TCP/IP checksum fields are one's complement values and therefore have two possible representations of zero: positive zero (0x0000) and negative zero (0xffff). In RFC768, UDP over IPv4 exploits this redundancy to repurpose the positive representation of zero (0x0000) to mean "no checksum calculated"; checksums are optional for UDP over IPv4. In RFC2460, checksums are made mandatory for UDP over IPv4. The wording of the RFC is such that the UDP header is mandated to use only the negative representation of zero (0xffff), rather than simply requiring the checksum to be correct but allowing for either representation of zero to be used. In RFC1071, an example algorithm is given for calculating the TCP/IP checksum. This algorithm happens to produce only the positive representation of zero (0x0000); this is an artifact of the way that unsigned arithmetic is used to calculate a signed one's complement sum (and its final negation). A common misconception has developed (exemplified in RFC1624) that this artifact is part of the specification. Many people have assumed that the checksum field should never contain the negative representation of zero (0xffff). A sensible receiver will calculate the checksum over the whole packet and verify that the result is zero (in whichever representation of zero happens to be generated by the receiver's algorithm). Such a receiver will not care which representation of zero happens to be used in the checksum field. However, there are receivers in existence which will verify the received checksum the hard way: by calculating the checksum over the remainder of the packet and comparing the result against the checksum field. If the representation of zero used by the receiver's algorithm does not match the representation of zero used by the transmitter (and so placed in the checksum field), and if the receiver does not explicitly allow for both representations to compare as equal, then the receiver may reject packets with a valid checksum. For UDP, the combined RFCs effectively mandate that we should generate only the negative representation of zero in the checksum field. For IP, TCP and ICMP, the RFCs do not mandate which representation of zero should be used, but the misconceptions which have grown up around RFC1071 and RFC1624 suggest that it would be least surprising to generate only the positive representation of zero in the checksum field. Fix by ensuring that all of our checksum algorithms generate only the positive representation of zero, and explicitly inverting this in the case of transmitted UDP packets. Reported-by: Wissam Shoukair <wissams@mellanox.com> Tested-by: Wissam Shoukair <wissams@mellanox.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>tags/v1.20.1
|
|
||
19 |
|
19 |
|
20 |
|
20 |
|
21 |
|
21 |
|
|
22 |
|
|
|
23 |
|
|
|
24 |
|
|
|
25 |
|
|
|
26 |
|
|
|
27 |
|
|
22 |
|
28 |
|
23 |
|
29 |
|
24 |
|
|
|
|
30 |
|
|
|
31 |
|
|
|
32 |
|
|
|
33 |
|
|
|
34 |
|
|
|
35 |
|
|
|
36 |
|
|
|
37 |
|
|
|
38 |
|
|
|
39 |
|
|
|
40 |
|
|
|
41 |
|
|
|
42 |
|
|
|
43 |
|
|
|
44 |
|
|
|
45 |
|
|
|
46 |
|
|
|
47 |
|
|
|
48 |
|
|
|
49 |
|
|
|
50 |
|
|
|
51 |
|
|
25 |
|
52 |
|
26 |
|
|
|
|
53 |
|
|
27 |
|
54 |
|
28 |
|
55 |
|
29 |
|
56 |
|
|
|
||
88 |
|
115 |
|
89 |
|
116 |
|
90 |
|
117 |
|
|
118 |
|
|
|
119 |
|
|
|
120 |
|
|
|
121 |
|
|
|
122 |
|
|
|
123 |
|
|
|
124 |
|
|
91 |
|
125 |
|
92 |
|
126 |
|
93 |
|
127 |
|
|
|
||
358 |
|
358 |
|
359 |
|
359 |
|
360 |
|
360 |
|
361 |
|
|
|
|
361 |
|
|
362 |
|
362 |
|
|
363 |
|
|
|
364 |
|
|
|
365 |
|
|
363 |
|
366 |
|
364 |
|
367 |
|
365 |
|
368 |
|
|
|
||
522 |
|
522 |
|
523 |
|
523 |
|
524 |
|
524 |
|
|
525 |
|
|
|
526 |
|
|
525 |
|
527 |
|
526 |
|
528 |
|
527 |
|
529 |
|
|
|
||
328 |
|
328 |
|
329 |
|
329 |
|
330 |
|
330 |
|
|
331 |
|
|
331 |
|
332 |
|
332 |
|
333 |
|
333 |
|
334 |
|
|
|
||
94 |
|
94 |
|
95 |
|
95 |
|
96 |
|
96 |
|
|
97 |
|
|
|
98 |
|
|
|
99 |
|
|
|
100 |
|
|
|
101 |
|
|
|
102 |
|
|
97 |
|
103 |
|
98 |
|
104 |
|
99 |
|
105 |
|
|
|
||
126 |
|
132 |
|
127 |
|
133 |
|
128 |
|
134 |
|
|
135 |
|
|
|
136 |
|
|
|
137 |
|
|
|
138 |
|
|
|
139 |
|
|
|
140 |
|
|
|
141 |
|
|
|
142 |
|
|
129 |
|
143 |
|
130 |
|
144 |
|
131 |
|
|
|
|
145 |
|
|
132 |
|
146 |
|
133 |
|
147 |
|
134 |
|
148 |
|
|
|
||
142 |
|
156 |
|
143 |
|
157 |
|
144 |
|
158 |
|
|
159 |
|
|
145 |
|
160 |
|
146 |
|
161 |
|
147 |
|
162 |
|
|
|
||
227 |
|
242 |
|
228 |
|
243 |
|
229 |
|
244 |
|
|
245 |
|
|
|
246 |
|
|
230 |
|
247 |
|
231 |
|
248 |
|
232 |
|
249 |
|