[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: about the ULID in the TCP checksum





On 2007-01-02 15:27, Iljitsch van Beijnum wrote:
On 28-dec-2006, at 18:57, marcelo bagnulo braun wrote:
...
do you think we should add text about this? (if you do, please send text)

"Firewalls and other middleboxes SHALL NOT drop TCP, UDP and ICMP packets with apparently incorrect checksums based on that fact alone unless they implement (monitoring of) the full shim6 protocol and are able to determine the checksum that must be present in a packet with addresses rewritten by shim6."

I'm sorry, putting such an imperative in a shim6 RFC is an exercise
in futility. You can certainly wish it to be true, but writing it
in this way is pointless.

All you can do is insert a "middlebox considerations" section
pointing out the failure cases and how they can be avoided. As I
think I said the other day, this has to include TCP relays.

And I repeat my suggestion of a probe mechanism to detect paths
with this problem.

    Brian