[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: mech-v2-05pre
Hello All,
I hope most of the IPv6 implementations do first check IP Version
[Otherwise, TAHI does not allow that to be a "IPv6 Ready Logo"
implementation]
Some implementations first check whether there is atleast 40 bytes (IPv6
Header Size) left in the packet.
Once, it makes sure that there is atleast IPv6 Header Size data, then it
tries to process the header.
Here, the first field processed is IP Version.
Thank you,
Regards,
O.L.N. Rao
----- Original Message -----
From: "Radhakrishnan Suryanarayanan" <rkrishnan.s@samsung.com>
To: "Pekka Savola" <pekkas@netcore.fi>; "Fred Templin" <osprey67@yahoo.com>
Cc: "Erik Nordmark" <Erik.Nordmark@sun.com>; <v6ops@ops.ietf.org>; "Alex
Conta" <aconta@txc.com>
Sent: Wednesday, August 25, 2004 9:54 AM
Subject: Re: mech-v2-05pre
> Hi pekka,
> as soon as the packet is decapsulated, we should do the version 6 check.
>
> ----- Original Message -----
> From: "Pekka Savola" <pekkas@netcore.fi>
> To: "Fred Templin" <osprey67@yahoo.com>
> Cc: "Erik Nordmark" <Erik.Nordmark@sun.com>; <v6ops@ops.ietf.org>; "Alex
> Conta" <aconta@txc.com>
> Sent: Wednesday, August 25, 2004 12:39 AM
> Subject: Re: mech-v2-05pre
>
>
> > On Tue, 24 Aug 2004, Fred Templin wrote:
> > > I have another comment for this document; in section 3.6, change:
> > >
> > > "The encapsulating IPv4 header is discarded."
> > >
> > > to:
> > >
> > > "The encapsulating IPv4 header is discarded, and the version
> > > encoded in the first 4 bits of encapsulated packet is checked.
> > > (Procedures for handling packets with version other than 6 are
> > > out of scope.)"
> >
> > I'm not sure if that's really needed.
> >
> > The first paragraph says:
> >
> > When an IPv6/IPv4 host or a router receives an IPv4 datagram that is
> > addressed to one of its own IPv4 addresses or a joined multicast
> > group address, and the value of the protocol field is 41, the packet
> > is potentially a tunnel packet and needs to be verified to belong to
> > one of the configured tunnel interfaces (by checking
> > source/destination addresses), reassembled (if fragmented at the IPv4
> > level), have the IPv4 header removed and the resulting IPv6 datagram
> > be submitted to the IPv6 layer code on the node.
> >
> > (note tha last sentence.)
> >
> > If the v6 layer code does not check the IP version first, why should
> > we specify additional checks?
> >
> > Note that often the IP delivery is done based on lowe layer, e.g.,
> > ethernet protocol number, so if an IPv6 packet where the version is
> > not 6 it's usually silently discarded as a bug in the lower layer if
> > the implementation even checks that. That being said, tunneling
> > provides an easier means to inject bogus packets than physical link
> > layers.
> >
> > That said, if folks think it makes sense to spell this out, I'd rather
> > suggest placing the version check as a new paragraph after the one you
> > proposed, without the text in ()'s.
> >
> > Opinions?
> >
> > --
> > Pekka Savola "You each name yourselves king, yet the
> > Netcore Oy kingdom bleeds."
> > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
> >
> >
> >
>
>
>