Unable to upload to S3 when pf is activated
Kristof Provost
kp at FreeBSD.org
Mon Dec 14 21:17:54 UTC 2015
> On 14 Dec 2015, at 21:38, murdoch.john at moumantai.de wrote:
> yes, the machine runs on Amazon and yes again -tso fixed the problem.
>
> Could I have seen this somehow watching the pf log? Maybe package length?
It’d be hard to spot. The problem was related to the checksums, so you’d have to explicitly look for checksum errors.
To make it worse, you’d not spot the problem looking at tcpdump captures on the machine itself (because you’d see the pre-segmentation packets).
In effect, the best, if not only, way to spot it would be to set up a TCP connection to another machine you control and then send large chunks of data (to trigger TSO) and look at those checksums.
Regards,
Kristof
More information about the freebsd-pf
mailing list