> On Apr 12, 2022, at 6:43 AM, Kristof Provost <k...@freebsd.org> wrote:
>
> On 12 Apr 2022, at 2:07, Matt Garber wrote:
>> On Mon, Apr 11, 2022 at 7:15 PM mike tancsa <m...@sentex.net> wrote:
>>
>>> I was setting up a VM pf firewall and noticed I was not able to nat out
>>> for some reason. Looking at the pcap, it seems when the vm is in
>>> forwarding mode, I get tcp checksum errors. If I do a
>>>
>>> ifconfig vtnet1 -rxcsum
>>>
>>> ifconfig vtnet0 -rxcsum
>>>
>>> nat then seems to work fine
>>>
>>> The setup is a simple VM with the hypervisor libvirt/KVM ubuntu 20 LTS.
>>> Guest is RELENG_13 from Apr 11/2022. If I change to em nics in the VM,
>>> all is fine out of the box.
>>>
>>>
>>> I opened up https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263229
>>
>>
>>
>> Unless someone knows otherwise, I’ve been under the impression that PF — or
>> potentially any of the other FreeBSD firewalls (?), but I use PF — has been
>> “broken” in that regard on Linux KVM-based FreeBSD guests for years. As
>> such I’ve always needed to use csum_disable flags on the vtnet interfaces
>> or suffer *extremely* poor network performance, even for servers not doing
>> NAT forwarding.
>>
> That PF checksum issue was fixed c110fc49da2995d10d60d908af0838ecb4be9bee,
> back in 2015.
Do you have a bug ID that references this issue/fix?
Charles
>
> Kristof
>
