netbsd-help: Re: tcpdump: bad checksums on lo0

Subject: Re: tcpdump: bad checksums on lo0
To: Jukka Salmi <j+nbsd@2007.salmi.ch>
From: Tobias Nygren <tnn@NetBSD.org>
List: netbsd-help
Date: 08/06/2007 23:33:55
On Mon, 6 Aug 2007 18:59:50 +0200
Jukka Salmi <j+nbsd@2007.salmi.ch> wrote:

> Hi,
> 
> I'm seeing this on different machines running NetBSD/i386 3, 4 or
> -current: running tcpdump(1) on lo0 shows all packets having bad
> checksums:
> 
> $ sudo tcpdump -nv -s 0 -i lo0
> tcpdump: WARNING: BIOCPROMISC: Invalid argument
> tcpdump: listening on lo0, link-type NULL (BSD loopback), capture size 65535 bytes
> 18:42:59.570295 IP (tos 0x0, ttl 64, id 48526, offset 0, flags [DF], proto TCP (6), length 64, bad cksum 0 (->7f27)!) 127.0.0.1.64140 > 127.0.0.1.22: S, cksum 0xfe34 (incorrect (-> 0x3bdd), 1347073383:1347073383(0) win 32768 <mss 33152,nop,wscale 0,sackOK,nop,nop,nop,nop,timestamp 0 0>
> 18:42:59.570329 IP (tos 0x0, ttl 64, id 48527, offset 0, flags [DF], proto TCP (6), length 64, bad cksum 0 (->7f26)!) 127.0.0.1.22 > 127.0.0.1.64140: S, cksum 0x6a9f (correct), 1371635563:1371635563(0) ack 1347073384 win 32768 <mss 33152,nop,wscale 0,nop,nop,timestamp 0 0,sackOK,nop,nop>
> 
> IIUC `bad cksum' refers to the IP header checksum, and `cksum 0x....
> (incorrect ...)' refers to the TCP header checksum, correct?
> 
> On another system:
> 
> $ sudo tcpdump -nv -s 0 -i lo0
> tcpdump: WARNING: BIOCPROMISC: Invalid argument
> tcpdump: listening on lo0, link-type NULL (BSD loopback), capture size 65535 bytes
> [...]
> 18:46:45.345735 IP (tos 0x0, ttl  64, id 63053, offset 0, flags [none], length: 72, bad cksum 0 (->a5c4)!) 212.254.26.75.61351 > 212.254.26.75.53: [bad udp cksum 2b9f!]  51594+ PTR? 74.26.254.212.in-addr.arpa. (44)
> 18:46:45.346316 IP (tos 0x0, ttl  64, id 63054, offset 0, flags [none], length: 167, bad cksum 0 (->a564)!) 212.254.26.75.53 > 212.254.26.75.61351: [bad udp cksum 3e1f!]  51594 1/2/2 74.26.254.212.in-addr.arpa. PTR clam.salmi.ch. (139)
> 
> Same for UDP: bad checksums...
> 
> Is tcpdump right? If yes, why are these checksums invalid?
> 
> I only see packets with valid checksums when running tcpdump on
> non-loopback interfaces on these systems.

Having it enabled by default would only hurt performance, because
corrupt packets are unlikely on the loopback interface. But see below:

> sysctl -a | grep loopback
net.inet.ip.do_loopback_cksum = 0
net.inet.tcp.do_loopback_cksum = 0
net.inet.udp.do_loopback_cksum = 0
net.inet6.tcp6.do_loopback_cksum = 0
net.inet6.udp6.do_loopback_cksum = 0

Have fun,
-Tobias