On Nov 7, 2009, Masataka Ohta wrote:
I'm not talking about the amount of value to be offset but the
location of transport checksum.
The location of transport checksum can be known only by traversing
all the extension headers from the beginning of a (unfragmented)
So, the second and latter fragments of the packet may or may not
contain transport checksum to be offset, which means IPv6 NAT must
first reassemble fragmentation.
Why would an IPv6 NAT need to find the checksum if the checksum does
not need to be changed anyway?
IPv6 specification requires IPSEC, which means outer most IPv6 must
also support IPSEC.
Sure, no one is arguing with this. My point was that, while IPv6 NAT
does interfere with some modes of IPsec, there are other IPsec modes
that are not affected by IPv6 NAT. Makes sense?
Ietf mailing list