On Monday 01 December 2008 16:13:05 ext Matt Mathis, you wrote:
On Mon, 1 Dec 2008, Hesham Soliman wrote:
=> Well, I'm not sure how a NAT can do that. You mean the NAT will
parse the binding update message deep inside the IPv6 extension
header in the inner IP packet? This is where the original address
is preserved. To do that, a NAT would have to understand the
various MIPv6 options, and if it did, it would know not to do
that :) The inner header is IPv6, so a NAT should not touch that.
My understanding from the STUN work is that NATs have been observed
which rewrite any sequence of four aligned bytes matching the source
IP address, irrespective of its location within the packet (section
15.2 of RFC 5389).
=> Sounds freightning! May be we need to mandate encryption and hope that
no 4-byte sequence matched the IP address? What do they do with encrypted
packets? How do they know they're encrypted?
I'd really hate to have address 32.116.104.101 (" the")....
Such devices can't possibly survive, can they?
Depends what you need to survive...
If you only do DNS and a few TCP-based protocols which the brain-damaged ALG
would not affect, it might just work. We probably don't care about MIP not
passing through such abomination though.
--
Rémi Denis-Courmont
Maemo Software, Nokia Devices R&D
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf