Subject: kern/25769: ipnat/rdr doesn't like hw csums
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <kefren@netbsd.ro>
List: netbsd-bugs
Date: 06/01/2004 03:38:15
>Number: 25769
>Category: kern
>Synopsis: ipnat/rdr doesn't work properly with hw csums
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Jun 01 00:39:01 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator: Mihai CHELARU
>Release: NetBSD 2.0_BETA
>Organization:
>Environment:
System: NetBSD xxx.xxx.xxx 2.0_BETA NetBSD 2.0_BETA (Kefren) #1: Mon May 31 21:21:13 EEST 2004 root@xxx.xxx.xxx:/sys/arch/i386/compile/Kefren i386
Architecture: i386
Machine: i386
>Description:
ipnat with rdr doesn't do its job when the rdr interface has hardware
checksums. Here is the rule:
rdr bge0 0.0.0.0/0 port 80 -> 127.0.0.1 port 3128 tcp
ipnat -l:
List of active sessions:
RDR 127.0.0.1 3128 <- -> 217.85.93.155 80 [11.11.0.48 50120]
RDR 127.0.0.1 3128 <- -> 216.239.59.99 80 [11.11.0.48 50197]
RDR 127.0.0.1 3128 <- -> 64.62.182.4 80 [11.20.0.15 45465]
RDR 127.0.0.1 3128 <- -> 64.62.182.4 80 [11.20.0.15 45464]
RDR 127.0.0.1 3128 <- -> 64.62.182.4 80 [11.20.0.15 45463]
RDR 127.0.0.1 3128 <- -> 207.5.211.157 80 [11.11.0.48 50264]
RDR 127.0.0.1 3128 <- -> 62.211.212.141 80 [11.11.0.48 50349]
RDR 127.0.0.1 3128 <- -> 207.46.104.20 80 [11.20.0.15 45462]
RDR 127.0.0.1 3128 <- -> 220.245.101.205 80 [11.11.0.48 50453]
RDR 127.0.0.1 3128 <- -> 165.254.12.203 80 [11.20.39.12 1306]
RDR 127.0.0.1 3128 <- -> 64.62.182.4 80 [11.20.0.15 45461]
RDR 127.0.0.1 3128 <- -> 12.129.205.105 80 [11.20.39.12 1305]
Everything works but 11.11.0.48 (host directly connected). All other hosts
on local segment fail, also.
#ipnat -lv | grep pkts <- only for 11.11.0.48 (I filtered the rest)
ifp bge0,bge0 bytes 120/0 pkts 2/0
ifp bge0,bge0 bytes 144/0 pkts 3/0
ifp bge0,bge0 bytes 180/0 pkts 3/0
ifp bge0,bge0 bytes 180/0 pkts 3/0
ifp bge0,bge0 bytes 300/0 pkts 5/0
ifp bge0,bge0 bytes 144/0 pkts 3/0
ifp bge0,bge0 bytes 180/0 pkts 3/0
ifp bge0,bge0 bytes 180/0 pkts 3/0
ifp bge0,bge0 bytes 300/0 pkts 5/0
ifp bge0,bge0 bytes 360/0 pkts 6/0
ifp bge0,bge0 bytes 360/0 pkts 6/0
ifp bge0,bge0 bytes 360/0 pkts 6/0
ifp bge0,bge0 bytes 180/0 pkts 3/0
ifp bge0,bge0 bytes 180/0 pkts 3/0
ifp bge0,bge0 bytes 180/0 pkts 3/0
ifp bge0,bge0 bytes 180/0 pkts 3/0
ifp bge0,bge0 bytes 180/0 pkts 3/0
ifp bge0,bge0 bytes 360/0 pkts 6/0
ifp bge0,bge0 bytes 144/0 pkts 3/0
ifp bge0,bge0 bytes 360/0 pkts 6/0
ifp bge0,bge0 bytes 180/0 pkts 3/0
ifp bge0,bge0 bytes 360/0 pkts 6/0
ifp bge0,bge0 bytes 360/0 pkts 6/0
ifp bge0,bge0 bytes 360/0 pkts 6/0
ifp bge0,bge0 bytes 360/0 pkts 6/0
ifp bge0,bge0 bytes 360/0 pkts 6/0
ifp bge0,bge0 bytes 144/0 pkts 3/0
ifp bge0,bge0 bytes 360/0 pkts 6/0
After disabling ip4csum, tcp4csum and udp4csum on bge0:
ifp bge0,bge0 bytes 962/348 pkts 6/5
ifp bge0,bge0 bytes 364/216 pkts 5/4
ifp bge0,bge0 bytes 364/216 pkts 5/4
ifp bge0,bge0 bytes 1259/820 pkts 6/5
ifp bge0,bge0 bytes 364/216 pkts 5/4
ifp bge0,bge0 bytes 364/216 pkts 5/4
ifp bge0,bge0 bytes 364/216 pkts 5/4
ifp bge0,bge0 bytes 364/216 pkts 5/4
ifp bge0,bge0 bytes 1444/31511 pkts 17/26
ifp bge0,bge0 bytes 364/216 pkts 5/4
ifp bge0,bge0 bytes 364/216 pkts 5/4
ifp bge0,bge0 bytes 364/216 pkts 5/4
ifp bge0,bge0 bytes 5268/21088 pkts 32/22
ifp bge0,bge0 bytes 5496/822 pkts 11/8
ifp bge0,bge0 bytes 1625/2726 pkts 7/6
ifp bge0,bge0 bytes 743/484 pkts 6/5
ifp bge0,bge0 bytes 1259/543 pkts 6/5
ifp bge0,bge0 bytes 733/751 pkts 6/5
ifp bge0,bge0 bytes 400/825 pkts 6/4
ifp bge0,bge0 bytes 2182/1539 pkts 14/13
ifp bge0,bge0 bytes 548/1433 pkts 6/5
ifp bge0,bge0 bytes 737/544 pkts 5/5
ifp bge0,bge0 bytes 3859/21060 pkts 29/21
ifp bge0,bge0 bytes 1677/2694 pkts 8/7
ifp bge0,bge0 bytes 364/216 pkts 5/4
ifp bge0,bge0 bytes 964/348 pkts 6/5
ifp bge0,bge0 bytes 332/216 pkts 5/4
ifp bge0,bge0 bytes 1257/9105 pkts 8/11
And everyone is happy.
>How-To-Repeat:
See above.
>Fix:
none.
>Release-Note:
>Audit-Trail:
>Unformatted: