* Richard Procter <richard.n.proc...@gmail.com> [2014-01-25 20:41]: > On 22/01/2014, at 7:19 PM, Henning Brauer wrote: > > * Richard Procter <richard.n.proc...@gmail.com> [2014-01-22 06:44]: > >> This fundamentally weakens its usefulness, though: a correct > >> checksum now implies only that the payload likely matches > >> what the last NAT router happened to have in its memory > > huh? > > we receive a packet with correct cksum -> NAT -> packet goes out with > > correct cksum. > > we receive a packet with broken cksum -> NAT -> we leave the cksum > > alone, i. e. leave it broken. > Christian said it better than me: routers may corrupt data > and regenerating the checksum will hide it.
if that happened we had much bigger problems than NAT. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/