Packets reassembling checksum error

  • Hi there!
    I suppose we experience error which is probably more related to FreeBSD core of pfSence.
    We have pfSence in our VM test area and mostly happy with it. But now with packets incoming from our custom tunnel we stumbled upon a problem with ICMP packet reassemble.
    We use Ubuntu to send ping packets (with '-s 1424' flag) into tunnel interface with 1448 bytes MTU.
    As result ICMP request packets end up split in two with sizes of 1458 and 60 bytes on wire (18 bytes padded in last case).
    During process of routing by pfSence these fragmented packets become reassembled into 1466 bytes packet.
    And that is the place where the magic is happens. First ICMP packet in the session is totally ok. But all the rest of the packets become reassembled into packets with broken checksum.
    I've enclosed dumps from both pfSence interfaces with fragmented and reassembled packets.
    Is it a known issue? Is there any way to resolve it?
    Is there a way to disable reassembling of routing packets?
    fragmentedInput.pcap defragmentedOutput.pcap

  • Also we try to switch off all offloading we can find. It doesn't help. Still broken checksums.

Log in to reply