Date: Tue, 31 May 2005 13:55:49 +0200 (CEST) From: "Derkjan de Haan" <derkjan@haanjdj.demon.nl> To: freebsd-pf@freebsd.org Subject: no-df and cksum errors in tcpdump Message-ID: <60550.195.50.100.20.1117540549.squirrel@haanjdj.demon.nl>
next in thread | raw e-mail | index | archive | help
All, I am using FreeBSD-STABLE on my home server/firewall. Yesterday I played a bit with the no-df scrub option. However, this yields errors with tcpdump in protocol decoding mode: tcpdump -n -e -ttt -v -r /var/log/pflog A couple of lines from the log: 088889 rule 31/0(match): pass in on em1: IP (tos 0x10, ttl 58, id 21397, offset 0, flags [none], length: 60, bad cksum 7186 (->b186)!) 195.245.244.241.40947 > 192.168.2.1.6346: S [tcp sum ok] 855340762:855340762(0) win 5840 <mss1460,sackOK,timestamp 1191076828 0,nop,wscale 4> 095894 rule 31/0(match): pass in on em1: IP (tos 0x10, ttl 60, id 18568, offset 0, flags [none], length: 60, bad cksum bf87 (->ff87)!) 62.241.53.2.46125 > 192.168.2.1.6346: S [tcp sum ok] 3675198613:3675198613(0) win 5840 <mss 1460,sackOK,timestamp 4006419616 0,nop,wscale 2> 882863 rule 0/0(match): block in on em1: IP (tos 0x0, ttl 123, id 55684, offset 0, flags [none], length: 48, bad cksum e3b2 (->23b3)!) 82.161.151.113.4988 > 82.161.5.221.445: S [tcp sum ok] 1263353290:1263353290(0) win 64240 <mss 1460,nop,nop,sackOK> The relevant line from pf config (full config available on request): scrub on $ext_if all no-df random-id reassemble tcp The strange thing is that as soon as I remove the no-df from my pf configuration, the 'bad cksum' disappears. Has anybody seen this before ? Can it be that pf doesn't recompute the checksum after altering the packet ? regards, Derkjan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?60550.195.50.100.20.1117540549.squirrel>