> From: Lars Eggert <lars.egg...@nokia.com> > if a transport protocol is used for tunneling IP inside its payload, it > no longer strictly needs to checksum-protect its payload *if* you > require for the inner IP packet and its payload to be protected by some > sort of checksum.
Yes, exactly. Inside a LISP user-data packet, you will find one of two things: - An IPv4 packet, in which case that packet is protected against mis-delivery by its IP header checksum. (The payload in the user's packet may not be protected by a checksum, but IPv4 allows applications to make this choice.) - An IPv6 packet, in which case that packet is protected against mis-delivery and damage by its header+payload checksum. There are no other cases. The UDP checksum in the outer header on LISP user-data does nothing, is expensive/impossible to compute (depending on the hardware), and therefore the correct practical engineering choice is to not compute it. > Nobody is going to implement a check that verifies that if a UDP > checksum of zero is encountered, that the payload of this UDP packet > contains an IP packet that has a payload that is protected by some > checksum. It's just too complicated. You don't need to. There cannot be anything in an LISP user-data packet _except_ an IP packet of some sort (see above). Noel -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------