Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 18 Jan 2004 16:26:12 -0800
From:      "Crist J. Clark" <cristjc@comcast.net>
To:        Sten Daniel S?rsdal <sten.daniel.sorsdal@wan.no>
Cc:        freebsd-net@freebsd.org
Subject:   Re: ip_input - chksum - why is it done so early in ip_input?
Message-ID:  <20040119002612.GA48581@blossom.cjclark.org>
In-Reply-To: <0AF1BBDF1218F14E9B4CCE414744E70F5D97FF@exchange.wanglobal.net>
References:  <0AF1BBDF1218F14E9B4CCE414744E70F5D97FF@exchange.wanglobal.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 17, 2004 at 12:50:04AM +0100, Sten Daniel S?rsdal wrote:
> 
> Apologies for the cross-post, i wasnt sure if this was hackers or net material.
> 
> I've often wondered why ip checksumming is done on every incoming 
> packet and not only on the packets that need to be delivered locally.
> It looks like a very expensive way of doing it, especially on high
> PPS. Basically all hosts do checksumming so why not just pass the bad
> packet on, making the forward process alot cheaper (cpu wise)?

It is done this way because the standards demand that it be done this
way. RFC1812 says,

4.2.2.5 Header Checksum: RFC 791 Section 3.1

   As stated in Section [5.2.2], a router MUST verify the IP checksum of
   any packet that is received, and MUST discard messages containing
   invalid checksums.  The router MUST NOT provide a means to disable
   this checksum verification.

Keeping a single host from polluting the whole network, and only its
LAN, with bad packets is considered worth the cost of every router
doing the check.

FWIW, this is one of the few places a standard demands that you not
even provide the option to disable a feature.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040119002612.GA48581>