Re: syslog and network management

[Chuck Swiger <chuck () codefab com>]

On Mar 13, 2008, at 10:33 AM, Roel Jonkman wrote:
> UDP checksum is optional, if the checksum field is 0, there is no  
> checksum.

Agreed-- from RFC 768 page 2:

"Checksum is the 16-bit one's complement of the one's complement sum  
of a pseudo header of information from the IP header, the UDP header,  
and the data, padded with zero octets at the end (if necessary) to  
make a multiple of two octets.
[ ... ]
If the computed checksum is zero, it is transmitted as all ones (the  
equivalent in one's complement arithmetic).  An all zero transmitted  
checksum value means that the transmitter generated no checksum (for  
debugging or for higher level protocols that don't care)."

I have a stratum-2 NTP server (well, I run several, actually, but lets  
pick one :) which gets lots of UDP traffic [1] from a wide variety of  
different platforms.  The "netstat -s" data looks like:

udp:
        60392051 datagrams received
        0 with incomplete header
        0 with bad data length field
        1071 with bad checksum
        25653 with no checksum

...which seems to be about 0.04% frequency of no checksum being set  
for UDP traffic.

-- 
-Chuck

[1]: ~5 GB/month or about 5 requests per second.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards