https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235607
--- Comment #8 from Jorge Schrauwen <sjorge+sig...@blackdot.be> --- Oops, I was pertty sure I did update this with the ipf results. But guess I did not. I could not get ipf to work either, turns out it was similar to the native firewall on illumos (where I was running the bhyve instance). Turns out the illumos version of ipf also has the issue: https://smartos.org/bugview/OS-7924. Joyent who are doing the bhyve fork on illumos and did all the offloading work are going to revert the change where loopback traffic (in the broader sense here that any traffic not hitting the mac of a physical interface, so inter guest traffic too) would not get checksummed soonish. As other software in bhyve guests and native zones is also not dealing properly with this. e.g. vpnservers like wireguard, openvpn,... https://smartos.org/bugview/OS-8025 More details on the revert of this can be found here: https://smartos.org/bugview/OS-8027 So while it looks like ipf, ipfw, and pf do indeed not cope well with traffic that has blank checksums when all the offloading is enabled on the vtnet interface... it's certainly not the only code that has issues with it. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
