tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

[long] "bad cksum 0!" on AIX 5 over loopback

From: alex medvedev <alexm () pycckue org>
Date: Wed, 2 Jul 2003 17:09:14 -0500 (CDT)
hallo,

i am getting "bad tcp cksum" when running tcpdump over loopback on AIX 5.
only happens over the loopback (i.e. no bad cksum over ethernet).

setup:  lipbcap-0.7.2
        tcpdump-3.7.2

compiled with bpf and ipv6 support;
[im aware of aix's broken nametoaddr()]

lo0 was reported as a non-valid interface type, so i
added/modified the following libpcap code to include
the loopback interface type on AIX:
----------------------------------------------------------
pcap-bpf.c in pcap_open_live() added:
        case IFT_LOOP: /* to define interface type */
                v = DLT_LOOP;
                break;

gencode.c in init_linktype() modified:
        case DLT_NULL:
        case DLT_LOOP: /* to define link type */
                /* off_linktype = 0; */ /* should be -1 in my case */
                off_linktype = -1; /* because there's no encapsulation */
                off_nl = 4;
                off_nl_nosnap = 4;      /* no 802.2 LLC */
                return;

pcap-bpf.c in pcap_read() added:
        case EFAULT:  /* to keep it from dying after few packets */
                goto again;
----------------------------------------------------------

what i noticed immediately is that tcp checksums are not calculated
correctly with ipv4.
on linux it works fine, but linux has diff loopback encapsulation.
here is a sample session on AIX 5.2 with latest fixes [see cksums]:

# ./tcpdump -i lo0 -v
tcpdump: listening on lo0

SIMPLE PING:
15:48:34.207455395 localhost > localhost:
icmp: echo request (ttl 255, id 1112, len 84, bad cksum 0!)
15:48:34.207522333 localhost > localhost:
icmp: echo reply (ttl 255, id 1113, len 84, bad cksum 0!)

IPV6 PING:
15:48:47.102841773 ::1 > ::1: icmp6: echo request (len 64, hlim 255)
15:48:47.102931617 ::1 > ::1: icmp6: echo reply (len 64, hlim 255)

TELNET SESSION (FRAGMENT):
16:09:57.748625107 localhost.telnet >
localhost.33010: F [bad tcp cksum a26c!] 79:79(0) ack 47
win 33688 <nop,nop,timestamp 1057604598 1057604598> (ttl 60, id 3819, len
52, bad cksum 0!)
16:09:57.748736461 localhost.33010 >
localhost.telnet: . [bad tcp cksum a286!] ack 80 win 33662
<nop,nop,timestamp 1057604598 1057604598> [tos 0x10]  (ttl 60, id 3820,
len 52, bad cksum 0!)
16:09:57.751140007 localhost.33010 >
localhost.telnet: F [bad tcp cksum a285!] 47:47(0) ack 80
win 33662 <nop,nop,timestamp 1057604598 1057604598> [tos 0x10]  (ttl 60,
id 3821, len 52, bad cksum 0!)
16:09:57.751240534 localhost.telnet >
localhost.33010: . [bad tcp cksum a26b!] ack 48 win 33688
<nop,nop,timestamp 1057604598 1057604598> (ttl 60, id 3822, len 52, bad
cksum 0!)

questions:
- what can be done about fixing the cksums?
  aparently i am not doing smth correctly with incorporating loopback;
  maybe off_nl/off_nl_nosnap numbers wrong? although i doubt that;
- why does pcap_read() receive EFAULT while reading from bpf?
  is it fixable?
  do i miss any packets when doing "goto again" when receiving EFAULT?

thank you,

-alexm
+-----------------------------------------+
| this space was intentionally left blank |
+-----------------------------------------+


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: