Dear nf devels, I am trying to use the xt_CHECKSUM module to fix an UDP packet that it's comming with check sum error. I have an iptables firewall with two ethernet cards (eth0 private and eth1 public), all ethernet offload parameters are off in both ethernet cards and nf_conntrack_checksum = 0. This is my iptables rule to fix the checksum: iptables -A POSTROUTING -t mangle -p udp --dport 162 -j CHECKSUM --checksum-fill The trafic resulting when the single UDP packet is received using tcpdump: input at eth1 (public): [src ip].1046 > [eth1 public ip].162: [bad udp cksum ff!] output at eth0 (private): [src ip].1046 > [eth0 private ip].162: [bad udp cksum ff!] I did use printk inside the module to see what do I have at skb->ip_summed and I observed that the value is CHECKSUM_NONE, however to have the checksum fixed by the function checksum_tg, this value should be CHECKSUM_PARTIAL. Please let me know if I am miss understanding the way that --checksum-fill is handled by xt_CHECKSUM module. Sincerely, Ventura - -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
