NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/52592: npf max-mss corrupts TCP checksum

>Number:         52592
>Category:       kern
>Synopsis:       npf max-mss corrupts TCP checksum
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Oct 03 16:15:00 +0000 2017
>Originator:     Michael van Elst
>Release:        NetBSD 8.99.3
System: NetBSD ghostbear 8.99.3 NetBSD 8.99.3 (GHOSTBEAR) #1: Tue Oct  3 15:15:28 CEST 2017  mlelstv@gossam:/home/netbsd-current/obj.evbmips64-eb/home/netbsd-current/src/sys/arch/evbmips/compile/GHOSTBEAR evbmips
Architecture: mips64eb
Machine: evbmips
When npf is used to clamp the TCP maximum segment size, it changes bits
in the header of a TCP SYN packet and adjusts the TCP checksum accordingly.

This works fine for forwarded packets, but for packets created locally
the resulting checksum is garbage.


Here is a simple npf.conf that creates the corruption.

procedure "norm" {
        normalize:  "random-id", "max-mss" 1380
group "external" on pppoe0 {
        pass stateful out final all apply "norm"
group default {
        pass final on lo0 all
        block final all apply

When you remove the "max-mss" clamping, the checksum is good again.

The value in the TCP header that npf operates on is completely different
from the checksum that arrives at the destination and the latter misses
the necessary adjustment for the changed mss value.



Home | Main Index | Thread Index | Old Index