Syndos -- TCP/IP checksum speed Algorithm

When the sending speed of SYN packets is greatly improved, the checksum calculation is naturally a part that cannot be ignored.

　　
The traditional checksum algorithm is used to search a large number of attackers on the Internet. This algorithm has no disadvantages and is universal. It can calculate the checksum of any data length. For a SYN packet that is as short as a fixed length package each time, this algorithm is obviously cumbersome. Let's take a closer look at the principles of the checksum algorithm:

USHORT ChechkSum(USHORT *buffer, int size){   DWORD chkSum = 0;   while(size > 1)   {      chkSum += *buffer++;      size -= sizeof(USHORT);   }   if(size)      chkSum += *(UCHAR*)buffer;   chkSum = (chkSum >> 16) + (chkSum & 0xffff);    chkSum += (chkSum >> 16);   return (USHORT)(~chkSum);}

　　

The following does not consider the case where the length is odd. First, let's look at the code in the loop. In fact, we only treat the data as a ushort [] and calculate the sum of the arrays. Even if the data content is different, but as long as the accumulated and unchanged content, No matter what operation is performed on it, the function results must be the same. To put it simply:Different data may have the same sum and the same checksum.. For example, 1 + 2 + 3 = 3 + 2 + 1 = 2 + 2 + 2, and both are 6, so they also have the same checksum.

　　

Since this algorithm is used, we can optimize it. For example, a fixed array: ushort A [10]. His and his65535*10 + 1. This should be well understood: If the 10 numbers are all 0, then the sum is also 0; otherwise, the sum is the maximum number of 65535, then the sum is 655350; and the rest is fluctuating between them. As you can see,The data checksum of n characters is only 65535 * n + 1.. In this program, the TCP checksum calculation data is 20 characters long (40 bytes), and the result is only 1,310,699 types. If you are thinking about it, you must have thought of the classic space-to-time algorithm. That's right! Even if we compute and save all the checksum of these numbers in advance, we only need 2 MB of memory space. But the question is, how can we use the cached data in the table in the future?

　　

Because this is a"And"And"Checksum", So when" and "are determined, the" checksum "is obtained ". Therefore, when the data packet is pre-filled, the variable field must be set to 0, and then the sum of the semi-finished packet is calculated as the base value ". When the variable part is filled with data in the future, for example, if the IP header is filled with the ID field, the "and" of this IP header is: Base Value + id, And the checksum is of course: table [base value + id]. O (1) Complexity, fast enough!

　　

Of course, if a variable field contains more than two bytes, it cannot be simply added. It also needs to be computed for high merging. For example, if the srcip (4 bytes) in the IP header is filled with data, then:

Table [base value + sum (srcip)]

 

Is its correct checksum. the specific sum operation can be defined by a macro:

  #define HI(VALUE)  (VALUE >> 16)  #define LOW(VALUE) (VALUE & 0xFFFF)  #define SUM(VALUE) (HI(VALUE) + LOW(VALUE))

　　

Cache table initialization:

Ushort tablechksum [max_tbl_size]; /*************************************** * *********** function: initchksumtable * Note: Initialize the checksum ing table * cache: Field and (SUM)-> checksum) **************************************** * ********/void initchksumtable () {uint I; uint chksum; for (I = 0; I <max_tbl_size; I ++) {chksum = sum (I); chksum + = Hi (chksum ); tablechksum [I] = (ushort )~ Chksum ;}}

(2009/1/2)