Wireshark mailing list archives
Re: [Wireshark-commits] master 104a6ed: Disable IPv4 checksum verfification to match TCP and UDP.
From: Jasper Bongertz <jasper.sharklists () packet-foo com>
Date: Sun, 2 Mar 2014 15:14:14 +0100
On Sat, Mar 01, 2014 at 01:49:58PM +0000, Wireshark code review wrote:URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=104a6edd1fb703c5c2319c893720df86f8c9a9e7...104a6ed by Gerald Combs (gerald () wireshark org): Disable IPv4 checksum verfification to match TCP and UDP. Offloading seems to be very common nowadays and having this option enabled by default generates a lot of false positives. Suggested by Laura Chappell. Change-Id: I285f218efb3c9f164d8ad7a6d6de8270e442ffff
While this is currently the right thing to do, it might make more sense to disable all this checksum verification stuff only for outgoing traffic. Unfortunately our current captures don't support that distinction. What would be required where to make this possible? My guess: - Add a metadata element "direction" to the capture information provided by the network driver and - add "direction" element to libpcap packet header and fill it with the information from above. How much work would that amount to?
The pcap-ng file format has "packet blog flags" in the EPB block type, which has two bits to indicate direction (00 = information not available, 01 = inbound, 10 = outbound). I don't think those flags are being set by dumpcap as of now, but it would be the way to go from my point of view. See http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#sectionepb and http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#appendixPBFM Cheers, Jasper ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: [Wireshark-commits] master 104a6ed: Disable IPv4 checksum verfification to match TCP and UDP. Joerg Mayer (Mar 02)
- Re: [Wireshark-commits] master 104a6ed: Disable IPv4 checksum verfification to match TCP and UDP. Jasper Bongertz (Mar 02)