I have a IPv6 network. I sent a big, non-fragmentable ping. The packet tried to cross over a small link, and I got a "Packet too Big" ICMP error out of it. So far, so good. Here is some relevant background data I'd like you make sure you're considering:
The "Packet too Big" is the fourth packet in the listing below. As you can see, Wireshark is complaining because the checksum of the inner packet (ie. the original packet) is incorrect.
Why is Wireshark complaining? The inner packet's IPv6 header reports there should be 1408 bytes of payload, but this data was largely truncated, as you can see, so it shouldn't be possible to validate that particular checksum. Incidentally, the original packet (the ping) is also present in the capture, but its checksum is not 0xc30e either. Here is the capture. My About says I'm using Wireshark "Version 1.10.6 (v1.10.6 from master-1.10)", Ubuntu 14.04. asked 24 Oct '14, 08:26  ydahhrk edited 24 Oct '14, 08:28 |
One Answer:
If it's calculating a checksum for an incomplete packet, it's complaining because it's buggy. Please file a bug on this on the Wireshark Bugzilla, and attach the capture to it. answered 24 Oct '14, 15:34  Guy Harris ♦♦ edited 24 Oct '14, 15:34 |
Here goes nothing.