On 31 aug 2010, at 22:04, John Kristoff wrote:
I'm trying to locate an RFC that spells out the behavioral
requirements, expectations or guidelines for NAT handling of the IP ID
field, particularly for UDP messages.
If this is not written down anywhere, do NATs generally rewrite the ID
field with or without the MF bit set?
I don't know.
We had a discussion about this in the BEHAVE working group while working on
stateful IPv6-to-IPv4 translation. Unless I missed something, the ID field
needs uniqueness for any combination of source, destination IP addresses and
protocol. Assuming the source address doesn't change, this means an ID counter
should be maintained per destination address + protocol pair, so the maximum
number of packets can be transmitted for each such pair before an ID value is
reused. This would be the optimal host behavior, and NATs should act like hosts
in this regard. Reusing the ID field from the original packet has a much higher
chance of seeing the same ID field for outstanding fragments of a different
flow, which can cause undetected data corruption in 1 in 65535 cases when the
TCP/UDP checksum doesn't catch this.
Note that DF=1 doesn't save you from all of this, as RFC 2402 says:
Mutable (zeroed prior to ICV calculation)
Type of Service (TOS)
Flags
So it is legal to rewrite the DF bit from 1 to 0. I also know that this happens
in the wild because I used to do this at one time.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf