* bad udp cksum messages in tcpdump for wg0
@ 2019-12-20 13:47 google gsuite
2019-12-27 14:45 ` Matthias Urlichs
0 siblings, 1 reply; 2+ messages in thread
From: google gsuite @ 2019-12-20 13:47 UTC (permalink / raw)
To: wireguard
[-- Attachment #1.1: Type: text/plain, Size: 962 bytes --]
Hi
My DNS server is available via a wireguard interface. Because of many requests I did a tcpdump on the traffic and found messages like.
14:05:34.881307 IP (tos 0x0, ttl 63, id 33826, offset 0, flags [DF], proto UDP (17), length 54)
10.99.97.15.53628 > 10.99.97.17.domain: [bad udp cksum 0xd719 -> 0x6360!] 8446+ A? postgres. (26)
I could turn that messages off with turning off check validation on the interface
ethtool -K wg0 tx off rx off
Actual changes:
rx-checksumming: off
tx-checksumming: off
tx-checksum-ip-generic: off
The tcpdump traffic looks now like this
14:08:36.494987 IP (tos 0x0, ttl 63, id 61627, offset 0, flags [DF], proto UDP (17), length 54)
10.99.97.15.40185 > 10.99.97.17.domain: [udp sum ok] 1324+ A? postgres. (26)
I want to know if the behavior described above with the checksum errors is to be expected? Or is it necessary to turn those checks off on all the interfaces?
BR
ybaumy
[-- Attachment #1.2: Type: text/html, Size: 1102 bytes --]
[-- Attachment #2: Type: text/plain, Size: 148 bytes --]
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: bad udp cksum messages in tcpdump for wg0
2019-12-20 13:47 bad udp cksum messages in tcpdump for wg0 google gsuite
@ 2019-12-27 14:45 ` Matthias Urlichs
0 siblings, 0 replies; 2+ messages in thread
From: Matthias Urlichs @ 2019-12-27 14:45 UTC (permalink / raw)
To: wireguard
Hi,
> ethtool -K wg0 tx off rx off
>
> I want to know if the behavior described above with the checksum
> errors is to be expected? Or is it necessary to turn those checks off
> on all the interfaces?
Yeah. I need that too, on one of my routers. Apparently some checksum
offloading hardware gets confused by wireguard.
Interestingly, on that machine fixing this problem requires turning off
checksumming on the wg interface _or_ on the hardware interface, either
way is sufficient.
--
-- Matthias Urlichs
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-12-27 14:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-20 13:47 bad udp cksum messages in tcpdump for wg0 google gsuite
2019-12-27 14:45 ` Matthias Urlichs
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).