ipsec, ipfilter and corrupted mac on input
I’ve been having problems for sometime when transferring JPG files via 802.11 from my iBook to the Qube. The files can be sent via SMB or ftp, and show up as corrupted images (the initial uploads of Abi showwed this problem). Trying to copy via scp/sftp resulted in the ‘Corrupted MAC on input’ message, which is muttered about in mailing lists, but never fully explored.
I’ve found that the problem lay with IPFilter – it was killing fragments of packets and so presenting corrupt looking information to the Qube. Quite why it does this is a mystery to me, and it’s also unclear why my initial attempts to drop my MTU to 1400 for the wireless leg failed so miserably (my initial thought was that as all WiFi traffic from my iBook is IPSec encrypted, dropping the MTU should allow the IPSec encapsulation to fit into a standard 1500 packet size).
The solution was simple: I just added ‘keep frags’ to the end of every IPFilter rule which passed IPSec encrypted data into the Qube, and so far nothing has gone wrong. I need to run more tests over a number of days to ensure that it isn’t hidden elsewhere, but so far over 300MB of JPG files have been copied without a hitch, whereas before I was getting 7 or 8 out of 10 corrupt images.
Needless to say, lack of corruption also means there have been no ‘Corrupted MAC on input’ errors either.