Hi!
Since moving to OpenBSD 5.4/i386, I noticed that I cannot ping
some hosts on my vlan2. tcpdump on the receiving machines show
icmp echo-requests having a bad checksum.
I've managed to trace down the problem to the following pf rule:
match out quick on vlan2 from (vlan2:network) to any nat-to (vlan2)
The checksum mangling only occurs to packets when the _own_ network
is natted, i.e. no nat or the following rule makes everything work:
match out quick on vlan2 from (vlan2:network) to ! (vlan2:network) nat-to
(vlan2)
So far, I've only found icmp packets (tried only icmp echo-requests)
to have bad checksums. No problems with tcp or udp traffic.
This is reproducible for other vlans as well but not for
the parent interface.
Best regards,
Walter
PS:
dmesg data (stripped down):
OpenBSD 5.4-stable (GENERIC) #0: Sun Nov 10 15:18:58 CET 2013
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Atom(TM) CPU N270 @ 1.60GHz ("GenuineIntel" 686-class) 1.60 GHz
real mem = 2135175168 (2036MB)
bios0 at mainbus0: AT/286+ BIOS, date 05/19/10, SMBIOS rev. 2.6 @ 0xeaef0 (42
entries)
bios0: vendor Intel Corp. version "JT94510H.86A.0045.2010.0519.1750" date
05/19/2010
re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x03: RTL8168D/8111D (0x2800),
apic 2 int 16, address 00:1c:c0:f9:44:9b
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2
