[e2e] purpose of pseudo header in TCP checksum

Tue Feb 15 11:24:49 PST 2005

Michael Welzl wrote:
>>IPv6 _requires_ UDP checksums. UDP Lite already addresses this, and when 
>>used ALWAYS INCLUDES the pseudoheader. See RFC 3828.
> 
> I know that checking the pseudoheader is required with IPv6 -
> but only end systems do this, right? 

Yes - that's a UDP step.

> The part I don't get is
> about intermediate systems; it wouldn't surprise me if it's just
> a misunderstanding on my part.
> 
> What I mean is: since the IPv6 header isn't checked by routers
> anymore, there must be some assumption that link layers
> check it, or an intermediate router might (for instance)
> be sending packets to god knows where.

IPv6 makes no mention of a problem with 'sending packets god knows 
where', so long as they're checked at the receiver. Although IPv6 (at 
least as I recall) omits the IP checksum because of sufficient link 
checksums to detect corrupted packets, there's no requirement that link 
layers have such checksums (as hinted in the UDP-Lite RFC) - at least 
not in 2460 (anyone else know anywhere else a body is buried in this 
regard?)

FWIW, IPv6 adds a checksum to ICMP, again to prevent corrupted packets 
from being received, but there's not apparent concern for misforwarding 
nased on corruption.

> Now, with UDP Lite, we DON'T want link layer to do this
> check. But wait, if we simply say "don't", we'll have
> lots of problems - first, because Adler-32 just isn't
> good enough, and second, because IPv6 doesn't check it,
> and once again, a router might wind up making decisions
> based on an erroneous packet header.

I guess IPv6 says "so"? Even IPsec, required by IPv6, works primary at 
'endpoints' (where tunnel endpoints are effectively end hosts for the 
purposes of architecture).

> So we need to specify that link layers DO check the headers
> and just do NOT check the payload if it's a UDP Lite packet.
> This is the part that I consider inevitable (given the
> current situation) but ugly.

The first part, not AFAICT.

The second IS ugly. Complain to UDP-Lite - it's definitely reaching 
across layers to coordinate the link checksum configuration with UDP's 
presence or lack of checksumming.

>>IP still works over everything; things that work over IP need to know 
>>something about it, as always.
> 
> "over" is fine with me, but I don't like to have things
> underneath know so much about it.

Agreeed. IMO, that's UDP-Lite's problem, not IPv6.

Joe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : http://www.postel.org/pipermail/end2end-interest/attachments/20050215/4ddbd251/signature.bin