[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mech-v2: processing of non-ipv6 packets [Re: mech-v2-05pre]

To: v6ops@ops.ietf.org
Subject: Re: mech-v2: processing of non-ipv6 packets [Re: mech-v2-05pre]
From: Pekka Savola <pekkas@netcore.fi>
Date: Tue, 31 Aug 2004 11:14:58 +0300 (EEST)
In-reply-to: <Pine.LNX.4.44.0408272229520.25517-100000@netcore.fi>

Hi,

(co-chair hat on)

OK, there seems to be multiple people supporting 1) and likewise for
3), but all of those could seem to be able to live with either of
these approaches.

As 3) is what we had in the document during WG last call, IETF LC, and 
IESG evaluation, let's use (basically) that.

However, to fix the problem pointed out by 1) in a slightly better
way, I'd suggest wording like (changes in the first sentence only):

The encapsulating IPv4 header is discarded, *and the resulting packet
is checked for validity when submitted to the IPv6 layer*. When
reconstructing the IPv6 packet the length MUST be determined from the
IPv6 payload length since the IPv4 packet might be padded (thus have a
length which is larger than the IPv6 packet plus the IPv4 header being
removed).

or: *and the resulting packet is checked for validity by the IPv6 
layer*.

(emphasis mine) -- this reminds that the v6 layer must validate the
packet, but leaves the the exact checks unspecified in this memo,
which was the main concern for those supporting 3).

If you have comments/objections to this, please state them
****off-list**** within a day or so.

(hat off)

On Fri, 27 Aug 2004, Pekka Savola wrote:
> So, I think we just disagree about this and need to get more input.  
> Let's consider three options:
> 
>  1) something like the current text, disallowing non-IPv6 packets:
> 
>   If the payload is not at least 40 bytes in length (i.e., the minimum
>   IPv6 packet), the packet MUST be silently discarded.  Likewise, if 
>   the version encoded in the first 4 bits of the encapsulated packet 
>   is not "6", the packet MUST be silently discarded.
> 
>  (support from O.L.N.Rao and Radhakrishnan Suryanarayanan)
> 
>  2) something like you proposed, leaving non-ipv6 unspecified:
> 
>   If the version encoded in the first 4 bits of the encapsulated packet
>   is "6", and the payload is not at least 40 bytes in length (i.e., the
>   minimum IPv6 packet), the packet MUST be silently discarded.  Further
>   processing for packets with version other than "6" is out of scope.
> 
>  (support from Fred Templin)
> 
>  3) leave everything out, let the IPv6 code deal with this.
> 
>  (support from Vlad Yasevich)
> 
> What do others think?
> 
> Personally, either 1) or 3) seems best to me.
> 
> 

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Follow-Ups:
- draft-ietf-v6ops-mech-v2-06.txt
  - From: Pekka Savola <pekkas@netcore.fi>

References:
- mech-v2: processing of non-ipv6 packets [Re: mech-v2-05pre]
  - From: Pekka Savola <pekkas@netcore.fi>

Prev by Date: Re: mech-v2: processing of non-ipv6 packets [Re: mech-v2-05pre]
Next by Date: DNS Weather Report 2004-08-24
Previous by thread: Re: mech-v2: processing of non-ipv6 packets [Re: mech-v2-05pre]
Next by thread: draft-ietf-v6ops-mech-v2-06.txt
Index(es):
- Date
- Thread