[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TCP checksum recalculation

To: Robert Moskowitz <rgm-sec@htt-consult.com>
Subject: Re: TCP checksum recalculation
From: Henry Spencer <henry@spsystems.net>
Date: Tue, 20 Jul 1999 13:42:22 -0400 (EDT)
cc: ipsec@lists.tislabs.com
In-Reply-To: <4.1.19990720115931.00b6f8e0@homebase.htt-consult.com>
Sender: owner-ipsec@lists.tislabs.com

On Tue, 20 Jul 1999, Robert Moskowitz wrote:
> The way I see it, each router decrements the TTL, but will not recompute
> the checksum, as the next protocol is NOT TCP.

The TCP checksum doesn't cover the TTL.  It does cover some fields of the
IP header, but only selected ones, and the TTL is not among them.

The IP checksum, which covers the whole IP header, does need to be updated
when the TTL changes.  (And people have devised assorted clever ways of
doing that without full recomputation.)  The TCP checksum doesn't; it is
deliberately an end-to-end check, not something updated at each hop.

> Oh with MIKE, consider that at each IKE SA boundary, the addresses are
> altered at each point (shades of RSIP), so then TCP checksum would really
> be broken and partial recalculation would be different (not just TTL, but
> whole IP).

Yes, messing with the *addresses* is a much stickier problem.

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)

References:

TCP checksum recalculation

From: Robert Moskowitz <rgm-sec@htt-consult.com>

Prev by Date: TCP checksum recalculation
Next by Date: RE: KISS for PKIX. (Was: RE:Asymmetric authentication (was ASN.1 vs XML which in turn was something else)
Prev by thread: TCP checksum recalculation
Next by thread: Re: TCP checksum recalculation
Index(es):
- Main
- Thread