From Francis.Dupont at inria.fr Sun May 5 19:53:49 1996 From: Francis.Dupont at inria.fr (Francis Dupont) Date: Sun, 05 May 1996 19:53:49 +0200 Subject: DNS and UDP checksum Message-ID: <199605051753.TAA27137@givry.inria.fr> #ui_sum = 0; if (udpcksum) { if ((ui->ui_sum = in_cksum(m, sizeof (struct udpiphdr) + len)) == 0) ui->ui_sum = 0xffff; } (lines 388-395 of .../sys/netinet/udp_usrreq.c) On input the code is : /* * Checksum extended UDP header and data. */ if (udpcksum && uh->uh_sum) { ((struct ipovly *)ip)->ih_next = 0; ((struct ipovly *)ip)->ih_prev = 0; ((struct ipovly *)ip)->ih_x1 = 0; ((struct ipovly *)ip)->ih_len = uh->uh_ulen; if (uh->uh_sum = in_cksum(m, len + sizeof (struct ip))) { udpstat.udps_badsum++; m_freem(m); return; } } (lines 107-120 of .../sys/netinet/udp_usrreq.c) The best way to test whether the UDP checksum is enabled is to see if the field is 0x0000 or not with a tool like etherfind, snoop, tcpdump (just try the command tcpdump udp port 53 and 'udp[6:2] == 0' if you believe this problem is anecdotal :-). The ZoneCheck tool written by Benont Grangi for the NIC France (available at URL:http://www.nic.fr/ZoneCheck/sources.html) uses a little tool named ckudpcksum which can give an hint (URL:ftp://ftp.nic.fr/pub/programmes/DNS/ckudpcksum.tar.gz). It sends UDP packets with a *wrong* checksum in order to see if the target host verified checksums of incoming UDP packets. It is a legitimate test for a new DNS server and can be used with DNS clients where UDP checksums for incoming and outgoing packets are not managed independently (it was the first purpose of this program but it is not possible to do it very easily and I have suggested this trick to Benont). From GeertJan.deGroot at ripe.net Sun May 5 22:17:23 1996 From: GeertJan.deGroot at ripe.net (Geert Jan de Groot) Date: Sun, 05 May 1996 22:17:23 +0200 Subject: DNS and UDP checksum In-Reply-To: Your message of "Sun, 05 May 1996 19:53:49 MDT." <199605051753.TAA27137@givry.inria.fr> Message-ID: <9605052017.AA14893@ncc.ripe.net> Hi, Not all machines behave the way you describe - BSD/OS for instance, always checks the checksum if one is given and the kernel variable only controls UDP checksumming on transmitted packets. I think it makes sense to make a list of operating systems and describe the behaviour: Operating system, version: UDP checksum receive: {ALWAYS, udp_cksum, NEVER} (default=XX) UDP checksum transmit: {ALWAYS, udp_cksum, NEVER} (default=XX) And for those that don't have checksumming on by default, a description how to change it as they are the only ones affected by an enforcement of UDP checksumming. It is quite likely that only SunOS 4.x or deratives are seriously affected (well, there may be a BSD4.2 system or two in the world but I don't think there are many left). To start things off: OS, version: SunOS, version 4.1.x UDP checksum RX: udp_cksum (default=off) UDP checksum TX: udp_cksum (default=off) Default can be changed by: > Unix OSs have a kernel flag named usually "udpcksum" > settable by a binary editor, config tools (like sysctl, > ndd, no, ...) and defined in .../sys/netinet/in_proto.c > which is distributed in the source form in order to > allow the setting of various TCP/IP flags. [Francis Dupont at inria] OS, version: BSD/OS, version 2.1 UDP checksum RX: ALWAYS UDP checksum TX: udp_cksum (default=on) OS, version: FreeBSD, version 2.1 UDP checksum RX: ALWAYS UDP checksum TX: udp_cksum (default=on) Once collected, this can go in some kind of document be it RFC or otherwise. Can people who know about other OSes please speak up? Geert Jan On Sun, 05 May 1996 19:53:49 +0200 Francis Dupont wrote: > Here is a technical note about UDP checksums > (which should be mandatory for DNS, perhaps we should > write a RFC about this ?) > > Francis.Dupont at inria.fr (rest of original message removed) From Carol.Orange at ripe.net Sun May 5 23:44:28 1996 From: Carol.Orange at ripe.net (Carol Orange) Date: Sun, 05 May 1996 23:44:28 +0200 Subject: Charging by local IRs In-Reply-To: Your message of "Tue, 30 Apr 1996 14:45:24 +0700." <009A1A2C.20CEF21A.15@cc.univie.ac.at> References: <009A1A2C.20CEF21A.15@cc.univie.ac.at> Message-ID: <9605052144.AA15388@ncc.ripe.net> "Wilfried Woeber, UniVie/ACOnet" writes: >>BTW, technical curiosity: how do you intend to keep track of dangling >> pointers in the "new RIPE Web"? Carol mentioned that aspect briefly >> in the plenary report but didn't go into details... Hi Wilfried, Basically it works as follows. With the exception of a few top level pages to be maintained by hand, the pages made available on the web site will be formatted using a variation on the t/nroff ms macros (We could have used latex, but the majority of RIPE documents had already been formatted with ms macros). I'll use the example of the "RIPE database" as a typical string that should lead one to the Golden Truth about the database whenever it appears in a document published on the web site. The brute force procedure is to make a link to the Golden Truth wherever the term is used. Of course, as soon as a new Golden Truth document (or section of a document) is written, all links are out of date, and one is faced with a nightmare, which grows exponentially with the size of your document store. Rather than going through the documents and adding links to other documents, we add tags to say what strings should trigger a link to us. So in the document that is the Golden Truth on the RIPE database, you add a tag that says "RIPE database"should point to it. This can also be done for each section in the document. Our software gathers up all these tags in a document specific file. When the web site is generated (which has to happen whenever docs are changed), all the document specific tag files are gathered up and used to generate links. Then all the document files are searched to find out where the terms are that should get a link. A HTML version of each document is generated based on the formatting specified by the author and the links generated. And there's your document store without a dead link in sight. Admittedly, there are a lot of little annoying details like what to do with partial string matches, what to do if someone adds a tag for the term "Internet", what to do when more authors want the same term to point to their document, but they are details, and we've managed them. Hope that answers your question. Greetings, -- Carol From bonito at nis.garr.it Wed May 8 17:12:27 1996 From: bonito at nis.garr.it (Antonio_Blasco Bonito) Date: Wed, 8 May 96 17:12:27 MET DST Subject: DNS and UDP checksum In-Reply-To: <9605052017.AA14893@ncc.ripe.net>; from "Geert Jan de Groot" at May 5, 96 10:17 pm Message-ID: <199605081512.RAA02520@cuori.nis.garr.it> Quoting from Geert Jan de Groot's message: > > > Hi, > > Not all machines behave the way you describe - BSD/OS for instance, > always checks the checksum if one is given and the kernel variable > only controls UDP checksumming on transmitted packets. > > I think it makes sense to make a list of operating systems and describe > the behaviour: > > Operating system, version: > UDP checksum receive: {ALWAYS, udp_cksum, NEVER} (default=XX) > UDP checksum transmit: {ALWAYS, udp_cksum, NEVER} (default=XX) > And for those that don't have checksumming on by default, a description > how to change it as they are the only ones affected by an enforcement > of UDP checksumming. > > It is quite likely that only SunOS 4.x or deratives are seriously affected > (well, there may be