Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Packets reassembling checksum error

    Routing and Multi WAN
    1
    2
    41
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shuras last edited by shuras

      Hi there!
      I suppose we experience error which is probably more related to FreeBSD core of pfSence.
      We have pfSence in our VM test area and mostly happy with it. But now with packets incoming from our custom tunnel we stumbled upon a problem with ICMP packet reassemble.
      We use Ubuntu to send ping packets (with '-s 1424' flag) into tunnel interface with 1448 bytes MTU.
      As result ICMP request packets end up split in two with sizes of 1458 and 60 bytes on wire (18 bytes padded in last case).
      During process of routing by pfSence these fragmented packets become reassembled into 1466 bytes packet.
      And that is the place where the magic is happens. First ICMP packet in the session is totally ok. But all the rest of the packets become reassembled into packets with broken checksum.
      I've enclosed dumps from both pfSence interfaces with fragmented and reassembled packets.
      Is it a known issue? Is there any way to resolve it?
      Is there a way to disable reassembling of routing packets?
      fragmentedInput.pcap defragmentedOutput.pcap

      1 Reply Last reply Reply Quote 0
      • S
        shuras last edited by

        Also we try to switch off all offloading we can find. It doesn't help. Still broken checksums.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy