ip_input - chksum - why is it done so early in ip_input?

[Crist J. Clark]

On Sat, Jan 17, 2004 at 12:50:04AM +0100, Sten Daniel S?rsdal wrote:
> 
> Apologies for the cross-post, i wasnt sure if this was hackers or net material.
> 
> I've often wondered why ip checksumming is done on every incoming 
> packet and not only on the packets that need to be delivered locally.
> It looks like a very expensive way of doing it, especially on high
> PPS. Basically all hosts do checksumming so why not just pass the bad
> packet on, making the forward process alot cheaper (cpu wise)?

It is done this way because the standards demand that it be done this
way. RFC1812 says,

4.2.2.5 Header Checksum: RFC 791 Section 3.1

   As stated in Section [5.2.2], a router MUST verify the IP checksum of
   any packet that is received, and MUST discard messages containing
   invalid checksums.  The router MUST NOT provide a means to disable
   this checksum verification.

Keeping a single host from polluting the whole network, and only its
LAN, with bad packets is considered worth the cost of every router
doing the check.

FWIW, this is one of the few places a standard demands that you not
even provide the option to disable a feature.
-- 
Crist J. Clark                     |     cjclark at alum.mit.edu
                                   |     cjclark at jhu.edu
http://people.freebsd.org/~cjc/    |     cjc at freebsd.org