Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 5105] IP should not compute the header checksum if within

Date: Wed, 8 Sep 2010 19:48:54 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5105

--- Comment #7 from Chris Maynard <christopher.maynard@xxxxxxxxx> 2010-09-08 19:48:49 PDT ---
Indeed this is invalid.

When I first reported this bug, I had erroneously thought that the ICMP
encapsulated IP header checksum was correct since the checksum itself matched
the IP header checksum of the packet that caused the ICMP packet to be sent in
the first place.  However, upon closer inspection, I now see that the ICMP
encapsulated IP header total length field has increased by 20 bytes; yet the
checksum wasn't recomputed.  Thus, the encapsulated IP header checksum truly is
incorrect.

The question then remains, "Why was the ICMP encapsulated IP header's total
length field increased by 20 bytes?"  I don't have any details yet about the
host that sent this ICMP destination unreachable message, but it seems almost
certain that it is faulty ... unless anyone can offer some explanation I'm not
aware of? 

Incidentally, this faulty host also zeroed the ICMP encapsulated UDP checksum
field instead of using the original checksum as it should have.

Anyway, I was misled due to the matching checksum and apologize for the invalid
bug report and grief it caused.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.