Is this some product of doing the checksum comptuation in hardware, and
the libpcap intercepts the packet before checksumming is performed?
Is the checksum set to a constant, such as zero? Perhaps this is
something we can key off of by default for those platforms?
-Devin
On Fri, 2003-02-28 at 10:45, Biot Olivier wrote:
> Agreed but only partially. If the trace is taken on some SUN Solaris
> machines from which the TCP traffic is originating, then all sent TCP
> packets will probably have a bad TCP checksum.
>
> It would be better to provide a preference parameter in the TCP handler
> allowing us to choose between ignoring and considering the TCP checksum
> errors altogether.
>
> Regards,
>
> Olivier
>
> > -----Original Message-----
> > From: Devin Heitmueller [mailto:dheitmueller@xxxxxxxxxxx]
> >
> > Shouldn't this be based in part on the result of the TCP checksum? If
> > the TCP checksum validation fails, the peer is going to discard the
> > packet and wait for a retransmit. In this case, we should probably be
> > dissecting the second packet, not the first. There is little value in
> > attempting to dissect a packet that fails the TCP checksum,
> > as it could
> > contain complete garbage.
--
Devin Heitmueller
Senior Software Engineer
Netilla Networks Inc
