<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7036.0">
<TITLE>Lost packets; UDP Checksum (chksum) errors; forwarding - source spoofing; libnet bug</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P><FONT SIZE=2 FACE="Arial">OK… I've only posted here a couple of times, but I've googled this list (for help) extensively in the past. Before I waste everyone's time, I just wanted to find out if I'm the only one who "didn't already know" that there's a nasty bug in libnet-1.1.2.1, such that anybody doing source-spoofed forwarding of UDP-based syslog packets will likely end up losing large volumes of packets in the process (in my case a 2/3 loss of packets).</FONT></P>
<P><FONT SIZE=2 FACE="Arial">Again… I thought that I had searched the mailing list archives properly, and that I didn't see a mention of this issue (as I've been fighting my way through figuring this out, over a multi-week period), BUT, as this would seem to impact a lot of syslog-ng users, I keep thinking that I've just missed something, and everyone else already knows about this. Before I waste time writing a detailed message on the topic, I figured that I'd ask first.</FONT></P>
<P><FONT SIZE=2 FACE="Arial">Marvin Nipper</FONT>
<BR><FONT SIZE=2 FACE="Arial">Director of Security</FONT>
<BR><FONT SIZE=2 FACE="Arial">Stream</FONT>
<BR><A HREF="mailto:marvin.nipper@stream.com"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">mailto:marvin.nipper@stream.com</FONT></U></A>
<BR><FONT SIZE=2 FACE="Arial">PGP Key ID: 0x8EE28551 (DSS/DH)</FONT>
<BR><FONT SIZE=2 FACE="Arial">8C5D 403A D107 0A95 672B B637 BCF1 919A 8EE2 8551</FONT>
</P>
</BODY>
</HTML>