x/net/ipv4: add IPv4 header checksum computation for ipv4.Header type

[mdlayher]

I'm working on a project that uses packet sockets directly, and I have to calculate the IPv4 checksum on my own since I'm building from Ethernet frames up.

I notice that x/net/ipv4 doesn't provide any way to easily calculate a checksum, but I think such a function/method could be useful in conjunction with the ipv4.Header type.

I wrote a basic implementation in ~30 lines with documentation comments, and would be happy to submit it upstream. At this point, my questions are:

• Is this something that would be considered generally useful enough to go in x/net/ipv4?
• If so, what should the API look like?

My current implementation accepts a byte slice from the output of ipv4.Header.Marshal, but I could see a method making sense as well.

// ipv4Checksum computes the IPv4 header checksum for input IPv4 header bytes.
func ipv4Checksum(b []byte) (uint16, error) {
    // ...
}

/cc @mikioh

[bradfitz]

Seems fine to me for x/net.

[gopherbot]

Change https://golang.org/cl/112817 mentions this issue: ipv4: add Header.HeaderChecksum method

[mikioh]

The CL 112817 provides wrong checksum values on a few BSD variants. I think the functionality should be provided as part of wire format friendly API in the other package, the same as #18633.

[rsc]

@mikioh how can the checksum be OS-specific? What do you mean "on a few BSD variants"?

[rsc]

Sorry, clicked "close and comment" instead of comment.

[mikioh]

how can the checksum be OS-specific?

The packages in x/net repository generate and parse byte sequences from/to host protocol stack implementations. As mentioned in #18633, the byte sequences may differ from the wire format on a few BSD variants.

[rsc]

IPv4 defines a wire checksum. It sounds like some operating systems separately require user-space code to send the kernel a different checksum over IPv4 headers in certain contexts, and that different checksum varies from system to system. I can see the possible benefit in abstracting that way, but we should certainly not call this an IPv4 checksum. Any confusion with the portable computation should be avoided.

It sounds like what's really being suggested is SystemHeaderChecksum. If it's a method on ipv4.Header maybe it's just SystemChecksum. Either way the doc comment must make clear this is an OS-specific calculation and not the standard IPv4 checksum.

Do I have this right?

[bradfitz]

Ping @mdlayher

[mdlayher]

As mentioned in #18633, the byte sequences may differ from the wire format on a few BSD variants.

TBH, I wasn't even aware this was possible. I had assumed that all operating systems used the same algorithm: https://en.wikipedia.org/wiki/IPv4_header_checksum.

It sounds like what's really being suggested is SystemHeaderChecksum. If it's a method on ipv4.Header maybe it's just SystemChecksum. Either way the doc comment must make clear this is an OS-specific calculation and not the standard IPv4 checksum.

I was proposing adding the "standard" IPv4 checksum, per the above Wikipedia article. I don't quite understand how this could vary between OSes, but my experience is pretty much only Linux-based.

[rsc]

@mdlayher can you show us (or describe) examples of code where you would use this function? A few of us are trying to understand this wire-neutral checksum vs what @mikioh's been saying here and in #18633 and are a bit confused about exactly when each would be needed. Thanks.