On 09.11.2012 01:19, Adrian Chadd wrote:
On 8 November 2012 15:55, Andre Oppermann <an...@freebsd.org> wrote:
At the risk of repeating myself: when a routed packet is fragmented
the payload (layer 4, eg. TCP/UDP/SCTP) is NOT recalculated or changed
or anything else. It remains as originally calculated by the sender
unchanged in the first fragment L4 header. Only the IPv4 header
checksum, which DOES NOT include any payload data, has to be calculated
for every fragment. The IPv4 header checksum is offloaded with CSUM_IP
and continues to work as expected. :)
NAT and firewalling? :)
Firewalling doesn't change the packet and no checksum is needed.
NAT does change the packet and the pesky pseudo-header in the TCP/
UDP checksum. However here only the pseudo-header checksum is
recalculated and reintegrated into the one-complement payload checksum.
The payload itself is not being looked at, except for protocols that
do contain IP addresses in their internal commands or such. There
the payload is modified. The same reintegration trick can be used.
In the majority of cases these packets are very small though and
the entire checksum is simply recalculated. As the packets are very
small no fragmentation is occuring.
The IPv4 header checksum is never ever a problem and always works.
Can we please put this to rest now.
--
Andre
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
