bad udp cksum messages in tcpdump for wg0

google gsuite cs at
Fri Dec 20 14:47:55 CET 2019


My DNS server is available via a wireguard interface. Because of many requests I did a tcpdump on the traffic and found messages like.

14:05:34.881307 IP (tos 0x0, ttl 63, id 33826, offset 0, flags [DF], proto UDP (17), length 54) > [bad udp cksum 0xd719 -> 0x6360!] 8446+ A? postgres. (26)

I could turn that messages off with turning off check validation on the interface

ethtool -K wg0 tx off rx off
Actual changes:
rx-checksumming: off
tx-checksumming: off
tx-checksum-ip-generic: off

The tcpdump traffic looks now like this

14:08:36.494987 IP (tos 0x0, ttl 63, id 61627, offset 0, flags [DF], proto UDP (17), length 54) > [udp sum ok] 1324+ A? postgres. (26)

I want to know if the behavior described above with the checksum errors is to be expected? Or is it necessary to turn those checks off on all the interfaces?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the WireGuard mailing list