Re: kpi_ipfilter modifying checksum
Re: kpi_ipfilter modifying checksum
- Subject: Re: kpi_ipfilter modifying checksum
- From: Terry Lambert <email@hidden>
- Date: Wed, 15 Feb 2006 14:40:01 -0800
On Feb 14, 2006, at 3:20 PM, matt jaffa wrote:
Hi,
I am changing the inbound data on a kpi_ipfilter. I need to redo the
checksum so the packet is not thrown away.
I have been told there is a method in the kernel that can calculate
the checksum by passing in the mbuf reference or it was an unsigned
char array.
Does anyone know where this might be? This was on 10.3, so is there
one available on Tiger I could use?
RFC1624 describes a method to incrementally update a packet checksum,
when modifying the packet contents.
Using this method, you avoid the problem of computing a good checksum
for a corrupt packet and letting it past, because you update the
checksum in place; if the packet didn't have a good checksum before,
it won't have one after.
You also avoid the overhead of recomputing the checksum over the
entire packet contents, which can be a real performance problem.
There's sample code that does this in ALTQ; here's one reference
(search in the page for RFC1624):
<http://fxr.watson.org/fxr/source/altq/altq_blue.c?v=NETBSD>
I've personally used RFC1624 in the implementation of an L4 load
balancer, and for implementing TCP splicing, and the performance
savings for this approach can be considerable.
-- Terry
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden