分类: 网络与安全
2014-03-24 15:55:07
转自http://www.roman10.net/how-to-calculate-iptcpudp-checksumpart-2-implementation/
IP Header Checksum Calculation
IP checksum is a 16-bit field in IP header used for error detection for IP header. It equals to the one’s complement of the one’s complement sum of all 16 bit words in the IP header. The checksum field is initialized to all zeros at computation.
One’s complement sum is calculated by summing all numbers and adding the carry (or carries) to the result. And one’s complement is defined by inverting all 0s and 1s in the number’s bit representation.
For example, if an IP header is 0x4500003044224000800600008c7c19acae241e2b.
We start by calculating the one’s complement sum. First, divide the header hex into 16 bits each and sum them up,
4500 + 0030 + 4422 + 4000 + 8006 + 0000 + 8c7c + 19ac + ae24 + 1e2b = 2BBCF
Next fold the result into 16 bits by adding the carry to the result,
2 + BBCF = BBD1
The final step is to compute the one’s complement of the one’s complement’s sum,
BBD1 = 1011101111010001
IP checksum = one’s complement(1011101111010001) = 0100010000101110 = 442E
Note that IP header needs to be parsed at each hop, because IP addresses are needed to route the packet. To detect the errors at IP header, the checksum is validated at every hop.
The validation is done using the same algorithm. But this time the initialized checksum value is 442E.
2BBCF + 442E = 2FFFD, then 2 + FFFD = FFFF
Take the one’s complement of FFFF = 0.
At validation, the checksum computation should evaluate to 0 if the IP header is correct.
TCP Checksum Calculation
TCP Checksum is a 16-bit field in TCP header used for error detection. It is computed over the TCP segment (might plus some padding) and a 12-byte TCP pseudo header created on the fly. Same as IP checksum, TCP checksum is also one’s complement of the one’s complement sum of all 16 bit words in the computation data.
Below is a figure that illustrates the data used to calculate TCP checksum,
Figure 1. TCP Checksum Computation Data
As shown in the figure, the pseudo header consists of 5 fields,
Note that TCP pseudo header does not really exist, and it’s not transmitted over the network. It’s constructed on the fly to compute the checksum.
If a TCP segment contains an odd number of octets to be checksummed, the last octect is padded on the right with zeros to form a 16-bit word. But the padding is not part of the TCP segment and therefore not transmitted.
Also note the checksum field of the TCP header needs to be initialized to zeros before checksum calculation. And it’s set to the computed value after the computation.
When TCP packet is received at the destination, the receiving TCP code also performs the TCP calculation and see if there’s a mismatch. If there is, it means there’s error in the packet and it will be discarded. The same validation logic used for IP header checksum validation can be used.
UDP Checksum Calcuation
UDP Checksum calculation is similar to TCP Checksum computation. It’s also a 16-bit field of one’s complement of one’s complement sum of a pseudo UDP header + UDP datagram.
The Pseudo UDP header also consists of 5 fields,
Note that UDP checksum is optional. If it’s not computed, it’s set to all 0s. This could cause issue as sometimes the checksum can be computed as all 0s. To avoid confusion, if the checksum is computed as all 0s, it’s set to all 1s (which is equivalent in one’s complement arithmetic).