When crossing NAT from e.g. pfsense, packets sent from the axge driver will generate bad checksums (as seen in tcpdump), which eventually results in connection aborts. Test within the the same zone (i.e. not crossing NAT) generates no checksum errors and no connections aborts. FreeBSD jail.zerouptime.ch 10.0-STABLE FreeBSD 10.0-STABLE #0 r270340: Fri Aug 22 19:05:34 UTC 2014 root@grind.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 root@jail:~ # kldstat Id Refs Address Size Name 1 11 0xffffffff80200000 17143c0 kernel 2 1 0xffffffff81a11000 4198 if_axge.ko 3 1 0xffffffff81a16000 2af5 uether.ko Tested hardware: Delock 62121 USB 3.0 Adapter in USB 2.0 compatibility mode. usbconfig relevant output: ugen1.2: <AX88179 ASIX Elec. Corp.> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (248mA)
Over to maintainers.
I bought another usb ethernet adapter, this time 100 Mbit which is using the axe driver and I have the same problem. That means: - within the DMZ of my pfsense firewall I can transfer files without problems - across the NAT of my pfsense the connection interupts if the transfer goes beyond listing a directory This also makes it look like it's a general uether issue.
A commit references this bug: Author: kp Date: Wed Oct 14 16:21:41 UTC 2015 New revision: 289316 URL: https://svnweb.freebsd.org/changeset/base/289316 Log: pf: Fix TSO issues In certain configurations (mostly but not exclusively as a VM on Xen) pf produced packets with an invalid TCP checksum. The problem was that pf could only handle packets with a full checksum. The FreeBSD IP stack produces TCP packets with a pseudo-header checksum (only addresses, length and protocol). Certain network interfaces expect to see the pseudo-header checksum, so they end up producing packets with invalid checksums. To fix this stop calculating the full checksum and teach pf to only update TCP checksums if TSO is disabled or the change affects the pseudo-header checksum. PR: 154428, 193579, 198868 Reviewed by: sbruno MFC after: 1 week Relnotes: yes Sponsored by: RootBSD Differential Revision: https://reviews.freebsd.org/D3779 Changes: head/sys/net/pfvar.h head/sys/netpfil/pf/pf.c head/sys/netpfil/pf/pf_ioctl.c head/sys/netpfil/pf/pf_norm.c
Outstanding! That's probably it, since I also had this issue on ESXi Server hosts.
A commit references this bug: Author: kp Date: Wed Oct 21 15:32:21 UTC 2015 New revision: 289703 URL: https://svnweb.freebsd.org/changeset/base/289703 Log: MFC r289316: pf: Fix TSO issues In certain configurations (mostly but not exclusively as a VM on Xen) pf produced packets with an invalid TCP checksum. The problem was that pf could only handle packets with a full checksum. The FreeBSD IP stack produces TCP packets with a pseudo-header checksum (only addresses, length and protocol). Certain network interfaces expect to see the pseudo-header checksum, so they end up producing packets with invalid checksums. To fix this stop calculating the full checksum and teach pf to only update TCP checksums if TSO is disabled or the change affects the pseudo-header checksum. PR: 154428, 193579, 198868 Relnotes: yes Sponsored by: RootBSD Changes: _U stable/10/ stable/10/sys/net/pfvar.h stable/10/sys/netpfil/pf/pf.c stable/10/sys/netpfil/pf/pf_ioctl.c stable/10/sys/netpfil/pf/pf_norm.c
A commit references this bug: Author: kp Date: Fri Dec 25 15:12:12 UTC 2015 New revision: 292731 URL: https://svnweb.freebsd.org/changeset/base/292731 Log: pf: Fix TSO issues In certain configurations (mostly but not exclusively as a VM on Xen) pf produced packets with an invalid TCP checksum. The problem was that pf could only handle packets with a full checksum. The FreeBSD IP stack produces TCP packets with a pseudo-header checksum (only addresses, length and protocol). Certain network interfaces expect to see the pseudo-header checksum, so they end up producing packets with invalid checksums. To fix this stop calculating the full checksum and teach pf to only update TCP checksums if TSO is disabled or the change affects the pseudo-header checksum. PR: 154428, 193579, 198868 Sponsored by: RootBSD Changes: stable/9/sys/contrib/pf/net/pf.c stable/9/sys/contrib/pf/net/pf_ioctl.c stable/9/sys/contrib/pf/net/pf_norm.c stable/9/sys/contrib/pf/net/pfvar.h
Assign to committer that's taking care of (resolving) this issue
Whoops, wrong one