At 12:17 PM 5/19/2002 +0200, Mikael Abrahamsson wrote:
>It is my understanding that CRC is used at all OSI layers (including layer
>4 (tcp)). When doing a IP routing hop, the packet could theoretically be
>altered due to a memory error in a router (it's changed for the TTL
>anyway) and the IP CRC recalculated and therefore the IP checksum is
>"correct" but the data in the packet is not. Would this be caught by the
>TCP checksum (L4) when the packet arrives at the end host? I have always
>presumed that this would be the case.
the ip checksum covers only the ip header itself; it does not incorporate
the payload data, so the hypothesized change in the data would not affect
the ip checksum in any case. it is the role of the tcp checksum to detect
change in the data; verifying the tcp checksum is mandatory, so yes, this
should be caught by the end host.
one way to check this would be to capture some packets at the end host
and independently compute the ip and tcp checksums based on the captured
bits. then you'ld at least be certain whether your hypothesis is correct
or not. it's not too difficult to write a simple program to do this;
the bits to include in the calculations can be found in the ip and tcp rfcs
(as well as number of books), and the necessary ones-complement arithmetic
is described in rfc1936. (i did this once long ago to confirm that a
specific kind of device had a problem with it's ip checksum calculations,
causing packets to be dropped whenever the checksum evaluated to 0xffff.
i hacked tcpdump to do the calculations; sadly, the hacked tcpdump has
been lost.)
ken
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:44 EDT