Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] master 104a6ed: Disable IPv4 checksum ve

From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Mon, 03 Mar 2014 09:52:19 -0800
On 3/2/14 6:14 AM, Jasper Bongertz wrote:
>> On Sat, Mar 01, 2014 at 01:49:58PM +0000, Wireshark code review wrote:
>>> URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=104a6edd1fb703c5c2319c893720df86f8c9a9e7
>> ...
>>> 104a6ed by Gerald Combs (gerald@xxxxxxxxxxxxx):
>>>
>>>     Disable IPv4 checksum verfification to match TCP and UDP.
>>>     
>>>     Offloading seems to be very common nowadays and having this option
>>>     enabled by default generates a lot of false positives. Suggested by
>>>     Laura Chappell.
>>>     
>>>     Change-Id: I285f218efb3c9f164d8ad7a6d6de8270e442ffff
> 
>> While this is currently the right thing to do, it might make more sense
>> to disable all this checksum verification stuff only for outgoing traffic.
>> Unfortunately our current captures don't support that distinction. What
>> would be required where to make this possible?
>> My guess:
>> - Add a metadata element "direction" to the capture information provided
>>   by the network driver and
>> - add "direction" element to libpcap packet header and fill it with the
>>   information from above.
>> How much work would that amount to?
> 
> The pcap-ng file format has "packet blog flags" in the EPB block type,
> which has two bits to indicate direction (00 = information not
> available, 01 = inbound, 10 = outbound). I don't think those flags are
> being  set by dumpcap as of now, but it would be the way to go from my
> point of view.

It might make sense to fetch the offload settings for each interface and
adjust the checksum settings accordingly. We have offload code for
Windows but we currently only use it for the interface details dialog
(ui/gtk/capture_if_details_dlg_win32.c).

In the meantime unless anyone objects I'm going to cherry-pick the
change to master-1.10 for inclusion in 1.10.6.