From owner-freebsd-net@FreeBSD.ORG Sun Jan 18 16:26:18 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CA1316A4CE; Sun, 18 Jan 2004 16:26:18 -0800 (PST) Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7207243D39; Sun, 18 Jan 2004 16:26:16 -0800 (PST) (envelope-from cristjc@comcast.net) Received: from blossom.cjclark.org (c-24-6-186-224.client.comcast.net[24.6.186.224]) by comcast.net (sccrmhc12) with ESMTP id <20040119002615012002kcb8e>; Mon, 19 Jan 2004 00:26:15 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.9p2/8.12.8) with ESMTP id i0J0QD43048621; Sun, 18 Jan 2004 16:26:13 -0800 (PST) (envelope-from cristjc@comcast.net) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.9p2/8.12.9/Submit) id i0J0QCgm048620; Sun, 18 Jan 2004 16:26:12 -0800 (PST) (envelope-from cristjc@comcast.net) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to cristjc@comcast.net using -f Date: Sun, 18 Jan 2004 16:26:12 -0800 From: "Crist J. Clark" To: Sten Daniel S?rsdal Message-ID: <20040119002612.GA48581@blossom.cjclark.org> References: <0AF1BBDF1218F14E9B4CCE414744E70F5D97FF@exchange.wanglobal.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0AF1BBDF1218F14E9B4CCE414744E70F5D97FF@exchange.wanglobal.net> User-Agent: Mutt/1.4.1i X-URL: http://people.freebsd.org/~cjc/ cc: freebsd-hackers@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: ip_input - chksum - why is it done so early in ip_input? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Crist J. Clark" List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jan 2004 00:26:18 -0000 On Sat, Jan 17, 2004 at 12:50:04AM +0100, Sten Daniel S?rsdal wrote: > > Apologies for the cross-post, i wasnt sure if this was hackers or net material. > > I've often wondered why ip checksumming is done on every incoming > packet and not only on the packets that need to be delivered locally. > It looks like a very expensive way of doing it, especially on high > PPS. Basically all hosts do checksumming so why not just pass the bad > packet on, making the forward process alot cheaper (cpu wise)? It is done this way because the standards demand that it be done this way. RFC1812 says, 4.2.2.5 Header Checksum: RFC 791 Section 3.1 As stated in Section [5.2.2], a router MUST verify the IP checksum of any packet that is received, and MUST discard messages containing invalid checksums. The router MUST NOT provide a means to disable this checksum verification. Keeping a single host from polluting the whole network, and only its LAN, with bad packets is considered worth the cost of every router doing the check. FWIW, this is one of the few places a standard demands that you not even provide the option to disable a feature. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org