The following reply was made to PR kern/18517; it has been noted by GNATS.

From: darrenr@netbsd.org (Darren Reed)
To: kivinen@ssh.fi
Cc: gnats-bugs@netbsd.org
Subject: Re: kern/18517
Date: Fri, 10 Mar 2006 10:26:58 +0000 (UTC)

 You might like to make this change to the 3.4.29 source you tested
 last with.  To explain what's happening, the NAT code will alter the
 IP checksum, believing it to be (currently) correct.  In the case
 of fastroute'd packets, especially those we generate, ip_natout is
 being called before the checksum is calculated.  If it then
 modifies ip_sum to be non-0, IP sees it as being non-0 and assumes
 it to be correct.  So when ip_natout returns 1 (it has modified the
 packet), we reset the sum to 0 and let IP calculate it for us.
 
 Darren
 
 ***************
 *** 1674,1683 ****
                 fin->fin_fr = NULL;
                 if (!fr || !(fr->fr_flags & FR_RETMASK))
                         (void) fr_checkstate(ip, fin);
 !               (void) ip_natout(ip, fin);
                 fin->fin_ifp = sifp;
         } else
                 ip->ip_sum = 0;
         /*
          * If small enough for interface, can just send directly.
          */
 --- 1761,1785 ----
                 fin->fin_fr = NULL;
                 if (!fr || !(fr->fr_flags & FR_RETMASK))
                         (void) fr_checkstate(ip, fin);
 ! 
 !               switch (ip_natout(ip, fin))
 !               {
 !               case 0 :
 !                       break;
 !               case 1 :
 !                       ip->ip_sum = 0;
 !                       break;
 !               case -1 :
 !                       error = EINVAL;
 !                       goto done;
 !                       break;
 !               }
 ! 
                 fin->fin_ifp = sifp;
 +               fin->fin_out = sout;
         } else
                 ip->ip_sum = 0;
 +