Re: ICMP checksum error through NAT ?

On Aug 26, 2007, at 19:15, Hauke Fath wrote:

> At 18:59 Uhr -0400 26.8.2007, Chris Ross wrote:
>
>> It looks like it's converting the "port unreachable" to send it
>> back, but tcpdump is complaining that the icmp cksum is wrong for the
>> packet that the NAT'ing software has generated. Is this a real bug
>> in that code, or is something going wrong somewhere and I'm just
>> misinterpreting the output of tcpdump?
>
> Let me guess: You have hardware checksumming enabled on the related
> network
> interfaces? Since tcpdump sees outgoing packets before the checksum is
> generated, it gets confused. Ignore, or switch off hardware checksum
> generation while testing.

A good thought, but not the case. First off, the interfaces I'm
using are
all VLAN'd sub-interfaces of my ethernet controller. I don't know if
you
can use the hardware check-summing in that case. And, if you can, I
haven't enabled it. The external interface, and it's physical
parent, look
as follows:

# ifconfig vlan0
vlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
vlan: 6 parent: wm0
address: 00:03:47:0d:eb:86
inet 69.244.mm.nn netmask 0xfffffc00 broadcast 255.255.255.255
inet alias 192.168.100.18 netmask 0xffffff00 broadcast
192.168.100.255
inet6 fe80::203:47ff:fe0d:eb86%vlan0 prefixlen 64 scopeid 0x4
# ifconfig wm0
wm0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500

capabilities=2bf00<IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_ Rx,TCP4CSUM_Tx,UDP4CSU
M_Rx,UDP4CSUM_Tx,TCP6CSUM_Tx,UDP6CSUM_Tx>
enabled=0
address: 00:03:47:0d:eb:86
media: Ethernet autoselect (1000baseSX full-duplex)
status: active
inet6 fe80::203:47ff:fe0d:eb86%wm0 prefixlen 64 scopeid 0x2
#

So, I think it's not *that* tcpdump-misinterpretation. :-)

- C hris