Wireshark-users: Re: [Wireshark-users] BAD TCP CHECKSUM in loopback interface
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sat, 05 Jan 2008 11:44:05 -0800
Boschetti Alberto wrote:
Hi, I'm learning something about C network programming and I've downloaded several client/server application.

When I use them on the loopback interface (client and server have address 127.x.x.x) and I look to the packet with wireshark, I see that the packets have a incorrect TCP checksum. When I use the same programs with 2 PC on a wired network, wireshark say that the TCP checksum are correct.

I'm using the newest version of Wireshark. Is it a bug of Wireshark or a problem on my pc?

It's probably a characteristic of the operating system on your PC.

A number of network adapters support TCP checksum offloading; this means that if the host operating system, and the driver for that adapter on that operating system, support TCP checksum offloading, a TCP segment packet that is transmitted through that adapter doesn't have a checksum computed by the host transmitting it before handing it to the IP layer, under the assumption that the network adapter will compute the checksum and set it in the TCP header.

In addition, the adapter will also check the checksum of incoming packets; the host doesn't have to do that.

That way, if the network adapter has enough CPU power - or the right hardware in the data path - to do the checksumming (which it might do when DMAing the packet from or to the host), the CPU doesn't have to.

On those OSes, the "driver" for the loopback adapter might also pretend to support TCP checksum offloading, but not bother to add a checksum, because a packet "transmitted" on the loopback adapter will also be "received" by the loopback adapter, and if the adapter claims to do checksum offloading, the host won't bother checking the checksum either. If you can get a corrupted packet on the loopback network, you have bigger problems than problems with TCP :-), so not bothering to checksum TCP segments on the loopback network could be worth it.

So it might be that the checksum isn't correct, that it's not correct because the TCP implementation didn't bother setting it, and that the TCP implementation didn't bother checking it, either, because it's not worth the effort of checking it.