On 28/07/09 6:49 PM, "Christopher Morrow" <morrowc.li...@gmail.com> wrote:
> On Tue, Jul 28, 2009 at 4:23 AM, Hesham Soliman<hes...@elevatemobile.com>
> wrote:
>> All
>>
>> I strongly recommend that people read section 1 of RFC 2765. Here is some of
>> the relevant text:
>>
>> Fragmented IPv4 UDP packets that do not contain a UDP checksum (i.e.
>> the UDP checksum field is zero) are not of significant use over
>> wide-areas in the Internet and will not be translated by the
>
> 'in the sample taken by one researcher'
>
> (where's the actual email/research/numbers?
> [MILLER] G. Miller, Email to the ngtrans mailing list on 26 March
> 1999.
> doesn't say actually)
>
> I have some dns packets at least that aren't checksumed and do
> traverse a wide-area-network. The work referenced is from at least 10
> years ago, certainly things have changed, we can hope they changed in
> the positive direction, but it's not clear to me that that is the
> case.
=> Can you point to another study? If not, then I'd rather take that one
researcher's study than nothing, or worse, change IPv6 implementations
Hesham
>
> Google searching provides the email which says (among other things)
> (ftp://ftp.ietf.org/ietf-mail-archive/ngtrans/1999-03.mail)
>
> From Greg Miller (mci.net)
> "I just did a little analysis on the UDP checksum issue. This is by no means a
> comprehensive study, but I hope it's better than nothing. (To give credit
> where it's due, Bill Kroah, a colleague here did lots of the number
> crunching.)"
>
> and: (erik nordmark)
> "I'm unsure of the operational implications.
> It would be great if we could determine the amount of UDP Internet traffic
> (outside a single or a few LANs) that don't use UDP checksums today.
>
> At a minimum we need to list this issue in the draft - I don't know
> if we need to support it."
>
> original poster lost in time:
> "The memo says that no cheksum update is necessary for UDP. But we
> think this is not ture. There is one exception.
>
> If a UDP/IPv4 packet whose checksum is 0(ie. not calculated), SIIT
> have to calculate checksum for a new UDP/IPv6 packet."
>
> It seems that the case hasn't been refreshed/touched in ~10 years, so
> saying now that 'eh, just toss away the packets...' is a little
> cavalier.
>
> -chris
>
>> translator. An informal trace [MILLER] in the backbone showed that
>> out of 34,984,468 IP packets there were 769 fragmented UDP packets
>> with a zero checksum. However, all of them were due to malicious or
>> broken behavior; a port scan and first fragments of IP packets that
>> are not a multiple of 8 bytes.
>>
>> Hesham
>>
>> On 28/07/09 6:14 PM, "Christopher Morrow" <christopher.mor...@gmail.com>
>> wrote:
>>
>>> On Tue, Jul 28, 2009 at 3:29 AM, Francis
>>> Dupont<francis.dup...@fdupont.fr> wrote:
>>>> In your previous mail you wrote:
>>>>
>>>> Thoughts?
>>>>
>>>> => I am strongly against changing all IPv6 implementations.
>>>> IMHO the simplest solution is to drop UDP packets with zero checksums
>>>> (as far as I know all IPv4 implementations use non-zero checksums
>>>> per default and some UDP applications, for instance DNS, work far
>>>> better with non-zero checksums. BTW it is an easy condition to check
>>>> in firewalls).
>>>
>>> Out of curiosity, what's the signal back to the sender that his/her
>>> packet was dropped?? NFS (in some implementations) doesn't checksum
>>> UDP packets, DNS doesn't, there are quite a few things that don't
>>> checksum UDP packets.
>>>
>>> Simply dropping packets on the floor isn't polite. Dropping them and
>>> notifying (icmp <somethingbadhappenedhere>) is also hard to deal with
>>> since users can't force udp checksums to happen (per
>>> application/stack) and there's not a clear (aside from application
>>> failure) idea to the user that something isn't working.
>>>
>>> If you choose to drop the packet tell the sender that it happened
>>> (port-unreachable or something along those lines, still the wrong
>>> semantics though), I believe you should accept and correct the
>>> checksum issue though in the end, it's the only proper path.
>>>
>>> -Chris
>>> --------------------------------------------------------------------
>>> IETF IPv6 working group mailing list
>>> ipv6@ietf.org
>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>> --------------------------------------------------------------------
>>
>>
>>
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
