On Tue, Jul 28, 2009 at 3:29 AM, Francis Dupont<francis.dup...@fdupont.fr> wrote: > In your previous mail you wrote: > > Thoughts? > > => I am strongly against changing all IPv6 implementations. > IMHO the simplest solution is to drop UDP packets with zero checksums > (as far as I know all IPv4 implementations use non-zero checksums > per default and some UDP applications, for instance DNS, work far > better with non-zero checksums. BTW it is an easy condition to check > in firewalls).
Out of curiosity, what's the signal back to the sender that his/her packet was dropped?? NFS (in some implementations) doesn't checksum UDP packets, DNS doesn't, there are quite a few things that don't checksum UDP packets. Simply dropping packets on the floor isn't polite. Dropping them and notifying (icmp <somethingbadhappenedhere>) is also hard to deal with since users can't force udp checksums to happen (per application/stack) and there's not a clear (aside from application failure) idea to the user that something isn't working. If you choose to drop the packet tell the sender that it happened (port-unreachable or something along those lines, still the wrong semantics though), I believe you should accept and correct the checksum issue though in the end, it's the only proper path. -Chris -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------