On 28-okt-2005, at 14:20, Jari Arkko wrote:
The last sentence does not follow. Firewalls may accept just fine packets with a shim6 extension header but no data, but could (and I'd expect many WOULD) drop packets with shim6 ext header WITH data.
Why??
The same said firewalls could be dropping packets that are part of a TCP stream that was not initiated through this firewall...
Yes, but this is a known complication when setting up firewalls next to egress points as with BGP multihoming it's exceedingly common for packets to go out on one external link and the return packets to come in through another.
This is unrelated to the presence or absence of headers.