Hi *,
I am running suricata in inline-mode on an openbsd router running -current.
$ pf.conf <- strongly simplified
.
.
.
pass out quick on <...> divert-packet port 700 tag "toBeProcessed" ! tagged
"toBeProcessed"
.
.
.
pass out tagged "toBeProcessed"
.
.
.
EOF
Yes I set checksum-validation to "yes" in suricata.yaml. I'am seeing large
amounts of the following warnings in
fast.log.
08/19/2020-22:45:47.670958 [**] [1:2200073:2] SURICATA IPv4 invalid checksum
[**] [Classification: Generic Protocol
Command Decode] [Priority: 3] {TCP} <...>
08/19/2020-22:45:47.670958 [**] [1:2200074:2] SURICATA TCPv4 invalid checksum
[**] [Classification: Generic Protocol
Command Decode] [Priority: 3] {TCP} <...>
08/19/2020-22:45:47.671381 [**] [1:2200073:2] SURICATA IPv4 invalid checksum
[**] [Classification: Generic Protocol
Command Decode] [Priority: 3] {TCP} <...>
08/19/2020-22:45:47.671381 [**] [1:2200074:2] SURICATA TCPv4 invalid checksum
[**] [Classification: Generic Protocol
Command Decode] [Priority: 3] {TCP} <...>
Is this wanted behavior ? Because it feels like there's something not quite
right about it. Especially whilst running an
application via tor.
Best regards,
Stephan
