Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Packets reassembling checksum error

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 359 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shuras
      last edited by shuras

      Hi there!
      I suppose we experience error which is probably more related to FreeBSD core of pfSence.
      We have pfSence in our VM test area and mostly happy with it. But now with packets incoming from our custom tunnel we stumbled upon a problem with ICMP packet reassemble.
      We use Ubuntu to send ping packets (with '-s 1424' flag) into tunnel interface with 1448 bytes MTU.
      As result ICMP request packets end up split in two with sizes of 1458 and 60 bytes on wire (18 bytes padded in last case).
      During process of routing by pfSence these fragmented packets become reassembled into 1466 bytes packet.
      And that is the place where the magic is happens. First ICMP packet in the session is totally ok. But all the rest of the packets become reassembled into packets with broken checksum.
      I've enclosed dumps from both pfSence interfaces with fragmented and reassembled packets.
      Is it a known issue? Is there any way to resolve it?
      Is there a way to disable reassembling of routing packets?
      fragmentedInput.pcap defragmentedOutput.pcap

      1 Reply Last reply Reply Quote 0
      • S
        shuras
        last edited by

        Also we try to switch off all offloading we can find. It doesn't help. Still broken checksums.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.