On 10/8/10 7:25 AM, Phelan, Tom wrote:
[TomP] There have been several good comments on this already, but one thing I'd like to add is, how can this work? The problem is that the DCCP checksum includes the IP addresses, which have potentially been changed along the way.
Ah, the DCCP checksum includes fields that aren't part of its packet (the pseudoheader) with no way to turn that off. That's what I've been missing.
Wouldn't we be better off having an actual option (negotiable option, packet flag, DCCP version bump, whatever) that allows us to say "DCCP packet checksummed without the pseudoheader"? Then you can just pack everything up in a UDP packet and forget about it. If the UDP pathway checksums everything, great. If the UDP pathway completely dumps the checksums, well, you don't care either.
This is effectively what the encap is doing, just in an implicit mechanism rather than explicitly. And then forcing the UDP layer to checksum the *entire* packet to protect itself, even if we have told DCCP that we only want CsCov == 1 (No application payload coverage).
I'm still concerned about this through multiple NAT layers, but I need to think about that a little more.
-a
