tcpdump: bad checksums on lo0

Thread: tcpdump: bad checksums on lo0

Search this list only Search all lists
tcpdump: bad checksums on lo0
Switzerland	2007-08-06 11:59:50
Hi, I'm seeing this on different machines running NetBSD/i386 3, 4 or -current: running tcpdump(1) on lo0 shows all packets having bad checksums: $ sudo tcpdump -nv -s 0 -i lo0 tcpdump: WARNING: BIOCPROMISC: Invalid argument tcpdump: listening on lo0, link-type NULL (BSD loopback), capture size 65535 bytes 18:42:59.570295 IP (tos 0x0, ttl 64, id 48526, offset 0, flags [DF], proto TCP (6), length 64, bad cksum 0 (->7f27)!) 127.0.0.1.64140 > 127.0.0.1.22: S, cksum 0xfe34 (incorrect (-> 0x3bdd), 1347073383:1347073383(0) win 32768 <mss 33152,nop,wscale 0,sackOK,nop,nop,nop,nop,timestamp 0 0> 18:42:59.570329 IP (tos 0x0, ttl 64, id 48527, offset 0, flags [DF], proto TCP (6), length 64, bad cksum 0 (->7f26)!) 127.0.0.1.22 > 127.0.0.1.64140: S, cksum 0x6a9f (correct), 1371635563:1371635563(0) ack 1347073384 win 32768 <mss 33152,nop,wscale 0,nop,nop,timestamp 0 0,sackOK,nop,nop> IIUC `bad cksum' refers to the IP header checksum, and `cksum 0x.... (incorrect ...)' refers to the TCP header checksum, correct? On another system: $ sudo tcpdump -nv -s 0 -i lo0 tcpdump: WARNING: BIOCPROMISC: Invalid argument tcpdump: listening on lo0, link-type NULL (BSD loopback), capture size 65535 bytes [...] 18:46:45.345735 IP (tos 0x0, ttl 64, id 63053, offset 0, flags [none], length: 72, bad cksum 0 (->a5c4)!) 212.254.26.75.61351 > 212.254.26.75.53: [bad udp cksum 2b9f!] 51594+ PTR? 74.26.254.212.in-addr.arpa. (44) 18:46:45.346316 IP (tos 0x0, ttl 64, id 63054, offset 0, flags [none], length: 167, bad cksum 0 (->a564)!) 212.254.26.75.53 > 212.254.26.75.61351: [bad udp cksum 3e1f!] 51594 1/2/2 74.26.254.212.in-addr.arpa. PTR clam.salmi.ch. (139) Same for UDP: bad checksums... Is tcpdump right? If yes, why are these checksums invalid? I only see packets with valid checksums when running tcpdump on non-loopback interfaces on these systems. TIA, Jukka -- bashian roulette: $ ((RANDOM%6)) \|\| rm -rf ~

Re: tcpdump: bad checksums on lo0
Sweden	2007-08-06 16:33:55
On Mon, 6 Aug 2007 18:59:50 +0200 Jukka Salmi <j+nbsd2007.salmi.ch> wrote: > Hi, > > I'm seeing this on different machines running NetBSD/i386 3, 4 or > -current: running tcpdump(1) on lo0 shows all packets having bad > checksums: > > $ sudo tcpdump -nv -s 0 -i lo0 > tcpdump: WARNING: BIOCPROMISC: Invalid argument > tcpdump: listening on lo0, link-type NULL (BSD loopback), capture size 65535 bytes > 18:42:59.570295 IP (tos 0x0, ttl 64, id 48526, offset 0, flags [DF], proto TCP (6), length 64, bad cksum 0 (->7f27)!) 127.0.0.1.64140 > 127.0.0.1.22: S, cksum 0xfe34 (incorrect (-> 0x3bdd), 1347073383:1347073383(0) win 32768 <mss 33152,nop,wscale 0,sackOK,nop,nop,nop,nop,timestamp 0 0> > 18:42:59.570329 IP (tos 0x0, ttl 64, id 48527, offset 0, flags [DF], proto TCP (6), length 64, bad cksum 0 (->7f26)!) 127.0.0.1.22 > 127.0.0.1.64140: S, cksum 0x6a9f (correct), 1371635563:1371635563(0) ack 1347073384 win 32768 <mss 33152,nop,wscale 0,nop,nop,timestamp 0 0,sackOK,nop,nop> > > IIUC `bad cksum' refers to the IP header checksum, and `cksum 0x.... > (incorrect ...)' refers to the TCP header checksum, correct? > > On another system: > > $ sudo tcpdump -nv -s 0 -i lo0 > tcpdump: WARNING: BIOCPROMISC: Invalid argument > tcpdump: listening on lo0, link-type NULL (BSD loopback), capture size 65535 bytes > [...] > 18:46:45.345735 IP (tos 0x0, ttl 64, id 63053, offset 0, flags [none], length: 72, bad cksum 0 (->a5c4)!) 212.254.26.75.61351 > 212.254.26.75.53: [bad udp cksum 2b9f!] 51594+ PTR? 74.26.254.212.in-addr.arpa. (44) > 18:46:45.346316 IP (tos 0x0, ttl 64, id 63054, offset 0, flags [none], length: 167, bad cksum 0 (->a564)!) 212.254.26.75.53 > 212.254.26.75.61351: [bad udp cksum 3e1f!] 51594 1/2/2 74.26.254.212.in-addr.arpa. PTR clam.salmi.ch. (139) > > Same for UDP: bad checksums... > > Is tcpdump right? If yes, why are these checksums invalid? > > I only see packets with valid checksums when running tcpdump on > non-loopback interfaces on these systems. Having it enabled by default would only hurt performance, because corrupt packets are unlikely on the loopback interface. But see below: > sysctl -a \| grep loopback net.inet.ip.do_loopback_cksum = 0 net.inet.tcp.do_loopback_cksum = 0 net.inet.udp.do_loopback_cksum = 0 net.inet6.tcp6.do_loopback_cksum = 0 net.inet6.udp6.do_loopback_cksum = 0 Have fun, -Tobias

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )