deadsimple BSD Security Advisories and Announcements

FreeBSD Errata Notice FreeBSD-EN-23:04.ixgbe

Hash: SHA512

FreeBSD-EN-23:04.ixgbe                                          Errata Notice
                                                          The FreeBSD Project

Topic:		ixgbe incorrectly reports input errors for 82599ES

Category:       core
Module:         ixgbe
Announced:      2023-02-08
Affects:        All supported versions of FreeBSD.
Corrected:      2022-11-17 20:13:43 UTC (stable/13, 13.1-STABLE)
                2023-02-08 16:30:38 UTC (releng/13.1, 13.1-RELEASE-p6)
                2022-11-17 20:17:22 UTC (stable/12, 12.4-STABLE)
                2023-02-08 18:30:24 UTC (releng/12.4, 12.4-RELEASE-p1)
                2023-02-08 18:28:28 UTC (releng/12.3, 12.3-RELEASE-p11)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit

I.   Background

ixgbe(4) is driver that supports multiple Intel 10Gb Ethernet cards including
the Intel 82599.

II.  Problem Description

Intel 82599 hardware has errata related to IPv4 UDP frames with a zero
checksum.  The L4 integrity error counter is incremented for such frames,
which results in reported interface errors through utilities such as
ifconfig(8).  This confuses users, since all frames are in fact handled
correctly by the system.

III. Impact

Incorrect interface statistics are reported for affected hardware.

IV.  Workaround

Ignore reported interface errors.

V.   Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date and reboot.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64, i386, or
(on FreeBSD 13 and later) arm64 platforms can be updated via the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for an erratum update"

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch
# fetch
# gpg --verify ixgbe.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:> and reboot the

VI.  Correction details

This issue is corrected by the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:

Branch/path                             Hash                     Revision
- -------------------------------------------------------------------------
stable/13/                              daf3d88ac184    stable/13-n253100
releng/13.1/                            f3e20eb8d8f0  releng/13.1-n250178
stable/12/                                                        r372757
releng/12.4/                                                      r372916
releng/12.3/                                                      r372912
- -------------------------------------------------------------------------

For FreeBSD 13 and later:

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:


To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

For FreeBSD 12 and earlier:

Run the following command to see which files were modified by a particular
revision, replacing NNNNNN with the revision number:

# svn diff -cNNNNNN --summarize svn://

Or visit the following URL, replacing NNNNNN with the revision number:


VII. References


The latest revision of this advisory is available at