On Nov 6, 2007 2:03 PM, Rick Jones <[EMAIL PROTECTED]> wrote: > Any thoughts as to how to deal with false checksum failure reports for > outbound > traffic being sniffed on a system with ChecKsum Offload (CKO)? It seems that > linux has a flag they can set when capturing the packet that would tell us, > not > sure what other platforms might have
Love it. It would be very nice to know if a packet's checksum will be calculated in a CKO card. > - there it might be necessary to "guess" > based on the source IP matching one of the system's local IPs. I don't think this is a good idea, even though I agree it is a source of confusion. Consider packets originating from "strange" sources -- userspace stacks, raw sockets, kernel modules, packet injection tools, etc. Do we loose the ability to detect a real bad checksum by implementing a heuristic to suppress a warning? Now, if it is really known that the checksum on a specific packet will be set by the hardware, it would be useful to indicate CKO present and/or suppress checksum warnings. But IMO the heuristic cure is worse than the false bad checksum flag problem. > rick jones --Harley - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
