Wireshark · Wireshark-dev: [Wireshark-dev] [PATCH] Fix for bug 1136 : tcp-checksum 0xffff

Wireshark-dev: [Wireshark-dev] [PATCH] Fix for bug 1136 : tcp-checksum 0xffff

From: Sake Blok <sake@xxxxxxxxxx>

Date: Sat, 31 Mar 2007 12:04:41 +0200

Hi,

I did some research to tcp-checksum 0xffff. This checksum should not
appear in tcp-headers. RFC 1624 explains that it can be generated
by a (not-so-good) algorythm for incremental updates to the tcp-checksum
(after NAT for example). The RFC advises systems to validate the 
checksum according to RFC 1071 (which will treat the checksum as
valid). Wireshark indeeds uses the method from RFC 1071.

However, some systems just calculate the checksum and then compare
it to the checksum in the packet. This results is a bad checksum
(0x0000 != 0xffff) and the packet will be dropped.

To enhance troubleshooting this situations I wrote a patch that 
displayes the checksum as follows:

Checksum: 0xffff [incorrect, should be 0x0000 (maybe caused by "Incremental update"? See RFC 1624.)]

Could someone review this patch (which is attached to bugzilla)?

Cheers,


Sake

Follow-Ups:
- Re: [Wireshark-dev] [PATCH] Fix for bug 1136 : tcp-checksum 0xffff
  - From: Sebastien Tandel

Prev by Date: Re: [Wireshark-dev] FYI: Native Mac OS X port of GTK+ on the horizon ...
Next by Date: Re: [Wireshark-dev] [PATCH] Fix for bug 1136 : tcp-checksum 0xffff
Previous by thread: Re: [Wireshark-dev] Update official Windows build?
Next by thread: Re: [Wireshark-dev] [PATCH] Fix for bug 1136 : tcp-checksum 0xffff
Index(es):
- Date
- Thread