tech-net: Re: A question about the IP header checksum

Subject: Re: A question about the IP header checksum
To: None <jnemeth@victoria.tc.ca, patrick@klos.com, tech-net@NetBSD.org>
From: None <patrick@klos.com>
List: tech-net
Date: 12/05/2007 16:44:45
>On Mar 23, 12:59am, patrick@klos.com wrote:
>} 
>} I have a question about the IP header checksum that I'm looking for a
>} definitive answer for.  I'm pretty sure I have the answer, but if anyone 
>} can help me substantiate my answer, it would really help.
>} 
>} The IP header checksum is pretty straightforward: add up all the (2 byte)
>} words in the IP header using one's complement addition, then take the one's
>} complement of the sum and insert that as the checksum.  Here's the question:
>} 
>}     Is it proper to substitute a resulting value of 0x0000 with 0xffff as 
>}     is done in UDP?
>
>     No.  This question could easily be answered by checking the RFC
>for IP (it is fairly easy to read).  See
>ftp://ftp.rfc-editor.org/in-notes/rfc791.txt .

Thanks, I've read RFC 791 plenty of times.  It doesn't explicitly address
the idea that one's complement systems have 2 representations for 0 (all
zeros and all ones).  That's why I asked the people who have implemented
and used IP stacks at this level.

Someone suggested I look at RFC 1122 which states "zero and 65535 are 
equivalent in 1's complement arithmetic" under the UDP checksum section, 
reinforcing the idea that they should be considered equivalent.  I also 
looked at RFC 1071 which states in section (3) of paragraph 1 that the
checksum result should be all ones for a good result.  

I'm finding the concensus to be that implementations should consider 0x0000
and 0xffff to be equivalent when computing the checksum.  This is based on
the idea that in one's complement, there are 2 forms of 0 (0x0000 and 0xffff)
and they are considered equivalent.

This all came about because a customer of ours ran across a packet with the
following IP header:

    45 00 05 DC 7B 0D 00 00 FE 2F FF FF C0 A8 DD 0A
    C0 A8 DD 89 

The one's complement sum of the IP header (not including the checksum field)
is 0xffff.  Most implementations will take the one's complement of that 
with a simple XOR of 0xffff resulting in a checksum field of 0x0000.  Since 
0x0000 is mathematically equivalent to 0xffff in one's complement math,
setting the checksum field to 0xffff, while unexpected, is not mathematically
incorrect.

>} ========= For LAN/WAN Protocol Analysis, check out PacketView Pro! =========
>
>     Interesting that you are advertising something like this when you
>have to ask trivial questions about the most commonly used protocol!

I think it's interesting that I found the mailing list's "Mr. Smarty-pants" 
on my first posting to this mailing list.  Nice to meet you.  ;^)

Patrick
========= For LAN/WAN Protocol Analysis, check out PacketView Pro! =========
    Patrick Klos                           Email: patrick@klos.com
    Network/Embedded Software Engineer     Web:   http://www.klos.com/
    Klos Technologies, Inc.                Phone: 603-714-0195
============================================================================