Project

General

Profile

Actions

Bug #311

closed

Confusing option checksum_validation

Added by Pierre Chifflier over 12 years ago. Updated about 12 years ago.

Status:
Closed
Priority:
Low
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

The option checksum_validation has strange side-effects, like disabling all App layer decoders when running on local traffic. This seems to be caused by the checksum offload on the NIC, making all packets have a checksum of 0 and get dropped.

Now, what is really annoying is that there is no warning on what is happening and no easy way to guess it. The result is also not the same, depending on the packet source:
  • live pcap will drop packets silently
  • nfqueue will work

Since this option could be considered harmful, I'd propose to disable it by default. Maybe also a big fat warning could be issued when using it on local traffic, or try to detect if offload is enabled ?

Actions

Also available in: Atom PDF