Lot of errors as a "bad ip cksum" using Tor

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Lot of errors as a "bad ip cksum" using Tor

Carlos Lopez
Good morning,

 I've been seeing a lot of "bad ip cksum" error messages in my OpenBSD’s Tor gateway, like these:

Mar 15 12:27:03.113986 rule 2._5.1/(match) [uid 0, pid 71416] pass in on vio0: [orig src 172.22.55.4:49964, dst 172.217.19.142:443] 172.22.55.4.49964 > 127.0.0.1.9040: SWE 3285379865:3285379865(0) win 65535 <mss 1440,nop,wscale 6,nop,nop,timestamp 453692805 0,[|tcp]> (ttl 63, id 46325, len 64, bad ip cksum 2341! -> 64a7)
Mar 15 12:27:07.847299 rule 2._5.1/(match) [uid 0, pid 71416] pass in on vio0: [orig src 172.22.55.4:49965, dst 85.17.191.244:443] 172.22.55.4.49965 > 127.0.0.1.9040: SWE 755785425:755785425(0) win 65535 <mss 1440,nop,wscale 6,nop,nop,timestamp 453697494 0,[|tcp]> (ttl 63, id 9318, len 64, bad ip cksum 5f32! -> f536)
Mar 15 12:27:08.355880 rule 1._5.1/(match) [uid 0, pid 71416] pass in on vio0: [orig src 172.22.55.4:49966, dst 88.221.213.34:80] 172.22.55.4.49966 > 127.0.0.1.9040: SWE 2618743678:2618743678(0) win 65535 <mss 1440,nop,wscale 6,nop,nop,timestamp 453697997 0,[|tcp]> (ttl 63, id 53617, len 64, bad ip cksum 992c! -> 482b)
Mar 15 12:27:09.337650 rule 2._5.1/(match) [uid 0, pid 71416] pass in on vio0: [orig src 172.22.55.4:49967, dst 85.17.191.242:443] 172.22.55.4.49967 > 127.0.0.1.9040: SWE 2709850134:2709850134(0) win 65535 <mss 1440,nop,wscale 6,nop,nop,timestamp 453698968 0,[|tcp]> (ttl 63, id 31872, len 64, bad ip cksum 71a! -> 9d1c)
Mar 15 12:27:09.364017 rule 2._5.1/(match) [uid 0, pid 71416] pass in on vio0: [orig src 172.22.55.4:49968, dst 85.17.191.242:443] 172.22.55.4.49968 > 127.0.0.1.9040: SWE 855567415:855567415(0) win 65535 <mss 1440,nop,wscale 6,nop,nop,timestamp 453698993 0,[|tcp]> (ttl 63, id 58857, len 64, bad ip cksum 9db0! -> 33b3)

 As you can see all packets are allowed and I have configured my match rules  as:

match in all scrub (no-df max-mss 1440)
match out on egress all scrub (no-df random-id reassemble tcp max-mss 1440)

 Any idea this error is always on?
--
Regards,
C. L. Martinez

Reply | Threaded
Open this post in threaded view
|

Re: Lot of errors as a "bad ip cksum" using Tor

Carlos Lopez
Sorry, my mistake. I have only one match rule configured as:

match in all scrub (no-df max-mss 1440 random-id)

--
Regards,
C. L. Martinez

On 15/03/2020, 13:33, "Carlos Lopez" <[hidden email]> wrote:

    Good morning,
   
     I've been seeing a lot of "bad ip cksum" error messages in my OpenBSD’s Tor gateway, like these:
   
