Network Working Group                                         T. Mallory
Request for Comments: 1141                                   A. Kullberg
Obsoletes: RFC 1071                                   BBN Communications
                                                            January 1990
Page 1

Incremental Updating of the Internet Checksum

Status of this Memo

This memo correctly describes the incremental update procedure for use with the standard Internet checksum. It is intended to replace the description of Incremental Update in RFC 1071. This is not a standard but rather, an implementation technique. Distribution of this memo is unlimited.


In RFC 1071 on pages 4 and 5, there is a description of a method to update the IP checksum in the IP header without having to completely recompute the checksum. In particular, the RFC recommends the following equation for computing the update checksum C' from the original checksum C, and the old and new values of byte m:

C' = C + (-m) + m' = C + (m' - m)

While the equation above is correct, it is not very useful for incremental updates since the equation above updates the checksum C, rather than the 1's complement of the checksum, ~C, which is the value stored in the checksum field. In addition, it suffers because the notation does not clearly specify that all arithmetic, including the unary negation, must be performed one's complement, and so is difficult to use to build working code. The useful calculation for 2's complement machines is:

~C' = ~(C + (-m) + m') = ~C + (m - m') = ~C + m + ~m'

In the oft-mentioned case of updating the IP TTL field, subtracting one from the TTL means ADDING 1 or 256 as appropriate to the checksum field in the packet, using one's complement addition. One big-endian non-portable implementation in C looks like:

unsigned long sum;

      ipptr->ttl--;                  /* decrement ttl */
      sum = ipptr->Checksum + 0x100;  /* increment checksum high byte*/
      ipptr->Checksum = (sum + (sum>>16)) /* add carry */

This special case can be optimized in many ways: for instance, you

Page 2

can bundle updating and checking the ttl. Compiler mileage may vary. Here is a more general and possibly more helpful example which updates the ttl by n seconds:

struct ip_hdr *ipptr;
unsigned char n;

          unsigned long sum;
          unsigned short old;

old = ntohs(*(unsigned short *)&ipptr->ttl);
ipptr->ttl -= n;
sum = old + (~ntohs(*(unsigned short *)&ipptr->ttl) & 0xffff); sum += ntohs(ipptr->Checksum);
sum = (sum & 0xffff) + (sum>>16);
ipptr->Checksum = htons(sum + (sum>>16));

Security Considerations

Security issues are not addressed in this memo.

Authors' Addresses

Tracy Mallory
BBN Communications Corporation
50 Moulton Street
Cambridge, MA 02238

Phone: (617) 873-3193

EMail: tmallory@CCV.BBN.COM

A. Kullberg
BBN Communications Corporation
50 Moulton Street
Cambridge, MA 02238

Phone: (617) 873-4000

EMail: akullberg@BBN.COM