[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

IP-cksum incorrect in IPv4-response.

Dear all,

using packet dumps like "tcpdump -pnvXi bge0 ip" I have been
able to conclusively detect that kFreeBSD is inserting 0x0000
as the IP header checksum in any TCP response triggered by an
exterior connection. Thus also the TCP checksum is corrupt as
a corollary.

This phenomenon is of course not present in the case of IPv6,
since then there is no header checksum, only a TCP header
checksum. In contrast, a correct IP checksum is calculated
and inserted when the kFreeBSD stack is the initiator in the

Is this know? Is it a defect also in upstream FreeBSD?

Presently I am not sure whether this also explains some
irregular repercussions I am observing when testing com-
pound AH+ESP transports for IPsec. Since ESP-tunneling
and simple AH-transports or ESP-transports are working
correctly every time, the evidence is rather inconclusive
at the moment.

Best regards,
   Mats Erik Andersson, DM

Reply to: