[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Fwd: Re: maybe bug in version 4.1.28
From:       Jim Klimov <jimklimov () cos ! ru>
Date:       2012-05-04 17:21:53
Message-ID: 31404_1336152482_4FA411A1_31404_8434_1_4FA41031.6090503 () cos ! ru
[Download RAW message or body]



-------- Исходное соо щение --------
Тема: 	Re: maybe bug in version 4.1.28
Дата: 	Fri, 04 May 2012 18:00:18 +0100
От: 	Andrew White <andywhite@gmail.com>
Кому: 	Jim Klimov <jim@cos.ru>



+1 too.  I'm guessing this is freebsd.  There are some bugs with
ipfilter and freebsd that fall into this space, particularly around
checksumming and some intel nics etc.

for example , read through this bug
http://www.freebsd.org/cgi/query-pr.cgi?pr=106438

On Fri, May 4, 2012 at 5:52 PM, Jim Klimov <jimklimov@cos.ru
<mailto:jimklimov@cos.ru>> wrote:

     2012-05-04 20:17, Michael T. Davis wrote:

                 Where might we find the full thread of this topic?

     +1


      > Reading between

         the lines, is it recommended that we should not enable NIC-based
         offload
         processing under ipfilter?


     That's what we had to do (on OpenSolaris SXCE). You can google up
     many hits on "dohwcksum ipfilter" keywords, including PhilDev's
     IPFilter FAQ. And yes, the problem is very old:

     http://www.phildev.net/ipf/__IPFsolaris.html#solaris15
     <http://www.phildev.net/ipf/IPFsolaris.html#solaris15>

 
http://mail.opensolaris.org/__pipermail/networking-discuss/__2005-September/000192.html
 
<http://mail.opensolaris.org/pipermail/networking-discuss/2005-September/000192.html>

 
http://mail.opensolaris.org/__pipermail/networking-discuss/__2006-March/000953.html
 
<http://mail.opensolaris.org/pipermail/networking-discuss/2006-March/000953.html>

 
http://comments.gmane.org/__gmane.comp.security.firewalls.__ipfilter/6026
     <http://comments.gmane.org/gmane.comp.security.firewalls.ipfilter/6026>

     "As is known, ipfilter NAT does not work correctly with hardware
     checksumming."

 
http://www.colby.edu/personal/__j/jaearick/sysadmin/sol10.__ipfilter.upgrade
 
<http://www.colby.edu/personal/j/jaearick/sysadmin/sol10.ipfilter.upgrade>

     We could go on and on :)

     //Jim




[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic