LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* incorrect TCP checksum on sent TCP-MD5 packets (2.6.20-rc5)
@ 2007-01-14 19:32 Torsten Luettgert
  2007-01-15 18:15 ` Stephen Hemminger
  0 siblings, 1 reply; 3+ messages in thread
From: Torsten Luettgert @ 2007-01-14 19:32 UTC (permalink / raw)
  To: linux-kernel

Hi,

I'm using the new TCP-MD5 option in 2.6.20-rc4 and rc5
to talk BGP to cisco routers.
My box connects to the cisco, and the handshake looks fine:
SYN, SYN/ACK, ACK all have md5 option and correct TCP checksums.

All packets after that, i.e. the ones with payload data,
have wrong TCP checksums, quoth wireshark.
The same happens if the cisco connects: the first, "empty" packet
is ok, packets with payload aren't.

Am I doing something wrong? Or is this a bug?

I'll gladly send tcpdumps if it helps.

Thanks for your help,
Torsten


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: incorrect TCP checksum on sent TCP-MD5 packets (2.6.20-rc5)
  2007-01-14 19:32 incorrect TCP checksum on sent TCP-MD5 packets (2.6.20-rc5) Torsten Luettgert
@ 2007-01-15 18:15 ` Stephen Hemminger
  2007-01-16 10:40   ` incorrect " Torsten Lüttgert
  0 siblings, 1 reply; 3+ messages in thread
From: Stephen Hemminger @ 2007-01-15 18:15 UTC (permalink / raw)
  To: linux-kernel

On Sun, 14 Jan 2007 20:32:34 +0100
Torsten Luettgert <t.luettgert@pressestimmen.de> wrote:

> Hi,
> 
> I'm using the new TCP-MD5 option in 2.6.20-rc4 and rc5
> to talk BGP to cisco routers.
> My box connects to the cisco, and the handshake looks fine:
> SYN, SYN/ACK, ACK all have md5 option and correct TCP checksums.
> 
> All packets after that, i.e. the ones with payload data,
> have wrong TCP checksums, quoth wireshark.
> The same happens if the cisco connects: the first, "empty" packet
> is ok, packets with payload aren't.
> 
> Am I doing something wrong? Or is this a bug?
> 
> I'll gladly send tcpdumps if it helps.
> 
> Thanks for your help,
> Torsten

Are you running over a device that does checksum offload?


-- 
Stephen Hemminger <shemminger@osdl.org>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: incorrect checksum on sent TCP-MD5 packets (2.6.20-rc5)
  2007-01-15 18:15 ` Stephen Hemminger
@ 2007-01-16 10:40   ` Torsten Lüttgert
  0 siblings, 0 replies; 3+ messages in thread
From: Torsten Lüttgert @ 2007-01-16 10:40 UTC (permalink / raw)
  To: Linux Kernel Mailing List; +Cc: Stephen Hemminger, yoshfuji

On Mo, 2007-01-15 at 10:15 -0800, Stephen Hemminger wrote:

> Are you running over a device that does checksum offload?

Ooh, I'm feeling stupid now. Yes, I was. Turns out the problem
are the md5 checksums after all. Crypto-enabled tcpdump says:

11:05:42.856702 IP (tos 0x0, ttl  64, id 35129, offset 0, flags [DF],
proto: TCP (6), length: 80) 212.87.33.4.60565 > 212.87.49.254.bgp: S,
cksum 0x4a03 (correct), 1122127063:1122127063(0) win 5840 <mss
1460,sackOK,timestamp 63686126 0,nop,wscale 5,nop,nop,md5:valid>

11:05:42.871809 IP (tos 0x0, ttl 253, id 0, offset 0, flags [none],
proto: TCP (6), length: 64) 212.87.49.254.bgp > 212.87.33.4.60565: S,
cksum 0x0cc9 (correct), 2943414712:2943414712(0) ack 1122127064 win
16384 <mss 516,md5:valid,eol>

11:05:42.872085 IP (tos 0x0, ttl  64, id 35130, offset 0, flags [DF],
proto: TCP (6), length: 60) 212.87.33.4.60565 > 212.87.49.254.bgp: .,
cksum 0x4160 (correct), ack 1 win 5840 <nop,nop,md5:valid>

11:05:42.872150 IP (tos 0x0, ttl  64, id 35131, offset 0, flags [DF],
proto: TCP (6), length: 105) 212.87.33.4.60565 > 212.87.49.254.bgp: P,
cksum 0x54ec (correct), 1:46(45) ack 1 win 5840 <nop,nop,md5:invalid>:
BGP, length: 45
...

- Torsten



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2007-01-16 11:25 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-01-14 19:32 incorrect TCP checksum on sent TCP-MD5 packets (2.6.20-rc5) Torsten Luettgert
2007-01-15 18:15 ` Stephen Hemminger
2007-01-16 10:40   ` incorrect " Torsten Lüttgert

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).