Ethereal-users: Re: [Ethereal-users] Verifying TCP checksum
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Theodore Marescaux <Theodore.Marescaux@xxxxxxx>
Date: Tue, 12 Dec 2000 17:33:16 +0100
Thanks Mark, I managed to patch packet-tcp.c myself. If some of you are interested into this TCP checksum you may find below the diff output. Please note that: - there is NO support for IPv6, I do not even test the IP type, if you capture IPv6 packets you will get an 'invalid checksum' message when you normally shouldn't - the patch seems to work for me, but I do not guarantee it is bug-free Theo ------ diff output below -------- 430,493d429 < static guint16 tcp_checksum(const guint8 *ptr, packet_info *pinfo, int len) < { < unsigned long Sum; < const unsigned char *Ptr, *PtrEnd; < address src, dst; < < Sum = 0; < < /* Computing the checksum on TCP header + TCP payload */ < PtrEnd = ptr + len; < for (Ptr = ptr; Ptr < PtrEnd; Ptr += 2) { < Sum += pntohs(Ptr); < } < < /* TCP checksum also includes a pseudo-header with IP info. cf. RFC 793 page 17*/ < src = pinfo->net_src; < dst = pinfo->net_dst; < < Sum += (src.data[0] << 8) + src.data[1]; < Sum += (src.data[2] << 8) + src.data[3]; < Sum += (dst.data[0] << 8) + dst.data[1]; < Sum += (dst.data[2] << 8) + dst.data[3]; < Sum += pinfo->ipproto & 0xFFFF; < Sum += len; < < Sum = (Sum & 0xFFFF) + (Sum >> 16); < Sum = (Sum & 0xFFFF) + (Sum >> 16); < < return (guint16)~Sum; < } < < < static guint16 tcp_checksum_shouldbe(guint16 sum, guint16 computed_sum) < { < guint32 shouldbe; < < /* < * The value that should have gone into the checksum field < * is the negative of the value gotten by summing up everything < * *but* the checksum field. < * < * We can compute that by subtracting the value of the checksum < * field from the sum of all the data in the packet, and then < * computing the negative of that value. < * < * "sum" is the value of the checksum field, and "computed_sum" < * is the negative of the sum of all the data in the packets, < * so that's -(-computed_sum - sum), or (sum + computed_sum). < * < * All the arithmetic in question is one's complement, so the < * addition must include an end-around carry; we do this by < * doing the arithmetic in 32 bits (with no sign-extension), < * and then adding the upper 16 bits of the sum, which contain < * the carry, to the lower 16 bits of the sum, and then do it < * again in case *that* sum produced a carry. < */ < shouldbe = sum; < shouldbe += computed_sum; < shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16); < shouldbe = (shouldbe & 0xFFFF) + (shouldbe >> 16); < return shouldbe; < } < < 509d444 < guint16 tcpsum; 604,613c539 < < tcpsum = tcp_checksum(tvb_get_ptr(tvb, offset, hlen), pinfo, hlen + seglen); < if (tcpsum == 0) { < proto_tree_add_uint_format(tcp_tree, hf_tcp_checksum, tvb, offset + 16, 2, th.th_sum, \ < "Checksum: 0x%04x (correct)", th.th_sum); < } < else { < proto_tree_add_uint_format(tcp_tree, hf_tcp_checksum, tvb, offset + 16, 2, th.th_sum, \ < "Checksum: 0x%04x (incorrect, should be 0x%04x)", th.th_sum, tcp_checksum_shouldbe(th.th_sum, tcpsum)); < } --- > proto_tree_add_uint(tcp_tree, hf_tcp_checksum, tvb, offset + 16, 2, th.th_sum); ---------- that was it -------------- Mark Atwood wrote: > Theodore Marescaux <Theodore.Marescaux@xxxxxxx> writes: > > > > I'm using ethereal 0.8.14 under Linux and I need to verifiy the validity > > of the TCP checksum on the packets I capture, but Ethereal does not seem > > to have such a feature. I've seen Ethereal has a plugin facility. Does > > someone know if a plugin could be used for this purpose, if such a > > plugin exists (verifying TCP checksum) or where to find information on > > how to write plugins for Ethereal. > > It shouldn't be too hard to add (I picked apart the IP checksum bits a > while back). Tell ya what, if no one else gets to it by then, I'll try > to getting around add it and submit a patch by this weekend. > > -- > Mark Atwood | The summit of Mount Everest is marine limestone. > mra@xxxxxxxxx | > http://www.pobox.com/~mra
- Follow-Ups:
- Re: [Ethereal-users] Verifying TCP checksum
- From: Guy Harris
- Re: [Ethereal-users] Verifying TCP checksum
- References:
- [Ethereal-users] Verifying TCP checksum
- From: Theodore Marescaux
- Re: [Ethereal-users] Verifying TCP checksum
- From: Mark Atwood
- [Ethereal-users] Verifying TCP checksum
- Prev by Date: Re: [Ethereal-users] Verifying TCP checksum
- Next by Date: Re: [Ethereal-users] Verifying TCP checksum
- Previous by thread: Re: [Ethereal-users] Verifying TCP checksum
- Next by thread: Re: [Ethereal-users] Verifying TCP checksum
- Index(es):