Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] master 104a6ed: Disable IPv4 checksum ve
Date Next Thread Next
From: Joerg Mayer <[email protected]>
Date: Sun, 2 Mar 2014 14:57:42 +0100
On Sat, Mar 01, 2014 at 01:49:58PM +0000, Wireshark code review wrote:
> URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=104a6edd1fb703c5c2319c893720df86f8c9a9e7
> 104a6ed by Gerald Combs ([email protected]):
>     Disable IPv4 checksum verfification to match TCP and UDP.
>     Offloading seems to be very common nowadays and having this option
>     enabled by default generates a lot of false positives. Suggested by
>     Laura Chappell.
>     Change-Id: I285f218efb3c9f164d8ad7a6d6de8270e442ffff

While this is currently the right thing to do, it might make more sense
to disable all this checksum verification stuff only for outgoing traffic.
Unfortunately our current captures don't support that distinction. What
would be required where to make this possible?
My guess:
- Add a metadata element "direction" to the capture information provided
  by the network driver and
- add "direction" element to libpcap packet header and fill it with the
  information from above.
How much work would that amount to?

Joerg Mayer                                           <[email protected]>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.