    Mar 15 12:27:03.113986 rule 2._5.1/(match) [uid 0, pid 71416] pass in on vio0: [orig src 172.22.55.4:49964, dst 172.217.19.142:443] 172.22.55.4.49964 > 127.0.0.1.9040: SWE 3285379865:3285379865(0) win 65535 <mss 1440,nop,wscale 6,nop,nop,timestamp 453692805 0,[|tcp]> (ttl 63, id 46325, len 64, bad ip cksum 2341! -> 64a7)
    Mar 15 12:27:07.847299 rule 2._5.1/(match) [uid 0, pid 71416] pass in on vio0: [orig src 172.22.55.4:49965, dst 85.17.191.244:443] 172.22.55.4.49965 > 127.0.0.1.9040: SWE 755785425:755785425(0) win 65535 <mss 1440,nop,wscale 6,nop,nop,timestamp 453697494 0,[|tcp]> (ttl 63, id 9318, len 64, bad ip cksum 5f32! -> f536)
    Mar 15 12:27:08.355880 rule 1._5.1/(match) [uid 0, pid 71416] pass in on vio0: [orig src 172.22.55.4:49966, dst 88.221.213.34:80] 172.22.55.4.49966 > 127.0.0.1.9040: SWE 2618743678:2618743678(0) win 65535 <mss 1440,nop,wscale 6,nop,nop,timestamp 453697997 0,[|tcp]> (ttl 63, id 53617, len 64, bad ip cksum 992c! -> 482b)
    Mar 15 12:27:09.337650 rule 2._5.1/(match) [uid 0, pid 71416] pass in on vio0: [orig src 172.22.55.4:49967, dst 85.17.191.242:443] 172.22.55.4.49967 > 127.0.0.1.9040: SWE 2709850134:2709850134(0) win 65535 <mss 1440,nop,wscale 6,nop,nop,timestamp 453698968 0,[|tcp]> (ttl 63, id 31872, len 64, bad ip cksum 71a! -> 9d1c)
    Mar 15 12:27:09.364017 rule 2._5.1/(match) [uid 0, pid 71416] pass in on vio0: [orig src 172.22.55.4:49968, dst 85.17.191.242:443] 172.22.55.4.49968 > 127.0.0.1.9040: SWE 855567415:855567415(0) win 65535 <mss 1440,nop,wscale 6,nop,nop,timestamp 453698993 0,[|tcp]> (ttl 63, id 58857, len 64, bad ip cksum 9db0! -> 33b3)
   
     As you can see all packets are allowed and I have configured my match rules  as:
   
    match in all scrub (no-df max-mss 1440)
    match out on egress all scrub (no-df random-id reassemble tcp max-mss 1440)
   
     Any idea this error is always on?
    --
    Regards,
    C. L. Martinez
   
   

Reply | Threaded
Open this post in threaded view
|

Re: Lot of errors as a "bad ip cksum" using Tor

Stuart Henderson
In reply to this post by Carlos Lopez
On 2020-03-15, Carlos Lopez <[hidden email]> wrote:
> Good morning,
>
>  I've been seeing a lot of "bad ip cksum" error messages in my OpenBSD’s Tor gateway, like these:

from the tcpdump manual:

   IP and Protocol Checksum Offload
   Some network cards support IP and/or protocol checksum offload.  Packet
   headers for such interfaces erroneously indicate a bad checksum, since the
   checksum is not calculated until after tcpdump sees the packet.


Reply | Threaded
Open this post in threaded view
|

Re: Lot of errors as a "bad ip cksum" using Tor

Carlos Lopez
Thanks Stuart. This is a KVM virtual machine with all offloads settings disabled for the guest ... I will try to enable and see how it goes ...

--
Regards,
C. L. Martinez

On 15/03/2020, 17:41, "[hidden email] on behalf of Stuart Henderson" <[hidden email] on behalf of [hidden email]> wrote:

    On 2020-03-15, Carlos Lopez <[hidden email]> wrote:
    > Good morning,
    >
    >  I've been seeing a lot of "bad ip cksum" error messages in my OpenBSD’s Tor gateway, like these:
   
    from the tcpdump manual:
   
       IP and Protocol Checksum Offload
       Some network cards support IP and/or protocol checksum offload.  Packet
       headers for such interfaces erroneously indicate a bad checksum, since the
       checksum is not calculated until after tcpdump sees the packet.