273618 – [pf] Port redirects for packets received on loopback have bad checksums

Bug 273618 - [pf] Port redirects for packets received on loopback have bad checksums

Summary: [pf] Port redirects for packets received on loopback have bad checksums

Status:	Open

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	13.2-STABLE
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	freebsd-pf (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-09-07 16:10 UTC by dfr
Modified:	2023-11-03 11:38 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description dfr 2023-09-07 16:10:43 UTC

Normally packets received on loopback bypass the tcp checksum calculation since the packet is expected to not leave the host. The packet header is marked as having a good checksum in looutput() even though the th_csum field (for tcp packets) just contains the pseudo header partial sum.

If the packet's destination address is re-written to an address which routes it to some other host, the packet will be delivered with a bad checksum and discarded by the target's tcp stack. I can work around this with 'ifconfig lo0 -txcsum' but it would be better if there was a way for pf to detect this situation and repair the checksum.