Re: 4.0.1 NAT checksum failure?

To: tech-net%NetBSD.org@localhost
Subject: Re: 4.0.1 NAT checksum failure?
From: der Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Tue, 5 Apr 2011 23:41:53 -0400 (EDT)

>> Can anyone confirm or refute the theory that 4.0.1's NAT simply
>> doesn't get checksums right for addresses on alias networks [...]
> It's not exactly clear to me which is inbound and outbound in the
> example (it's also late in my tz, admitedly), but is it possible that
> because hardware TCP4 checksum is enabled the dumps don't report it
> properly yet output packets get the sum adjusted at actual delivery?

Well, not TCP4, because this isn't TCP; it happens even on pings.  But
presumably IP-layer checksums have similar bits.

It definitely is not as simple as I thought/feared it might be; I did
some more tests and found a test case where a ping from a non-alias
network does not get NATted correctly.  Now I need to figure out what
the _actually_ relevant difference between working and broken is. :-/

Also, it's not just checksum offload; all network interfaces on this
machine are configured with no checksum offload, even the ones that are
capable of doing it.  I definitely need to focus on the checksum code,
though since it's a checksum issue that's been obvious from the start.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse%rodents-montreal.org@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: 4.0.1 NAT checksum failure?
  - From: Matthew Mondor

References:
- 4.0.1 NAT checksum failure?
  - From: der Mouse
- Re: 4.0.1 NAT checksum failure?
  - From: Matthew Mondor

Prev by Date: Re: 4.0.1 NAT checksum failure?
Next by Date: Re: 4.0.1 NAT checksum failure?
Previous by Thread: Re: 4.0.1 NAT checksum failure?
Next by Thread: Re: 4.0.1 NAT checksum failure?
Indexes:

Home | Main Index | Thread Index | Old Index