Subject: kern/990: incoming udp checksum should always be checked
To: None <gnats-admin@NetBSD.ORG>
From: Luke Mewburn <lukem@dodo.melb.cpr.itg.telecom.com.au>
List: netbsd-bugs
Date: 04/24/1995 11:51:28
>Number:         990
>Category:       kern
>Synopsis:       udp checksum on incoming packets should always be checked
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          change-request
>Submitter-Id:   lm
>Arrival-Date:   Mon Apr 24 11:50:05 1995
>Originator:     Luke Mewburn
>Organization:
"	Werj"
>Release:        1.0
>Environment:
System: NetBSD dodo 1.0 NetBSD 1.0 (DODO) #7: Fri Dec 16 17:01:27 EST 1994 simonb@dodo:/slab/0/src/sys/arch/i386/compile/DODO i386


>Description:
	According to W. Richard Stevens (author of a few UNIX & TCP/IP
	books), the checksum on incoming UDP packets should always be
	checked, even if udpcksum isn't set.

	Here's his article:

--- include article ---
   From comp.protocols.tcp-ip Sun Apr 23 16:49:23 1995
   From: rstevens@noao.edu (W. Richard Stevens)
   Newsgroups: comp.protocols.tcp-ip
   Subject: Re: UDP checksum...
   Date: 17 Apr 1995 20:28:27 GMT
   Organization: National Optical Astronomy Observatories, Tucson, AZ, USA
   Lines: 31
   Message-ID: <3muj1b$n89@noao.edu>
   References: <3mki0o$i28@internal-dns.peerlogic.com> <3mllcv$3nr@noao.edu> <3muh71$t2r@umbc9.umbc.edu>
   NNTP-Posting-Host: gemini.tuc.noao.edu
   
   > > Classic BSD systems (I've never seen SunOS 4.1.3 sources) have the
   > > following code in udp_input():
   > > 
   > >         /*
   > >          * Checksum extended UDP header and data.
   > >          */
   > >         if (udpcksum && uh->uh_sum) {
   >
   > well then shouldn't the operation be a logical OR instead of a logical
   > AND.
   
   I'd say get rid of the "udpcksum &&" completely.  If the sender computed
   and sent a checksum then the receiver should verify it, period.  Regardless
   what udpcksum contains.  That (antiquated) flag should only be used to
   determine if an outgoing datagram gets a checksum.
   
   > > That is if you haven't set your kernel's udpcksum variable nonzero, then
   > > an arriving UDP datagram's checksum isn't verified *even if* the sender
   > > calculated and stored the checksum.  Go figure that one out.  Easiest
   > > solution is to make sure your kernel's udpcksum variable is nonzero.
   >
   > What you pointed out is ludicrous.
   
   Agreed.
   
   > Is it still that way in 4.4?
   
   The code I showed *is* 4.4BSD-Lite :-)  At least udpcksum defaults to 1,
   unless COMPAT_42 is defined.
   
   	Rich Stevens
--- end include ---
   
>How-To-Repeat:
	turn off udpcksum and send packets to your machine. no
	checksumming is done.

>Fix:
	Apply this patch I whipped up. Attribute the concept to W.R.
	Stevens.

*** /usr/local/ftp/pub/NetBSD/NetBSD-current/src/sys/netinet/udp_usrreq.c	Fri Apr 14 20:55:00 1995
--- udp_usrreq.c	Sun Apr 23 16:49:06 1995
***************
*** 140,146 ****
  	/*
  	 * Checksum extended UDP header and data.
  	 */
! 	if (udpcksum && uh->uh_sum) {
  		((struct ipovly *)ip)->ih_next = 0;
  		((struct ipovly *)ip)->ih_prev = 0;
  		((struct ipovly *)ip)->ih_x1 = 0;
--- 140,146 ----
  	/*
  	 * Checksum extended UDP header and data.
  	 */
! 	if (uh->uh_sum) {
  		((struct ipovly *)ip)->ih_next = 0;
  		((struct ipovly *)ip)->ih_prev = 0;
  		((struct ipovly *)ip)->ih_x1 = 0;
>Audit-Trail:
>Unformatted: