On 3-jan-2007, at 16:36, Brian E Carpenter wrote:
"Firewalls and other middleboxes SHALL NOT drop TCP, UDP and ICMP packets with apparently incorrect checksums based on that fact alone unless they implement (monitoring of) the full shim6 protocol and are able to determine the checksum that must be present in a packet with addresses rewritten by shim6."
I'm sorry, putting such an imperative in a shim6 RFC is an exercise in futility. You can certainly wish it to be true, but writing it in this way is pointless.
I disagree. Although I recognize that middlebox makers will continue to break protocols as they see fit, at least this provides guidance to those middlebox makers who are on the fence.
And I repeat my suggestion of a probe mechanism to detect paths with this problem.
Detecting paths where packets with apparent incorrect checksums are discarded? That doesn't make much philosophical OR technical sense to me.
If this is a problem, it's probably better to adjust the checksum such that it appears to be correct to a non-shim6 aware observer. This does have the downside that incorrect address rewriting isn't detected by the checksum, though.