SUMMARY: UDP Checksum

From: Dave Roberts (djr@saa-cons.co.uk)
Date: Thu Nov 28 1996 - 03:30:17 CST


Thanks to :-
Gary Richardson <Gary.Richardson@proteon.com>
Benjamin Cline <benji@hnt.com>
Casper Dik <casper@holland.Sun.COM>
Hal Stern - Distinguished Systems Engineer <stern@sunrise.East.Sun.COM>

with the most detailed response from David Beard
<beard@abel.maths.adelaide.edu.au>.

On Thu, 28 Nov 1996, David Beard wrote:

> Hi Dave,

> [ I originally wrote ]

> > I've just compiled BIND 4.9.5 for a 4.1.4 system, and when I try to run
> > it, it complains about UDP checksums. Looking into the makefile, the
> > SunOS 4 options include a CHECKSUM definition, and the code itself is
> > pulling out an nlist from the kernel for _udp_cksum. When the code opens
> > the /vmunix to have a look inside, the value being read is zero, and I
> > think it doesn't really want that :)
>
> Yes, UDP checksums are a *good* thing if you are running a DNS. This is *off*
> by default on SunOS boxes, unfortunately.
>
> > Looking in the GENERIC kernel config file, I couldn't find anything that
> > references this. And searching through the man pages didn't help either.
> > Is this something that I can enable?
>
> Yes, have a look at the file /usr/kvm/sys/netinet/in_proto.c
> and change the line
> int udp_cksum = 0;
> to
> int udp_cksum = 1;
> and then rebuild your kernel (install it and reboot).
>
> You can also change this on a `live' system using adb, e.g.
> adb -w -k /vmunix /dev/mem << EOF
> udp_cksum?W1
> udp_cksum/W1
> EOF
>
> which will update the file /vmunix and the `live' copy in memory.
> There was some more detailed information about this in the newsgroup
> comp.protocols.tcp-ip.domains about 5 months ago.
> To quote Tom Fitzgerald:
> > Nameservers that have UDP checksums disabled can cause corrupted DNS
> > data to be accepted by other nameservers, and propagated around the
> > net indefinitely, to the suffering of everyone involved. A few times
> > a year this involves corrupted root domain data, which makes the
> > damage orders of magnitude worse.
>
> You therefore need to take this advise seriously.
>
> Hope this helps.
>
> Regards, David
> --
> David Beard Phone: (+61 8) 830 35709
> Computer Systems Manager FAX: (+61 8) 830 33773
> Departments of Statistics, Pure & Applied Mathematics
> University of Adelaide
> South Australia, 5005 E-mail: beard@maths.adelaide.edu.au



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:17 CDT