Firewall Wizards mailing list archives
Re: syslog and network management
From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 13 Mar 2008 13:11:28 -0500 (EST)
On Thu, 13 Mar 2008, Roel Jonkman wrote:
All, UDP checksum is optional, if the checksum field is 0, there is no checksum.
While the implementations must support it being optional, the default is to do it. Here are two references: http://freesoft.org/CIE/RFC/1122/79.htm A host MUST implement the facility to generate and validate UDP checksums. An application MAY optionally be able to control whether a UDP checksum will be generated, but it MUST default to checksumming on. If a UDP datagram is received with a checksum that is non- zero and invalid, UDP MUST silently discard the datagram. An application MAY optionally be able to control whether UDP datagrams without checksums should be discarded or passed to the application. DISCUSSION: Some applications that normally run only across local area networks have chosen to turn off UDP checksums for efficiency. As a result, numerous cases of undetected errors have been reported. The advisability of ever turning off UDP checksumming is very controversial. IMPLEMENTATION: There is a common implementation error in UDP checksums. Unlike the TCP checksum, the UDP checksum is optional; the value zero is transmitted in the checksum field of a UDP header to indicate the absence of a checksum. If the transmitter really calculates a UDP checksum of zero, it must transmit the checksum as all 1's (65535). No special action is required at the receiver, since zero and 65535 are equivalent in 1's complement arithmetic. Also- ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-ietf-syslog-transport-udp-12.txt 3.6. UDP Checksums Syslog senders MUST NOT disable UDP checksums. IPv4 syslog senders SHOULD use UDP checksums when sending messages. Note that RFC 2460 [4] mandates the use of UDP checksums when sending UDP datagrams over IPv6. Syslog receivers MUST NOT disable UDP checksum checks. IPv4 syslog receivers SHOULD check UDP checksums and they SHOULD accept a syslog message with a zero checksum. Note that RFC 2460 [4] mandates the use of checksums for UDP over IPv6. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." http://www.fluiditgroup.com/blog/pdr/ Art: http://PaulDRobertson.imagekind.com/
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: syslog and network management david (Mar 01)
- <Possible follow-ups>
- Re: syslog and network management david (Mar 01)
- Re: syslog and network management Darden, Patrick S. (Mar 10)
- Re: syslog and network management david (Mar 13)
- Re: syslog and network management Paul D. Robertson (Mar 13)
- Re: syslog and network management Darden, Patrick S. (Mar 16)
- Re: syslog and network management Darden, Patrick S. (Mar 10)
- Re: syslog and network management Roel Jonkman (Mar 13)
- Re: syslog and network management Paul D. Robertson (Mar 13)
- Re: syslog and network management Chuck Swiger (Mar 13)