Bug 114159

Summary: tcpdump cannot deal with TSO packets
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Olaf Kirch <okir>
Component: NetworkAssignee: Petr Ostadal <postadal>
Status: RESOLVED WONTFIX QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: postadal
Version: Beta 3   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Proposed patch

Description Olaf Kirch 2005-08-30 16:05:50 UTC 
When the kernel transmits TCP packets through a NIC that is capable 
of TSO (TCP segmentation offload), it will set up a fake IP header 
since all the IP magic is done by the network card. In particular, the 
IP tot_len field will be zero. 
 
When tcpdump or ethereal sees such a packet, it will not print the packet's 
contents, but print "IP bad-len" instead. This is not very helpful when 
trying to debug network problems - I ran into this problem 2-3 times 
in the last few weeks when dealing with SLES L3 bugs. 
 
The tcpdump code already has support for this; there's a '#ifdef GUESS_TSO' 
define in print-ip.c. I propose to add a #define GUESS_TSO somewhere 
at the top of the file in order to enable this useful hack. 
 
I assume a similar hack exists for ethereal.
Comment 1 Marian Jancar 2005-09-01 10:21:13 UTC 
I have added the GUESS_TSO, where to test it (and make sure the TSO is used)?
Comment 2 Olaf Kirch 2005-09-01 10:33:16 UTC 
You can try any of the tcp dumps in bug 105539, for instance 
http://rudin.suse.de:8888/attachment.cgi?id=47765 
 
They have lots of those packets. Displaying this with tcpdump -nr should 
show a lot of those: IP bad-len 0 
 
Thanks, 
Olaf
Comment 3 Marian Jancar 2005-09-01 10:56:50 UTC 
the GUESS_TSO works

epsilon:/# tcpdump -nr x.log | grep bad
reading from file x.log, link-type EN10MB (Ethernet)
epsilon:/#
Comment 4 Petr Ostadal 2005-09-06 09:55:07 UTC 
I can't find the hack for ethereal, where did you hear about it?
For tcpdump it is fixed and for SL10 I think is too late, I decrease severity to
normal.
Comment 5 Olaf Kirch 2005-09-07 09:42:48 UTC 
Created attachment 49027 [details]
Proposed patch
Comment 6 Olaf Kirch 2005-09-07 09:43:21 UTC 
Something like the above patch should help. Beware, this is untested.
Comment 7 Petr Ostadal 2005-09-21 13:25:22 UTC 
Proposed patch doesn't work in ethereal, I will investigate it later.
Comment 8 Gerald Pfeifer 2006-03-12 21:59:18 UTC 
Petr, what's the status of this?
Comment 9 Petr Ostadal 2006-03-13 08:49:14 UTC 
I didn't catch this, I will investigate it in the next distro.
Comment 10 Stephan Kulow 2008-06-25 09:32:57 UTC 
mass reopening all SuSE Linux bugs that are set to REMIND+LATER to change the resolution to WONTFIX (adapting to new policy)
Comment 11 Stephan Kulow 2008-06-25 09:34:22 UTC 
mass reopening all SuSE Linux bugs that are set to REMIND+LATER to change the resolution to WONTFIX (adapting to new policy)
Comment 12 Stephan Kulow 2008-06-25 09:40:51 UTC 
mass reopening all SuSE Linux bugs that are set to REMIND+LATER to change the resolution to WONTFIX (adapting to new policy)
Comment 13 Stephan Kulow 2008-06-25 09:52:32 UTC 
Closing old LATER+REMIND bugs as WONTFIX - if you still plan to work on it, feel free to reopen and set to ASSIGNED.

In case the report saw repeated reopen comments, it's due to bugzilla timing out on the huge request ;(