I am having issues with libipq and checksum calculations, I apologize if this has been explored space. I am using libipq along with iptables to mangle incoming/outgoing packets in an attempt to write a watered-down user-level nat. For an outgoing packet I change the source address and recalculate both the IP and TCP checksums. Now here is the weird thing, I don't seem to have a problem with connection startup (SYN/SYN-ACK/ACK). I am tcpdumping on my outgoing link and see no errors. When I send an outgoing packet with actual data (i.e. an HTTP request), then tcpdump keeps telling me I have a bad checksum. For example : [bad tcp cksum 2072 (->768d)!] Howerver, I verified my checksum calculation as well as the value inside the payload which I pass back to the kernel using ipq_set_verdict and in all cases the checksum value I have is correctly set at 0x768d (in this case). What is going on here? Again, this is only for TCP checksum calculations on data packets, I do not see this issue with IP checksums or TCP syn/syn-ack/ack packets. Thank you for the help. -Calvin
