On Thu, Jul 05, 2007 at 07:56:39AM -0700, Chris Lonvick wrote:
We used to recommend discard only for case B (when it is present and
wrong) like this:
"It is RECOMMENDED that syslog receivers check the checksums whenever
they are present (i.e. the UDP header checksum field value is not 0)
and discard messages with incorrect checksums. "
I suggest we say something stronger in line with a MUST:
syslog senders MUST use UDP checksums when sending messages over IPv4.
syslog senders MUST use UDP checksums when sending messages over IPv6.
syslog receivers MUST check the checksums and MUST discard messages
with missing or incorrect checksums. Note that this is typically
accomplished by the UDP layer implementation, and some UDP
implementations allow for checksum validation to be enabled or
disabled.
Stupid question: Why is UDP checksumming discussed at all in the
SYSLOG UDP transport mapping? People implementing syslog hardly have
control over the UDP layer (and for sure not exclusively) and so if at
all it only makes sense to me to have operational guidelines that UDP
checksums are a good idea - but then again this would not be very much
SYSLOG specific - so why discuss this at all in this document?
Do we from now on want to have every UDP transport document state that
UDP checksums are a good idea?
/js
--
Juergen Schoenwaelder Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany
Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
