Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 09 Nov 2012 09:08:44 +0100
From:      Andre Oppermann <andre@freebsd.org>
To:        Adrian Chadd <adrian@freebsd.org>
Cc:        pyunyh@gmail.com, FreeBSD Net <freebsd-net@freebsd.org>, Pyun YongHyeon <yongari@freebsd.org>
Subject:   Re: svn commit: r242739 - stable/9/sys/dev/ti
Message-ID:  <509CBA0C.3070008@freebsd.org>
In-Reply-To: <CAJ-VmonUhcNgZojevpjNCZP41VKRZwFY7NM773NiZ9oM3PFOkg@mail.gmail.com>
References:  <201211080206.qA826RiN054539@svn.freebsd.org> <CAJ-VmomEOPGbLwmOmL0EdenZA7QKbV5P-hAYsTRcwLao2LbAqg@mail.gmail.com> <20121108023858.GA3127@michelle.cdnetworks.com> <CAJ-Vmoma1DJRT8_ezdEpVYrZXak%2B2B4mBHAPxhoUKr0nUrO6YQ@mail.gmail.com> <509BC2E2.4030907@freebsd.org> <CAJ-Vmo=QuP1s=ppnp2u%2BVpuJRbncaHLwi_0ku5=dr9%2BReYp79w@mail.gmail.com> <509C4684.2030102@freebsd.org> <CAJ-VmonUhcNgZojevpjNCZP41VKRZwFY7NM773NiZ9oM3PFOkg@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 09.11.2012 01:19, Adrian Chadd wrote:
> On 8 November 2012 15:55, Andre Oppermann <andre@freebsd.org> wrote:
>
>> At the risk of repeating myself: when a routed packet is fragmented
>> the payload (layer 4, eg. TCP/UDP/SCTP) is NOT recalculated or changed
>> or anything else.  It remains as originally calculated by the sender
>> unchanged in the first fragment L4 header.  Only the IPv4 header
>> checksum, which DOES NOT include any payload data, has to be calculated
>> for every fragment.  The IPv4 header checksum is offloaded with CSUM_IP
>> and continues to work as expected. :)
>
> NAT and firewalling? :)

Firewalling doesn't change the packet and no checksum is needed.
NAT does change the packet and the pesky pseudo-header in the TCP/
UDP checksum.  However here only the pseudo-header checksum is
recalculated and reintegrated into the one-complement payload checksum.
The payload itself is not being looked at, except for protocols that
do contain IP addresses in their internal commands or such.  There
the payload is modified.  The same reintegration trick can be used.
In the majority of cases these packets are very small though and
the entire checksum is simply recalculated.  As the packets are very
small no fragmentation is occuring.
The IPv4 header checksum is never ever a problem and always works.

Can we please put this to rest now.

-- 
Andre




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?509CBA0C.3070008>