[Bug 779] Netfilter on bridge interface containing a defective NIC

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Fri Jul 12 01:54:55 CEST 2013


--- Comment #5 from calebc2099 at yahoo.com 2013-07-12 01:54:55 CEST ---
(In reply to comment #4)
> (In reply to comment #3)
> > Have you tried to replicate the problem with a defective NIC?  Here is an
> > example of how to replicate the problem:
> Well, that is difficult since I do not own defective nics.  But again: if your
> NIC is defective, perhaps that is the real cause of your issue?  

The NIC is not "defective" in the sense that it doesn't work at all. The NIC
works just fine when hardware based checksumming is turned off. The problem
seems to be that netfilter is forcing hardware checksumming back on when the
NICs are bridged. When netfilter is not enabled, there is no packet corruption.
The observed packet corruption is in the checksum.
> I tested the exact scenario you describe by using e1000 nics in an eth1/eth2
> bridge, and I manually disabled rx offload on eth2.  I could not see any
> problem.
> > observe simple ping traffic between:
> >  1) computer attached to eth0 and computer attached to eth1.
> >  2) computer attached to eth0 and computer attached to eth2.
> > 
> > enable netfilter (eg. use SNAT) & change IP addresses of computers as necessary
> > and repeat above observation.
> What should I observe?  Does the ping not work at all in one or both of those
> scenarios?  Which ones?  How are you seeing "corrupted packets"?

Using tcpdump on the router (computer with 3 interfaces) and/or tcpdump on the
other 3 computers. Typically, the first octet of the IP address is corrupted
and the checksum is wrong.

Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the netfilter-buglog mailing list