On Aug 26, 2007, at 19:15, Hauke Fath wrote:
At 18:59 Uhr -0400 26.8.2007, Chris Ross wrote:
It looks like it's converting the "port unreachable" to send it
back, but tcpdump is complaining that the icmp cksum is wrong for the
packet that the NAT'ing software has generated. Is this a real bug
in that code, or is something going wrong somewhere and I'm just
misinterpreting the output of tcpdump?
Let me guess: You have hardware checksumming enabled on the related
network
interfaces? Since tcpdump sees outgoing packets before the checksum is
generated, it gets confused. Ignore, or switch off hardware checksum
generation while testing.
A good thought, but not the case. First off, the interfaces I'm
using are
all VLAN'd sub-interfaces of my ethernet controller. I don't know if
you
can use the hardware check-summing in that case. And, if you can, I
haven't enabled it. The external interface, and it's physical
parent, look
as follows:
# ifconfig vlan0
vlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
vlan: 6 parent: wm0
address: 00:03:47:0d:eb:86
inet 69.244.mm.nn netmask 0xfffffc00 broadcast 255.255.255.255
inet alias 192.168.100.18 netmask 0xffffff00 broadcast
192.168.100.255
inet6 fe80::203:47ff:fe0d:eb86%vlan0 prefixlen 64 scopeid 0x4
# ifconfig wm0
wm0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
capabilities=2bf00<IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSU
M_Rx,UDP4CSUM_Tx,TCP6CSUM_Tx,UDP6CSUM_Tx>
enabled=0
address: 00:03:47:0d:eb:86
media: Ethernet autoselect (1000baseSX full-duplex)
status: active
inet6 fe80::203:47ff:fe0d:eb86%wm0 prefixlen 64 scopeid 0x2
#
So, I think it's not *that* tcpdump-misinterpretation. :-)
- C hris
