Is TCP Segmentation Offloading turned off or on?
-
Hello,
For pfSenseCE 2.6.0;
On the System>>Advanced>>Networking :: Network Interfaces section [] the "Hardware TCP Segmentation Offloading" chekbox is checked.
and
on the System >> Advanced>> System Tunables ::
the value of the "Enable TCP Segmentation Offload" is "1"I'm confused. Are the two parameters setting exactly the same thing? If so, is TCP Segmentation Offload on or off now?
NOTE: Two screenshots were taken without changing the settings
Thanks
-
@simois If I remember correctly that doesn't really matter, since the checkbox disables it at the card.
When you do a ifconfig do any of your interfaces show (TSO, TSO4, TSO6) in the options? If not then pretty sure its disabled..
-
Yes it doesn't show up in the interface options.
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1492 description: METRO_WAN options=812098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER> ether 00:1b:78:57:8a:68 inet6 **** em0 prefixlen 64 scopeid 0x1 inet ********* netmask 0xfffffffc broadcast ********* media: Ethernet autoselect (100baseTX <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: LAN options=910098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER,NETMAP> ether 00:1b:78:57:8a:69 inet6 ******** em1 prefixlen 64 scopeid 0x2 inet 192.168.1.*** netmask 0xffffff00 broadcast 192.168.1.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=82098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> ether 30:9c:23:26:43:ff inet6 ****** prefixlen 64 scopeid 0x3 media: Ethernet autoselect (100baseTX <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
My basic knowledge is lacking, I didn't think to look at the hardware specifications on this subject.
Thank you very much.
-
@simois you could set that to zero in the tunables - but leaving it 1 for enabled doesn't matter because the checkbox turns it off.
https://docs.netgate.com/pfsense/en/latest/hardware/tune.html#tso-lro
Might need to change it in the tunables - if the checkbox didn't work for example.
-
@johnpoz
You answered my question.I also read this document after you guided me.
As a result, when I test with the ifconfig command when chekbox is selected and not selected in the System>>Advanced>>Networking:: Network Interfaces, TSO closes and opens as required.Thank you again
-
@simois no problem - its was a very valid and good question to be honest.
-
I tought I revive this topic, ;)
I just checked and
[2.7.2-RELEASE][root@pfSense.localdomain]/root: ifconfig | grep TSO options=4e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
So should I uncheck these Hardware TCP Segmentation Offloading and Hardware Large Receive Offloading as these are checked default (meaning these Offloading are disabled)
btw
[2.7.2-RELEASE][root@pfSense.localdomain]/root: pciconf -lv igb0 igb0@pci0:1:0:0: class=0x020000 rev=0x03 hdr=0x00 vendor=0x8086 device=0x157b subvendor=0x8086 subdevice=0x0000 vendor = 'Intel Corporation' device = 'I210 Gigabit Network Connection' class = network subclass = ethernet
-
You probably want it disabled, yes. Though if you have been running with it enabled and seen no problems it likely won't hurt to leave it enabled. It doesn't do that much on a firewall where TCP connections are mostly not terminated anyway. Some drivers/NICs will cause problems with it enabled which is why we disable it by default. igb is well supported though.
-
@stephenw10 So it would benefit if it was a workstation? Just for academic reasons, how could I test if there is er difference checking vs unchecking these 2 settings?
-
Yes. Or a server. Try running an iperf test through the firewall; expect no difference. Try an iperf test to/from the firewall; you might see a difference.
-
Thnx