First of all - disclaimer - I'm no network specialist, I just read and am interested in it. I may get things wrong!! > > > Both physical interfaces show the same. But does this mean it's on as in "rx- > checksumming: on" or off as in "tx-checksum-ipv4: off [fixed]"? As far as I understand it rx-checksum is the underlying wire checksumming - and from what I've read about it, disabling that disables the UDP checksums. > > Assuming that I do not receive packets with invalid UPD checksums, then the > packages must be somehow altered and their UPD checksums recalculated to > arrive here. Does bad hardware etc. do that? Why would the UDP checksums > just happen to get recalculated correctly but like randomly without intent? I'm not sure I understand what you are asking. But it's unlikely (very unlikely) that the checksums are randomly correct. But packet checksums are recalculated when packets are forwarded by layer 4 switches - the contents of the package are inspected as part of the switching process. > > Only when asterisk (i. e. libsrtp) finally verifies the authentication tag of > an SRTP package against the authenticated part of the package --- which, > according to RFC 3711, seems to be the entire payload of the UPD package --- > the verfication fails. > > How is that possible? > If it's SRTP checksum error, then that checksum is part of the packet payload at the application level - the UDP checksum is for the whole packet. Presumably the contents of the application payload were altered after the SRTP checksum was calculated but before the UDP packet checksum. It could be a bad layer 4 switch I suppose. Probably your best bet is to use wireshark to decode the packets to see what the raw data looks like. P.