From owner-freebsd-hackers@FreeBSD.ORG Sat Jan 17 09:47:44 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 833D316A4CE for ; Sat, 17 Jan 2004 09:47:44 -0800 (PST) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7FA8943D58 for ; Sat, 17 Jan 2004 09:47:33 -0800 (PST) (envelope-from andre@freebsd.org) Received: (qmail 26283 invoked from network); 17 Jan 2004 17:47:32 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.54]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 17 Jan 2004 17:47:32 -0000 Message-ID: <40097534.2913A1D2@freebsd.org> Date: Sat, 17 Jan 2004 18:47:32 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Sten Daniel =?iso-8859-1?Q?S=F8rsdal?= References: <0AF1BBDF1218F14E9B4CCE414744E70F5D97FF@exchange.wanglobal.net> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-hackers@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: ip_input - chksum - why is it done so early in ip_input? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Jan 2004 17:47:44 -0000 Sten Daniel Sørsdal wrote: > > Apologies for the cross-post, i wasnt sure if this was hackers or net material. > > I've often wondered why ip checksumming is done on every incoming > packet and not only on the packets that need to be delivered locally. Only the IP header checksum is checked. We don't want to forward a packet with a broken header because we can't be sure if it wasn't the destination address that is broken. Be aware that we do not calculate any checksum of the entire IP packet. (This is up to the higher level protocol). > It looks like a very expensive way of doing it, especially on high > PPS. Basically all hosts do checksumming so why not just pass the bad > packet on, making the forward process alot cheaper (cpu wise)? On modern networks card (mostly GigE) you have hardware support for that. So there is no expense anymore. > I ran some tests (unable to disclose results) by removing it completely > and it seems to make a noticable impact on the performance. Can you qualify this more? The checksumming touches only 20 bytes (or a couple more if ip options are present). > Especially on for example gaming services where there is a high PPS versus > actual data. > > Besides that i'd like to add that FreeBSD has the fastest forwarding engine > i've seen on any free OS. It's in my opinion a very suitable OS for > routing/forwarding. We are working on it to make it even faster. If you are using 5.2 or -current you get the first step of it by enabling net.inet.ip.fastfowarding. This is a newly written fast path for packet forwarding. (Do not do this on 4.9 because that is the old ip_flow code). -- Andre