It actually looks like that the other protocols are affected by the bad checksum as well. Could this have something to do with the NIC doing checksum offloading?
---------------------- rule 2/(match) [uid 0, pid 12276] block out on em1: 10.101.0.6.25248 > 10.0.0.1: 58903+[|domain] (ttl 63, id 27504, len 70, bad cksum 18ba!) ---------------------- Thanks! --peter On Mon, Oct 11, 2010 at 15:17, Peter Bisroev <pe...@int19h.net> wrote: > It looks like the latest checkout (2010-10-11) fixes the issues on amd64 arch. > > The only strange thing that I am seeing now is that carp and pfsync > packets seem to have a bad checksum. Is that expected? The ruleset is > used is 'block log all', just to see if all the packets are decoded > properly. > > -------------------------------------------------------------- > rule 2/(match) [uid 0, pid 20044] block out on em1: carp 10.0.0.2 > > 224.0.0.18: CARPv2-advertise 36: vhid=1 advbase=1 advskew=10 demote=3 > (DF) [tos 0x10] (ttl 255, id 24298, len 56, bad cksum 0!) > rule 2/(match) [uid 0, pid 9151] block out on em5: 10.101.0.1 > > 224.0.0.240: PFSYNCv6 len 108 > act UPD ST COMP count 1 > ... > (DF) [tos 0x10] (ttl 255, id 44354, len 128, bad cksum 0!) > -------------------------------------------------------------- > > Thanks! > > --peter > > On Fri, Oct 8, 2010 at 04:07, Henning Brauer <lists-openbsdt...@bsws.de> wrote: >> * Stuart Henderson <s...@spacehopper.org> [2010-10-07 22:17]: >>> On 2010/10/07 14:30, Peter Bisroev wrote: >>> > This problem comes up in 4.8-current snapshot from 2010.10.04 and the >>> > -current from CVS dated 2010.10.06. When performing tcpdump on pflog0 >>> > the output complains about unaligned packets and does not decode the >>> > packets properly. Please see the output below. It appears to be that >>> > 'bad-ip-version' in the output below usually changes based on the >>> > size of the packets. >>> >>> Are your kernel and tcpdump in sync? >> >> apparently. looks like i screwed up alignment for 64bit platform. will >> dig asap, but now i need to get ready to leave for eurobsdcon ;) >> >> -- >> Henning Brauer, h...@bsws.de, henn...@openbsd.org >> BS Web Services, http://bsws.de >> Full-Service ISP - Secure Hosting, Mail and DNS Services >> Dedicated Servers, Rootservers, Application Hosting