On Nov 7, 2007 12:54 PM, Rick Jones <[EMAIL PROTECTED]> wrote: > Harley Stenzel wrote: > > On Nov 6, 2007 2:03 PM, Rick Jones <[EMAIL PROTECTED]> wrote: > > > >>Any thoughts as to how to deal with false checksum failure reports for > >>outbound > >>traffic being sniffed on a system with ChecKsum Offload (CKO)? It seems > >>that > >>linux has a flag they can set when capturing the packet that would tell us, > >>not > >>sure what other platforms might have > > > > > > Love it. It would be very nice to know if a packet's checksum will be > > calculated in a CKO card. > > These are some of the specifics courtesy of folks over in the linux netdev > mailing list: > > > The thing to check is "TP_STATUS_CSUMNOTREADY". > > > > When using mmap(), it will be provided in the descriptor. When using > > recvmsg() it will be provided via a PACKET_AUXDATA control message > > when enabled via the PACKET_AUXDATA socket option. > > I have tried to take a quick first look at the pcap code for linux but wasn't > in > the correct frame of mind and so got lost rather quickly. > > Without a corresponding change to the binary file format (as in find a spare > bit > somewhere) the change would initially be limited to "live" tracing. Not a > complete solution, but a step in the right direction. > > Meanwhile, making certain that the docs/manpage etc call-out that tracing on a > CKO capable system/NIC will result in false checksum failure reports for > outbound traffic would be goodness. I suppose I should have checked if that > was > already there before typing the previous sentence, but there you go :)
It should call out that "ON SOME SYSTEMS" this will result in the checksum being reported as invalid. Some popular systems put 0x0000 in the checksum field when CKO is used. This allows tools such as wireshark to heuristically detect : checksum is wrong, but the packet contains 0x0000 which is what several popular implementations store in the packet when CKO is used, so no need to flag it with checksum invalid. If pcap on linux would detect CKO and modify the packet to clear the tcp checksum field to 0x0000 before passing it to the application this would make tools such as wireshark work correctly when capturing and also when reading files without the need to modify the file format. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
