[Openswan dev] NAT-keepalive packet and UDP checksum
Paul Wouters
paul at xelerance.com
Fri Oct 22 11:57:06 EDT 2010
On Fri, 22 Oct 2010, Mark Ryden wrote:
> I had made some tests with OpenSwan when the clients were behind a
> nat, using nat-traversal and UDP encapsulation.
>
> There are NAT-keepalive packets sent from OpenSwan clients on UDP port 4500.
> I saw in the sniffer that the UDP checksum is not zero.
>
> This is in contradiction to the RFC 3948,
>
> "the IPv4 UDP Checksum SHOULD be transmitted as a zero value, and
> receivers MUST NOT depend upon the UDP checksum being a zero value"
Thanks, I've filed this as a bug: https://bugs.openswan.org/issues/1158
I took a brief look at programs/pluto/nat_traversal.c, but it needs a little more
attention to get fixed.
Paul
More information about the Dev
mailing list