Re: about the ULID in the TCP checksum

[Brian E Carpenter <brc@zurich.ibm.com>]

On 2007-01-02 15:27, Iljitsch van Beijnum wrote:
> On 28-dec-2006, at 18:57, marcelo bagnulo braun wrote:
...
> > do you think we should add text about this? (if you do, please send text)
>
> "Firewalls and other middleboxes SHALL NOT drop TCP, UDP and ICMP 
> packets with apparently incorrect checksums based on that fact alone 
> unless they implement (monitoring of) the full shim6 protocol and are 
> able to determine the checksum that must be present in a packet with 
> addresses rewritten by shim6."

I'm sorry, putting such an imperative in a shim6 RFC is an exercise
in futility. You can certainly wish it to be true, but writing it
in this way is pointless.

All you can do is insert a "middlebox considerations" section
pointing out the failure cases and how they can be avoided. As I
think I said the other day, this has to include TCP relays.

And I repeat my suggestion of a probe mechanism to detect paths
with this problem.

    Brian