[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wrap-up: TCP checksum calculation

To: marcelo bagnulo braun <marcelo@it.uc3m.es>
Subject: Re: Wrap-up: TCP checksum calculation
From: Erik Nordmark <erik.nordmark@sun.com>
Date: Thu, 15 Mar 2007 16:42:34 -0700
Cc: Iljitsch van Beijnum <iljitsch@muada.com>, Brian E Carpenter <brc@zurich.ibm.com>, shim6-wg <shim6@psg.com>, Thomas R Henderson <thomas.r.henderson@boeing.com>, Geoff Huston <gih@apnic.net>
In-reply-to: <690f52e8006bf7eb61318589b6a61105@it.uc3m.es>
References: <b002c1cff507fb6c6b8209dff71ac28f@it.uc3m.es> <45F7180C.4060106@sun.com> <f2f41ea553d52de4851ca5403baf3fa5@it.uc3m.es> <45F8E6A7.4070808@sun.com> <690f52e8006bf7eb61318589b6a61105@it.uc3m.es>
User-agent: Thunderbird 1.5.0.5 (X11/20060911)

marcelo bagnulo braun wrote:

Section X.X Middle-boxes considerations
Data packets belonging to a Shim6 context carrying the Shim6 PayloadHeader contain alternative locators other than the ULIDs in the sourceand destination address fields of the IPv6 header. On the other hand,the upper layers of the peers involved in the communication operate onthe ULID pair presented by the Shim6 layer to them, rather on thelocator pair contained in the IPv6 header of the actual packets. Itshould be noted that the Shim6 layer does not modify the data packets,but because a constant ULID pair is presented to upper layersirrespective of the locator pair changes, the relation between the upperlayer header (such as TCP, UDP, ICMP, ESP, etc) and the IPv6 header ismodified. In particular, if those data packets are TCP, UDP or ICMPpackets, the presudoheader used for the checksum calculation willcontain the ULID pair, rather than the locator pair contained in thedata packet.


Change last setence to start with

In particular, when the shim6 extension header is present in the packet,...

It is possible that some firewalls or other middle boxes try to verifythe validity of upper layer sanity checks of the packet on the fly. Ifthey do that based on the actual source and destination addressescontained in the IPv6 header without considering the Shim6 contextinformation (in particular without replacing the locator pair by theULID pair used by the Shim6 context) such verifications may fail. Thosemiddle-boxes need to be updated in order to be able to parse the Shim6payload header and find the next header header after that. It isrecommended that firewalls and other middle-boxes do not drop packetsthat carry the Shim6 Payload header with apparently incorrect upperlayer validity checks that involve the addresses in the IPv6 header fortheir computation, unless they are able to determine the ULID pair ofthe Shim6 context associated to the data packet and use the ULID pairfor the verification of the validity check.
In the particular case of TCP, UDP and ICMP checksums, it is recommendedthat firewalls and other middle-boxes do not drop TCP, UDP and ICMPpackets that carry the Shim6 Payload header with apparently incorrectchecksums when using the addresses in the IPv6 header for thepseudoheader computation, unless they implement are able to determinethe ULID pair of the Shim6 context associated to the data packet and usethe ULID pair to determine the checksum that must be present in a packetwith addresses rewritten by shim6.
would that be better?


The last paragraph seems redundant with the 2nd paragraph. But it looks ok.

   Erik

References:
- Wrap-up: TCP checksum calculation
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>
- Re: Wrap-up: TCP checksum calculation
  - From: Erik Nordmark <erik.nordmark@sun.com>
- Re: Wrap-up: TCP checksum calculation
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>
- Re: Wrap-up: TCP checksum calculation
  - From: Erik Nordmark <erik.nordmark@sun.com>
- Re: Wrap-up: TCP checksum calculation
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

Prev by Date: Re: Wrap-up: TCP checksum calculation
Next by Date: Re: I-D ACTION:draft-bagnulo-pshim6-00.txt
Previous by thread: Re: Wrap-up: TCP checksum calculation
Next by thread: RE: Wrap-up: TCP checksum calculation
Index(es):
- Date
- Thread