["James E. Flemer" <jflemer@xxxxxxxxxxx>]

Sorry ... there was a bug in that patch. Here is to right
one. To apply the patch, extract the ethereal
sources. Change to the source directory
(ethereal-0.8.15/) and then run:
  patch < bad_checksum.diff
Then build ethereal as your normally would.
-James

On Wed, 21 Feb 2001, James E. Flemer wrote:

Thanks to the pointers from Hartmut Mueller I got this
patched up pretty quickly. I added hidden boolean fields
for ip.checksum_bad and icmp.checksum_bad. With this patch
you can set a filter of:
  ip.checksum_bad
to just show the packets that don't have matching
checksums.
Thanks for the help.
-James

On Wed, 21 Feb 2001, James E. Flemer wrote:

> On Tue, 20 Feb 2001, Guy Harris wrote:
> 
> > > I scanned the docs, and google'd for it ...
> > > Is there a way to filter ip.checksum to only show packets
> > > that have incorrect checksums?
> > 
> > No - a filter expression that checks "ip.checksum" could only compare it
> > against a constant, which won't find invalid checksums.  Currently, the
> > best you could do would be to print the capture to a file (print the
> > detail, not the summary), pull the editor into a file and look for
> > packets with an incorrect checksum (search for "incorrect") or cook up a
> > script that scans through the file, remembers the frame number of the
> > current frame, and lists that frame number if it sees a line showing an
> > incorrect checksum).
> > 
> > Adding a hidden Boolean field "ip.bad_checksum" (and similar fields for
> > other protocols with checksums) might be useful.
> Yes I agree that would be nice. :-)
> I have a few free hours this afternoon, I'll grab the
> sources and see if I can hack this in. Of course I'm not
> familiar with the sources (yet) so if someone beats me to
> it let me know.
> Thanks.
> -James
> 
> 

*** packet-ip.c.orig	Wed Feb 21 11:21:37 2001
--- packet-ip.c	Wed Feb 21 11:40:27 2001
***************
*** 86,91 ****
--- 86,92 ----
  static int hf_ip_ttl = -1;
  static int hf_ip_proto = -1;
  static int hf_ip_checksum = -1;
+ static int hf_ip_checksum_bad = 0;
  
  static gint ett_ip = -1;
  static gint ett_ip_dsfield = -1;
***************
*** 112,117 ****
--- 113,119 ----
  static int hf_icmp_type = -1;
  static int hf_icmp_code = -1;
  static int hf_icmp_checksum = -1;
+ static int hf_icmp_checksum_bad = 0;
  
  static gint ett_icmp = -1;
  
***************
*** 894,899 ****
--- 896,902 ----
              "Header checksum: 0x%04x (correct)", iph.ip_sum);
      }
      else {
+ 	proto_tree_add_item_hidden(ip_tree, hf_ip_checksum_bad, tvb, offset + 10, 2, TRUE);
  	proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb, offset + 10, 2, iph.ip_sum,
              "Header checksum: 0x%04x (incorrect, should be 0x%04x)", iph.ip_sum,
  	    in_cksum_shouldbe(iph.ip_sum, ipsum));
***************
*** 1124,1129 ****
--- 1127,1134 ----
  			cksum,
  			"Checksum: 0x%04x (correct)", cksum);
        } else {
+         proto_tree_add_item_hidden(icmp_tree, hf_icmp_checksum_bad,
+ 			tvb, 2, 2, TRUE);
          proto_tree_add_uint_format(icmp_tree, hf_icmp_checksum, tvb, 2, 2,
  			cksum,
  			"Checksum: 0x%04x (incorrect, should be 0x%04x)",
***************
*** 1447,1452 ****
--- 1452,1461 ----
  		{ &hf_ip_checksum,
  		{ "Header checksum",	"ip.checksum", FT_UINT16, BASE_HEX, NULL, 0x0,
  			"" }},
+ 
+ 		{ &hf_ip_checksum_bad,
+ 		{ "Bad Header checksum",	"ip.checksum_bad", FT_BOOLEAN, 4, NULL, 0x0,
+ 			"" }},
  	};
  	static gint *ett[] = {
  		&ett_ip,
***************
*** 1508,1513 ****
--- 1517,1526 ----
      { &hf_icmp_checksum,
        { "Checksum",	"icmp.checksum",	FT_UINT16, BASE_HEX,	NULL, 0x0,
        	"" }},
+ 
+ 	{ &hf_icmp_checksum_bad,
+ 	{ "Bad Checksum",	"icmp.checksum_bad", FT_BOOLEAN, 4, NULL, 0x0,
+ 		"" }},
    };
    static gint *ett[] = {
      &ett_icmp,