Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Problem with tcp_dissect_pdus

From: "John R." <jhoger@xxxxxxxxx>
Date: Thu, 13 Jul 2006 11:33:22 -0700
On 7/13/06, Ulf Lamping <ulf.lamping@xxxxxx> wrote:

Well, this is not a bug in the common sense (the code does what's intended). However, with current Windows systems (and when I remember right some Unixes use offloading too), it's questionable if this is the best way to handle this ...


It's a usability bug in the common sense. The code may do what the
programmer intends, but not what the user expects. It violates the
"Principle of Least Surprise." If it cannot be fixed below Wireshark,
probably Wireshark should have a heuristic to detect the situation and
offer the user the option to turn off checksum validation. "It appears
that checksum calculations are being offloaded to your network card.
Would you like to disable checksum validation so that packets will be
properly decoded? Yes/No", with a "Don't ask me again" checkbox.

This is a particularly bad bug in the OP's case: assuming this is what
is actually happening, he didn't realize that the checksums were
wrong. He couldn't look up the problem in the FAQ since he didn't know
it was a checksum validation problem. There is one sentence buried in
the checksum section about "If the checksum validation is enabled and
it detected an invalid checksum, features like packet reassembling
won't be processed." So even a dilligent user is unlikely to resolve
the problem on their own.

-- John.