ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: <draft-ietf-6man-oversized-header-chain-08.txt> (Implications of Oversized IPv6 Header Chains) to Proposed Standard

2013-10-15 01:52:41
from [Masataka Ohta] [Permanent Link] 
Templin, Fred L wrote:


This means that stateless firewalls are being directed to discontinue
extension header parsing when a first encapsulated IPv6 header is
encountered - even though there may be many more parsable (inner)
headers that follow.


Even without tunnels, firewalls MUST be able to parse ICMPv6 error
messages generated behind it, even though ICMPv6 is explicitly
allowed to have its own lengthy header chain:

   Every ICMPv6 message is preceded by an IPv6 header and zero or more
   IPv6 extension headers. [rfc2463]

Even without firewalls, ICMPv6 still causes a problem because:

           As much of invoking packet
       as will fit without the ICMPv6 packet
       exceeding the minimum IPv6 MTU [IPv6] [rfc2463]

a host sending the original packet can not identify which packet
sent by it caused the error, if tail part of header-chain of
inner packet is omitted.

                                                Masataka Ohta
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: <draft-ietf-6man-oversized-header-chain-08.txt> (Implications of Oversized IPv6 Header Chains) to Proposed Standard, Masataka Ohta
Next by Date:  Re: Of governments and representation (was: Montevideo Statement), Dirk-Willem van Gulik
Previous by Thread:  RE: Last Call: <draft-ietf-6man-oversized-header-chain-08.txt> (Implications of Oversized IPv6 Header Chains) to Proposed Standard, Templin, Fred L
Next by Thread:  Re: Last Call: <draft-ietf-6man-oversized-header-chain-08.txt> (Implications of Oversized IPv6 Header Chains) to Proposed Standard, SM
Indexes:  [Date] [Thread] [Top] [All Lists]