ietf
[Top] [All Lists]

RE: [tsvwg] Milestones changed for tsvwg WG

2014-01-08 20:36:23
Noel,

I'm claiming that IPv6 has only the pseudoheader checksum to prevent 
misdelivery,
as the header checksum was removed from v6 (rather than simply covering 
non-mutable fields,
and leaving out TTL).

When a UDP checksum is set to zero, there is a risk to the payload traffic 
carried - which,
as you point out, is protected against for the carried traffic if it has its 
own checksum,
which is at a higher layer and more end-to-end.

However (and this is the subtle point), while the carried traffic is protected 
against
corruption if the packet is delivered to LISP, any IP/UDP header corruption goes
undetected at the endhost because the pseudoheader checksum has been disabled.
This does not matter for your application; the header corruption takes
the packet to some other destination/port, so you don't see it; it's just a 
drop as
far as you are concerned. But it matters for whatever actually receives
that corrupted packet on e.g. an altered port value. How do they detect and 
reject it
from their stream?

Bare IPv4 has the header checksum, so at least you can tell the endhost is 
probably
right. But sans UDP checksum, there's no (weak) ports check.
IPv6 has no header checksum, so unchecked corruption to header or ports can take
the packet anywhere.

It's not the internetwork layer's job to second-guess the users; we can assume
that if someone sent a packet without an end-end checksum, they must have
worked out that for whatever they are doing, it's OK to leave it out.

For what they're doing, but not for what everyone else is doing. Sure, LISP or
tunnels are fine, but odd behaviour on other applications at the same endpoints
(or, with IPv6, in the same network) caused by missent packets with corrupted 
UDP
packets? Hey, not your problem. Hey, you're working just fine.

It's pollution and tragedy of the commons, basically.

When you send with a zero UDP checksum, it's possible for the packet to be
received and processed anywhere.

Secondguessing users who don't understand the problems they create IS
the internetwork layer's job.

Lloyd Wood
http://about.me/lloydwood
________________________________________
From: ietf [ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Noel Chiappa 
[jnc(_at_)mercury(_dot_)lcs(_dot_)mit(_dot_)edu]
Sent: 08 January 2014 23:32
To: ietf(_at_)ietf(_dot_)org; lisp(_at_)ietf(_dot_)org; 
tsvwg(_at_)ietf(_dot_)org
Cc: jnc(_at_)mercury(_dot_)lcs(_dot_)mit(_dot_)edu
Subject: RE: [tsvwg] Milestones changed for tsvwg WG

    > From: <l(_dot_)wood(_at_)surrey(_dot_)ac(_dot_)uk>

    > from http://tools.ietf.org/html/draft-ietf-lisp-introduction-03
    >
    >   The UDP checksum is zero because the inner packet usually already has
    >   a end-end checksum, and the outer checksum adds no value.  [Saltzer]

    > (That's a misreading of Saltzer - the UDP checksum is also protecting
    > against misdelivery and pseudoheader corruption

If the content above the UDP header in this case were that of some sort of
application, you'd be right.

But it's not.

The UDP, outer and inner IP headers of LISP _together_ are effectively a
layer three header ('get the packet from the source host to the destination
host - and that's all, ffffolks - no reliability of any kind'). So the fact
that it's not providing protection against misdelivery is... _exactly_ like
the service that bare IPvN provides.

In fact, since IPv6 doesn't even _have_ a header checksum, UDP in LISP is
doing exactly what IPv6 does. Are you now claiming that IPv6 is fundamentally
defective because it doesn't have a header checksum to guard against packet
mis-delivery?

    > and 'usually' is not a good defence

To say it at slightly greater length, 'the inner packet _either_ already has
an end-end checksum (the usual case), in which case adding another one is of
little or no value, _or_ the sender deliverately sent their packet _without_
an end-end checksum, in which case they are _no worse off_ than they were
before the packet was encapsulated'.

It's not the internetwork layer's job to second-guess the users; we can assume
that if someone sent a packet without an end-end checksum, they must have
worked out that for whatever they are doing, it's OK to leave it out.


Note that I am solely answering regarding the omission of UDP checksums when
UDP is used as part of the internetworking layer, for encapsulating traffic.
I have not considered, and make no statement about, use of zero checksums
in other ways/places.

        Noel