On 6/12/06, Molle Bestefich <molle dot bestefich at gmail dot com> wrote:
> In case anyone is interested, after a couple of days of work I finally
> found the problem.
> Turns out that the box behind my m0n0wall transmitted packets with a
> wrong TCP checksum.
> m0n0wall dropped the packets (as expected), but logged nothing in the
> firewall log !!
Unless you disabled logging on the default rules, had it hit the
firewall rules it would have gotten logged under any circumstance.
I'm quite certain that a packet with a bad TCP checksum won't get far
enough into the kernel to even get to the firewall. Does *any*
general purpose OS actually pass packets with bad TCP checksums so far
in the stack that they hit the firewall? I seriously doubt it, it's a
waste. That may not even make it past the hardware on some NIC's.
Point being, if your system is so broken that it's sending out packets
with broken TCP checksums (dare I even ask how that happened....), I
don't think any firewall is going to log that unless the OS logs
received packets that are screwed up. I would imagine they just show
up in the error counter on the interface.