Re: about the ULID in the TCP checksum

[Brian E Carpenter <brc@zurich.ibm.com>]

On 2007-01-03 16:59, Iljitsch van Beijnum wrote:
> On 3-jan-2007, at 16:36, Brian E Carpenter wrote:
>
> > > "Firewalls and other middleboxes SHALL NOT drop TCP, UDP and ICMP 
> > > packets with apparently incorrect checksums based on that fact alone 
> > > unless they implement (monitoring of) the full shim6 protocol and are 
> > > able to determine the checksum that must be present in a packet with 
> > > addresses rewritten by shim6."
>
> > I'm sorry, putting such an imperative in a shim6 RFC is an exercise
> > in futility. You can certainly wish it to be true, but writing it
> > in this way is pointless.
>
> I disagree. Although I recognize that middlebox makers will continue to 
> break protocols as they see fit, at least this provides guidance to 
> those middlebox makers who are on the fence.

Writing as guidance is fine. Writing it as a SHALL NOT is meaningless.
Logically, you can only address RFC 2119 language to the shim6 implementer.
> > And I repeat my suggestion of a probe mechanism to detect paths
> > with this problem.
>
> Detecting paths where packets with apparent incorrect checksums are 
> discarded? That doesn't make much philosophical OR technical sense to me.

Nevertheless, it would be an essential diagnostic tool (a TCP ping,
in effect).
> If this is a problem, it's probably better to adjust the checksum such 
> that it appears to be correct to a non-shim6 aware observer. This does 
> have the downside that incorrect address rewriting isn't detected by the 
> checksum, though.

Yep. This is a tricky point either way you solve it.

   Brian