CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	kp <kp@FreeBSD.org>
	Wed, 14 Oct 2015 16:21:41 +0000 (16:21 +0000)
committer	kp <kp@FreeBSD.org>
	Wed, 14 Oct 2015 16:21:41 +0000 (16:21 +0000)
commit	40bca2754d65948b01b3e0a63dda32938c1bd837
tree	0285d9170ff0e73a3dfee46641c27f8364cabfb0	tree \| snapshot
parent	60458e70da25850f61b9877b8eae858c8ebe875d	commit \| diff

pf: Fix TSO issues

In certain configurations (mostly but not exclusively as a VM on Xen) pf
produced packets with an invalid TCP checksum.

The problem was that pf could only handle packets with a full checksum. The
FreeBSD IP stack produces TCP packets with a pseudo-header checksum (only
addresses, length and protocol).
Certain network interfaces expect to see the pseudo-header checksum, so they
end up producing packets with invalid checksums.

To fix this stop calculating the full checksum and teach pf to only update TCP
checksums if TSO is disabled or the change affects the pseudo-header checksum.

PR: 154428, 193579, 198868
Reviewed by: sbruno
MFC after: 1 week
Relnotes: yes
Sponsored by: RootBSD
Differential Revision: https://reviews.freebsd.org/D3779

sys/net/pfvar.h		diff \| blob \| history
sys/netpfil/pf/pf.c		diff \| blob \| history
sys/netpfil/pf/pf_ioctl.c		diff \| blob \| history
sys/netpfil/pf/pf_norm.c		diff \| blob \| history