Hi Dan, I agree that it's worthwhile to make an effort to incorporate the partial checksum feature in DCCP-NAT. Thanks for bringing this up (and the off-list conversation that helped me get my ideas straight on this). I agree that the beginning of the approach to this is to allow the UDP Checksum field to be 0 (to refresh everyone, 0 in the UDP Checksum field means no checksum, not a checksum value of 0. If the real checksum turns out to be 0, you set the Checksum field to 0xffff), and when it is 0 to include a checksum in the DCCP-NAT header. This checksum can't be the same as the DCCP-RAW checksum, i.e., if you include the IP pseudo-header as DCCP-RAW does then NATs will break it. We also don't want to always include the DCCP checksum. Why waste bytes? The UDP Checksum does the job just fine if you want complete checksum protection. So I suggest the next version of DCCP-NAT should say something like this: There are two versions of the DCCP-NAT generic header. When the UDP Checksum field is non-zero, the DCCP-NAT generic header is as described in the current draft. The UDP Checksum covers the entire datagram and there is no DCCP checksum. When the UDP Checksum is 0, the DCCP-NAT generic header is extended by four bytes to encode the DCCP-NAT checksum and checksum coverage length. The DCCP-NAT checksum covers the 8-byte UDP header, the entire DCCP-NAT header (including type-specific fields and options) and however much of the user data that is indicated by the checksum coverage value. There are more details that will be needed in the next draft, but this is the general outline. Does this work for you? Tom P. > -----Original Message----- > From: dccp-bounces@xxxxxxxx [mailto:dccp-bounces@xxxxxxxx] On Behalf Of > Dan Wing > Sent: Thursday, February 14, 2008 7:39 PM > To: 'DCCP mailing list' > Cc: Phelan, Tom > Subject: UDP checksum in phelan-dccp-natencap-00 > > Thanks for writing draft-phelan-dccp-natencap-00.txt. In it, I noticed: > > For DCCP-NAT, the function of the DCCP-RAW generic header field > Checksum is performed by the UDP Checksum field. > > If the UDP Checksum field in a received packet is invalid or has a > value of 0, that packet MUST be ignored as per the invalid checksum > procedures of DCCP-RAW (i.e., the options in the packet MUST NOT be > processed). > > I found this curious. I would have designed it the other way, so that if > the > UDP checksum is 0, you could use DCCP's checksum or DCCP's partial > checksum. > In this way, you would get one of DCCP's additional advantages (partial > checksum) when you are forced to encapsulate DCCP over UDP. > > (By the way, there is a discussion relevant to DCCP-over-UDP, and DCCP > with > NATs, on the main IETF list, starting at about > http://www.ietf.org/mail-archive/web/ietf/current/msg50256.html, Subject > "[Fwd: I-D Action:draft-rosenberg-internet-waist-hourglass-00.txt]".) > > -d
