IPv4 header checksum
The IPv4 header checksum is a simple checksum used in version 4 of the Internet Protocol (IPv4) to protect the header of IPv4 data packets against data corruption. This checksum is calculated only for the header bytes (with the checksum bytes set to 0), is 16 bits long and is a part of the IP packet header.
The checksum field is the 16-bit one's complement of the one's complement sum of all 16-bit words in the header. For purposes of computing the checksum, the value of the checksum field is zero.
The result of summing the entire IP header, including checksum, should be zero if there is no corruption. At each hop, the checksum is recalculated and the packet will be discarded upon checksum mismatch. The router must adjust the checksum if it changes part of the IP header (such as when decrementing the TTL.)
The IPv6 protocol lacks a header checksum: its designers considered that the whole-packet link-layer checksumming provided in layer 2 transports such as PPP and Ethernet, combined with the use of checksums in upper-layer protocols such as TCP and UDP, were sufficient to make a separate header checksum unnecessary.
Example: calculating an IPv4 header checksum
Take the following truncated excerpt of an IPv4 packet. The header is shown in bold and the checksum is underlined.
4500 0073 0000 4000 4011 b861 c0a8 0001
c0a8 00c7 0035 e97c 005f 279f 1e4b 8180
To calculate the checksum, we can first calculate the sum of each 16 bit value within the header, skipping only the checksum field itself. Note that the values are in hexadecimal notation.
4500 + 0073 + 0000 + 4000 + 4011 + c0a8 + 0001 + c0a8 + 00c7 = 2479C (equivalent to 149,404 in decimal)
Next, we convert the value 2479C to binary:
0010 0100 0111 1001 1100
The first 4 bits are the carry and will be added to the rest of the value:
0010 + 0100 0111 1001 1100 = 0100 0111 1001 1110
In this example the addition of the carry didn't itself generate a carry. If it had it would have been necessary to add that new carry back in as well.
Next, we flip every bit in that value, to obtain the checksum:
0100 0111 1001 1110 becomes:
1011 1000 0110 0001
This is equal to B861 in hexadecimal, as shown underlined in the original IP packet header.
Example: verifying an IPv4 header checksum
When verifying a checksum, the same procedure is used as above, except that the original header checksum is not omitted.
4500 + 0073 + 0000 + 4000 + 4011 + b861 + c0a8 + 0001 + c0a8 + 00c7 = 2fffd
Add the carry bits:
fffd + 2 = ffff
Taking the ones' complement (flipping every bit) yields 0000, which indicates that no error is detected. IP header checksum does not check for the correct order of 16 bit values within the header.
- "Internet Header Format". Internet Protocol DARPA Internet program protocol specification. IETF. September 1981. p. 14. doi:10.17487/RFC0791. STD 5. RFC 791. https://tools.ietf.org/html/rfc791#page-14. Retrieved 2009-10-27.
- Baker, Fred, ed. (June 1995). "Header Checksum". Requirements for IP Version 4 Routers. IETF. p. 44. sec. 18.104.22.168. doi:10.17487/RFC1812. RFC 1812. https://tools.ietf.org/html/rfc1812#section-22.214.171.124. Retrieved 2009-10-27.
- Iljitsch van Beijnum (September 2006). "IPv6 Internals". Cisco.