Re: IPv6 checksum errors with divert

From: Andrey V. Elsukov <bu7cher_at_yandex.ru>
Date: Fri, 29 Oct 2021 20:45:38 +0300
27.10.2021 16:28, Peter пишет:
> I see these checksum error when the packet goes into the divert
> socket, I see it when the packet comes back from divert, and I
> see it when the packet goes out onto the network.

> But, when I remove the divert socket from the path, then I still
> see the checksum error at the place where the divert would have
> happened, but when the packet goes out to the network, the checksums
> are okay.

Hi,

This is usually due to enabled IPv6 checksum offloading on the NIC. When
upper level protocols like TCP/UDP/SCTP send a packet, they can leave
checksum for delayed calculation. This delayed calculation occurs when
IP packet is going to the physical interface. If an interface is unable
to offload checksums calculation, IP layer does forced calculation,
otherwise it leaves checksum as is. This is why you see corrupted
checksums in the tcpdump output on egress interface. It is just not yet
calculated by interface.

Divert was designed for IPv4 only and it does not properly support
another address families.

But you can try this patch:
 https://people.freebsd.org/~ae/ipv6_divert_csum.diff

-- 
WBR, Andrey V. Elsukov


Received on Fri Oct 29 2021 - 17:45:38 UTC

Original text of this message