[Snort-devel] Checksums

Christopher Cramer cec at ...56...
Thu Oct 26 08:28:48 EDT 2000


Alberto,

My current code looks very similar to the below.  I'll probably try to
optimize by using some loop unrolling, but that may have to see what the
profiling on my 2 main platforms (linux and solaris) indicate about the
relative speeds.

-Chris


On Thu, 26 Oct 2000, Alberto Dainotti wrote:

> 
> Hello, I started to implement checksums in snort some days ago, 
> I used simple code in practice identical  to that which you can find in
> libnet or in Stevens examples, it seems that compiling it with -O3 makes
> it very fast and I didn't find anything faster (gcc does a hell of
> work). 
> I also tried the asm86 routines in the linux kernel but strangely they
> seem slower (!?) ..  may be I'm missing something doing my performance
> tests.. btw how do you test how much time it takes a routine instead of
> another one?
> 
> I thought code should go in the decoding engine too .. right after
> the "IP header truncated" and "Not IPv4 datagram" tests, discarding
> the packet in case of a test failure.
> I don't send you a patch now 'cause all the code is a mess, I was
> waiting before posting a message about it, but here below I've cut and
> pasted the function:
> 
> u_short
> do_cksum(u_short *addr, int nbytes)
> {
> 	long sum;
> 	u_short oddbyte;
> 
> 	sum = 0;
> 	while (nbytes > 1) {
> 		sum += *addr++;
> 		nbytes -= 2;
> 	}
> 	if (nbytes == 1) {
> 		oddbyte=0;
> 		*(u_char *)(&oddbyte) = *(u_char *)addr;
> 		sum += oddbyte;
> 	}
> 
> 	sum  = (sum >> 16) + (sum & 0xffff);	/* add high-16 to low-16 */
> 	sum += (sum >> 16);			/* add carry */
> 	return (~sum);
> }
> 
> 
> Greets,
> 				Alberto.
>  
> 
> On Wed, 25 Oct 2000, Christopher Cramer wrote:
> 
> > 
> > Marty,
> > 
> > I think the fastest code may be along the lines of the portable BSD
> > checksum code.  Since it is under the BSD license, we could probably snipe
> > it, cite it and hack it to work better with Snort.  If that makes you
> > uncomfortable (it makes me a little uneasy), I can take the _principles_
> > used for their fast portable code and implement it myself.
> > 
> > For the Packet struct, we might consider a u_short variable (or u_char)
> > which is the OR-ing of flags representing checksum errors in IP, TCP, UDP,
> > etc.
> > 
> > This way, an optimization would be to have some plugins bail if the
> > checksum variable != 0, improving speed.  However, a stats plugin might
> > record the number of checksum errors of different types.
> > 
> > -Chris
> > 
> > 
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-devel
> 




More information about the Snort-devel mailing list