Bug 145737 - [netinet] [patch] Wrong UDP checksum not ignored as expected in UDP encapsuladed ESP packet
Summary: [netinet] [patch] Wrong UDP checksum not ignored as expected in UDP encapsula...
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: Unspecified
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs mailing list
Depends on:
Reported: 2010-04-16 00:50 UTC by Peter Molnar
Modified: 2017-12-31 22:24 UTC (History)
0 users

See Also:

file.diff (758 bytes, patch)
2010-04-16 00:50 UTC, Peter Molnar
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Molnar 2010-04-16 00:50:01 UTC
Test setup:

A FreeBSD machine acts as VPN client (ESP-Transport, L2TP, NAT-T) to an OpenSWAN based VPN concentrator.

Problem description:

The L2TP (UDP) packets originating from the concentrator are rejected because of a wrong UDP checksum.

Detailed problem description:

[RFC 3948, 3.1.2] states: 

   When a transport mode has been used to transmit packets, contained
   TCP or UDP headers will have incorrect checksums due to the change of
   parts of the IP header during transit.  This procedure defines how to
   fix these checksums [...]

   Depending on local policy, one of the following MUST be done:


   3.  If the protocol header after the ESP header is a UDP header, set
       the checksum field to zero in the UDP header. [...]

Fix: Patch attached with submission follows:
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2010-04-17 07:21:27 UTC
Responsible Changed
From-To: freebsd-bugs->freebsd-net

Over to maintainer(s).
Comment 2 Bjoern A. Zeeb freebsd_committer 2010-04-17 16:47:48 UTC
Responsible Changed
From-To: freebsd-net->bz

Comment 3 Bjoern A. Zeeb freebsd_committer 2010-04-17 16:56:51 UTC

while this is the simplest solution there is a patch for review that
is supposed to do proper cksum re-calculations by 3.1.2. 1. which I
think would prefer.

This is especially the case as the default of RFC2661 (L2TP) says that
UDP checksums must be enabled. To my memory an application may disbale
them for data messages but never for control messages;  thus you
actually want proper checksum re-calculation when doing L2TP.

Bjoern A. Zeeb         It will not break if you know what you are doing.
Comment 4 Bjoern A. Zeeb freebsd_committer 2014-05-18 06:01:11 UTC
Responsible Changed
From-To: bz->gnn

I shall not use bugzilla (at least until we will have a CLI).
Comment 5 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 08:00:12 UTC
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped