Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

OSR Seminars


Go Back   OSR Online Lists > ntdev
Welcome, Guest
You must login to post to this list
  Message 1 of 2  
02 Jan 18 22:06
Steve Valley
xxxxxx@gmail.com
Join Date: 22 Jul 2017
Posts To This List: 5
Using TCP Checksum Offload from lwf based driver

I know that this has probably been asked before but I have written a Driver based on the lwf sample that modifies the outgoing packets and recalculates the tcp checksum. This works fine if I disable the tcp checksum offload on the nic card, but I cannot seem to get it to work with tcp checksum enabled. I cannot find much doc on how this all works.Or if I can control the tcp checksum offload from the driver or how to manipulate the ndis packet descriptor information to include my changes. Any pointers would be deeply appreciated. Thanks. --
  Message 2 of 2  
03 Jan 18 03:55
Jan Bottorff
xxxxxx@pmatrix.com
Join Date: 16 Apr 2013
Posts To This List: 440
Using TCP Checksum Offload from lwf based driver

When a NIC does TCP checksum offload, the OS has precalculated the pseudo header checksum and stored it in the TCP checksum field. The pseudo header is derived from the IP address and the TCP segment length. The OS calculates this pseudo header checksum to avoid requiring the checksum hardware needing to parse the IP header, which might have options, so is variable length. By supplying the hardware with the precalculated pseudo header, the hardware only needs to know the location of the TCP header, which is passed from the OS to the driver as metadata. Note that in the case of TCP segmentation offload, the parts of the pseudo header that depend on the IP address don’t change, although the segment length after segmentation is needed to finish calculating the pseudo header checksum. As I remember, the pseudo header checksum for large segment offload packets is only a partial pseudo header checksum, as the segmentation determines the individual packet size. If you filter driver modifies certain fields in the IP header, it will need to recalculate the TCP pseudo header. There are a number of subtle variations, which you will need to correctly handle. Like IPv4 UDP packets can use a null checksum of zero, but IPv6 packets can’t. You might see if you can filter things at a layer before the checksums are calculated, modifying the packets after they are built will be painful. If you’re modifying IP headers, you will also likely need to handle cases other than TCP checksums. Many server NIC’s can handle tunneled packets in hardware, which can have for example TCP packets inside a wrapper TCP stream, so there are two TCP checksums, the inner and outer streams. Your filter should not disable any hardware offloads, so you may need to handle all the cases that hardware might do. IPSEC packets might also be a serious problem, because the TCP header will be encrypted, regenerating the TCP checksum for a changed IP header would require knowing the encryption keys. There are docs on how the pseudo header is calculated, like at https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Checksum_computation I may be useful to use the WHQL NIC checksum tests to verify you are correctly fixing up the pseudo header in your filter, with a test NIC that does many advanced hardware offloads. I’m assuming your filter should work with every NIC. Perhaps there are explicit tests for filters than fool with the checksums, so there is a way to verify all cases are handled. Jan From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com Sent: Tuesday, January 2, 2018 7:06 PM To: Windows System Software Devs Interest List <xxxxx@lists.osr.com> Subject: [ntdev] Using TCP Checksum Offload from lwf based driver I know that this has probably been asked before but I have written a Driver based on the lwf sample that modifies the outgoing packets and recalculates the tcp checksum. This works fine if I disable the tcp checksum offload on the nic card, but I cannot seem to get it to work with tcp checksum enabled. I cannot find much doc on how this all works.Or if I can control the tcp checksum offload from the driver or how to manipulate the ndis packet descriptor information to include my changes. Any pointers would be deeply appreciated. Thanks. --- NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntdev list to be able to post.

All times are GMT -5. The time now is 00:46.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license