[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Another NAT Traversal question

To: IP Security List <ipsec@lists.tislabs.com>
Subject: RE: Another NAT Traversal question
From: Henry Spencer <henry@spsystems.net>
Date: Mon, 3 Mar 2003 12:57:45 -0500 (EST)
In-Reply-To: <031001c2e1a8$b7b78c10$5803a8c0@trlhpc1>
Sender: owner-ipsec@lists.tislabs.com

On Mon, 3 Mar 2003, Jayant Shukla wrote:
> What I gather from the RFC 760 is that the checksums were meant to
> detect errors on the wire.

Note that RFC 760 is obsoleted by RFC 791.

Wire-level CRCs etc. are normally necessary and sufficient for detecting
errors on the wire.  The TCP/IP checksums are primarily for errors that
are not caught by wire-level mechanisms, such as bugs in router firmware. 

> I laud your effort if you want to use the checksum to detect the errors
> inside the device. BTW, do you also have a mechanism to detect errors
> that may happen when the data is handed over by the application to the
> TCP/IP stack? 

It has been observed in the past that the TCP and UDP checksums ideally
should be generated and checked by the application (presumably by a
subroutine library it calls), not by the system, to give the strongest
possible end-to-end checking -- that being what those checksums are for. 
There are practical difficulties with that, but it's a useful model.

                                                          Henry Spencer
                                                       henry@spsystems.net

References:
- RE: Another NAT Traversal question
  - From: "Jayant Shukla" <jshukla@trlokom.com>

Prev by Date: Re: CP(CFG_REQUEST) required?
Next by Date: RE: CP(CFG_REQUEST) required?
Prev by thread: RE: Another NAT Traversal question
Next by thread: Re: Another NAT Traversal question
Index(es):
- Date
- Thread