IP-cksum incorrect in IPv4-response.
using packet dumps like "tcpdump -pnvXi bge0 ip" I have been
able to conclusively detect that kFreeBSD is inserting 0x0000
as the IP header checksum in any TCP response triggered by an
exterior connection. Thus also the TCP checksum is corrupt as
This phenomenon is of course not present in the case of IPv6,
since then there is no header checksum, only a TCP header
checksum. In contrast, a correct IP checksum is calculated
and inserted when the kFreeBSD stack is the initiator in the
Is this know? Is it a defect also in upstream FreeBSD?
Presently I am not sure whether this also explains some
irregular repercussions I am observing when testing com-
pound AH+ESP transports for IPsec. Since ESP-tunneling
and simple AH-transports or ESP-transports are working
correctly every time, the evidence is rather inconclusive
at the moment.
Mats Erik Andersson, DM