From owner-freebsd-hackers  Wed Feb  5 11:01:51 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id LAA01920
          for hackers-outgoing; Wed, 5 Feb 1997 11:01:51 -0800 (PST)
Received: from whistle.com (s205m131.whistle.com [207.76.205.131])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA01915
          for <hackers@freebsd.org>; Wed, 5 Feb 1997 11:01:44 -0800 (PST)
Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id LAA24428; Wed, 5 Feb 1997 11:01:07 -0800 (PST)
Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3)
	id sma024426; Wed Feb  5 11:00:53 1997
Received: (from archie@localhost) by bubba.whistle.com (8.7.5/8.6.12) id LAA23732; Wed, 5 Feb 1997 11:00:53 -0800 (PST)
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199702051900.LAA23732@bubba.whistle.com>
Subject: Re: Single socket version of natd
In-Reply-To: <Pine.BSF.3.91.970204100202.8654C-100000@darkstar> from Charles Mott at "Feb 4, 97 10:17:41 am"
To: cmott@srv.net (Charles Mott)
Date: Wed, 5 Feb 1997 11:00:53 -0800 (PST)
Cc: brian@utell.co.uk, julian@whistle.com, eivind@dimaga.com,
        brian@awfulhak.demon.co.uk, ari.suutari@ps.carel.fi,
        hackers@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL25 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


> > With a "leave the sum alone option", natd could pass the packet
> > with the zero'd ip_sum to PacketAliasIn() and know that it has
> > to calculate it itself afterwards....
> 
> Why does the kernel zero the checksum?

The kernel leaves the checksum zero because:

 (a) When a packet comes in, the way the checksum is verified
     is to checksum the packet as is and replace the checksum.
     If the original checksum was valid, then the new checksum
     will be zero. So the checksum field is already zero before
     the divert code even gets the packet.

 (b) Packets being diverted are often mangled, so the checksum
     has to be recomputed anyway. So having the divert code
     recompute the checksum before sending it up would just
     be useless extra work.

The "right" thing to do would be to modify the kernel so that
checking checksums does not replace the original packet checksum.
This should be easy enough.

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com