> From: <l.wood@xxxxxxxxxxxx>
> from http://tools.ietf.org/html/draft-ietf-lisp-introduction-03
>
> The UDP checksum is zero because the inner packet usually already has
> a end-end checksum, and the outer checksum adds no value. [Saltzer]
> (That's a misreading of Saltzer - the UDP checksum is also protecting
> against misdelivery and pseudoheader corruption
If the content above the UDP header in this case were that of some sort of
application, you'd be right.
But it's not.
The UDP, outer and inner IP headers of LISP _together_ are effectively a
layer three header ('get the packet from the source host to the destination
host - and that's all, ffffolks - no reliability of any kind'). So the fact
that it's not providing protection against misdelivery is... _exactly_ like
the service that bare IPvN provides.
In fact, since IPv6 doesn't even _have_ a header checksum, UDP in LISP is
doing exactly what IPv6 does. Are you now claiming that IPv6 is fundamentally
defective because it doesn't have a header checksum to guard against packet
mis-delivery?
> and 'usually' is not a good defence
To say it at slightly greater length, 'the inner packet _either_ already has
an end-end checksum (the usual case), in which case adding another one is of
little or no value, _or_ the sender deliverately sent their packet _without_
an end-end checksum, in which case they are _no worse off_ than they were
before the packet was encapsulated'.
It's not the internetwork layer's job to second-guess the users; we can assume
that if someone sent a packet without an end-end checksum, they must have
worked out that for whatever they are doing, it's OK to leave it out.
Note that I am solely answering regarding the omission of UDP checksums when
UDP is used as part of the internetworking layer, for encapsulating traffic.
I have not considered, and make no statement about, use of zero checksums
in other ways/places.
Noel