On Thu, 17 Nov 2005, Andreas Bartelt wrote:
As much better algorithms for error detection are known and PC performance
(and also Internet traffic) has increased a lot since the introduction of TCP
- do you think that the original checksum algorithm is still the best choice
in terms of a reliability/performance tradeoff?
If you care about errors creeping in from the link-layer, then you can run
IPsec AH. Most people don't care, because their link layers are pretty
good. People with bad link layers tend to implement decent error detection
and correction there.
E.g.
[EMAIL PROTECTED] djm]$ netstat -sp ip | grep -E '(bad.*checksum|total packets)'
61092730 total packets received
0 bad header checksums
Given that a) stronger mechanisms exist if you want to use them, b) this
isn't a problem in real life and c) OpenBSD isn't going to make unilateral
TCP changes that break its ability to speak to everyone else on the
Internet, you should probably find a different windmill to attack :)
-d