svn commit: r289316 - in head/sys: net netpfil/pf
Baptiste Daroussin
bapt at FreeBSD.org
Wed Oct 14 16:30:48 UTC 2015
On Wed, Oct 14, 2015 at 04:21:41PM +0000, Kristof Provost wrote:
> Author: kp
> Date: Wed Oct 14 16:21:41 2015
> New Revision: 289316
> URL: https://svnweb.freebsd.org/changeset/base/289316
>
> Log:
> pf: Fix TSO issues
>
> In certain configurations (mostly but not exclusively as a VM on Xen) pf
> produced packets with an invalid TCP checksum.
>
> The problem was that pf could only handle packets with a full checksum. The
> FreeBSD IP stack produces TCP packets with a pseudo-header checksum (only
> addresses, length and protocol).
> Certain network interfaces expect to see the pseudo-header checksum, so they
> end up producing packets with invalid checksums.
>
> To fix this stop calculating the full checksum and teach pf to only update TCP
> checksums if TSO is disabled or the change affects the pseudo-header checksum.
>
> PR: 154428, 193579, 198868
> Reviewed by: sbruno
> MFC after: 1 week
> Relnotes: yes
> Sponsored by: RootBSD
> Differential Revision: https://reviews.freebsd.org/D3779
>
Excellent! do you think it would be possible to get an errata on 10.2? that
would be useful for every instance of freebsd running on cloudish stuff!
Best regards,
Bapt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20151014/7f7ae6b7/attachment.bin>
More information about the svn-src-all
mailing list