I'm using mcast-proxy from ports as multicast routing proxy for use with my ISP's iptv platform. After some setting up i noticed from mcast-proxy's logging that all incoming packets are dropped because of IP invalid checksums [0]. At first I believed this was the result of hardware checksum offloading. However, after some more digging I found that my pf.conf was to blame, specifically:
match inet scrub (max-mss 1460, no-df, random-id) Removing `no-df` and `random-id` as argument causes mcast-proxy to accept all incoming IGMP packets resulting in a working solution. After grepping sys/net/pf* i think that pf_test() calls pf_scrub(), which changes the fragment offset field and/or the identification field thus changing the packet header. However, it seems that the checksum of a changed packet is not updated. Can anyone shed a light on the above? [0] https://github.com/Esdenera/mcast-proxy/blob/master/usr.sbin/mcast-proxy/mcast-proxy.c#L539-L549
