Re: bad tcp cksum on outgoing packets

From: Robert Watson <rwatson_at_freebsd.org>
Date: Thu, 12 Aug 2004 10:44:12 -0400 (EDT)
On Thu, 12 Aug 2004, Ruslan Ermilov wrote:

> On Thu, Aug 12, 2004 at 12:50:58PM +0100, Chris Stenton wrote:
> > I have just been doing some debugging on my 5.2.1 box and noticed that
> > outgoing tcp packets on the box are coming up with bad checksums on
> > tcpdump. I am using the nge interface.
> > 
> > Here is a sample output.
> > 
> > 12:44:29.458021 0:4:e2:10:60:83 0:c:6e:4e:a0:cc ip 82:
> > hawk.gnome.co.uk.ssh > kite.gnome.co.uk.2167: P [bad tcp cksum 9420!]
> > 2071:2099(28) ack 753 win 65535 (DF) [tos 0x10]  (ttl 64, id 35623, len
> > 68, bad cksum 0!)
> > 
> > 12:44:29.642088 0:c:6e:4e:a0:cc 0:4:e2:10:60:83 ip 60:
> > kite.gnome.co.uk.2167 > hawk.gnome.co.uk.ssh: . [tcp sum ok] 753:753(0)
> > ack 2099 win 64956 (DF) (ttl 128, id 44852, len 40)
> > 
> > 
> > Any ideas whats going on as the packet does not seem to be resent?
> > 
> You don't have hardware checksums enabled, do you?  I barely
> recall they are incompatible with bpf(4).

They're not incompatible per se, but if you're sniffing outgoing packets
and the network interface is calculating the checksum on send, BPF will
see a version of the packet before the checksum is calculated.  If tcpdump
later attempts to verify the checksum, it still won't be calculated in the
copy it sees, and will whine.  It was unclear to me in the above e-mail if
this was a tcpdump of packets on the wire (say, the receiver), or on the
sender before they hit the wire.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert_at_fledge.watson.org      Principal Research Scientist, McAfee Research
Received on Thu Aug 12 2004 - 12:45:51 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:05 UTC