On Tue, Jul 28, 2009 at 4:23 AM, Hesham Soliman<hes...@elevatemobile.com> wrote:
> All
> I strongly recommend that people read section 1 of RFC 2765. Here is some of
> the relevant text:
> Fragmented IPv4 UDP packets that do not contain a UDP checksum (i.e.
>   the UDP checksum field is zero) are not of significant use over
>   wide-areas in the Internet and will not be translated by the

'in the sample taken by one researcher'

(where's the actual email/research/numbers?
   [MILLER]     G. Miller, Email to the ngtrans mailing list on 26 March
doesn't say actually)

I have some dns packets at least that aren't checksumed and do
traverse a wide-area-network. The work referenced is from at least 10
years ago, certainly things have changed, we can hope they changed in
the positive direction, but it's not clear to me that that is the

Google searching provides the email which says (among other things)

>From Greg Miller (mci.net)
"I just did a little analysis on the UDP checksum issue. This is by no means a
comprehensive study, but I hope it's better than nothing. (To give credit
where it's due, Bill Kroah, a colleague here did lots of the number

and: (erik nordmark)
"I'm unsure of the operational implications.
It would be great if we could determine the amount of UDP Internet traffic
(outside a single or a few LANs) that don't use UDP checksums today.

At a minimum we need to list this issue in the draft - I don't know
if we need to support it."

original poster lost in time:
"The memo says that no cheksum update is necessary for UDP. But we
think this is not ture. There is one exception.

If a UDP/IPv4 packet whose checksum is 0(ie. not calculated), SIIT
have to calculate checksum for a new UDP/IPv6 packet."

It seems that the case hasn't been refreshed/touched in ~10 years, so
saying now that 'eh, just toss away the packets...' is a little


>   translator.  An informal trace [MILLER] in the backbone showed that
>   out of 34,984,468 IP packets there were 769 fragmented UDP packets
>   with a zero checksum.  However, all of them were due to malicious or
>   broken behavior; a port scan and first fragments of IP packets that
>   are not a multiple of 8 bytes.
> Hesham
> On 28/07/09 6:14 PM, "Christopher Morrow" <christopher.mor...@gmail.com>
> wrote:
>> On Tue, Jul 28, 2009 at 3:29 AM, Francis
>> Dupont<francis.dup...@fdupont.fr> wrote:
>>>  In your previous mail you wrote:
>>>   Thoughts?
>>> => I am strongly against changing all IPv6 implementations.
>>> IMHO the simplest solution is to drop UDP packets with zero checksums
>>> (as far as I know all IPv4 implementations use non-zero checksums
>>> per default and some UDP applications, for instance DNS, work far
>>> better with non-zero checksums. BTW it is an easy condition to check
>>> in firewalls).
>> Out of curiosity, what's the signal back to the sender that his/her
>> packet was dropped?? NFS (in some implementations) doesn't checksum
>> UDP packets, DNS doesn't, there are quite a few things that don't
>> checksum UDP packets.
>> Simply dropping packets on the floor isn't polite. Dropping them and
>> notifying (icmp <somethingbadhappenedhere>) is also hard to deal with
>> since users can't force udp checksums to happen (per
>> application/stack) and there's not a clear (aside from application
>> failure) idea to the user that something isn't working.
>> If you choose to drop the packet tell the sender that it happened
>> (port-unreachable or something along those lines, still the wrong
>> semantics though), I believe you should accept and correct the
>> checksum issue though in the end, it's the only proper path.
>> -Chris
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
IETF IPv6 working group mailing list
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6

Reply via email to