a BSD4.2 system or two in the world but I don't > think there are many left). > > > To start things off: > > OS, version: SunOS, version 4.1.x > UDP checksum RX: udp_cksum (default=off) > UDP checksum TX: udp_cksum (default=off) > Default can be changed by: > > Unix OSs have a kernel flag named usually "udpcksum" > > settable by a binary editor, config tools (like sysctl, > > ndd, no, ...) and defined in .../sys/netinet/in_proto.c > > which is distributed in the source form in order to > > allow the setting of various TCP/IP flags. [Francis Dupont at inria] The following is the script we use on several SunOS machines #!/bin/sh # # Turns ON UDP checksumming on SunOS # to be launched from /etc/rc.local # # Suggested by: cgull+l-udp at smoke.marlboro.vt.us (John Hood) # Taken from "FAQ: Sun Computer Administration Frequently Asked Questions" # (thanks to Rob_Montjoy at ece.uc.edu) # adb -w -k /vmunix /dev/mem << EOF udp_cksum?W1 udp_cksum/W1 EOF Enjoy! Blasco > > OS, version: BSD/OS, version 2.1 > UDP checksum RX: ALWAYS > UDP checksum TX: udp_cksum (default=on) > > OS, version: FreeBSD, version 2.1 > UDP checksum RX: ALWAYS > UDP checksum TX: udp_cksum (default=on) > > Once collected, this can go in some kind of document be it RFC or otherwise. > > Can people who know about other OSes please speak up? > > Geert Jan > > > On Sun, 05 May 1996 19:53:49 +0200 Francis Dupont wrote: > > Here is a technical note about UDP checksums > > (which should be mandatory for DNS, perhaps we should > > write a RFC about this ?) > > > > Francis.Dupont at inria.fr > > (rest of original message removed) > > -- ---------- ---------- Antonio-Blasco Bonito E-Mail: bonito at nis.garr.it GARR - Network Information Service c=it;a=garr;p=garr;o=nis;s=bonito c/o CNUCE - Istituto del CNR Tel: +39 50 593246 Via S. Maria, 36 Fax: +39 50 904052 I-56126 PISA Telex: 500371 CNUCE I Italy Url: http://www.nis.garr.it/nis/staff/bonito.html ---------- ---------- From pulakr at cableol.net Wed May 8 18:02:51 1996 From: pulakr at cableol.net (Pulak Rakshit) Date: Wed, 8 May 1996 18:02:51 +-100 Subject: UPD checksumming for Digital Unix Nameserver Message-ID: <01BB3D08.93CF7520@test3.cableol.net> ---------- From: Ray "The Dragon" Lauff[SMTP:ray at thunder.ocis.temple.edu] Sent: 08 May 1996 12:10 To: Alpha Mailing List; gurus at thunder.ocis.temple.edu; John Center Cc: pulakr at cableol.net Subject: SUMMARY: UPD checksumming for Digital Unix Nameserver First off, thanks for all the replies. It would appear that Digital Unix indeed does do UDP checksums by default. The checksum is across the header and contents of each UDP packet sent across the network and is required by several RFCs. You can use the netconfig(8) tool if you have it, which will display the state of several kernel networking settings. I obtained netconfig from: ftp://ftp.std.com/customers3/src/network/netconfig.tar.gz It compiled easily on DU 3.2. If you don't want to use netconfig, you can use dbx to examine the appropriate variable as follows: -- root> dbx /vmunix dbx version 3.11.8 Type 'help' for help. (dbx) p udpcksum 1 ---- If for some reason you want to turn it off (why...I don't know...) you can use: echo 'assign udpcksum=0' | dbx -k /vmunix /dev/mem As Chris Jankowski said in his email: "Not checking checksums on received packets was a hack to squeeze last drop of performance from an overloaded CPU. The rationale given was that the networks no longer corrupt packets or that the higher layer of protocols will do it. (:-))." The following people were helpful in their responses: Kevin Oberman Stuart Davidson Chris Jankowski Dan Riley Phil LAwrence Matt Thomas Thanks again folks! Ray -- Ray Lauff : ray at thunder.ocis.temple.edu : (215) 204-5678 : Temple University