[104968] in North American Network Operators' Group
Re: Types of packet modifications allowed for networks
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Jun 2 10:12:39 2008
Date: Mon, 2 Jun 2008 10:12:20 -0400
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: =?ISO-8859-1?Q?Jean-Fran=E7ois?= Mezei <jfmezei@vaxination.ca>
In-Reply-To: <4841CA4C.5020708@vaxination.ca>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Sat, 31 May 2008 17:59:40 -0400
Jean-Fran=E7ois Mezei <jfmezei@vaxination.ca> wrote:
> I would like any pointers to good documents that outline what sort of
> packet modifications are allowed (in terms of Internet
> culture/policies) by networks.
>=20
> Notably:
>=20
> For a transit network (neither sending or destination IPs belong to
> the network)
>=20
> For the sending network (originating IP belongs to that network)
>=20
> For the destination network (destination IP belongs to that network).
>=20
>=20
> Obviously, every router will change/decrement the TTL (and recalculate
> the header checksum) in the IP header. Are there other fields that are
> routinely changed at every hop ?
Assorted IP options carry network state: Record Route, Loose and Strict
Source Route, Timestamp -- see RFC 791. I wouldn't say "routinely",
but it is in the spec. I forget the status of the flow label for IPv6.
>=20
> Would it also be correct to state that any network along the way would
> have the right to fragment a packet in two or more pieces ? Or would
> that only be the destination network needing to fragment a packet to
> fit the last mile (PPP dialup or PPPoE ) in cases where MTU
> negotiations failed ?
Note that in-flight fragmentation is only permitted for certain
packets: one without DF set for IPv4; ones with a fragmentation header
for IPv6.
>=20
> Are there sacred rules documented anywhere about not modifying
> anything else in the packets during transit ? Or has there never
> been any formal documentation on this because it was so obvious
> nobody was allowed to modify packets in transit ?
>=20
Only the end-to-end principle...
I sometimes see suggestions that routers should be able to add IP
options or v6 extension headers. These are known as bad ideas.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
