All I strongly recommend that people read section 1 of RFC 2765. Here is some of the relevant text:
Fragmented IPv4 UDP packets that do not contain a UDP checksum (i.e. the UDP checksum field is zero) are not of significant use over wide-areas in the Internet and will not be translated by the translator. An informal trace [MILLER] in the backbone showed that out of 34,984,468 IP packets there were 769 fragmented UDP packets with a zero checksum. However, all of them were due to malicious or broken behavior; a port scan and first fragments of IP packets that are not a multiple of 8 bytes. Hesham On 28/07/09 6:14 PM, "Christopher Morrow" <[email protected]> wrote: > On Tue, Jul 28, 2009 at 3:29 AM, Francis > Dupont<[email protected]> wrote: >> In your previous mail you wrote: >> >> Thoughts? >> >> => I am strongly against changing all IPv6 implementations. >> IMHO the simplest solution is to drop UDP packets with zero checksums >> (as far as I know all IPv4 implementations use non-zero checksums >> per default and some UDP applications, for instance DNS, work far >> better with non-zero checksums. BTW it is an easy condition to check >> in firewalls). > > Out of curiosity, what's the signal back to the sender that his/her > packet was dropped?? NFS (in some implementations) doesn't checksum > UDP packets, DNS doesn't, there are quite a few things that don't > checksum UDP packets. > > Simply dropping packets on the floor isn't polite. Dropping them and > notifying (icmp <somethingbadhappenedhere>) is also hard to deal with > since users can't force udp checksums to happen (per > application/stack) and there's not a clear (aside from application > failure) idea to the user that something isn't working. > > If you choose to drop the packet tell the sender that it happened > (port-unreachable or something along those lines, still the wrong > semantics though), I believe you should accept and correct the > checksum issue though in the end, it's the only proper path. > > -Chris > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
