* Ignore tcp checksum on ip_conntrack
@ 2010-09-16 15:55 Alex Bligh
2010-09-20 10:28 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Alex Bligh @ 2010-09-16 15:55 UTC (permalink / raw)
To: Mail List - Netfilter; +Cc: Alex Bligh
ip_conntrack ditches packets for masquerading etc if their ip checksum
is wrong.
Is it possible to disable this behaviour on kernel 2.6.18 (I know, it's
old)? I have something that like producing tcp packets with invalid
checksums.
--
Alex Bligh
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Ignore tcp checksum on ip_conntrack
2010-09-16 15:55 Ignore tcp checksum on ip_conntrack Alex Bligh
@ 2010-09-20 10:28 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2010-09-20 10:28 UTC (permalink / raw)
To: Alex Bligh; +Cc: Mail List - Netfilter
On 16/09/10 17:55, Alex Bligh wrote:
> ip_conntrack ditches packets for masquerading etc if their ip checksum
> is wrong.
>
> Is it possible to disable this behaviour on kernel 2.6.18 (I know, it's
> old)? I have something that like producing tcp packets with invalid
> checksums.
# echo 0 > /proc/sys/net/netfilter/nf_conntrack_checksum
If you use ip_conntrack instead of nf_conntrack you have to set
ip_conntrack_checksum to 0.
# echo 0 > /proc/sys/net/ipv4/netfilter/ip_conntrack_checksum
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-09-20 10:28 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-09-16 15:55 Ignore tcp checksum on ip_conntrack Alex Bligh
2010-09-20 10:28 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox