[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: filtering packets with unknown options

To: Iljitsch van Beijnum <iljitsch@muada.com>
Subject: Re: filtering packets with unknown options
From: Fred Baker <fred@cisco.com>
Date: Wed, 12 Jul 2006 14:16:58 -0400
Authentication-results: sj-dkim-2.cisco.com; header.From=fred@cisco.com; dkim=pass ( sig from cisco.com verified; );
Cc: v6ops@ops.ietf.org
Dkim-signature: a=rsa-sha1; q=dns; l=512; t=1152728219; x=1153592219; c=relaxed/simple; s=sjdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=fred@cisco.com; z=From:Fred=20Baker=20<fred@cisco.com> |Subject:Re=3A=20filtering=20packets=20with=20unknown=20options; X=v=3Dcisco.com=3B=20h=3DlVR/cclcoVhXo/3JX+jb88X717g=3D; b=lRunG3BbFTT5Ks80yJrAiRS0z+VSCjN/K56LoojZNtVT3vRQ0TMFRVdO4B4xIo5zVAG3M5bd m0TTp0rEx6rZAQNIZ8P9ndp7J+vRyKk7uIW4XyKt0QbA87gBu0SCw9Ad;
In-reply-to: <909BFECF-2CDA-4092-B065-2CFBD12AA537@muada.com>
References: <909BFECF-2CDA-4092-B065-2CFBD12AA537@muada.com>


On Jul 12, 2006, at 11:33 AM, Iljitsch van Beijnum wrote:

There is of course the tiny detail of how to implement this.Firewalls do a lot of processing so it's not completely outside therealm of possibility to assume that they could remove extensionheaders, but routers certainly aren't going to do this.

There are router implementations that implement a variety offirewall. I don't see any reason they couldn't, apart from the DOSimplications (which firewalls have as well).

References:
- filtering packets with unknown options
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: Review of draft-ietf-v6ops-nap-02.txt
Next by Date: Re: filtering packets with unknown options
Previous by thread: Re: filtering packets with unknown options
Next by thread: Re: filtering packets with unknown options
Index(es):
- Date
- Thread