
Since this was not the case in the past when motherboards
did not have built in Nics and since the pc manufactures have
standardized on including nics on motherboards that offload some
processes to the chip hardware for better performance, It seems only
logical that ipfilter needs to be updated to be aware of these hardware
process and take the correct action so the reported error condition does
not occur any more. This problem is a SHOW STOPPER.
Are you going to address this?
We have had similarly-sounding problems in our firewall
(sorry, I had no other emails from this thread for context),
and ended up disabling the HW checksum offload.
I am not sure how ipfilter or other firewalls can properly
deal with packets mangled outside their control. Maybe it
is possible, and Darren did put this off for a while ;)
Do you know a working solution (perhaps in other BSD filters)?
Do you care to port and test it? ipfilter is a sourceforge
project, you can send up a patch ;)
Sorry I can't help much,
//Jim
