Internet checksum
The Internet checksum,[1][2] also called the IPv4 header checksum is a checksum used in version 4 of the Internet Protocol (IPv4) to detect corruption in the header of IPv4 packets. It is carried in the IP packet header, and represents the 16-bit result of summation of the header words.[3]
The IPv6 protocol does not use header checksums. Its designers considered that the whole-packet link layer checksumming provided in protocols, such as PPP and Ethernet, combined with the use of checksums in upper layer protocols such as TCP and UDP, are sufficient.[4] Thus, IPv6 routers are relieved of the task of recomputing the checksum whenever the packet changes, for instance by the lowering of the Hop limit counter on every hop.
The Internet checksum is mandatory to detect errors in IPV6 UDP packets (including data payload).
The Internet checksum is used to detect errors in ICMP packets (including data payload).
Computation
The checksum calculation is defined as follows:[5]
The checksum field is the 16-bit ones' complement of the ones' complement sum of all 16-bit words in the header. For purposes of computing the checksum, the value of the checksum field is zero.
If there is no corruption, the result of summing the entire IP header, including checksum, should be zero. At each hop, the checksum is verified. Packets with checksum mismatch are discarded. The router must adjust the checksum if it changes the IP header (such as when decrementing the TTL).[6]
The procedure is explained in detail in RFC 1071 "Computing the Internet Checksum".[1] Optimisations are presented in RFC 1624 "Computation of the Internet Checksum via Incremental Update", [2] to cover the case in routers which need to recompute the header checksum during packet forwarding when only a single field has changed.
Examples
Calculating the IPv4 header checksum
Take the following truncated excerpt of an IPv4 packet. The header is shown in bold and the checksum is underlined.
4500 0073 0000 4000 4011 b861 c0a8 0001
c0a8 00c7 0035 e97c 005f 279f 1e4b 8180
For ones' complement addition, each time a carry occurs, we must add a 1 to the sum.[7] A carry check and correction can be performed with each addition or as a post-process after all additions. If another carry is generated by the correction, another 1 is added to the sum.
To calculate the checksum, we can first calculate the sum of each 16 bit value within the header, skipping only the checksum field itself. Note that these values are in hexadecimal notation.
4500 + 0073 + 0000 + 4000 + 4011 + c0a8 + 0001 + c0a8 + 00c7 = 2479c
The first digit is the carry count and is added to the sum:
2 + 479c = 479e
(if another carry is generated by this addition, another 1 must be added to the sum)
To obtain the checksum we take the ones' complement of this result: b861
(as shown underlined in the original IP packet header).
Verifying the IPv4 header checksum
When verifying a checksum, the same procedure is used as above, except that the original header checksum is not omitted.
4500 + 0073 + 0000 + 4000 + 4011 + b861 + c0a8 + 0001 + c0a8 + 00c7 = 2fffd
Add the carry bits:
fffd + 2 = ffff
Taking the ones' complement (flipping every bit) yields 0000, which indicates that no error is detected.
IP header checksum does not check for the correct order of 16 bit values within the header.
References
- R. Braden; D. Borman; C. Partridge (September 1988). Computing the Internet Checksum. Network Working Group. doi:10.17487/RFC1071. RFC 1071. Informational. Updated by RFC 1141.
- A. Rijsinghani, ed. (May 1994). Computation of the Internet Checksum via Incremental Update. Network Working Group. doi:10.17487/RFC1624. RFC 1624. Informational. Updates RFC 1141.
- IP Datagram General Format
- Iljitsch van Beijnum (September 2006). "IPv6 Internals". Cisco.
- J. Postel, ed. (September 1981). INTERNET PROTOCOL - DARPA INTERNET PROGRAM PROTOCOL SPECIFICATION. IETF. doi:10.17487/RFC0791. STD 5. RFC 791. IEN 128, 123, 111, 80, 54, 44, 41, 28, 26. Internet Standard. Obsoletes RFC 760. Updated by RFC 1349, 2474 and 6864.
- F. Baker, ed. (June 1995). Requirements for IP Version 4 Routers. Network Working Group. doi:10.17487/RFC1812. RFC 1812. Proposed Standard. Obsoletes RFC 1716 and 1009. Updated by RFC 2644 and 6633.
- "Compute 16-bit One's Complement Sum". Retrieved 2019-02-07.