Actions
Bug #618
closedTCP checksum seems to be broken
Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:
Description
Using - master branch(02874a16f5068bdb62998d77582bcf4855251429)
System: Ubuntu 12.10
Dependences: via apt-get build-dep suricata
Configure options:
configure \
--enable-debug \
--prefix=${PROJECT_DIR}/build/debug/
Packets, that was captured from PCAP-interface or PCAP-file, get wrong calculated tcp checksum and fail tcp checksum validation.
Running suricata (compiled with debug)
last-g@lastnotel:~/Workspace/suricata$ sudo build/debug/bin/suricata -i lo | grep Check [26352] 6/11/2012 -- 22:45:36 - (stream-tcp.c:4043) <Debug> (StreamTcpValidateChecksum) -- Checksum of received packet 0x242bf30 is invalid (computed: 48106, in packet: 12542) [26352] 6/11/2012 -- 22:45:36 - (stream-tcp.c:4043) <Debug> (StreamTcpValidateChecksum) -- Checksum of received packet 0x2430a30 is invalid (computed: 22046, in packet: 12542) [26352] 6/11/2012 -- 22:45:36 - (stream-tcp.c:4043) <Debug> (StreamTcpValidateChecksum) -- Checksum of received packet 0x2435530 is invalid (computed: 31238, in packet: 10494) [26352] 6/11/2012 -- 22:45:39 - (stream-tcp.c:4043) <Debug> (StreamTcpValidateChecksum) -- Checksum of received packet 0x2443630 is invalid (computed: 53183, in packet: 14078) [26352] 6/11/2012 -- 22:45:39 - (stream-tcp.c:4043) <Debug> (StreamTcpValidateChecksum) -- Checksum of received packet 0x2448130 is invalid (computed: 34559, in packet: 10494) [26352] 6/11/2012 -- 22:45:42 - (stream-tcp.c:4043) <Debug> (StreamTcpValidateChecksum) -- Checksum of received packet 0x244cc30 is invalid (computed: 45820, in packet: 10494) [26352] 6/11/2012 -- 22:45:42 - (stream-tcp.c:4043) <Debug> (StreamTcpValidateChecksum) -- Checksum of received packet 0x2451730 is invalid (computed: 57593, in packet: 10494) [26352] 6/11/2012 -- 22:45:42 - (stream-tcp.c:4043) <Debug> (StreamTcpValidateChecksum) -- Checksum of received packet 0x2456230 is invalid (computed: 57337, in packet: 10494) ^C
Running tcpdump:
last-g@lastnotel:~/Workspace/suricata$ sudo tcpdump -i lo -w dump.pcap port 31337 tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes ^C8 packets captured 16 packets received by filter 0 packets dropped by kernel
Running testsuit:
last-g@lastnotel:~/Workspace/suricata$ nc -kl 31337 & last-g@lastnotel:~/Workspace/suricata$ nc localhost 31337 HEllo, Kitty!
Same problems when running from capture:
last-g@lastnotel:~/Workspace/suricata$ sudo build/debug/bin/suricata -r dump.pcap | grep Check [26377] 6/11/2012 -- 22:48:38 - (stream-tcp.c:4043) <Debug> (StreamTcpValidateChecksum) -- Checksum of received packet 0x3104fe0 is invalid (computed: 48106, in packet: 12542) [26377] 6/11/2012 -- 22:48:38 - (stream-tcp.c:4043) <Debug> (StreamTcpValidateChecksum) -- Checksum of received packet 0x3106080 is invalid (computed: 22046, in packet: 12542) [26377] 6/11/2012 -- 22:48:38 - (stream-tcp.c:4043) <Debug> (StreamTcpValidateChecksum) -- Checksum of received packet 0x3107120 is invalid (computed: 31238, in packet: 10494) [26377] 6/11/2012 -- 22:48:38 - (stream-tcp.c:4043) <Debug> (StreamTcpValidateChecksum) -- Checksum of received packet 0x31081c0 is invalid (computed: 53183, in packet: 14078) [26377] 6/11/2012 -- 22:48:38 - (stream-tcp.c:4043) <Debug> (StreamTcpValidateChecksum) -- Checksum of received packet 0x3109260 is invalid (computed: 34559, in packet: 10494) [26377] 6/11/2012 -- 22:48:38 - (stream-tcp.c:4043) <Debug> (StreamTcpValidateChecksum) -- Checksum of received packet 0x310a300 is invalid (computed: 45820, in packet: 10494) [26377] 6/11/2012 -- 22:48:38 - (stream-tcp.c:4043) <Debug> (StreamTcpValidateChecksum) -- Checksum of received packet 0x310b3a0 is invalid (computed: 57593, in packet: 10494) [26377] 6/11/2012 -- 22:48:38 - (stream-tcp.c:4043) <Debug> (StreamTcpValidateChecksum) -- Checksum of received packet 0x310c440 is invalid (computed: 57337, in packet: 10494)
But wireshark says that all checksums are correct.
And have same problem on wlan0 interface.
Files
Actions