"Charles M. Hannum" wrote:
> 
> So I'm looking at ipflow_fastforward(), and I think it does more work
> than it needs to.  To wit:
[...]
> 2) There's no need to check the header checksum.  In the rare case
>    where it's incorrect, either: a) we will fail to find a flow and go
>    through the slow path anyway, or b) it will be dropped by the
>    destination host.  I believe many hardware routers don't do this
>    either.
> 
> 3) There's no need to check the IP packet length.  Again, in the rare
>    case where it's incorrect, it will be rejected on the destination
>    host.  Furthermore, truncating the packet may actually reduce
>    efficiency (e.g. by forcing us to repad a packet to send it out an
>    Ethernet interface).

What do the IP-standards say about this. Are theses things a "must"
or a "should"? Would there be a way to optionally en/disable this
behaviour (compiletime/runtime via sysctl)?

  Guenther