Wednesday 7 September 2011

regarding TCP checksum offload and linux kernel netfilters

Rewriting certain parts of a TCP packet via netfilter can be tricky if your NIC does TCP checksum offloading. Apparently, th->check needs to hold the checksum of the pseudo header, the hardware will finish up the rest. Besides, IP checksum may be necessary to fill in correctly, why is that not computed in hardware as well (?)...