IETF Logo Mail Archive

Re: L4 Checksum and draft-ietf-6man-segment-routing-header

Mark Smith <markzzzsmith@gmail.com> Tue, 17 May 2016 11:50 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5703D12D86E for <ipv6@ietfa.amsl.com>; Tue, 17 May 2016 04:50:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.198
X-Spam-Level:
X-Spam-Status: No, score=-2.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c1y6AU4zn28J for <ipv6@ietfa.amsl.com>; Tue, 17 May 2016 04:50:06 -0700 (PDT)
Received: from mail-vk0-x22f.google.com (mail-vk0-x22f.google.com [IPv6:2607:f8b0:400c:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73F4B12D855 for <ipv6@ietf.org>; Tue, 17 May 2016 04:49:39 -0700 (PDT)
Received: by mail-vk0-x22f.google.com with SMTP id c189so16136071vkb.1 for <ipv6@ietf.org>; Tue, 17 May 2016 04:49:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=wIRbltRXyK1cdCHwCAVY3weeEfEI8WFAFeutODcLHRI=; b=iNm8Js0grHcE3PGd/QzcuCZHPTDLbKULDMC1JG4+m/6RRTKuJQlIj0uavBA2R+kpEI k0TGcF4qVXQLLwivtMW5xGoeF0Q0H+nRWFrjDrQloJ80ZcbJXpzjuEwnKBjC0tN6RJM2 jnBRLBwmJFPk4XPyy9X7pkEGtOORFVLorVVBXSmSUNFlNLHYZk0ImPbMIB9p+9F9To1Q 5dSmwablnT8WLRTC6lanjxuQcnxcXbUWHcYLb8lBL3oOOvL+JFzF88ZEf+9003Mq3s6g zoDPbbljpBpatHI1K2fSiHGkyectz9Yp+DLz16/lsHr/BQzDTM7DxY/VMumUJZhQRa+d CsXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=wIRbltRXyK1cdCHwCAVY3weeEfEI8WFAFeutODcLHRI=; b=e2CmpIxxBaB3VzzSW+E29nGQfw2v7M20fOKOBBpkjhwYUMYD9Nllbd3DUqD0N1P7Nu SFfcvzlI0If33M2DlCHewTcNbhGE7MdFNhvYUWHthj6QheWPyU553OcGtXSZ5zqqa1bE nBdgysPRmLDCPubCo9lVGwkfPn0Veds6ksZK9CSiURSJEZc5EK+xEiNsqnFd7vHvrloo Rdb4akSXwPa8IMOCAZ3uEkfG21bFVyMIkEtJotHj5F9yvqK7NmGvuKueV6DDgPEqRa9i fYyOflOFDlOamVwYU8waRiyQ6R7HhC+A/JKwSrOhnvWce9A5UnEaCD9EVaqAykZCTa43 8s0w==
X-Gm-Message-State: AOPr4FWNYY5DZVzvE4FNrsud/4+cc7E2qDO2YvvtiYjsOy6lqQ6w+PrsyU+nZUFVbJezS6PF+6Y3Yf3oMapHvg==
X-Received: by 10.31.217.7 with SMTP id q7mr377859vkg.134.1463485778553; Tue, 17 May 2016 04:49:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.4.55 with HTTP; Tue, 17 May 2016 04:49:09 -0700 (PDT)
In-Reply-To: <2f6e0e6e-0e5e-0b3b-10ce-09768e8b3791@gmail.com>
References: <eaf5cad817624c7a8758758aa058399b@IL-EXCH02.marvell.com> <2f6e0e6e-0e5e-0b3b-10ce-09768e8b3791@gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Tue, 17 May 2016 21:49:09 +1000
Message-ID: <CAO42Z2y3To1R+fYKv6uwbEFh26A5cgpihTbBAFFuDNmYKHTnNA@mail.gmail.com>
Subject: Re: L4 Checksum and draft-ietf-6man-segment-routing-header
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/RzDDkrgTxYjIBxrm2_ADszYXbok>
Cc: 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 May 2016 11:50:08 -0000

On 17 May 2016 at 21:23, Alexandre Petrescu
<alexandre.petrescu@gmail.com> wrote:
>
>
> Le 15/05/2016 à 12:04, Tal Mizrahi a écrit :
>>
>> Hi,
>>
>>
>>
>> [Apologies if this issue has been discussed before.]
>>
>>
>>
>> According to draft-ietf-6man-segment-routing-header, an ‘SR Segment
>> Endpoint Node’ updates the Destination IP address.
>>
>>
>> Therefore, it must also update the Layer 4 Checksum, right?
>
>
> I guess yes.  I guess the draft assumes that only the end nodes create
> and verify the checksum value.
>

It isn't an assumption, it is the way IPv6 works.

End-to-end checksums like the TCP or UDP ones are only calculated or
verified at the ends.

If the packet is mis-delivered to an upper layer TCP or UDP for one of
the intermediary DA hops, the packet will be thrown away because the
upper layer checksum validation should. If it was changed as the
intermediary DAs were swapped, then the packet could be considered
legitimate by intermediate TCP or UDP, and the could then payload
handed up to an application that wasn't expecting it at all.

Briefly looking at the SR draft, the SRH processing looks to be the
same or similar to the original IPv6 routing header.

https://tools.ietf.org/html/rfc2460#section-4.4




> (whether that is done correctly it is another matter;
> draft-ietf-6man-segment-routing-header-01 tells that there are two
> different ways of inserting an SRH: by the end nodes _or_ by
> intermediary nodes; if it is done by the intermediary nodes there is a
> need to make sure that overall the SRH concept makes sense).
>
>> I wonder if there is an upper bound on the size of the SRH.
>
>
> I think that size can be deduced from the length of the Hdr Ext Len
> field of draft-ietf-6man-segment-routing-header-01: 8 bits would mean
> the max size is 256 bytes (plus 1 by its definition).
>
> One may wonder though whether there can be multiple SRHs in a packet?
>
>> Otherwise, the L4 Checksum may be located in a pretty deep location.
>>
>> Speaking from a chip vendor’s perspective this may be a problem.
>

Which is why EHs are not intended to be examined or processed by
intermediate nodes, with exception to one of them, and that one is
always the first EH if present. Required processing of that is being
loosened a bit in:


IPv6 Hop-by-Hop Options Extension Header
https://tools.ietf.org/html/draft-ietf-6man-hbh-header-handling-03


Regards,
Mark.


>
> I think that is understandable.
>
> Alex
>
>>
>>
>>
>> Thanks,
>>
>> Tal Mizrahi.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --------------------------------------------------------------------
>>  IETF IPv6 working group mailing list ipv6@ietf.org Administrative
>> Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email