Re: [TERNLI] Forwarding corrupt packets

Michael Tuexen <> Mon, 04 September 2006 13:38 UTC

Received: from [] ( by with esmtp (Exim 4.43) id 1GKEeJ-0002FN-C7; Mon, 04 Sep 2006 09:38:03 -0400
Received: from [] ( by with esmtp (Exim 4.43) id 1GKEe7-0001tM-Aa for; Mon, 04 Sep 2006 09:37:51 -0400
Received: from ([] by with esmtp (Exim 4.43) id 1GKERw-00017w-53 for; Mon, 04 Sep 2006 09:25:17 -0400
Received: from [] ( []) by (Postfix) with ESMTP id 7AB5B245CA; Mon, 4 Sep 2006 15:25:14 +0200 (CEST) (KNF account authenticated via SMTP-AUTH)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <>
Content-Transfer-Encoding: 7bit
From: Michael Tuexen <>
Subject: Re: [TERNLI] Forwarding corrupt packets
Date: Mon, 4 Sep 2006 15:25:12 +0200
X-Mailer: Apple Mail (2.752.2)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c3a18ef96977fc9bcc21a621cbf1174b
Cc:, Joe Touch <touch@ISI.EDU>
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Transport-Enhancing Refinements to the Network Layer Interface <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>

Hi Gorry,

see my comments in-line.

Best regards

On Sep 4, 2006, at 3:05 PM, Gorry Fairhurst wrote:

> So, I had missed this being discussed (sorry).
> I'm quite confused about several things:
> * In Section 3 it says:
>    The SCTP endpoint can inform its peer that it has received an SCTP
>    packet, but the CRC-32 was wrong.
> I presume though that the receiver can somehow verfy that the  
> original packet has been sent with a particular IP source, and  
> protocol. How?
We try to lookup the association based on the IP addresses, port  
numbers and verification tag.
If this is successful, we assume that the error is in the payload,  
but we still know the
peer. So we send back the PKTDRP report.
If the lookup of the association is not successful (because the error  
is in the port numbers
or verification tag (8 bytes) then we simply drop the packet.
> I'm curious also here how you know some details
> * How do you find the process to respond to (since ports are not  
> protected by an IP checksum)?
We just try. Please note that the IP addresses (protected by the IP  
header checksum), the
port numbers and the verification tag must match before we take any  
> * How do you verify this isn't a third-party DoS attack, because  
> presumably you can't rely on sequence numbers, ports, etc to help you?
The verification tag must match... But I do not see a point here.  
Someone sending us a packet
such that we send a PKTDRP report to the victim could just send the  
PKTDRP report to the victim
using our address as the source. So I think security is not a problem  
> * I think I could have missed it, but what is the mechanism by  
> which an IP packet passes through the node and receives a treatment  
> that leaves it with a corrupted CRC-32 at the transport layer, but  
> some (reliable) understanding of the content (IP addresses, length,  
> protocol, etc).
I saw a buggy switch which corrupted always some bytes in the SCTP  
payload. Therefore the IP header
checksum was correct, the Ethernet CRC was correct, because the  
switch computed it correclty,
only the SCTP checksum was wrong.
> * If you return a message from a mid-box, how do you know that  
> routers down-stream of the mid-box would have forwared this packet?
I'm not sure what you are asking about here... Routers do not look at  
the SCTP checksum, so why
would they care? The wrong checksum indication will come from an end- 
point most likely.
> Gorry
> Michael Tuexen wrote:
>> Dear all,
>> for SCTP there is an ID
>> pktdrprep-05.txt
>> which sends back a packet to the sender if the receiver detects a   
>> transport
>> layer checksum failure...
>> Best regards
>> Michael
>> On Sep 4, 2006, at 9:59 AM, Michael Welzl wrote:
>>>> The question is the impact of the bad packet.
> <Snip>