diff --git a/CHANGES b/CHANGES
index 7d899033ce..a12bd8da12 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,13 @@
 
+2.1-112 | 2012-11-05 13:58:20 -0800
+
+  * New base script for detecting cases of checksum offloading. 
+    Reporter messages will now tell if one has bad checksums. (Seth
+    Hall)
+
+  * Clarifying ownership rules for BroString constructors. (Robin
+    Sommer)
+
 2.1-109 | 2012-11-05 13:39:34 -0800
 
   * Add detection rate threshold for MHR. (Vlad Grigorescu)
diff --git a/VERSION b/VERSION
index 4a0a26b8d1..721b81b7b5 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.1-109
+2.1-112
diff --git a/aux/bro-aux b/aux/bro-aux
index f8fbe4a897..bea556198b 160000
--- a/aux/bro-aux
+++ b/aux/bro-aux
@@ -1 +1 @@
-Subproject commit f8fbe4a89732f15c04662c9b20fcaf2c157c9fb7
+Subproject commit bea556198b69d30d64c0cf1b594e6de71176df6f
diff --git a/scripts/base/init-default.bro b/scripts/base/init-default.bro
index 91011738d1..566a59808a 100644
--- a/scripts/base/init-default.bro
+++ b/scripts/base/init-default.bro
@@ -41,3 +41,5 @@
 @load base/protocols/ssh
 @load base/protocols/ssl
 @load base/protocols/syslog
+
+@load base/misc/find-checksum-offloading
\ No newline at end of file
diff --git a/scripts/base/misc/find-checksum-offloading.bro b/scripts/base/misc/find-checksum-offloading.bro
new file mode 100644
index 0000000000..a0a2c692b7
--- /dev/null
+++ b/scripts/base/misc/find-checksum-offloading.bro
@@ -0,0 +1,57 @@
+##! Discover cases where the local interface is sniffed and outbound packets
+##! have checksum offloading.  Load this script to receive a notice if it's
+##! likely that checksum offload effects are being seen on a live interface or
+##! in a packet trace file.
+
+@load base/frameworks/notice
+
+module ChecksumOffloading;
+
+export {
+	## The interval which is used for checking packet statistics
+	## to see if checksum offloading is affecting analysis.
+	const check_interval = 10secs &redef;
+}
+
+# Keep track of how many bad checksums have been seen.
+global bad_checksums = 0;
+
+# Track to see if this script is done so that messages aren't created multiple times.
+global done = F;
+
+event ChecksumOffloading::check()
+	{
+	if ( done )
+		return;
+
+	local pkts_recvd = net_stats()$pkts_recvd;
+	if ( (bad_checksums*1.0 / net_stats()$pkts_recvd*1.0) > 0.05 )
+		{
+		local packet_src = reading_traces() ? "trace file likely has" : "interface is likely receiving";
+		local message = fmt("Your %s invalid IP checksums, most likely from NIC checksum offloading.", packet_src);
+		Reporter::warning(message);
+		done = T;
+		}
+	else if ( pkts_recvd < 20 )
+		{
+		# Keep scheduling this event until we've seen some lower threshold of
+		# total packets.
+		schedule check_interval { ChecksumOffloading::check() };
+		}
+	}
+
+event bro_init()
+	{
+	schedule check_interval { ChecksumOffloading::check() };
+	}
+
+event net_weird(name: string)
+	{
+	if ( name == "bad_IP_checksum" )
+		++bad_checksums;
+	}
+
+event bro_done()
+	{
+	event ChecksumOffloading::check();
+	}