Date: Sun, 18 Jan 2004 16:26:12 -0800 From: "Crist J. Clark" <cristjc@comcast.net> To: Sten Daniel S?rsdal <sten.daniel.sorsdal@wan.no> Cc: freebsd-net@freebsd.org Subject: Re: ip_input - chksum - why is it done so early in ip_input? Message-ID: <20040119002612.GA48581@blossom.cjclark.org> In-Reply-To: <0AF1BBDF1218F14E9B4CCE414744E70F5D97FF@exchange.wanglobal.net> References: <0AF1BBDF1218F14E9B4CCE414744E70F5D97FF@exchange.wanglobal.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 17, 2004 at 12:50:04AM +0100, Sten Daniel S?rsdal wrote: > > Apologies for the cross-post, i wasnt sure if this was hackers or net material. > > I've often wondered why ip checksumming is done on every incoming > packet and not only on the packets that need to be delivered locally. > It looks like a very expensive way of doing it, especially on high > PPS. Basically all hosts do checksumming so why not just pass the bad > packet on, making the forward process alot cheaper (cpu wise)? It is done this way because the standards demand that it be done this way. RFC1812 says, 4.2.2.5 Header Checksum: RFC 791 Section 3.1 As stated in Section [5.2.2], a router MUST verify the IP checksum of any packet that is received, and MUST discard messages containing invalid checksums. The router MUST NOT provide a means to disable this checksum verification. Keeping a single host from polluting the whole network, and only its LAN, with bad packets is considered worth the cost of every router doing the check. FWIW, this is one of the few places a standard demands that you not even provide the option to disable a feature. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040119002612.GA48581>