RFC 6282 UDP checksum elision is a textbook example of a "cross-layer"
optimization that seems cheap to implement but has non-trivial
architectural costs.
In order for an application to indicate that the UDP checksum can be
elided, or for an application to accept UDP datagrams that have had
their UDP checksum elided, this information really needs to be carried
down and up with each single datagram. There is no shortcut that would
allow making these decisions within the adaptation layer.
There actually is a significant use case for UDP checksum elision: DTLS.
A DTLS implementation should indicate that the UDP checksum can be
elided when sending datagrams if they have been integrity-protected by
DTLS -- not so for a few handshake packets. Similarly, a DTLS
implementation should accept datagrams where the UDP checksum has been
elided only if the content of that datagram is then subject to integrity
protection. When initiating the listening, it will need to signal that
it is prepared to accept UDP datagrams with that information attached
and that it is willing to deal with the information.
So to implement this, you have to:
-- implement it in the adaptation layer (RFC6282 implementation);
-- enhance the interfaces so a "checksum can be/has been elided" bit can
be carried around with a datagram;
-- implement that bit in DTLS, and create the necessary signaling;
-- make sure that unsuspecting applications (that don't know about that
bit) never see packets where the bit is set.
Grüße, Carsten
Oleg Hahm wrote:
> Hi René!
>
> On Mon, Jan 11, 2016 at 05:14:31PM +0100, René Herthel wrote:
>> i would like to implement the support (TODO [1]) for elided checksum of
>> compressed udp pakets on the gnrc.
>
> Thanks for offering your help regarding this topic.
>
>> So therefore i have some questions:
>> Is someone already working on it?Is there any reason why this is not
>> implemented before?Are there some things i should definitely know? ( like
>> other work/PR's which have to be done first, or something else..)
>
> I think there exist some reasons why this hasn't been implemented yet. While
> decompressing packets with elided UDP checksum shouldn't be problematic,
> for the compression itself some considerations has to be taken:
> 1.) RFC 6282, Section 4.3.2 [2] specifies that the upper layer must authorize
> the header compression module to elide the checksum. This is only possible
> if tunneling (like IPsec Encapsulating Security Payload tunnel mode) or
> another message integrity check (such as IPsec Authentication Header) is
> present in the UDP payload. Since IPsec has not yet been implemented for
> RIOT and to the best of my knowledge also no other tunneling or additional
> integrity checking mechanism for UDP payloads exists in GNRC, there is
> currently no immediate use case for UDP checksum elision. Also note that
> this features is optional.
> 2.) Since 6LoWPAN and IPHC/NHC operates asynchronously to any upper layer, it
> is not trivial to determine for which packets the checksum may be elided.
> A node may communicate over UDP to several services or hosts concurrently,
> where one connection may use something like IPsec and authorize the NHC
> module to elide the checksum, while for another connection this should not
> be allowed. I think with the current netapi calls (send and setting of
> netopts) this is not easy to implement. Maybe other GNRC knowledgeable
> persons such as Martine, Hauke, Cenk, Peter or Johann may have an idea.
>
>> [1]
>> https://github.com/RIOT-OS/RIOT/blob/master/sys/net/gnrc/network_layer/sixlowpan/iphc/gnrc_sixlowpan_iphc.c#L506
>>
>
> Cheers,
> Oleg
>
> [2] https://tools.ietf.org/html/rfc6282#section-4.3.2
>
> ___
> devel mailing list
> devel@riot-os.org
> https://lists.riot-os.org/mailman/listinfo/devel
___
devel mailing list
devel@riot-os.org
https://lists.riot-os.org/mailman/listinfo/devel
