On Wed, Mar 08, 2006 at 11:52:42AM -0500, Jon Hart wrote:

> Any reason to believe this problem shows itself on non-bridged setups?
> I've had an intermittent problem on a 3.8-current box from october where
> packets are dropped because of invalid checksums. Up until now, I've
> suspected faulty cards, cables or setups on the sending machines (Debian
> with 2.4 kernel).
>
> My setup scrubs in and out, hence my question on whether this would work
> in setups other than bridged.

IP forwarding generally calls ip_output() which recalculates the
checksum, but there might be cases of hardware checksumming and/or
pf routing where that is not done.

The problem only affects the no-df and min-ttl options of scrub. If you
have confirmed broken IP checksums (at the recipient) with either of
those two options, and correct checksums with the option(s) disabled,
then, yes, the patch should fix it.

Daniel