RE: Cursed Checksums

[Josan Kadett]

In normal conditions, when NAT translates an IP header, it should do correct
checksumming. However; when the source IP address of a packet is
manipulated, Iptables still seems to use the "original" IP address and
calculate the checksum accordingly. This way even if I use 3 three boxes;

Original Packet --> NAT 1 --> NAT 2 --> NAT3 --> Still incorrect checksum

The wrong checksum is carried over and over the line. It is really a strange
issue and I could not find a reason why still I get the incorrect checksum
even after the IP header is translated three times...

As I said, the original packet must be corrected before it is transmitted to
another place and I think it is just two or three lines of code in the
kernel, but the question is "where"...

-----Original Message-----
From: linux-kernel-owner@xxxxxxxxxxxxxxx
[mailto:linux-kernel-owner@xxxxxxxxxxxxxxx] On Behalf Of Albert Cahalan
Sent: Sunday, August 22, 2004 8:55 PM
To: linux-kernel mailing list
Subject: RE: Cursed Checksums

I'm surprised to find that there doesn't seem to
be an ebtables mangle table. That'd be the place
to match on a u32, then either change that or just
mark the packet for checksuming.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/