From nobody@FreeBSD.org  Wed Oct 28 15:48:02 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DE7DD1065693
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 28 Oct 2009 15:48:02 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id CD89E8FC47
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 28 Oct 2009 15:48:02 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n9SFm2eC000648
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 28 Oct 2009 15:48:02 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n9SFm2Gd000647;
	Wed, 28 Oct 2009 15:48:02 GMT
	(envelope-from nobody)
Message-Id: <200910281548.n9SFm2Gd000647@www.freebsd.org>
Date: Wed, 28 Oct 2009 15:48:02 GMT
From: Jean Aumont <jaumont@mediagrif.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ARP not sent through Bridge Firewall with BCE network dirver 
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         140051
>Category:       kern
>Synopsis:       [bce] [arp] ARP not sent through Bridge Firewall with BCE network dirver
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    yongari
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 28 15:50:02 UTC 2009
>Closed-Date:    Mon Dec 12 22:39:04 UTC 2011
>Last-Modified:  Mon Dec 12 22:39:04 UTC 2011
>Originator:     Jean Aumont
>Release:        Production Release: 7.2
>Organization:
Mediagrif Technologie Interactive
>Environment:
FreeBSD FW1 7.2-RELEASE FreeBSD 7.2-RELEASE #0: Tue Oct 28 11:45:32 EDT 2009 root@FW1:/usr/obj/usr/src/GENERIC i386
>Description:
ARP request are not sent through Bridge Firewall with the BCE network dirver.

I was trying to set up a PF bridge fireall when I discover the problem.

I set-up 2 pc and make sure that they could ping each other.

Then I set-up the bridge firewall using the 2 onboard network card of my 
HP Proliant DL360 G6. The onboard card uses the BCE network driver.

I connected the 2 PC to the firewall as follow:

PC-A ...... BCE0 (Bridge Firewall) BCE1 ...... PC-B

I started to ping from PC-A to PC-B snooping the network everywhere.

On PC-A, the tcpdump was showing ARP request being sent to the BCE0 interface
of the firewall. 

On the Bridge Firewall, using tcpdump, I could see the ARP request arriving 
to the BCE0 interface.

Again on the firewall, using tcpdump, I could see the ARP request leaving 
the BCE1 interface.... it seem good !!!

At PC-B, using tcpdump, NO arp request were arriving.

The tcpdump done on the BCE1 interface of the firewall is indicating that 
it is sending the ARP, but it does not do it. 
The BCE driver must be causing the problem. 

Also note that this test was done on the stock Production Release: 7.2
witch no patch and PF disable.

I finally added a 4 ports Intel network card to the server and move the 
bridge to EM0 and EM1 and everything worked the first time I tried it.
No arp problem.

Conclusion ... the BCE driver is broken.
>How-To-Repeat:
Follow instruction above.

>Fix:
Did not look at the code ...

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Oct 28 18:37:36 UTC 2009 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=140051 
Responsible-Changed-From-To: freebsd-net->yongari 
Responsible-Changed-By: andre 
Responsible-Changed-When: Mon Aug 23 17:47:13 UTC 2010 
Responsible-Changed-Why:  
Over to expert. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=140051 
State-Changed-From-To: open->feedback 
State-Changed-By: yongari 
State-Changed-When: Fri Sep 24 20:58:26 UTC 2010 
State-Changed-Why:  
Is it still issue on 8.1-RELEASE or 7.3-RELEASE? 
If it's yes, could you disable TX checksum offloading on bce(4)? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=140051 

From: Pyun YongHyeon <pyunyh@gmail.com>
To: Jean Aumont <JAumont@mediagrif.com>
Cc: yongari@FreeBSD.org, bug-followup@FreeBSD.org
Subject: Re: kern/140051: [bce] [arp] ARP not sent through Bridge Firewall with BCE network dirver
Date: Fri, 24 Sep 2010 14:38:21 -0700

 On Fri, Sep 24, 2010 at 05:07:44PM -0400, Jean Aumont wrote:
 > Hi, 
 > 
 > I do not have any more the hardware to be able to test this issue.
 > We bought a 4 port card that used the em driver to solve this issue.
 > The bce drivers was the cause of the issue on BSD 7.2 
 > 
 
 There were several bce(4) changes since 7.2-RELEASE so it might be
 fixed long time ago. But I'm not sure these MFCs really fixed the
 issue. What makes me wonder is there is no mechanism that disables
 ARP sending so I thought bce(4) might generate corrupted IP header
 checksum.
 Because you no longer have access to the hardware, do you agree on
 closing this PR?
 
 > Jean Aumont
 > Work: 450-677-8797x5303
 > Mobile: 514-913-7275
 > 
 > -----Original Message-----
 > From: yongari@FreeBSD.org [mailto:yongari@FreeBSD.org] 
 > Sent: Friday, September 24, 2010 4:59 PM
 > To: Jean Aumont; yongari@FreeBSD.org; yongari@FreeBSD.org
 > Subject: Re: kern/140051: [bce] [arp] ARP not sent through Bridge
 > Firewall with BCE network dirver
 > 
 > Synopsis: [bce] [arp] ARP not sent through Bridge Firewall with BCE
 > network dirver
 > 
 > State-Changed-From-To: open->feedback
 > State-Changed-By: yongari
 > State-Changed-When: Fri Sep 24 20:58:26 UTC 2010
 > State-Changed-Why: 
 > Is it still issue on 8.1-RELEASE or 7.3-RELEASE?
 > If it's yes, could you disable TX checksum offloading on bce(4)?
 > 
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=140051
State-Changed-From-To: feedback->open 
State-Changed-By: yongari 
State-Changed-When: Tue Oct 19 23:39:33 UTC 2010 
State-Changed-Why:  
Feedback received. Submitter has no more access to the hardware. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=140051 
State-Changed-From-To: open->closed 
State-Changed-By: yongari 
State-Changed-When: Mon Dec 12 22:38:29 UTC 2011 
State-Changed-Why:  
Can't reproduce this with bce(4) on bridge(4). 
Probably submitter's firefall rule may have caused the issue. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=140051 
>Unformatted:
