Bug 197344

Summary: tx checksum broken on XEN
Product: Base System Reporter: Andreas Pflug <pgadmin>
Component: kernAssignee: freebsd-xen (Nobody) <xen>
Status: New ---    
Severity: Affects Some People CC: franco, meyer.sydney, mmpestorich, rainer, royger
Priority: ---    
Version: 10.1-RELEASE   
Hardware: amd64   
OS: Any   

Description Andreas Pflug 2015-02-05 09:09:15 UTC
This issue might be related to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192013 and https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=154428 , but I found it to be NOT pf specific.

I've been testing pfSense 2.2 on Xen 4.1, and got the same issue as https://forum.pfsense.org/index.php?topic=85797.15 : routing traffic through the FreeBSD 10.1 machine that uses xn* interface hardly works and gives abysmal performance. Packets leaving the router contain an invalid checksum, and don't reach the target VM's tcp stack.

A workaround (with at least 50% performance penalty) is to disable tx offloading on all router interfaces in dom0, i.e. calling 

ethtool -K vif{N}.{x} tx off

The issue can be observed whether the pf firewall is active or not, so it appears to be a FreeBSD xen-netfront driver problem.
Comment 1 Andreas Pflug 2016-01-29 08:06:57 UTC
Problem still present with FreeBSD 10.2 p11 (used in OPNsense 16.1)
Comment 2 Roger Pau Monné freebsd_committer 2016-05-09 10:37:55 UTC
AFAICT, this is possibly a duplicate of PR 188261, can you please confirm that the issues you are seeing always happen when doing packet forwarding?

Also, and in order to try to solve this, can you please post a very simple configuration that can be used to reproduce the issue?
Comment 3 Andreas Pflug 2016-05-09 16:08:30 UTC
#188261 apparently describes the same problem.

How to reproduce:

DomU #1 <-> DomU/Router <-> DomU #2
all on same Xen host.

Accessing DomU#2 from DomU#1 (e.g. ssh) hardly works, until tx checksum is disabled. When a host that's not hosted on the same Xen machine is involved, everything works as expected.

Tested with Xen4.1 and 4.4, DomU/Router FreeBSD 10.1 (pfSense) and 10.2 (opnSense).