Re: further reply-to strangeness

[Daniel Hartmeier]

On Mon, Mar 31, 2003 at 05:57:36PM -0500, David Powers wrote:

> As I mentioned on the list a few days ago I have been having some 
> trouble with reply-to.  In particular it seems to be generating a bad tc 
> checksum for the return packet.  Since then I have rebuilt kernel and 
> world to source checked out this morning (3/31) and it seems to properly 
> return route pings, but still fails on the TCP with bad checksums.  I 
> have put a more full TCP packet trace from the client machine below in 
> case it sparks something in anyone.

I can't reproduce this. One possible explanation is that your network
interface is expected to do hardware TCP checksumming, but actually
doesn't. In that case, you should see bad checksums for outgoing TCP
packets even if reply-to is not used. Maybe you can test with adjusted
routing table entries so reply-to is not needed for outgoing packets to
get sent through that interface.

What output does the following command produce?

  $ netstat -p tcp | grep check

Can you try the patch below and tell us whether it changes anything?

Daniel


Index: pf.c
===
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.329
diff -u -r1.329 pf.c
--- pf.c31 Mar 2003 13:15:27 -  1.329
+++ pf.c31 Mar 2003 23:23:59 -
@@ -3963,14 +3963,18 @@
if (ip->ip_len <= ifp->if_mtu) {
ip->ip_len = htons((u_int16_t)ip->ip_len);
ip->ip_off = htons((u_int16_t)ip->ip_off);
+/*
if ((ifp->if_capabilities & IFCAP_CSUM_IPv4) &&
ifp->if_bridge == NULL) {
m0->m_pkthdr.csum |= M_IPV4_CSUM_OUT;
ipstat.ips_outhwcsum++;
} else {
+*/
ip->ip_sum = 0;
ip->ip_sum = in_cksum(m0, ip->ip_hl << 2);
+/*
}
+*/
/* Update relevant hardware checksum stats for TCP/UDP */
if (m0->m_pkthdr.csum & M_TCPV4_CSUM_OUT)
tcpstat.tcps_outhwcsum++;

further reply-to strangeness

[David Powers]

As I mentioned on the list a few days ago I have been having some 
trouble with reply-to.  In particular it seems to be generating a bad tc 
checksum for the return packet.  Since then I have rebuilt kernel and 
world to source checked out this morning (3/31) and it seems to properly 
return route pings, but still fails on the TCP with bad checksums.  I 
have put a more full TCP packet trace from the client machine below in 
case it sparks something in anyone.

Thank you for any help.

