TCP checksum and device driver eri0

From: Giovanni Porcelli (porcelli_at_unipmn.it)
Date: 06/27/03


Date: Fri, 27 Jun 2003 16:30:41 +0200
To: focus-sun@securityfocus.com

During a snoop session on a 280R with solaris 9 and network interface
eri0, I noticed that the TCP checksum field of every outgoing packet was
incorrect.
This happened also on a Netra 120 with solaris 8 and on the same machine
with solaris 9 (obviusly with eri0). I tried also with tcpdump, but the
result was the same.
The same packet snooped on the network has the correct checksum value.
I believe that something happens between the snoop point on the machine
and the network interface eri0 output.
I also tried on other machines: on a Sun 450R with solaris 9 (but with
hme0) the TCP checksum snooped locally is correct, also on a Sun 250
with solaris 8 and hme0 is correct.
With this last result I believe that the responsible is the eri0 driver.
It is true?
If I want to snoop locally *but* with the correct checksum value, how
can I do?
Any suggestion?

Regards
Giovanni Porcelli