Skip to main content

Incremental updating of the Internet checksum
RFC 1141

Document Type RFC - Informational (January 1990) Errata
Updated by RFC 1624
Updates RFC 1071
Authors Tracy Mallory, A. Kullberg
Last updated 2013-03-02
RFC stream Legacy
Formats
IESG Responsible AD (None)
Send notices to (None)
RFC 1141
Network Working Group                                         T. Mallory
Request for Comments: 1141                                   A. Kullberg
Obsoletes: RFC 1071                                   BBN Communications
                                                            January 1990

             Incremental Updating of the Internet Checksum

Status of this Memo

   This memo correctly describes the incremental update procedure for
   use with the standard Internet checksum.  It is intended to replace
   the description of Incremental Update in RFC 1071.  This is not a
   standard but rather, an implementation technique.  Distribution of
   this memo is unlimited.

Description

   In RFC 1071 on pages 4 and 5, there is a description of a method to
   update the IP checksum in the IP header without having to completely
   recompute the checksum.  In particular, the RFC recommends the
   following equation for computing the update checksum C' from the
   original checksum C, and the old and new values of byte m:

         C' = C + (-m) + m' = C + (m' - m)

   While the equation above is correct, it is not very useful for
   incremental updates since the equation above updates the checksum C,
   rather than the 1's complement of the checksum, ~C, which is the
   value stored in the checksum field.  In addition, it suffers because
   the notation does not clearly specify that all arithmetic, including
   the unary negation, must be performed one's complement, and so is
   difficult to use to build working code.  The useful calculation for
   2's complement machines is:

         ~C' = ~(C + (-m) + m') = ~C + (m - m') = ~C + m + ~m'

   In the oft-mentioned case of updating the IP TTL field, subtracting
   one from the TTL means ADDING 1 or 256 as appropriate to the checksum
   field in the packet, using one's complement addition.  One big-endian
   non-portable implementation in C looks like:

      unsigned long sum;
      ipptr->ttl--;                  /* decrement ttl */
      sum = ipptr->Checksum + 0x100;  /* increment checksum high byte*/
      ipptr->Checksum = (sum + (sum>>16)) /* add carry */

   This special case can be optimized in many ways: for instance, you

Mallory & Kullberg                                              [Page 1]
RFC 1141                  Incremental Updating              January 1990

   can bundle updating and checking the ttl.  Compiler mileage may vary.
   Here is a more general and possibly more helpful example which
   updates the ttl by n seconds:

      UpdateTTL(iph,n)
      struct ip_hdr *ipptr;
      unsigned char n;
      {
          unsigned long sum;
          unsigned short old;

          old = ntohs(*(unsigned short *)&ipptr->ttl);
          ipptr->ttl -= n;
          sum = old + (~ntohs(*(unsigned short *)&ipptr->ttl) & 0xffff);
          sum += ntohs(ipptr->Checksum);
          sum = (sum & 0xffff) + (sum>>16);
          ipptr->Checksum = htons(sum + (sum>>16));
      }

Security Considerations

   Security issues are not addressed in this memo.

Authors' Addresses

   Tracy Mallory
   BBN Communications Corporation
   50 Moulton Street
   Cambridge, MA 02238

   Phone: (617) 873-3193

   EMail: tmallory@CCV.BBN.COM

   A. Kullberg
   BBN Communications Corporation
   50 Moulton Street
   Cambridge, MA 02238

   Phone: (617) 873-4000

   EMail:  akullberg@BBN.COM

Mallory & Kullberg                                              [Page 2]