-David Powers

17:53:16.652413 xxx.xxx.xxx.xxx.port > yyy.yyy.yyy.yyy.ssh: S [tcp sum ok] 
1807604332:1807604332(0) win 57344  
(DF) (ttl 64, id 26021, len 60)
0x   4500 003c 65a5 4000 4006 84ab cf63 7353E..<[EMAIL PROTECTED]@csS
0x0010   d8e0 34d4 0a2a 0016 6bbd da6c  ..4..*..k..l
0x0020   a002 e000 fbfa  0204 05b4 0103 0300
0x0030   0101 080a 001e ce18    
17:53:16.677889 yyy.yyy.yyy.yyy.ssh > xxx.xxx.xxx.xxx.port: S [bad tcp cksum 53a0!] 
3475200739:3475200739(0) ack 1807604333 win 17376  (DF) (ttl 58, id 42684, len 60)
0x   4500 003c a6bc 4000 3a06 4994 d8e0 34d4E..<[EMAIL PROTECTED]:.I...4.
0x0010   cf63 7353 0016 0a2a cf23 5ae3 6bbd da6d.csS...*.#Z.k..m
0x0020   a012 43e0 509a  0204 05b4 0103 0300..C.P...
0x0030   0101 080a 014a 7bcb 001e ce18  .J{.
17:53:19.645037 xxx.xxx.xxx.xxx.port > yyy.yyy.yyy.yyy.ssh: S [tcp sum ok] 
1807604332:1807604332(0) win 57344  
(DF) (ttl 64, id 57581, len 60)
0x   4500 003c e0ed 4000 4006 0963 cf63 7353E..<[EMAIL PROTECTED]@..c.csS
0x0010   d8e0 34d4 0a2a 0016 6bbd da6c  ..4..*..k..l
0x0020   a002 e000 face  0204 05b4 0103 0300
0x0030   0101 080a 001e cf44    ...D
17:53:19.670317 yyy.yyy.yyy.yyy.ssh > xxx.xxx.xxx.xxx.port: S [bad tcp cksum 219f!] 
3475200739:3475200739(0) ack 1807604333 win 17376  (DF) (ttl 58, id 65290, len 60)
0x   4500 003c ff0a 4000 3a06 f145 d8e0 34d4E..<[EMAIL PROTECTED]:..E..4.
0x0010   cf63 7353 0016 0a2a cf23 5ae3 6bbd da6d.csS...*.#Z.k..m
0x0020   a012 43e0 509a  0204 05b4 0103 0300..C.P...
0x0030   0101 080a 014a 7bd1 001e cf44  .J{D
17:53:22.845106 xxx.xxx.xxx.xxx.port > yyy.yyy.yyy.yyy.ssh: S [tcp sum ok] 
1807604332:1807604332(0) win 57344  
(DF) (ttl 64, id 21241, len 60)
0x   4500 003c 52f9 4000 4006 9757 cf63 7353E..<[EMAIL PROTECTED]@..W.csS
0x0010   d8e0 34d4 0a2a 0016 6bbd da6c  ..4..*..k..l
0x0020   a002 e000 f98e  0204 05b4 0103 0300
0x0030   0101 080a 001e d084    
17:53:23.497186 yyy.yyy.yyy.yyy.ssh > xxx.xxx.xxx.xxx.port: S [bad tcp cksum d99d!] 
3475200739:3475200739(0) ack 1807604333 win 17376  (DF) (ttl 58, id 63080, len 60)
0x   4500 003c f668 4000 3a06 f9e7 d8e0 34d4E..<[EMAIL PROTECTED]:.4.
0x0010   cf63 7353 0016 0a2a cf23 5ae3 6bbd da6d.csS...*.#Z.k..m
0x0020   a012 43e0 509a  0204 05b4 0103 0300..C.P...
0x0030   0101 080a 014a 7bd9 001e d084  .J{.
17:53:26.045343 xxx.xxx.xxx.xxx.port > yyy.yyy.yyy.yyy.ssh: S [tcp sum ok] 
1807604332:1807604332(0) win 57344  (DF) (ttl 64, id 35829, len 44)
0x   4500 002c 8bf5 4000 4006 5e6b cf63 7353E..,[EMAIL PROTECTED]@.^k.csS
0x0010   d8e0 34d4 0a2a 0016 6bbd da6c  ..4..*..k..l
0x0020   6002 e000 1750  0204 05b4  `P..
17:53:26.074621 yyy.yyy.yyy.yyy.ssh > xxx.xxx.xxx.xxx.port: S [bad tcp cksum d49d!] 
3475200739:3475200739(0) ack 1807604333 win 17376  (DF) (ttl 58, id 49424, len 60)
0x   4500 003c c110 4000 3a06 2f40 d8e0 34d4E..<[EMAIL PROTECTED]:./@..4.
0x0010   cf63 7353 0016 0a2a cf23 5ae3 6bbd da6d.csS...*.#Z.k..m
0x0020   a012 43e0 509a  0204 05b4 0103 0300..C.P...
0x0030   0101 080a 014a 7bde 001e d084  .J{.
17:53:29.245529 xxx.xxx.xxx.xxx.port > yyy.yyy.yyy.yyy.ssh: S [tcp sum ok] 
1807604332:1807604332(0) win 57344  (DF) (ttl 64, id 12758, len 44)
0x   4500 002c 31d6 4000 4006 b88a cf63 7353E..,[EMAIL PROTECTED]@csS
0x0010   d8e0 34d4 0a2a 0016 6bbd da6c  ..4..*..k..l
0x0020   6002 e000 1750  0204 05b4  `P..
17:53:29.270544 yyy.yyy.yyy.yyy.ssh > xxx.xxx.xxx.xxx.port: S [bad tcp cksum ce9d!] 
3475200739:3475200739(0) ack 1807604333 win 17376  (DF) (ttl 58, id 48140, len 60)
0x   4500 003c bc0c 4000 3a06 3444 d8e0 34d4E..<[EMAIL PROTECTED]:.4D..4.
0x0010   cf63 7353 0016 0a2a cf23 5ae3 6bbd da6d.csS...*.#Z.k..m
0x0020   a012 43e0 509a  0204 05b4 0103 0300..C.P...
0x0030   0101 080a 014a 7be4 001e d084  .J{.
17:53:32.445757 xxx.xxx.xxx.xxx.port > yyy.yyy.yyy.yyy.ssh: S [tcp