Hi,
On the other hand...
ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-ietf-tsvwg-udp-guidelines-01.txt
"UDP Usage Guidelines for Application Designers" (Lars Eggert is
co-author).
Section 3.4 is "Checksum Guidelines". It appears that there is enough
question about this that specific guidance should be given in RFCs.
Which brings us back to our original question. Is the proposed language
below what the WG wants?
A quick (and not thorough) check of RFCs which have "UDP" in their titles
shows that RFC 3948, "UDP Encapsulation of IPsec ESP Packets ", pub. Jan
2005, does have specific guidance on the UDP checksum. To wit:
===
The UDP header is a standard [RFC0768] header, where
o the Source Port and Destination Port MUST be the same as that used
by IKE traffic,
o the IPv4 UDP Checksum SHOULD be transmitted as a zero value, and
o receivers MUST NOT depend on the UDP checksum being a zero value.
===
I'd like to hear from people who have current syslog/udp code. What works
for you?
Thanks,
Chris
On Thu, 5 Jul 2007, Chris Lonvick wrote:
Hi Juergen,
Good question. ..and not something that we'll be able to answer in our WG.
I'll bring it up in the [EMAIL PROTECTED] list.
Thanks,
Chris
On Thu, 5 Jul 2007, Juergen Schoenwaelder wrote:
On Thu, Jul 05, 2007 at 07:56:39AM -0700, Chris Lonvick wrote:
> We used to recommend discard only for case B (when it is present and
> wrong) like this:
>
> "It is RECOMMENDED that syslog receivers check the checksums whenever
> they are present (i.e. the UDP header checksum field value is not 0)
> and discard messages with incorrect checksums. "
>
> I suggest we say something stronger in line with a MUST:
>
> syslog senders MUST use UDP checksums when sending messages over
> IPv4.
> syslog senders MUST use UDP checksums when sending messages over
> IPv6.
>
> syslog receivers MUST check the checksums and MUST discard messages
> with missing or incorrect checksums. Note that this is typically
> accomplished by the UDP layer implementation, and some UDP
> implementations allow for checksum validation to be enabled or
> disabled.
Stupid question: Why is UDP checksumming discussed at all in the
SYSLOG UDP transport mapping? People implementing syslog hardly have
control over the UDP layer (and for sure not exclusively) and so if at
all it only makes sense to me to have operational guidelines that UDP
checksums are a good idea - but then again this would not be very much
SYSLOG specific - so why discuss this at all in this document?
Do we from now on want to have every UDP transport document state that
UDP checksums are a good idea?
/js
--
Juergen Schoenwaelder Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany
Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog
_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog
