Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 3112] CDP Checksum Calculation Incorrect

Date: Mon, 5 Jan 2009 15:22:37 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3112





--- Comment #31 from Greg Neujahr <wireshark@xxxxxxxxxxxxxxxxxxxxx>  2009-01-05 15:22:36 PDT ---
(In reply to comment #28)
Indeed, that does sound very related as that's the exact problem I'm seeing
with this 2950 switch. There are two 'valid' ways of calculating a checksum. I
hadn't linked the 0x80 byte condition as a possible issue, but apparently it
is. The packets we're looking at have an odd number of bytes and end in 0xFE,
which is decidedly greater than 0x80. 

What may be required here is a completely new checksum algorithm specifically
for CDP, instead of trying to use in_cksum. The question is, what formula is
being used to determine the checksum then? 

Tomorrow I'll try to get some captures of a switch that has a CDP packet ending
in a number less than 0x80 with odd/even lengths, and also do the same with a
router. Perhaps these captures will shed some light on the situation so that we
can construct the forumla correctly.

Jaap, if you want to try and put together a patch/function that can do all
this, then I'll be glad to test it. Seems to be the base functionality is this:

1. Sum up all the bytes.
2. If odd length, byteswap the pad byte
3. Calculate the checksum.
4. If even length, checksum should be 0x0000
5. If odd length, and byte[length - 1] >= 0x80, checksum should be 0xFFFE
6. If odd length, and byte[length - 1] < 0x80, checksum should be 0x0000

I think that's what line 6 is supposed to be. I'm a bit tired at the moment, so
am not quite sure right now until I get it tested.

I'm also a cisco employee, so I'll see if I can find a contact somewhere who
might be able to tell me how this is calculated. However, I wouldn't count on
this as I'm nowhere near any IOS developers.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.