tech-net: Re: bad tcp sums

Subject: Re: bad tcp sums
To: Manuel Bouyer <bouyer@antioche.lip6.fr>
From: Martin Husemann <martin@duskware.de>
List: tech-net
Date: 04/20/2001 17:49:43

> May sounds silly, but what happens if you add a simple ipf rule:
> pass in from any to any keep frags

That did not parse, so I added

pass in proto tcp from any to any keep frags
pass in proto udp from any to any keep frags
pass in proto icmp from any to any keep frags

and indeed ipfstat shows: 

fragment state(in):     kept 12 lost 0
fragment state(out):    kept 0  lost 0

But it did not work.

Don't know if this is related, it shows TCP cksum failures:

TCP cksum fails(in):    19      (out):  0

but failed TCP chksums are also present when running the old, semi-working
version:

fragment state(in):     kept 0  lost 0
fragment state(out):    kept 0  lost 0
  [...]
TCP cksum fails(in):    6       (out):  0

I'm quite clueless and don't understand the differences between the (semi-)
working and non-working version (the source diff is small).


Martin