Re: linux-ipsec: Comments on the INSTALL process of the 1998jun14 snapshot

-----BEGIN PGP SIGNED MESSAGE-----
> >>>>> "Todd" == Todd Graham Lewis <tlewis@mindspring.net> writes:
>
> Todd> I think it toggles checking checksums on IP datagrams. The
> Todd> fallacy in effect here is, I believe, that routers would not
> Todd> want to check them, whereas end hosts would.
>
> Why is that a fallacy? It's well known that there is no good reason
> for routers to check IP checksum on forwarded packets, provided that
> they do a correct incremental update when changing TTL.
>
> It IS a good idea to check checksum on terminating packets, which is
> also the case that applies to IPSEC gateways since those are
> terminations (for the tunnel). Then again, in general the worst it
> will do if you skip that step is deliver someone else's IPgram, which
> rarely hurts and certainly not if you're using IPSEC!

So what you are saying is we should recommend optimising as host? or as router? I didn't quite get the gist of your last paragraph.

> paul

        Slainte Mhath, rgb

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNYV0oN+sBuIhFagtAQE21wP/ZWEEZaU5tDXTQAeHeOXVO3L920DDv60V YyAdG+IOMpLCioeaVoOUC/b9i/6E7H+93h/3P/oYbBQc0hY/o1e1kFDMwXZYUv2c XPsoatQdIxeKnA+NZ0ijFM1tHiHUGZg9YaS08QYCvsZvIYTMWwTM46Kq11wNmCe9 B4Lb/S6ry3Y=
=30Nk
-----END PGP SIGNATURE----- Received on Mon Jun 15 15:23:16 1998