Dear all, using packet dumps like "tcpdump -pnvXi bge0 ip" I have been able to conclusively detect that kFreeBSD is inserting 0x0000 as the IP header checksum in any TCP response triggered by an exterior connection. Thus also the TCP checksum is corrupt as a corollary.
This phenomenon is of course not present in the case of IPv6, since then there is no header checksum, only a TCP header checksum. In contrast, a correct IP checksum is calculated and inserted when the kFreeBSD stack is the initiator in the connection. Is this know? Is it a defect also in upstream FreeBSD? Presently I am not sure whether this also explains some irregular repercussions I am observing when testing com- pound AH+ESP transports for IPsec. Since ESP-tunneling and simple AH-transports or ESP-transports are working correctly every time, the evidence is rather inconclusive at the moment. Best regards, Mats Erik Andersson, DM -- To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110223192516.ga21...@mea.homelinux.org
