Date: Tue, 31 May 2005 15:15:19 +0200 From: Daniel Hartmeier <daniel@benzedrine.cx> To: Derkjan de Haan <derkjan@haanjdj.demon.nl> Cc: freebsd-pf@freebsd.org Subject: Re: no-df and cksum errors in tcpdump Message-ID: <20050531131519.GC16010@insomnia.benzedrine.cx> In-Reply-To: <60550.195.50.100.20.1117540549.squirrel@haanjdj.demon.nl> References: <60550.195.50.100.20.1117540549.squirrel@haanjdj.demon.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 31, 2005 at 01:55:49PM +0200, Derkjan de Haan wrote: > The strange thing is that as soon as I remove the no-df from my pf > configuration, the 'bad cksum' disappears. Has anybody seen this before ? > Can it be that pf doesn't recompute the checksum after altering the packet > ? This can be perfectly fine, when you have a NIC that does checksum calculation in hardware. In that case, pf will invalidate the packet checksum with any modification (nat, modulate state, no-df, etc.) and bpf (i.e. tcpdump, pflogd) will see packets before they actually reach the NIC (which then fixes the checksum in hardware). To make sure, tcpdump what goes out on the wire, from a second host (like the peer or a sniffer). If you see invalid checksums on the wire, then something is wrong. But you can't check this on the sending host itself, due to the order in which bpf gets packets first. Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050531131519.GC16010>