npf bug(?)

To: current-users%netbsd.org@localhost
Subject: npf bug(?)
From: 6bone%6bone.informatik.uni-leipzig.de@localhost
Date: Mon, 20 Mar 2017 14:25:53 +0100 (CET)

hello,

because of the problems of kern/52036 I tried to switch to npf.Unfortunately there are other problems.

Without npf everything works as expected. With activated npf works anormal IPv6 ping over the router into the Internet, e.g.


ping6 www.heise.de

It also works ping with jumbo packages:

ping6 -s 2000 www.heise.de

In this case tcpdump of the routers outgoing interface reports:

14:04:54.106503 IP6 2001:638:902:1::11 > 2a02:2e0:3fe:1001:7777:772e:2:85:frag (0|1232) ICMP6, echo request, seq 13, length 123214:04:54.106520 IP6 2001:638:902:1::11 > 2a02:2e0:3fe:1001:7777:772e:2:85:frag (1232|776)


If I enable npf whith the following rules:

group default {
        pass final all;
}

ping6 www.heise.de still works. But the icmp message from 'ping6 -s 2000www.heise.de' is droped at the outside interface of the router.


npfctl stats reports:

Fragmentation:
        7 fragments
        6 reassembled
        51605 failed reassembly


Can someone help solve one of the three problems?

  * Interrupt throttling does not work properly with ixg cards(kern/52036)
  * kernel/ipfilter crash at high packet rate (kern/52036)
  * npf problem with fragmented packets


Thank you for your efforts

Regards
Uwe

Follow-Ups:
- Re: npf bug(?)
  - From: Tom Ivar Helbekkmo
- Re: npf bug(?)
  - From: Christos Zoulas

Prev by Date: Automated report: NetBSD-current/i386 build failure
Next by Date: Re: Proposed updated sh(1) relating to $(( ))
Previous by Thread: Proposed updated sh(1) relating to $(( ))
Next by Thread: Re: npf bug(?)
Indexes:

Home | Main Index | Thread Index | Old Index