Hi,
I've found a problem with NAT-ting UDP packets on a SUN210 (with four Tigon3 interfaces) running Solaris 9. (I'm using IPF 3.4.33pre1.) The OS does HW checksumming, however I think that only for TCP. It seems to me that IPF assumes that the checksumming is done for TCP and UDP, so that NAT-ting UDP packets causes invalid checksums on the outgoing packets.
The concerning code in nat_new()
#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6)
if ((flags & IPN_TCPUDP) && dohwcksum &&
(qf->qf_ill->ill_ick.ick_magic == ICK_M_CTL_MAGIC)) {
if (direction == NAT_OUTBOUND)
sum1 = LONG_SUM(ntohl(in.s_addr));
else
sum1 = LONG_SUM(ntohl(fin->fin_saddr));
sum1 += LONG_SUM(ntohl(fin->fin_daddr));
sum1 += IPPROTO_TCP;
sum1 = (sum1 & 0xffff) + (sum1 >> 16);
nat->nat_sumd[1] = NAT_HW_CKSUM|(sum1 & 0xffff);
} else
#endifWhich is a bit controversial, since it tests flags for TCP _or_ UDP, however, when adding the protocol number to sum1 it assumes that it's IPPROTO_TCP. Changing the IPN_TCPUDP to IPN_TCP solved the checksum problem for me. (Patch for 3.4.33pre1 attached.)
--
Regards,
Krisztian KOVACSdiff -Naur ip_fil3.4.33pre1-orig/ip_nat.c ip_fil3.4.33pre1/ip_nat.c
--- ip_fil3.4.33pre1-orig/ip_nat.c Thu Jun 12 18:18:29 2003
+++ ip_fil3.4.33pre1/ip_nat.c Fri Oct 31 16:59:12 2003
@@ -1435,7 +1435,7 @@
CALC_SUMD(sum1, sum2, sumd);
nat->nat_sumd[0] = (sumd & 0xffff) + (sumd >> 16);
#if SOLARIS && defined(_KERNEL) && (SOLARIS2 >= 6)
- if ((flags & IPN_TCPUDP) && dohwcksum &&
+ if ((flags & IPN_TCP) && dohwcksum &&
(qf->qf_ill->ill_ick.ick_magic == ICK_M_CTL_MAGIC)) {
if (direction == NAT_OUTBOUND)
sum1 = LONG_SUM(ntohl(in.s_addr));
