On Sep 16, 2013, at 6:06 PM, Vern Paxson <[email protected]> wrote: > I'm struck by how often new users continue to get bitten by needing -C > due to checksum offloading. Would it work to provide checksum auto-sensing? > Something like: if upon reading from an interface the very first packet > has a checksum error, assume that -C is needed; verify this, though, for > the next N packets, just to be safe.
Hrm, I'm conflicted this. I agree that would be a nice approach for my pragmatic side that wants Bro to fight and strive and do the best analysis but my strict side says that I'd like to get people to do the right thing. I think I'm onboard with this idea. It would be nice to get fewer people tripping over that as long as we are careful to warn them whenever we're auto-disabling checksum validation. .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
